PCA Forums

I revisited this a couple of weeks ago, when Steve Gibson mentioned on his podcast that studies show the performance hit from Spectre & Meltdown mitigations is even worse than Intel first thought, and that so far no one has seen any of these exploits used in the wild.

Moreover, as I said when this first came to light, these mitigations are really pointless on a home PC: if some malware gets into your PC, it would be wasting it's time going through the trouble of using a Spectre based attack to steal data from you, when there's so many other easier ways to do so.

Spectre and Meltdown are really only an attack that's useful on a server running multiple Virtual Machines (VMs). So for example, if I got some malware into one VM on a server because the owner was careless, I could use a Spectre attack to steal data from another VM on the same server, owned by someone else.

That's a data center issue, but it really isn't a threat model for a home PC, a gaming PC, or even a small business office PC.

By now, Microsoft has installed updates that mitigate Spectre and Meltdown on Windows PCs, so we're all taking some kind of performance hit (how much depends on your CPU generation).

I have decided that I don't need or want these mitigations, so this week I used Steve Gibson's InSpectre utility to disable them on all my PCs: https://www.grc.com/inspectre.htm

At this point I can comfortably recommend this for anyone who is a regular user. Let the data center admins worry about this.

Oh No! I'm running ESXi at home with various VMs. I'm in danger!!

No matter what I do, it keeps coming back with all "Yes". Doesn't disable. Hmmmmm

You have to reboot to make it stick since all you're doing is changing a toggle in the registry.

You running it as an admin? Even if your user is admin I think you may still have to right-click and "Run as admin" although it SHOULD tell you if you're not running as admin.

Yeah, I ran it as an admin. I didn't reboot though. I just reloaded the registry. I'll check again.

I disabled it on this Dell E6540 running 10. Seems to make a difference from what I'm seeing.

OK. Now that I booted up again, one of them is disabled. I know I clicked a few times last time, so I prob turned the other back on. LOL

Yeah. Click each of the two buttons, and each button should switch from "Disable" to "Enable" which means it's off, then reboot for it to take effect and show you the results.

FYI, you might want to run the latest version of Inpectre and make sure that Meltdown and Spectre mitigations are still disabled if you want them disabled. I found two of my PCs has re-enabled one or the other. Probably an update.

As I've said before there is absolutely no reason to enable them on a workstation or gaming PC. This is only an issue for servers running in a VM. You don't want a hacked server on one VM stealing credentials or data from a server on another VM on the same box.