Author Topic: GRC releases INSPECTRE to check vulnerabilty status to Spectre and Meltdown  (Read 2394 times)

0 Members and 1 Guest are viewing this topic.

Offline dougal

  • Posting Member
  • Full Member
  • *
  • Posts: 131
Steve Gibson has released a utility you can run to check if all the patches,bios updates, etc have actually protected your machine .

https://www.grc.com/inspectre.htm
 
 i'm planning on doing a clean install and update on a windows machine to see what shows but wanted to offer this up now in case i don't get that done today

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
Thanks for sharing, Dougal! Since the app can only be downloaded for Windows, I've moved it to this forum. The Security forum is under the Linux & Android section so should be specific to security issues affecting those platform. Spectre and Meltdown are cross-platform but this utility isn't unless it runs on WINE?

As dougal noted below, it does run under WINE on Linux. I hadn't noticed that. So this was the right place to post it and you are vindicated, dougal! That's why I get for posting so early in the morning!
« Last Edit: January 30, 2018, 02:36:47 am by Jason Wallwork »
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata

Offline dougal

  • Posting Member
  • Full Member
  • *
  • Posts: 131
hey Jason..I can appreciate your choice and i haven't verified this but the following is on the site so i'm assuming it will work given the specifity of the statement.


logo
Easily examine and understand any Windows
system's hardware and software capability to
prevent Meltdown and Spectre attacks.
screenshot
(This 126k app is compatible with ALL versions of Windows and WINE.)

 
 

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
(This 126k app is compatible with ALL versions of Windows and WINE.)

Oops. I didn't see this. You were correct in posting it where you did and I moved it back to the original location. Thanks for catching my mistake! Glad I'm surrounded by such sharp people.
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
And for those that don't know, WINE is a separate compatibility layer that allows you to run Windows applications under Linux or MacOS without requiring a virtual machine (like Virtualbox) or an emulator with varying functionality depending on the application. WINE is actually a recursive acronym for 'WINE Is Not an Emulator'.

Look in your package manager for WINE or download it directly from the WINE website for various Linux distributions. This could take up to a 15 minutes on a really slow Internet connection (like 5 Mbps service). At the time of this writing, installing the Ubuntu packages for Linux Mint 18.3 requires 499 MB.

Once you've done that, then you will be able to download and run the InSpectre executable. Let us know if it works for you here or any other related comments.

Thanks, dougal!
« Last Edit: January 30, 2018, 02:55:46 am by Jason Wallwork »
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
And here are my results running it in using WINE in Linux Mint 18.3 Cinnamon:

Quote

Even though they say it can run in WINE (and does) all the references to Windows are very confusing. Not sure what this means. I think that it's saying the processor has the vulnerabilities (not surprised there as many do). But it seems to be suggesting that you have to have a BIOS update to fix this completely although the OS can mitigate with various patches. Although that's somewhat true - a BIOS update can help, my understanding is that even that only mitigates the issue the same as OS patches will. Only a replacement of the processor will remove the vulnerabilities entirely and that's just not realistic nor do I think it is necessary. Also, the options to fix this are greyed out in WINE. Even if they weren't, I'd be afraid to try them since the OS it thinks I'm using isn't the actual OS I am using (see image below). Therefore, I think this tool is of limited value on Linux since it can't possibly analyze whether the OS has been sufficiently patched by running inside WINE. As far as I know, it can't see the Linux OS but I may be wrong.

What do you guys think? Or have you found any other tools for analyzing whether your system is as protected as it can be against Spectre and Meltdown?
« Last Edit: January 30, 2018, 03:29:39 am by Jason Wallwork »
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata