The InSpectre utility produces an error: System is Specter protected: NO!

It’s not a problem. (Protection from the Meltdown vulnerability doesn’t require BIOS or processor updates.)

Those. As far as I understand, to protect against Specter, you need to update the BIOS? And what does "processor updates" mean?

  • one
    Specter is a certain type of attacks on applications that launch third-party code inside themselves (for example, browsers). This is not a vulnerability in windows, and protection against it cannot be "turned on", so who knows what the utility has checked there. - PashaPash
  • @PashaPash Incorrect. This is really a certain type of attack on ANY applications that DO NOT necessarily run third-party code. Any type defines the type of applications security_level 1 and 2, i.e. privileged and custom - Viktor Tomilov pm
  • one
    @ViktorTomilov you surely do not confuse Specter and Meltdown? - Pavel Mayorov 1:56 pm
  • @PashaPash experimental protection from Specter on some new processors can be enabled when the system is booted (which will lead to slower work, crashes into BSODs and kernel panics) - Pavel Mayorov
  • @PavelMayorov Well, this is somehow quite severe - to fix the valid pattern of the processor operation with hardware protection. Especially from the affected applications, so far, only browsers - PashaPash

1 answer 1

In fact, Specter, if you don’t go into details, is a consequence of the pursuit of performance adopted by Intel from a dozen years ago, and forcedly supported by other vendors (albeit somewhat differently, as a result, and problems in protection look differently) .

As far as I know, there are no complete patches at the moment (I am guided by February 26, I don’t have newer data).
As far as I understand, it is possible to protect against it without updating the BIOS, but this is unlikely. Most likely, full protection will include:

  1. BIOS Update + BIOS Supported Firmware Updates
  2. Updating the processor microcode for the OS (i.e., updating the processor firmware for any OS loaded in parallel / pre-loading the kernel - this is, in fact, “processor updates”).
  3. Possible (rather, probable for a number of libraries) recompilation of libraries / programs
  4. Potential performance degradation (depending on the manufacturer / processor line)
  • You confuse Specter and Meltdown. Specter (not meltdown!) Is not a bug, not an error and not a problem. This is a fully documented way to work the processor. It cannot be repaired with BIOS updates, it cannot be repaired with microcode, and the “fixes” for it do not affect performance (at least there is no guaranteed fix that can take and repair Specter once and for all) - PashaPash
  • Those. at the moment Specter has emerged as a bug in the native code generator from JS in chrome. And it is repaired by fixing chrome, and only by him. - PashaPash
  • @PashaPash No, in this context, I do not confuse. Correction is possible, but only as a comprehensive solution to the problem. For example, a problem in a TLB block can be fixed only from level 0, i.e. from the kernel: felixcloutier.com/x86/INVLPG.html Ie, in the end, the solution for the "old" processors will be found, as a result, but as a complex, and with a mandatory drop in performance - Viktor Tomilov
  • @PashaPash Logically, for each individual program a bug (and not a documented method, can you document a vulnerability? This is something new) can be fixed by recompiling the code of an individual program with the addition of control commands controlling the cache of the processor. You can try to apply a similar approach at the OS level (Retpoline Patch), but the performance drop is guaranteed. At the last webinar, Google seems to have argued that the fall will be "only" 3-7%, but somehow I can not believe it - Viktor Tomilov
  • @ViktorTomilov and what does the TLB cache problem have to do with Specter? - Pavel Mayorov