Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


glnz

POSReady 2009 updates ported to Windows XP SP3 ENU

Recommended Posts

InSpectre ver 5.

My situation:

 

This 32-bit OS on Intel Processor:

OS is Meltdown aware: No
OS is Spectre aware: No
OS Meltdown data: n/a
OS Spectre data: n/a
PCID/INVPCID instructions: No / No
CPU microcode updated: Yes
CPU is meltdown vulnerable: Yes

This system's processor identification:
Intel Celeron M processor / 1.60GHz

 

P.S. Right click on the "ghosted " box symbol shown in Inspectre window. Then select "Tech details." It show you everything that "probe" was supposed to and much more.

 

2BpAy.jpg

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

1 hour ago, Sampei.Nihira said:

InSpectre ver 5. This system's processor identification: Intel Celeron M processor / 1.60GHz

Specter only affects processors without FSB. Celeron M 520, 420 or 380 has FSB: https://ark.intel.com/es-es/search?q=celeron+m+1.60

https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

InSpectre is bad. Better to use any of the following:

https://github.com/ionescu007/SpecuCheck/releases

or https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker

or the powershell script of Microsoft: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Edited by wyxchari

Share this post


Link to post
Share on other sites
1 hour ago, Sampei.Nihira said:

InSpectre ver 5.
...
P.S. Right click on the "ghosted " box symbol shown in Inspectre window. Then select "Tech details." It show you everything that "probe" was supposed to and much more.

Right click where?  Can you please post a pic showing exactly where to click?  TIA

Cheers and Regards

Share this post


Link to post
Share on other sites
42 minutes ago, wyxchari said:

SpecuCheck does not works on XP.

Must be recompiled.

_______________________________________

Specucontrol and Ashampoo not works on XP.

In addition both tools need Powershell and the NET Framework

 

Share this post


Link to post
Share on other sites
41 minutes ago, bphlpt said:

Right click where?  Can you please post a pic showing exactly where to click?  TIA

Cheers and Regards

 

rjW6e4jx_o.jpg

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

Ahhh  Thank you very much.

Cheers and Regards

Share this post


Link to post
Share on other sites

Someone must *somehow* underline/highlight how this GRC tool (like I have seen a few on the Linux side as well), DO NOT in any way actually test the vulnerabiity, they only check whether the OS (or the kernel) has been patched against the vulnerability.

The distinction is subtle, but not void of meaning.

So, IF your processor is affected, and IF your operating system has a patch available, and IF you have applied the patch, then this program might verify that the patch has been installed properly.

jaclaz

Share this post


Link to post
Share on other sites
13 hours ago, Sampei.Nihira said:

SpecuCheck does not works on XP. Must be recompiled. Specucontrol and Ashampoo not works on XP. In addition both tools need Powershell and the NET Framework.

If by the old processor model, you already know that it is not vulnerable physically, why check if the vulnerable? The normal thing is that these utilities are thought for vulnerable processors. In old processors they may give diagnostic errors.

My Intel Atom N270 on my XP has FSB and it is not affected. Neither appears in the lists of affected cpus. Look what it says. InSpectre is a bad program.

Screenshot - 20_01_2018 , 08_10_50.jpg

Screenshot - 20_01_2018 , 08_21_47.jpg

Edited by wyxchari

Share this post


Link to post
Share on other sites

The release date your CPU is june 2008.

If Sandy Bridge (2011) is 2nd Generation Intel Core processors:

https://en.wikipedia.org/wiki/Intel_Core#Sandy_Bridge_(2nd_gen)_microarchitecture-based

and the CPU's Intel Core 2 Duo (2006)  are part of the processor generations that preceded the First Generation Intel Core processors,

https://communities.intel.com/message/519186#519186

your processor is part of the First Generation.

In the best hypothesis.

At the moment safe from the problem.

 

I have not read an Intel Corporation note which states that having the FSB allows you to be safe from the problem.

 

Share this post


Link to post
Share on other sites
4 hours ago, Sampei.Nihira said:

I have not read an Intel Corporation note which states that having the FSB allows you to be safe from the problem.

https://techcrunch.com/2008/11/03/new-intel-processor-does-away-with-front-side-bus-adds-third-level-of-cache-brings-back-hyperthreading/

In 2008, Spectre ruling began and until 2017 they did not discover it or publish it. To speed up CPU access to memory, the FSB or Front Side Bus (north bridge) was removed. The CPU integrates this function into its own chip and the error occurs. No need to test programs to see if your CPU is affected. Just know if your CPU has FSB or not.

Edited by wyxchari

Share this post


Link to post
Share on other sites

Intel withdraws Updates

Last update: 23.01.2018 09:54 am

Intel has found bugs in the updates against the serious vulnerabilities in its computer processors.

The industry giant warned against installing the latest versions.

Intel

German ARD Tagesschau

Heise security

Edited by Thomas S.

Share this post


Link to post
Share on other sites
3 hours ago, Thomas S. said:

Intel has found bugs in the updates against the serious vulnerabilities in its computer processors. The industry giant warned against installing the latest versions.

Always leave 2 days late for updates. So if there are errors, Microsoft removes them from the catalog before they are installed.

WhatsApp Image 2018-01-23 at 14.28.21.jpeg

Edited by wyxchari

Share this post


Link to post
Share on other sites

The Intel message belongs to their CPU microcode updates which are delivered via BIOS updates for several machines / motherboard OEMs.

Dont install them at this moment, wait for days (weeks / months - years?) for good working solutions...

Share this post


Link to post
Share on other sites
On 22/1/2018 at 2:40 PM, wyxchari said:

https://techcrunch.com/2008/11/03/new-intel-processor-does-away-with-front-side-bus-adds-third-level-of-cache-brings-back-hyperthreading/

In 2008, Spectre ruling began and until 2017 they did not discover it or publish it. To speed up CPU access to memory, the FSB or Front Side Bus (north bridge) was removed. The CPU integrates this function into its own chip and the error occurs. No need to test programs to see if your CPU is affected. Just know if your CPU has FSB or not.

For me the only test able to really verify the vulnerability of the CPU is the Poc of Erik August:

https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

In the comments we note that some CPUs not vulnerables in the Intel List are instead exposed:
 

Quote

 

Menny11 said:

n order to compile the code for my Core 2 duo e8500 in windows 10 x64 I used
gcc -O0 -std=c11 -march=native spectre.c -o spectre.exe
(in other cases there were compile errors or runtime errors)
Also i had to change
time1 = __rdtsc();
.....
time2 = __rdtsc() - time1;
No matter how i select CACHE_HIT_THRESHOLD i was not able to get more than 2 characters 'deciphered'
so this proccessor is vulnerable too but why i cant get all of the characters?!

 

 

P.S. Core 2 Duo has FSB !! :rolleyes:

Share this post


Link to post
Share on other sites

Got a second BSOD this month on my XP - while nothing was happening.  (Maybe my machine is just getting bored?)

Here's a link to a zip with all the info:  <LINK>

The immediate culprit seems to be an Avast AV Free driver aswStmXP.sys, which is version 17.9.3754.0, last modified December 21, 2017, 1:06:34 PM.

However, with all the recent updates and reg key change instigated by the AV companies for Meltdown and Spectre (what about Smersh and Thrush?) , I wonder whether there isn't a conflict with our recent POS updates.

Thoughts?

EDITED TO INSERT LINK ABOVE

Edited by glnz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×