InSpectre does NOT fix Spectre or Meltdown. "This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance." GRC https://www.grc.com/inspectre.htm ____________________________________________________________________________________ Then MajorGeeks says: http://www.majorgeeks.com/files/details/inspectre.html "....it will allow admins the option to disable the respective protections if needed - keep in mind, using this to enable or disable those protections will modify the Registry keys....." I'm confused does just running InSpectre modify registry keys? And what are the registry keys that are modified?
It does seem to edit the registry on program's load without any user interaction needed, which I think should at least give the user the option to choose, or inform the user beforehand. Here are the values that it modifies/add: Code: HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 09 32 57 89 57 5E E5 64 23 EB 92 43 5B 54 90 A0 BC 68 A4 8B 1E 39 49 7A 89 D3 E3 51 27 3E 54 38 C1 01 C8 43 FA 67 D3 1A AF C2 F4 49 63 98 CB 37 57 28 3F 11 6E 55 C8 00 37 22 46 51 07 3E A5 5C 84 E0 E1 1D 2C 1C 57 11 1E 1B 13 FC DE AA 2C 47 HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 11 63 7B ED 12 CD 17 FE 34 BC 3B DD 37 22 1A 3B 9C 9A D8 80 98 66 6A 21 B2 41 4F 46 75 DC 44 EC 99 9D 47 A2 68 FD C8 D3 A6 E8 2F 2E C4 C5 69 DA B2 5E E8 EA 23 86 AB 2A 0A BB 86 06 86 7D E8 11 F7 77 E3 86 C8 96 41 46 2D 8F C8 32 14 41 13 57 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 0F 00 00 00 00 54 02 B1 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 10 00 00 00 10 BF 5B C3 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 01 00 00 00 0A 00 00 00 60 CD 00 B1 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_HVFPHG: 01 00 00 00 0B 00 00 00 70 38 5A C3 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\ybsnp\Qrfxgbc\VaFcrpger.rkr: 01 00 00 00 08 00 00 00 00 54 02 B1 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\ybsnp\Qrfxgbc\VaFcrpger.rkr: 01 00 00 00 09 00 00 00 10 BF 5B C3 21 93 D3 01 HKU\S-1-5-21-1343024091-484763869-854245398-1003\SessionInformation\ProgramCount: 0x00000004 HKU\S-1-5-21-1343024091-484763869-854245398-1003\SessionInformation\ProgramCount: 0x00000005
Especially values in: \Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\ are modified by Windows (explorer.exe), not InSpectre.exe. While monitoring the registry and launching InSpectre.exe, i couldn't see that InSpectre.exe writes values to the registry or created registry keys. Only after changing the protection in the GUI it will write to the registry. The buttons are greyed out so i can't test it but it changes the registry keys which are mentioned in KB4073119 ("Switch | Registry Settings")
I'm aware those are explorer.exe values, the other keys are seeds for generating random numbers, I was wondering why? I was directly replying to OP's question about the modification of reg keys on InSpectre launch. In my case, those changes were applied on load without me interacting with the program (buttons were greyed out as well). I tested on a newly created VM with Windows XP, also InSpectre mentioned that registry was configured (see attachments), I've repeated this task multiple times and each time these keys are added/modified on InSpectre launch.
The RNG Seed keys seems harmless as The "seed" value in this registry node will periodically be updated with a new value. I would try checking the value from time to time and see if it changes value to confirm. For a definitive answer you'd most likely have to contact the developers, but just googling around I find: pdf title: Windows and Linux Random Number Generation Process: A Comparative Analysis https://pdfs.semanticscholar.org/6b0d/a7c081d9388f304bf6499db373b8d838bb53.pdf portableapps writes about this RNG seed key as safe to ignore too: https://portableapps.com/manuals/PortableApps.comLauncher/topics/registry.html I read from google searches that even windows xp's paint will use the value from this seed, but I have not confirmed it to check for myself. I also decrypted the userassist gibberish here:http://www.decode.org/?q=P:\Qbphzragf+naq+Frggvatf\ybsnp\Qrfxgbc\VaFcrpger.rkr You can turn off the logging of those userassist keys here: https://www.aldeid.com/wiki/Windows-userassist-keys
If i click on disable Meltdown Protection what exactly would happen, and would i be able to enable protection again.
Apparently according to this page you can enable it again (towards bottom of the article) https://www.howtogeek.com/339559/ho...nd-spectre-patches-from-slowing-down-your-pc/
I can confirm that the way in which InSpectre enables and/or disables protection for either Spectre or Meltdown (or both) protections works very well and follows the exact same guidelines as the known registry keys, only in a simple to use GUI. Please just keep in mind that you need to run InSpectre as Admin if you wish to change those settings and also it does require a reboot in order for those changes to be completed.
