'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

https://www.phoronix.com/scan.php?page=news_item&px=GCC-8-Spectre-Mitigation-Lands

 

Confirmed for my 'problem' machine:
ThinkPad S1 Yoga (Non-vPro) 20C0, 20CD - Earlier update GQET55WW withdrawn by Intel *3; Target availability 3/31/20; Firmware/BIOS/UEFI Status Last Updated 1/14/2018

 

Not listed for me :/

 

About Group Policy Editor

I guess so too.
Thanks (and sorry for late reply).

 

No update for my newest machine yet and no hope for my older machines.

 

I have 9 laptops and it looks like only one of them will receive an update, my HP ProBook 6460b from mid 2011.

 

Thanks Peter. NoScript and ScriptSafe are on duty in FF and Chrome respectively.

 

I just started using ScriptBlock for Chrome because of these new problems with M and S.

 

Don't miss this tip on how to enable strict site isolation in the Chrome browser...
http://www.thewindowsclub.com/enable-strict-site-isolation-chrome

 

https://www.techrepublic.com/articl...s-factory-systems-hit-by-post-patch-glitches/

 

A new version has been released:
Ashampoo® Spectre Meltdown CPU Checker v1.1.1 (January 15, 2018)

 

GRC's InSpectre portable app
Link: https://www.grc.com/inspectre.htm

EDIT: Don't mind the terrifying sound it makes if your speakers are on.
EDIT2: Has enable/disable buttons for Meltdown and Spectre to control separately.
EDIT3: These enable/disable buttons are an easy way to change the "FeatureSettingsOverride" bits.

 

InSpectre Tool for Meltdown and Spectre attacks if results come up
NO (green) on both Meltdown and Spectre then you'll see both bottom buttons show
[Disable Meltdown Protection] [Disable Spectre Protection]

If results come up Yes (red) then both buttons show
[Enable Meltdown Protection] [Enable Spectre Protection]
but both are greyed out (can't select)

Is this correct? Is a reboot required?

Performance: Good?

 

Reboot is required if you enable or disable protections, yes. The buttons could be greyed out because InSpectre needs to be run as Admin to change protections. If still grey after run as Admin, it could be a bug.

 

Just so I'm clear, InSpectre doesn't provide protection if we haven't had a firmware update, correct? It only allows enabling / disabling if we have received the relevant patches.

 

@Krusty Correct. It just toggles the registry key to enable/disable protections that require OS patch and BIOS/microcode to already be installed.

 

Thanks WBD.

 

You're welcome.

 

"Spectre and Meltdown patches causing trouble as realistic attacks get closer

Driver incompatibilities and microcode problems are both being reported..."

https://arstechnica.com/gadgets/201...sing-trouble-as-realistic-attacks-get-closer/

 

I haven't used NoScript for quite a while. Looks like I'll have to delve into it again.

Is the WebExtension OK? Looks like it's getting a lot of updates: https://www.wilderssecurity.com/threads/noscript-10.397945/ (not a bad thing, of course).

 

So one can easily set the bits to '1' and '3' as per your post #582 above?

WBD - also a question, before a new BIOS update comes out and is applied, should one reset the bits to default i.e. the values they were before?

 

The last few versions of NoScript have been rock-solid on my machines. If you've used NoScript before you know you need to allow scripts from certain sites, and if you use Decentraleyes you need to whitelist a few more sites.

Certainly adds a boost to Firefox's security.

 

Thanks @Krusty. I have probably forgotten more than I ever knew .

I do use Decentraleyes. I'll figure it out.

 

@paulderdash ,

This should help.

https://github.com/Synzvato/decentraleyes/wiki/Frequently-Asked-Questions

You should have the same sites whitelisted in uBO / uMatrix too.

* End of off topic posts.