yes i checked all my machines because my CPUs are quite old and therefore they seemed to be voulnerable (Broadwell/Haswell and an i5-2430M). I used the tool "Ashampoo meltdown spectre CPU checker" (https://www.wilderssecurity.com/thr...-windows-redesign.399338/page-25#post-2731870). I guess it was one of the first tools that has been released.
I know that all my systems are at risk and I have both Intel and AMD systems. I didn't need tools to tell me that. The Meltdown vulnerabilities are patched on both Linux and Microsoft systems, but I accept that the initial patches will not be enough. Though a BIOS update is required for Spectre variant 2, I do not expect to see one for any of my systems I have a test system. NB: I am following the thread here on Wilders that is hosted by Itman, on this subject. Many thanks to you guys.
I would have liked to tick two options: No and I do not care. Only one options could be ticked, so I chose I do not care.
I used the InSpectre tool from Gibson Research. According to certain online tests, not all browsers are vulnerable, not sure what to think about it. To be honest, I can't believe that those guys are still at it, it's not THAT interesting to me.
+1 Personally to run into malware (software) utilizing those vulnerabilities are very low to non-existence. though, I have potential mitigation by disabling JS in browser using NoScript.
I think that from security perspective Meltdown is resolved. It was clear for OS vendors what to do about Meltdown. They were and are not happy, because patches made performance degradation and required changing decades-old, well-tested and reliable code in kernel. There is a great chance stability bugs were introduced by patching. Spectre is another thing. I expect some more Windows 10 hardening in Redstone 4 and 5 releases, but also in next .Net environment, C,C++ compilers, browsers and CPU microcode versions. Keep in mind compiler updates means delivery of rebuilded software from all kind of software vendors to make any difference.
I prefer to use: XP = Stephanvandekerkhof Poc recompiled by UCyborg. W.10 = MeltdownSpectreReport.ps1.
Yes. Meltdwon protected, Spectre not. MS patched, usual multi layer defense. I don't want to try provisional BIOS patch, neither to obsess myself. I wait for better solutions. The thread "Kernel memory leaking' Intel... " is interesting by a theoretical perspective, but too boring to try all.
We have not seen any exploits for Meltdown. When that happens, the mitigations will be tested. The system is now actually 'less vulnerable'. Spectre is the monster in the swamp. - It is threatening the existence of cloud computing because it is based on sharing. It is extremely vulnerable. - Current silicon mitigation is merely a stopgap. - PCID etc is a benefit, but does not fully mitigate the issue(s). - BIOS updates are minor toggles (the BIOS itself is not changed). - Spectre free silicon will arrive by year end 2018 - absolute nonsense! Tools are going to indicate 'vulnerable' for Spectre until new hardware is available to all. The recompiling fest will begin and more sophisticated tools will be required to determine either success or failure. Years from now.
Users of OSes on FOSS are in better position. Especially Gentoo Gnu/Linux distro users are in favorable position. They can compile whole OS when they want typing one command
