Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

    Posted on January 16th, 2018 at 03:32 woody Comment on the AskWoody Lounge

    For most of you, Steve Gibson needs no introduction. For the rest of you, look here.

    Steve has a new scanner, just out, that claims to scan your PC and tell you about its Meltdown and/or Spectre susceptibility.

    This InSpectre utility was designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance.

    It’s an amazing piece of code from a guy who knows whereof he speaks. Steve just posted it last night, so I expect we’ll see updates and refinements shortly.

    How well does it work?

    You all know that I don’t yet recommend installing the January Meltdown/Spectre patches from Microsoft just yet — and there are NO KNOWN EXPLOITS at this point. But you should get this little utility and stick it in your hip pocket, to keep track of your system’s vulnerabilities.

    My main machine (AMD based) has this InSpectre report:

    As is always the case with Steve’s software, there’s no installer, no flab, no bull.

    Good stuff. Version 1.0, but expect updates momentarily.

  • Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    Posted on January 12th, 2018 at 06:57 woody Comment on the AskWoody Lounge

    If you own a PC with a Haswell or Broadwell processor (roughly 2014 to 2016 vintage), I strongly recommend that you refrain from installing the Meltdown/Spectre firmware updates, when they arrive.

    Intel’s detected a teensy-tiny problem.

    Computerworld Woody on Windows.

  • Microsoft apparently reinstates Meltdown/Spectre patches for some AMD processors

    Posted on January 11th, 2018 at 11:22 woody Comment on the AskWoody Lounge

    Of course, predictably, nobody’s saying which ones are now back on the patch list.

    Computerworld Woody on Windows.

    Thx @MrBrian

    UPDATE: Just got this from JA:

    Just read your referenced article. Thank you! It explains to me why update KB4056894 fails on my laptop running Windows 7. You mentioned that it isn’t clear whether the AMD embargo includes Intel PCs with AMD video cards. FYI … Apparently it does. I have a Dell laptop with an Intel Core i7 processor, and an AMD Radeon HD 7670M graphics card. Once again, thanks for your informative article.

    Anybody else out there with AMD video cards that are getting the treatment – or drivers that are failing after installing this month’s security patches?

    UPDATE: Although it doesn’t explain which machines were yanked in the initial round, AMD CTO Mark Papermaster has posted some updated information:

    Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week.

  • Born: Is my browser vulnerable to Spectre attacks?

    Posted on January 11th, 2018 at 09:51 woody Comment on the AskWoody Lounge

    Günter Born has an important recap of the the test website xlab.tencent.com, which has a tool that can check to see if your browser is currently susceptible to Spectre attacks.

    The tool is from Tencent’s Xuanwu Lab, which is part of Tencent, one of the largest companies in Asia. The Xuanwu Lab is well-known in antimalware circles.

    I ran a quick check on both of my go-to browsers, Firefox 57.0.4 (64-bit) and Chrome 63.0.3239.132 (Official Build) (64-bit). Both of them came up with “Not vulnerable.”

    That’s a comforting, if ambiguous, determination. As the Tencent site says:

    However, if the result is NOT VULNERABLE, it doesn’t mean your browser is absolutely not vulnerable because there might be other unknown attacking methods.

    Which is something of a triple (quadruple?) negative, but I surmise that Firefox and Chrome aren’t susceptible to the currently published Spectre vulnerabilities.

    A quick check of the latest IE and Chrome on my Win10 1703 machine turned up Not Vulnerable as well.

    Martin Brinkmann on ghacks.net ran a similar set of tests. He says that Google Chrome Stable, Opera Stable and Vivaldi Stable all turn up Vulnerable.

    Your mileage may vary.

  • The Meltdown/Spectre patches will cause performance hits — but how much, and to whom?

    Posted on January 11th, 2018 at 09:21 woody Comment on the AskWoody Lounge

    Gregg Keizer has a new article in Computerworld, Windows 7 takes biggest performance hit from emergency Meltdown, Spectre updates. It relies heavily on Microsoft’s pronouncements. I’m skeptical.

    There’s a detailed post from Jampe on the Intel support forum about the effect of the Windows 10 patch on a Thinkpad T440s. The results are not good — although the devil may be in the details.

    As Jampe reports, the first test (NewBottomLine) was performed before installing the Win10 update (not sure which one), and all of the three latter tests were with the update in place.

    Our own Noel Carboni responded with a good analysis:

    Passmark PerformanceTest (or any benchmark) is known to show quite variable results for disk testing. That’s the nature of PC systems; they do a lot of different things all the time. I’ve run into variances of 2 to 1 just doing subsequent tests. I’d really like to see a whole SERIES of before/after benchmarks.

    So for those of you who dare to tread into uncharted MS-DEFCON territory — do you have any benchmark runs to share? I’m particularly interested in tests of the Windows patches separately.

  • Risk Based Security brings some sanity to the Meltdown debacle

    Posted on January 9th, 2018 at 15:52 woody Comment on the AskWoody Lounge

    I just finished reading this article, recommended by Kevin Beaumont. The Slow Burn of Meltdown and Spectre: Exploits, Lawsuits, and Perspective.

    Here’s the conclusion:

    Vulnerabilities are disclosed every day, to the tune of over 20,000 new disclosures in 2017 alone. Just because a vulnerability receives a name, a website, and/or a marketing campaign does not necessarily mean it is high risk or that it will impact your organization. As always, we strongly encourage organizations to cut through the noise and focus on the details relevant to them, and make a decision based on that alone.

    I repeat – forgive me if you’ve heard this before – but there are NO KNOWN Meltdown or Spectre exploits in the wild. Folks who run servers with sensitive data — banks, brokerage houses, military contractors, cryptocurrency exchanges — need to be concerned about Meltdown and Spectre in the near term, realizing that the data can only be snooped if you allow an unauthorized program to run on your server.

    For everybody else, the first attacks (if there ever are any) are likely to come through web browsers. You need to harden your browser as soon as the update is available. You’ll want to install the new Windows patches as soon as they pass muster. And you need to get your BIOS or UEFI updated one of these days. But there’s no big rush.

    What you’re witnessing is a colossal “Sky is Falling” routine, aided and abetted by folks who are going to make money from the havoc.

  • Best explainer yet for Meltdown and Spectre

    Posted on January 5th, 2018 at 06:59 woody Comment on the AskWoody Lounge

    Daniel Meissler posted an amazingly succinct, yet accurate, description of the tech behind the Meltdown and Spectre vulns.

    If you want to understand exactly what’s happening, read his blog post.


  • Microsoft promises firmware patches for Surface devices to nullify Meltdown and Spectre

    Posted on January 4th, 2018 at 20:19 woody Comment on the AskWoody Lounge

    There’s a new post out from the Surface team: Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability. It says:

    Microsoft will provide UEFI updates for the following devices:

    Surface Pro 3
    Surface Pro 4
    Surface Book
    Surface Studio
    Surface Pro Model 1796
    Surface Laptop
    Surface Pro with LTE Advanced
    Surface Book 2

    The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

    Apparently if you aren’t running Win10 1703 or 1709, you’re out of luck.

    Annoyingly, the post speaks in the future tense. I don’t see any notice of availability on the official release pages for those devices. (See, for example, the Surface Pro 2017 page, which lists the last firmware/driver update as Dec. 6.) I also don’t see any of the patches in the Update Catalog.