I'd like some more technical details on what exactly InSpectre does (specifically for the Meltdown patch). e.g. Does it just flip a registry key? Rewrite a microcode patch somewhere? Couldn't find an explanation in the software (even under Show Tech Details) or on their site; could you point me to it?
Also, do all the major browsers now have their own mitigations built in?
Answering my own Question #1: Looks like it sets values for FeatureSettingsOverride and FeatureSettingsOverrideMask under the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" registry key.
FeatureSettingsOverride is a bit field where bit 0 controls the mitigation for CVE-2017-5715 (Spectre) and bit 1 controls it for CVE-2017-5754 (Meltdown). If the bit value is 0 the corresponding mitigation is enabled, if 1 it's disabled. FeatureSettingsOverrideMask is simply a mask to control which bits of FeatureSettingsOverride to apply. So, for example, FeatureSettingsOverride = 2 and FeatureSettingsOverrideMask = 3 would enable the Spectre mitigation (if available) and disable the Meltdown one.
For anyone considering whether to disable these for desktop performance, I tried to do some research on how much it helps, at least for my workload. From what I was able to read, for gaming, the performance differences are negligible. There also seems to be some indication that disabling mitigations is also harmful to performance on more recent CPUs, since more and more of the mitigations are being baked into the silicon.
Also, do all the major browsers now have their own mitigations built in?