[German]Since beginning of this year 2018, we know about the CPU vulnerabilities, that can be attacked via Meltdown/Spectre attacks. InSpectre is a tool, that checks your system’s vulnerability against both attacks.
At the beginning of the year, a design flaw (Meltdown) in Intel’s processors went public. Later on a 2nd attack, called Spectre, affecting nearly all processor have become public. OS vendors begun to rollout patches, to mitigate these security issues. Both vulnerabilities allows information disclosure. I’ve addressed this within my blog in several articles.
There are no known attacks so far. But the operating system manufacturers are already pushing out patches (that unfortunately causes collateral damages). So a simple test tools that tell me whether the system is sealed against Meltdown and Spectre, might be helpful. A few days ago, I wrote the two blog posts dealing with such topics:
However, it turned out that these tests are not so reliable. But now there is a new tool, probaly with better test results.
InSpectre to test Windows Spectre/Meltdown-Test
Martin Brinkmann introduced the tool InSpectre at Ghacks.net. The developer is Gibson Research Corporation, and its founder Steve Gibson. I noticed Gibson as the author of SpinRite (a tool to check health and repair errors an hard discs), which I was using to keep my Amstrad PC1640 HD20 hard disc alive in 1989 and in the following years.
InSpectre is free for Windows and may be downloaded here. The tool is just 120 KByte in size, run als a portable app without install, and needs no internet connection. It may be launched with normal user rights, to show the test results, but requires administrator credentials (Run as administrator) to enable or disable Meltdown/Spectre patches via registry settings – which comes in handy for performance tests.
(Source: Gibson Research Corporation)
The above screenshot shows the program window with the test results and the buttons, to disable /enable protections against Meltdown and Spectre. Steve Gibson wrote on his website:
This is the Initial Release of InSpectre
We did not wish to delay this application’s release while building additional confidence in its conclusions and output. It has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now. But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris.
But wait, something to know
I’ve noticed the tool InSpectre, and also the developer. But I decided yesterday to have a closer look at the program. The .exe file contains a digital signature, and Microsoft Security Essentials didn’t quarantines this file.
Also the result from virustotal.com showed me the result in the above screenshot. But I was careful, so I downloaded the program and uploaded the .exe file again to virustotal.com. Then I got the detection list below.
Although this is probable a false alarm, I decided to put the English blog post ‘on hold’. My German blog readers I’ve told: Just wait, there is no need to act on a first rush. If you are vulnerable, there is nothing you can do. I tried to contact the developer via twitter, but didn’t got an answer.
Malware warning and some improvements
Steve Gibson also noticed the warnings and released a new version of InSpectre at January 17, 2018. After uploading this version to virustotal.com I got only one warning from TheHacker. All other virus scanner reported a clean file. But I should note, that the Internet Explorer 11 smart screen filter still blocks the website as malicious (also a false alarm).
The tool can be executed without standard user privileges, if somebody just need the test results. Only if you intent to deactivate the patches for Meltdown and Spectre for test purposes (this is the advantage of the tool), you have to run the application vir Run as administrator.
Microsoft has posted KB article 4073119 explaining the steps to check for Meltdown/Spectre vulnerability using PowerShell. This article also describes the registry entries to disable the Meltdown fix. This is, what InSpectre also can do via some buttons.
Design flaw in Intel CPUs set operating systems at risk
Meltdown and Spectre: What Windows users need to know
How to mitigate Spectre in Google Chrome
Tool tip: Ashampo Spectre Meltdown CPU-Checker
Test: Is my browser vulnerable for Spectre attacks?