1

I have Windows 7 Enterprise SP1 64 bit with an Intel i7-6820HQ (with latest microcode rev 0xC6) and InSpectre #8 says I have both protections, but SLOWER.

Is it because Windows 7 does not use the PCID feature? Which versions do use it?

Pictures:

InSpectre screenshot

PS C:\> Get-SpeculationControlSettings
Speculation control settings for CVE-2017-5715 [branch target injection]
For more information about the output below, please refer to https://support.microsoft.com/en-in/help/4074629

Hardware support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware is vulnerable to speculative store bypass: True
Hardware support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is present: True
Windows OS support for speculative store bypass mitigation is enabled system-wide: False


BTIHardwarePresent                  : True
BTIWindowsSupportPresent            : True
BTIWindowsSupportEnabled            : True
BTIDisabledBySystemPolicy           : False
BTIDisabledByNoHardwareSupport      : False
KVAShadowRequired                   : True
KVAShadowWindowsSupportPresent      : True
KVAShadowWindowsSupportEnabled      : True
KVAShadowPcidEnabled                : False
SSBDWindowsSupportPresent           : True
SSBDHardwareVulnerable              : True
SSBDHardwarePresent                 : True
SSBDWindowsSupportEnabledSystemWide : False

PS: Coreinfo v3.31 confirms the hardware support is there:

PCID            *       Supports PCIDs and settable CR4.PCIDE
INVPCID         *       Supports INVPCID instruction
David Balažic
  • 1,844
  • 3
  • 31
  • 58
  • @Ramhound The Meltdown fix comes with a performance penalty. It is a well known fact and had a gaziliion articles about it in 2018. – David Balažic Jul 11 '18 at 21:16
  • @Ramhound "With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance." [source](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/), "Crystal Disk Mark 6 shows the large impact from the Meltdown and Spectre fix on an Intel Core i7-8550U chip." [source](https://www.pcworld.com/article/3256028/computers/how-to-test-how-much-spectre-and-meltdown-hurt-your-pcs-performance.html) – David Balažic Jul 12 '18 at 07:08
  • @Ramhound "PCID optimization is enabled" is false. I added the data into the question. – David Balažic Jul 12 '18 at 14:42
  • @Ramhound Some patches (e.g. for [Firefox](https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/)) did potentially entail a performance penalty. From that link, "as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox." Reducing precision of a time source will increase latency of any app which makes use of the precision to schedule tasks. – jpaugh Jul 12 '18 at 14:47
  • All my research is on another device. I will submit an answer shortly to your question. – Ramhound Jul 12 '18 at 15:06
  • Many i7 processors will never be fully patched by Intel or Microsoft, my 4th gen i7 will never get patched....https://www.zdnet.com/article/intel-we-now-wont-ever-patch-spectre-variant-2-flaw-in-these-chips/ – Moab Jul 12 '18 at 20:41

0 Answers0