InSpectre will quickly check if your PC is vulnerable to Meltdown and Spectre

Amid the fallout following the disclosure of the Meltdown and Spectre processor exploits in recent weeks, Microsoft, Intel, and other companies have been quick to issue updates to mitigate potential attacks. However, aside from a somewhat complicated PowerShell script, there hasn't been a quick and simple way for average PC users to check whether their systems are patched and protected against each exploit – until now.

InSpectre is a new tool built by Gibson Research that simply lays out whether your PC is vulnerable to Meltdown or Spectre in a clear manner. The tool simply runs as an executable and doesn't require an installation. Once it's run, InSpectre presents you with a simple readout of your system's status, as seen in the screenshot below:

InSpectre screenshot

Below the results at the top of the window, you'll also find a brief description of Meltdown and Spectre, as well as a more detailed explanation of your particular PC's status.

InSpectre is an incredibly handy tool if you're still uncertain as to whether your PC is fully patched against each exploit. It's worth noting, however, that the initial release was causing false positives with antivirus programs, but that appears to be cleared up in a subsequent release. However, as a result, Microsoft browsers appear to be flagging the InSpectre website as unsafe. Gibson Research explains:

Windows Defender "SmartScreen" appears to have decided that InSpectre is malware. This also happened briefly after the release of our Never10 utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.

If you'd like to give it a shot, you can download and try InSpectre now from Gibson Research.

Microsoft talks performance impact of Meltdown and Spectre patches on your PC

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • So, Edge now reports the Gibson Research site as unsafe.
  • only the InSpectre webpage
  • I got the same warning - Windows defender flagged it as unsafe
  • This tool sounds questionable. What if its just taking all of this info and storing it in some central repository. I don't get why the PowerShell stuff is so difficult. Just install the module and run Get-SpeculationControlSettings. And the output tells u all u need to know.
  • GRC is trustworthy, but if you're in doubt, you're of course free to use the more cumbersome PowerShell method.
  • I completely trust Gibson. He's been around for years.
  • The PowerShell method does not appear to work in Windows 8.1 and possibly on Windows 7 and XP. This tool does!
  • It does but you have to update PowerShell to the latest version.
  • Great! Another set of instructions?!
  • It's pretty easy to tell if your computer is vulnerable or not. Have you run an update in the last week or so or not. If you haven't, you're at risk, if you have, you've been patched. There is no need to ever install programs like this that show up out of the blue every time a vulnerability is exposed. If there was, MS and Apple and all the other vendors would release it, not some 3rd party you know nothing about.
  • I do agree, but haven't there been some issues with some machines properly installing these updates?
  • Proper mitigation against these vulnerabilities requires more than an OS patch. For Spectre, a CPU microcode update is also needed. Also, if you "know nothing about" Steve Gibson, then maybe you shouldn't be commenting on topics like this.
  • I'm talking about the average person out there who is seeing a headline on yahoo or CNN and scared that they are going to be hacked. The last thing they are going to want to do is install another program they know nothing about. That's if they even hear about it. As I said, if this was necessary, again, for the average user, then MS, Intel and any vendors or companies that could be held liable would release a tool themselves. And come on now, obviously I'm not talking about those of us on here who follow this stuff all day. Get off the high horse, it's making you look small.
  • This exploit has been around for years yet no one has been hacked. Now it's made the news suddenly everyone is paranoid they're gonna get hacked tomorrow. My cpu is 5 years old (4820k) so apart from the Windows patch, I won't get any other fixes for this exploit. There's nothing I can do but I'm sure not worried about it
  • If the average user never hears about this, then what's the issue? But if they do, I'd imagine they'd appreciate a simple utility that can tell whether their computer is vulnerable or not. Also, I'd be very happy if Microsoft, Intel, Apple and others would release official tools to check your computer's status. Like Intel did for the SA-00075 and SA-00086 vulnerabilities. Since they haven't, a third party has stepped up. I'm not on a high horse, I simply don't understand why you're complaining.
  • But MS did release a tool its a very easy to use PowerShell module. Literally open PowerShell run install-speculationcontrol then run get-speculationcontrolsettings. I don't understand why this malicious flagged tool is needed when the steps to check are easy. It's all in the support article:
  • "I don't understand why this malicious flagged tool is needed" To understand why it's needed, you first need to understand that it's not malicious, and is only flagged as such in error. Then, you have to consider that the average user will probably get stuck and give up because they didn't open PowerShell with admin privileges, or copied the commands with the "PS>" prompts, or didn't understand and correctly answer the question to install NuGet, or because it simply looked like too much work to check for something they don't even really comprehend. Don't get me wrong, I love me some PowerShell :) But between the method MS published and a simple utility that I can download and run in 5 seconds that gives me the answer in simple yes/no format, the choice is obvious. Still, if you think having choice is a bad thing...
  • Only complete utter idiots would believe anything from CNN... or even watch it in the first place. Very fake news.
  • Spectre requires a BIOS update to fix. Unless you run an MS surface you won't get the microcode update from Windows update.
  • My biggest problem with this vulnerability is that its not feasible to patch most systems and have the protection enabled (consumer and enterprise). Let's get real most people aren't running the latest hardware so patching and enabling this feature is going to cause a performance loss. I patched my amd machine (8 core black series fx processor) and it killed my performance to the point I had to flip the reg keys to turn off the protection. After that the pc was back to normal operation. As for this tool there are better PS scripts out there that don't flag maliciously like this tool and can be easily ran by a normal end user.
  • I expect the flag is gone soon. It is an error. As for an average user running PS. You made me LOL. The nice thing is this is very user friendly and explains things well.
  • It seems like Spectre wise we will be unprotected for ever! It would be interesting to see how chip manufacturers tackle this exploit in their future products...
    Do they totally redesign the chip structure to completely eliminate Spectre while keeping performance (lots of costs); or keep the design as status quo (lots of profits)?!
  • welp, no spectre update for me. still rocking my dell xps 15 l521x , and dell does not have any bios updates for older laptops...