Posted on February 26th, 2017 at 06:28 Comment on the AskWoody Lounge
If you buy a Windows key from Amazon or Newegg, or some reputable supplier, you’re going to get the real thing.
But what about the companies that’ll sell you a Win10 key for $20 or $30?
There’s an interesting, informed discussion going on Reddit on precisely that topic. Have a look.
Posted on February 25th, 2017 at 13:59 Comment on the AskWoody Lounge
As @Kirsty noted over in the Code Red forum yesterday, Cloudflare has reported a security problem with their servers which led to leaked information for many Cloudflare customers.
There’s no need to be concerned about your AskWoody info getting compromised.
We currently use Cloudflare to speed up internet access, but we didn’t set that up until after the Cloudflare bug was fixed. As a result, you can see on the NowSecure breach list, AskWoody.com is not listed as one of the affected sites.
Even if we had been affected by the Cloudflare problem, the amount of data stored on this site is minuscule. We have your user name and email address, a five-time-hashed and salted one-way encrypted version of your password, the date and time of your last forum activity, a list of any “Subscribed” topics, and an indication of whether you’re a Lounger or not. That’s it.
Your privacy is very important to me.
Posted on February 25th, 2017 at 07:44 Comment on the AskWoody Lounge
Here’s a question I’ve heard in various versions over the past six months. From a tweet by @Ladyfirst:
Just wondering if 8.1 users are protected from KB2976978 by still having GWX Control Panel installed?
There’s an analogous question for 7 users and KB 2952664. Like two bad pennies, they both re-appeared in Windows Update earlier this week.
Short answer: No.
Longer answer: You don’t need to worry about the “Get Windows 10” campaign any more. Microsoft discontinued it on July 29, 2016. Although the upgrade from Win7 to Win10 and Win8.1 to Win10 is still free, Microsoft isn’t pushing the upgrade down your throat. You won’t see any “Get Windows 10” icons or dubious dialogs about installing it.
If you have GWX Control Panel installed, you can uninstall it. Josh Mayfield’s excellent utility flips some bits in the registry that block Microsoft’s intrusive “Get Windows 10” push. GWX Control Panel doesn’t do anything to block snooping associated with KB 2952664, KB 2976978.
Microsoft may restart the “Get Windows 10” campaign at some point, although it’s highly unlikely we’ll see a rematch of the 2015-2016 year-long debacle. I fully expect Microsoft to publicly acknowledge that the upgrade’s still free – the nod-nod-wink-wink thing is a bit beneath them. But if there’s a renewed push to get Win7 users to Win10, it’ll likely come with much more carrot, and much less stick. Cooler heads now prevail in Redmond. Right, Joe?
If you need to protect your Win7 or 8.1 system from some future upgrade shenanigans, I’ll be screaming from the rooftops, right here and in InfoWorld – much as we did with the original GWX campaign.
In the meantime, though, GWX Control Panel doesn’t do anything.
Posted on February 24th, 2017 at 15:54 Comment on the AskWoody Lounge
I didn’t see this one coming.
If you have a volume license, you can stick LTSB – the version of Win10 that’ll be supported for ten years – on your current computers. But when you get new computers, or replace the old ones, you have to use the latest LTSB version.
So far we’ve had two LTSB versions, the so-called LTSB 2015 (which is just the original, RTM version of Win10) and LTSB 2016 (which is the 1607 “Anniversary Update” version).
Excellent article by Gregg Keizer in Computerworld on the ramifications.
Posted on February 24th, 2017 at 12:41 Comment on the AskWoody Lounge
I’m downloading it now.
Posted on February 24th, 2017 at 08:40 Comment on the AskWoody Lounge
I’m as skeptical as the next guy – moreso, actually – but I’m impressed by the security enhancements planned for the next version of Edge.
Matt Miller has an overview here.
Part 2 should be out shortly.
Long and short of it:
Most modern browser exploits attempt to transform a memory safety vulnerability into a method of running arbitrary native code on a target device. This technique is prevalent because it provides the path of least resistance for attackers by enabling them to flexibly and uniformly stage each phase of their attack. For defenders, preventing arbitrary native code execution is desirable because it can substantially limit an attacker’s range of freedom without requiring prior knowledge of a vulnerability. To this end, Microsoft Edge in the Creators Update of Windows 10 leverages Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to help break the most universal primitive found in modern web browser exploits: loading malicious code into memory.
I don’t know how quickly the bad guys will be able to break CIG and ACG, but if they hold up as long as ASLR, it’ll be a significant improvement.
Posted on February 23rd, 2017 at 16:01 Comment on the AskWoody Lounge
A meticulous, in-depth comparison of the three Office apps on the iPad – and some real insight into whether an iPad is “good enough” for most Windows users.
Galen Gruman on InfoWorld.
Posted on February 23rd, 2017 at 12:28 Comment on the AskWoody Lounge
We just upgraded the site to PHP 7, and it looks like the MS-DEFCON banner at the top of the page took a hit.
We’re still at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.