You're a 'builder', I see from your specs. If you flashed your bios in the last 3-6 months or so you may have got the microcode without be aware you were doing so. Or you may just be using kit that's new enough not to need it.
Whatever, you're fully protected, which is the main thing.
@Bree
Yes that's correct.
Just after Spectre and Meltdown were announced, some time back in January, I think .
It wasn't long before Gigabyte had a BIOS update for my mobo.
So I download this update and flashed my BIOS.
The date of my BIOS is from 1/11/2018.
Before I did this, the InSpectre Utility wasn't yet available.
However, a few days, or perhaps a week or so later.
The InSpectre Utility was released.
It's been showing that I'm protected ever since then.
Is the InSpectre Utility the only way to tell, if these vulnerabilities have been patched?
Hi,
No, there are other ways but I can assure you that Steve Gibson knows his stuff.Is the InSpectre Utility the only way to tell, if these vulnerabilities have been patched?
Cheers,
It's by far the easiest test, with the added advantage that it includes a database of all current microcode updates that Intel/AMD have released. Frustratingly, it's been telling me for months that mine was available from Intel, but not from Microsoft (until now).
There is a Powershell script from Microsoft, but at first glance that only seems to check the OS has the patches, not that the microcode is in place. I could well be wrong on that (not having tried it). Others who have used it and know more may correct me on that.
Windows Client Guidance against speculative execution vulnerabilitiesTo help customers confirm whether protections have been enabled, Microsoft has published a PowerShell script that customers can run on their systems. Install and run the script by running the following commands...
Thanks a lot for your response. At least now it's clear for me and I understand things correctly. I still have one more question that maybe you can answer. Considering that the OS patch is slowing older CPU's (including mine) a lot, some may have (like me) decided to disable the protection from Windows registry. Can we know if the vulnerability is exploitable in certain situations (like doing specific tasks, using specific software, etc ) or is it a permanent open door . I ask this because as it's easy to enable or disable the protection with a click and a reboot, it would be a life saver to be able to use my PC running fast when watching a movie or playing a game and enable protection in needed cases (like accessing my bank account or opening private documents etc)!?
If your computer has a Sandy Bridge or Ivy Bridge processor and you're experiencing significant slowdown after installing the microcode update patch, I would recommend not immediately disabling it. When I first installed the patch, the slowdown on my old Ivy Bridge laptop was very noticeable. But after about 36 hours and several reboots, the slowdown is now much less noticeable. It's as if the processor needed time to adapt to the changes.
I'm (fortunately) not noticing a slowdown, although InSpectre says 'Perfomance: SLOWER'. Perhaps the hit is negligible because of this...
https://www.theregister.co.uk/2018/0...ctre_slowdown/If there's a bright side to all this, it's that the PCID feature in Intel's x86-64 chips since 2010 can reduce the performance hit from patching Meltdown....
In other words, if you're seeing crap performance after applying these fixes, look at your kernel configuration and get PCID enabled – if the hardware feature is present in your chipset. Windows should, for what it's worth, use PCID if it's provided by the processor.
You can check if your processor supports PCID with Syinternals Coreinfo, it says that mine does.
I don't understand enough about how these exploits could be used to assess the risks. I can say that disabling just Meltdown protection but leaving Spectre enabled give my machine a 'Performance: GOOD' report from InSpectre....as it's easy to enable or disable the protection with a click and a reboot, it would be a life saver to be able to use my PC running fast when watching a movie or playing a game and enable protection in needed cases (like accessing my bank account or opening private documents etc)!?
Quote
