AskWoody

Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • Best way to get all the Group A patches applied

    Posted on December 3rd, 2016 at 13:05 woody 3 comments

    Good question from JC:

    I will appreciate very much your help in the steps I have to do to patch my windows 7×64 Home Premium and office 2007, which last patching update I made was in April 2015.

    Due to aggressive windows 10 campaign, recommendations of experts to stay in windows 7, and lastly, the change from Microsoft in patching left me wait thinking what to do.

    Now I see group A, group B and group W. I think you can only try group A or group W. As almost everybody says is better, in spite of disadvantages, to patch the O.S., I think is better for me to be in group A.

    I think, first I have to manually download the KB’s to speed up the windows update scans, and after I hope to receive the last monthly rollup update from November.

    I look forward hearing from you soon.

    Thanks and best regards.

    I certainly understand why you dropped out of the patching game last year – and think it’ll be very worthwhile to get patched up.

    If you’re in Group A – you don’t mind Microsoft’s snooping – the path to getting patched is remarkably simple (albeit time consuming).

    First, follow the steps to get Windows Update working quickly. You may have to manually download and install one or two patches.

    Then you need to decide if you want the “Recommended” updates or not. That’s a tough call, but if you haven’t hit any problems in the past 18 months, you’re probably just fine without the Recommended updates. On the other hand, if you want all that Microsoft has to give, turn Recommended updates on:  Start > Control Panel > System and Security > Windows Update. Click Change Settings. Check or uncheck the box “Give me recommended updates the same way I receive important updates.”

    Then, just let ‘er rip. Run Windows Update, have it check for updates, don’t change any of the check boxes – if a patch is checked, leave it checked; if it isn’t checked, don’t check it.

    You may have to run Windows Update and reboot a few times, but by the end you’ll have a completely up-to-date machine.

  • Win10 beta builds on hold for UUP

    Posted on December 3rd, 2016 at 08:40 woody 10 comments

    The last beta build for the next version of Win10 (Creators Update/Redstone 2/version 1703 build 14971) was released on Nov. 17, and it was a real snore.

    What’s taking Microsoft so long to get beta builds out?

    Last night – yeah, Friday night – we found out. Dona Sarkar added this update to the Windows 10 Mobile beta release announcement:

    We are getting ready to start releasing PC builds to Insiders using UUP. To prepare for this, we are going to pause all PC builds for both the Fast and Slow rings starting this evening (Friday 12/2). We will begin flighting the latest builds via UUP starting with our internal rings first then to Insiders based on each ring’s promotion criteria. We’re excited to be able to release builds for PC to Insiders using UUP! Mobile builds are not impacted by this.

    The Unified Update Platform, you may recall, is a technology that reduces the amount of data necessary to install a new version of Win10 — for going from version 1511 to 1607, for example. Microsoft says UUP will reduce the download size by 35%. Frankly, that ain’t a big deal for me – after all, we only upgrade a couple times a year, and beta downloads are a pain anyway – but 35% reduction twice a year may be a big deal for you, and reducing the volume of bits rolling out certainly is a big gain for Microsoft.

    Anyway, Dona says we shouldn’t expect any more beta builds until the UUP framework is in place. No idea when that will happen.

    UPDATE: OK, I’m cynical about UUP (see the comments) but /r/jenmsft says the changes are exciting. You can judge for yourself.

  • How Windows 10 data collection trades privacy for security

    Posted on December 2nd, 2016 at 13:56 woody 41 comments

    Excellent article from Fahmida Rashid, in InfoWorld.

    As you read it, keep in mind that Win10 Home and Pro are considered to be “consumer” versions. The snooping protections Fahmida describes are only available with Enterprise Win10.

    In other words, if you aren’t paying for Windows by the month, you’re in the “consumer” category.

  • Thurrott premium subscription 25% off thru January 3

    Posted on December 2nd, 2016 at 07:53 woody No comments

    I sprinkle mention of Paul and Brad’s premium material through many posts here on AskWoody. Paul has just announced a 25% discount on his normal $64/year subscription price – through Jan. 3, a full year is just $48/year.

    Thurrot.com’s premium content is well worth the price of admission – and supporting Paul and Brad is a generally Good Thing to Do.

    Many of you know that I don’t agree with Paul or Brad on some subjects, but it’s important to keep their voices heard, loud and clear. Subscribing is the best way to do that.

  • Sphinx Windows Firewall Control

    Posted on December 1st, 2016 at 20:11 woody 51 comments

    A guest post from Noel Carboni:

    Firewall software is responsible for blocking or allowing network communications.

    A lot of folks who care about security and privacy visit AskWoody.com, so I want to let everyone here know about a good piece of 3rd party firewall software that’s just been released:  Sphinx Windows Firewall Control version 8

    http://www.sphinx-soft.com/Vista/index.html

    Essentially Sphinx Windows Firewall Control offers, for Win 7, 8, and 10 users, the practical ability to set up and manage a “deny outgoing connections by default” configuration.

    The Sphinx Windows Firewall Control application works with the Microsoft-provided Windows Filtering Platform / Base Filtering Engine, where the “dirty work” of actually gating network connections is done.  The filtering platform is a mature, working system component that has been around for a while now.

    Out of the box, Windows of course provides the Windows Advanced Firewall, but in its default configuration it really doesn’t do much to enhance users’ privacy and security, since it allows all outgoing communications by default.  That made some sense when we actually trusted the OS maker to have our backs.  Now…

    Think of the Sphinx Windows Firewall Control software package as a different, better, user interface for managing the firewall configuration on the PC, and in fact it CAN run alongside the Windows Advanced Firewall – there is no coupling between the two – though in practice you really want to just shut off the Windows Advanced Firewall and manage firewall operations entirely with the Sphinx software.  Having both active would just lead to confusion.

    But the really neat part – the thing that’s really special about this new version 8 release – is that the firewall configuration can now be managed using names, not addresses.  That’s very significant.  It changes the effort in setting up and maintaining a firewall configuration from impractical to almost trivial, given today’s networking that’s rich with server banks and content delivery networks (where a given host name can resolve to many different addresses).

    It means, in layman’s terms, that if you want to allow site svc.anksvn.net to be contacted you just enter the name svc.anksvn.netinto a zone rule and you’re done.  You don’t have to figure out that this name can resolve to any of multiple different network addresses and enter them all.  And you don’t have to try to figure out when a new server at a different address is added or one of them is taken offline in the future.

    sphinx-1 I can’t stress enough how much managing the firewall configuration by name simplifies the setup and greatly reduces ongoing maintenance.  It literally changes it from practically impossible to something that can be taken to a very detailed level and still kept up.

    I personally am a control aficionado and have what some would call quite a pedantic setup, where EVERYTHING is controlled to the finest point.  The Sphinx software sets up a workable default configuration, but I’ve developed my own configs completely from scratch.  I’m quite willing to share them if it can be helpful to others to see what I’ve set up.

    I have literally not had to make any changes to my Sphinx firewall configuration in weeks.  It really is possible to develop a practically “set it and forget it” configuration that lets you do normal things without exposing you to new threats.  Some observations, after using this software for quite a while:

    • Seeing what Windows tries to contact in the Events pane of this software gives one a warm feeling of knowing what’s happening on your system.  Logging can be managed by application – meaning you can, for example, log everything your services do online but suppress logging of sites you visit with your browser.  There’s a UI panel for the events (that you can, for example, clear or filter for certain things), and there’s a bona fide geek level log put in a file as well.
    • It offers complex-enough configuration capabilities to set up most of the system to run in a deny-by-default mode, yet some applications (e.g., your browser or Skype) can be set to allow-by-default – with exceptions to both of course.  So, for example, no newly installed program will be allowed to contact online servers until you add a rule to allow it, and conversely your browser can contact previously unvisited websites without any pop-up, yet still be blocked from contacting certain bad ones.
      sphinx-2
    • New / unexpected attempts to make network connections are blocked with a pop-up that has a “horror movie” violin sound effect (which you can change if you like), at which point you can choose to either allow future such attempts or continue to deny them.  What this means is that once you’ve got things initially set up, ongoing maintenance because of changes e.g., installing new software is essentially reactionary.  In this day and age, knowing communications you have NOT allowed ahead of time will NOT succeed is comforting.  This software has your back.
    • There is a rich configuration interface.  A change, for example, to allow or disallow Windows Updates is trivial for me.  I just change the zone assigned to the Host Process for Windows Services (svchost) and it’s done.  Thus no update will occur unless I specifically set the system up to do it.

    sphinx-3

    • Through the Domain Names tab you can set up a list of security servers that are always allowed system-wide (e.g., machines serving the ocsp protocol that your system contacts when verifying code signing certificates, etc.).  You can also set up a list of servers that are never allowed system-wide.
      sphinx-4

    sphinx-5

    • Getting an indication of when an unapproved connection is attempted, by what application, and to what server, is very valuable in learning what needs to be reconfigured or tweaked via registry settings to make a system more private.  Do that for a while and you end up with a Windows system that doesn’t even try to spill the beans.
    • No matter what rules a software installer (e.g., a telemetry update) might try to add to the Windows Advanced Firewall they don’t affect the Sphinx Windows Firewall Control configuration, so you’re still in complete charge of what is being allowed or denied.

    I have been working closely with the author all through the beta testing period of the name-based software, and I have run the package through all kinds of harsh tests.  He’s a smart, careful engineer who has been very responsive to feedback.  As a result, the software really works.  I use the Network/Cloud edition on all my systems.

    I am not associated commercially with this product in any way.  The only connection I have is that I have been a beta tester all through the development of version 8 and some time before that.

    Noel Carboni

  • New $3,000 + Surface Studio in the real world

    Posted on December 1st, 2016 at 12:42 woody 6 comments

    If you’re thinking about buying one of the just-shipped $3,000+ Surface Studios, it’d be worth your while to see what “real” people are saying about it.

    I don’t own one. I can think of better ways to spend several thousand dollars – and Microsoft isn’t likely to send one to me for evaluation.

    Engadget’s hands-on “Mini” review is out, and their take is decidedly lukewarm:

    Innovative, but not for everyone…

    If you’re curious about the innards, iFixIt has detailed teardowns of the Surface Studio and its circuitous sidekick the Surface Dial.

    You can run into a Microsoft Store and take a look yourself, but before you do, you should see what new owners are saying.

    My first exposure to the Surface Studio came on this week’s live recording of Windows Weekly. Leo Laporte received his new Studio on Monday, and the way he’s working with it is telling. Some of the foibles got cut in the mix, but the machine has many good features – gorgeous screen, interesting peripheral – and several significant problems – it’s slow (with a mobile GPU) and the drive’s a hybrid. If you look at the way Leo uses it and compare it to the way you work, you might not be impressed. “It’s like a giant iPad.” Think hard about where you’d put your keyboard.

    Then I bumped into this comment on the Microsoft Answers forum. Poster Damon S says:

    Dissapointing performance and hard drive for $4100… I love the idea of the machine but do i now want to go find a way to replace the HD with an SSD and then spend a day reinstalling windows and all the other drivers needed and spend another $500 on a $4k plus computer is daunting.

    Photographer Scott Bourne on Photofocus says the reflections on the screen are so bad “it’s a simple deal breaker for me. As much as I like EVERYTHING else about this machine (okay well maybe not the price) I can’t see myself using one until / unless Microsoft offers one with a matte display.”

    The Surface Studio ships with a tech support phone number, which appears to be unique for Studio support – see Brad Sams post on Thurrott.com – although some wags posit that the number’s answered by Microsoft’s usual support center.

    Watch out for Acer- and Dell- manufactured Studio wannabes in the near future.

  • Win10 usage nudges upward slightly, but IE and Edge keep tumbling

    Posted on December 1st, 2016 at 07:45 woody 57 comments

    asymco-pc-decline

    The stats are in, and they ain’t pretty.

    InfoWorld Woody on Windows

  • Looking for AskWoody Lounge Insiders

    Posted on December 1st, 2016 at 07:24 woody 6 comments

    Hey, if Microsoft can have millions of unpaid beta testers, I can look for “Insiders,” too, eh? 🙂

    The AskWoody Lounge web site team is a couple of weeks away from having a prototype up and working. When the prototype is ready, I’d like to enlist a few of you as beta testers, to make sure the whole house of cards doesn’t collapse on the first day.

    The Lounge appendage is pretty simple, really. When I post a new blog, the web site automatically generates a “Topic” in the Lounge, then creates links back and forth between the blog post and the Topic. That Topic joins other Topics in the Lounge, and folks can post in a forum-style setting.

    Commenters in the Lounge can either be registered – and their comments are posted immediately – or they can post as “Anonymous,” in which case I moderate the post before it appears.

    My first effort will be getting that back-and-forth mechanism working. After that base is working, we can start populating the Lounge with new Forums, adding new Topics to each.

    Would you be interested in giving it a try? If so, drop me a line, woody@askwoody.com . Let me know if you’d like to sign up for a registered account, or if you’d like to post anonymously.

    When we’re ready to take ‘er out for a test drive, I’ll let you know. Sorry, no Ninja Cats….