Check If Your PC Is Vulnerable To Spectre And Meltdown

toggle-button

Spectre and Meltdown security vulnerability checkIn early January 2018, researchers discovered a couple of very serious bugs that exist in almost all CPU chips used in modern computers, phones and tablets. The bugs were named Spectre and Meltdown. In essence, the bugs could allow one malicious program to read the data of another program that is also running on the device at the same time, even though the CPU is supposed to keep each application's data separated.

A handful of companies have released free programs that will check your PC and report whether your CPU is vulnerable to the bugs, whether your version of Windows has been patched already, and whether the patches have slowed down your PC. This last figure is based not on actual speed tests, but on the program's knowledge of which CPU you have and how it's known to be affected by the bugs.

My favourite of all these checkers is called InSpectre, from the well respected Gibson Research Corporation. The program is a free download at https://www.grc.com/inspectre.htm and is less than 0.2 MB. It's portable, and the site is rated as reputable by Web of Trust. It does trigger one of VirusTotal's 66 different malware scanning engines, but this is almost certainly a false alarm and can safely be ignored.

The program runs on all recent versions of Windows, from 7 to 10.

To use InSpectre, just download and run the program, then read the results that it displays.

Note that the program also has the option to allow you to disable any protection that has been installed. Unless you have a serious need to do so, then we recommend that you don't do this. But the program is very useful in helping you to ensure that your PC has been patched correctly, and whether the speed impact of the patch on your particular system will be significant or not.

Please rate this article: 

Your rating: None
4.25
Average: 4.3 (28 votes)

Comments

Installation of patches, (including for Spectre and Meltdown), often has unintended problems, including potentially significant hardware and software performance issues
Using the Meltdown and Spectre patches, it is a fact that users have documented performance drops, and it is a fact that some computers have been rendered unbootable.

It is also a fact, that Intel is recommending in January 2018 - not to apply the Meltdown and Spectre patches

From the official Intel webpage "Intel Newsroom": We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior
(Google: "Root Cause of Reboot Issue Identified")

Now you can see the reason I recommended holding off applying these patches.

When did we accept "software patches" (aka firmware updates) as acceptable. Nothing less than a full refund or a hardware replacement with a proper functioning processor is acceptable. The affected Intel and AMD processor parts are sold but are not fit for purpose

Thanx for the explanation gizmo.richards...appreciated.

I am bewildered, it downloaded OK and worked Fine, but I just cannot understand the results, it tells me "This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)"
Then gives me the option to "Disable meltdown protection"
Its all beyond me I'm afraid, I wish Geeks could talk to idiots like me in plain English

Ran InSpectre but both buttons were gray and could not be clicked on...running Win7 and have all updates from Microsoft installed. Does that mean that there has been no update for Win7 from MS...maybe another way MS is trying to get everyone to use their still flawed Win10??

The Gibson website explains the gray buttons in their Q & A: " Either of the Protection Enable/Disable buttons will be disabled when the button's respective vulnerability cannot be enabled or disabled by its user. For example, Since AMD processors have never been subject to the Meltdown vulnerability, the Meltdown button will be disabled because there's no way for its protection to be disabled. This would also be true (in the other direction) when a system has an Intel processor and any version of Windows that has not been updated for the Meltdown vulnerability. In that case the system is vulnerable and there's no way for the button to make it invulnerable. Similarly, any computer whose firmware has not been updated will be vulnerable to Spectre attacks and, again, the button cannot make it invulnerable. So, InSpectre will enable those buttons when the system's conditions allow the operating system to protect against the respective vulnerability, but the user may wish to disable that protection, where possible"

Thanks, it worked great for me. My laptop was good but my wife's needed a BIOS update. Thanks for the link.

I get exactly the same result. The tool advises my system not vulnerable to Meltdown but vulnerable to Spectre requiring a BIOS update. Again the Intel tool says my i7 model is not vulnerable.
Rather confusing to say the least.

Ran InSpectre tool and it confirmed the Microsoft patch was installed and my PC was not vulnerable to Meltdown plus confirmed my speed was not adversely impacted by the MS patch.
It did however indicate I was vulnerable to the Spectre threat requiring a BIOS update despite Intels own vulnerability tool INTEL-SA-00086 Detection Tool (the current updated version) reporting that my system was not vulnerable and my i7 X555LDB model was not included on Intels list of vulnerable models.
I wonder therefore how good InSpectre is in detecting specific models which are vulnerable as in my case it appears to have come up with a false positive?
In any event probably 99% of the World's computer users have never even heard of this vulnerbility and most wouldn't have the savvy to update the BIOS anyway so I would have thought a more practical solution would be to stop the as yet non-existent Spectre and Meltdown malware from getting on to computers in the first place.