Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • Thurrott premium subscription 25% off thru January 3

    Posted on December 2nd, 2016 at 07:53 woody No comments

    I sprinkle mention of Paul and Brad’s premium material through many posts here on AskWoody. Paul has just announced a 25% discount on his normal $64/year subscription price – through Jan. 3, a full year is just $48/year.’s premium content is well worth the price of admission – and supporting Paul and Brad is a generally Good Thing to Do.

    Many of you know that I don’t agree with Paul or Brad on some subjects, but it’s important to keep their voices heard, loud and clear. Subscribing is the best way to do that.

  • Sphinx Windows Firewall Control

    Posted on December 1st, 2016 at 20:11 woody 22 comments

    A guest post from Noel Carboni:

    Firewall software is responsible for blocking or allowing network communications.

    A lot of folks who care about security and privacy visit, so I want to let everyone here know about a good piece of 3rd party firewall software that’s just been released:  Sphinx Windows Firewall Control version 8

    Essentially Sphinx Windows Firewall Control offers, for Win 7, 8, and 10 users, the practical ability to set up and manage a “deny outgoing connections by default” configuration.

    The Sphinx Windows Firewall Control application works with the Microsoft-provided Windows Filtering Platform / Base Filtering Engine, where the “dirty work” of actually gating network connections is done.  The filtering platform is a mature, working system component that has been around for a while now.

    Out of the box, Windows of course provides the Windows Advanced Firewall, but in its default configuration it really doesn’t do much to enhance users’ privacy and security, since it allows all outgoing communications by default.  That made some sense when we actually trusted the OS maker to have our backs.  Now…

    Think of the Sphinx Windows Firewall Control software package as a different, better, user interface for managing the firewall configuration on the PC, and in fact it CAN run alongside the Windows Advanced Firewall – there is no coupling between the two – though in practice you really want to just shut off the Windows Advanced Firewall and manage firewall operations entirely with the Sphinx software.  Having both active would just lead to confusion.

    But the really neat part – the thing that’s really special about this new version 8 release – is that the firewall configuration can now be managed using names, not addresses.  That’s very significant.  It changes the effort in setting up and maintaining a firewall configuration from impractical to almost trivial, given today’s networking that’s rich with server banks and content delivery networks (where a given host name can resolve to many different addresses).

    It means, in layman’s terms, that if you want to allow site to be contacted you just enter the name svc.anksvn.netinto a zone rule and you’re done.  You don’t have to figure out that this name can resolve to any of multiple different network addresses and enter them all.  And you don’t have to try to figure out when a new server at a different address is added or one of them is taken offline in the future.

    sphinx-1 I can’t stress enough how much managing the firewall configuration by name simplifies the setup and greatly reduces ongoing maintenance.  It literally changes it from practically impossible to something that can be taken to a very detailed level and still kept up.

    I personally am a control aficionado and have what some would call quite a pedantic setup, where EVERYTHING is controlled to the finest point.  The Sphinx software sets up a workable default configuration, but I’ve developed my own configs completely from scratch.  I’m quite willing to share them if it can be helpful to others to see what I’ve set up.

    I have literally not had to make any changes to my Sphinx firewall configuration in weeks.  It really is possible to develop a practically “set it and forget it” configuration that lets you do normal things without exposing you to new threats.  Some observations, after using this software for quite a while:

    • Seeing what Windows tries to contact in the Events pane of this software gives one a warm feeling of knowing what’s happening on your system.  Logging can be managed by application – meaning you can, for example, log everything your services do online but suppress logging of sites you visit with your browser.  There’s a UI panel for the events (that you can, for example, clear or filter for certain things), and there’s a bona fide geek level log put in a file as well.
    • It offers complex-enough configuration capabilities to set up most of the system to run in a deny-by-default mode, yet some applications (e.g., your browser or Skype) can be set to allow-by-default – with exceptions to both of course.  So, for example, no newly installed program will be allowed to contact online servers until you add a rule to allow it, and conversely your browser can contact previously unvisited websites without any pop-up, yet still be blocked from contacting certain bad ones.
    • New / unexpected attempts to make network connections are blocked with a pop-up that has a “horror movie” violin sound effect (which you can change if you like), at which point you can choose to either allow future such attempts or continue to deny them.  What this means is that once you’ve got things initially set up, ongoing maintenance because of changes e.g., installing new software is essentially reactionary.  In this day and age, knowing communications you have NOT allowed ahead of time will NOT succeed is comforting.  This software has your back.
    • There is a rich configuration interface.  A change, for example, to allow or disallow Windows Updates is trivial for me.  I just change the zone assigned to the Host Process for Windows Services (svchost) and it’s done.  Thus no update will occur unless I specifically set the system up to do it.


    • Through the Domain Names tab you can set up a list of security servers that are always allowed system-wide (e.g., machines serving the ocsp protocol that your system contacts when verifying code signing certificates, etc.).  You can also set up a list of servers that are never allowed system-wide.


    • Getting an indication of when an unapproved connection is attempted, by what application, and to what server, is very valuable in learning what needs to be reconfigured or tweaked via registry settings to make a system more private.  Do that for a while and you end up with a Windows system that doesn’t even try to spill the beans.
    • No matter what rules a software installer (e.g., a telemetry update) might try to add to the Windows Advanced Firewall they don’t affect the Sphinx Windows Firewall Control configuration, so you’re still in complete charge of what is being allowed or denied.

    I have been working closely with the author all through the beta testing period of the name-based software, and I have run the package through all kinds of harsh tests.  He’s a smart, careful engineer who has been very responsive to feedback.  As a result, the software really works.  I use the Network/Cloud edition on all my systems.

    I am not associated commercially with this product in any way.  The only connection I have is that I have been a beta tester all through the development of version 8 and some time before that.

    Noel Carboni

  • New $3,000 + Surface Studio in the real world

    Posted on December 1st, 2016 at 12:42 woody 5 comments

    If you’re thinking about buying one of the just-shipped $3,000+ Surface Studios, it’d be worth your while to see what “real” people are saying about it.

    I don’t own one. I can think of better ways to spend several thousand dollars – and Microsoft isn’t likely to send one to me for evaluation.

    Engadget’s hands-on “Mini” review is out, and their take is decidedly lukewarm:

    Innovative, but not for everyone…

    If you’re curious about the innards, iFixIt has detailed teardowns of the Surface Studio and its circuitous sidekick the Surface Dial.

    You can run into a Microsoft Store and take a look yourself, but before you do, you should see what new owners are saying.

    My first exposure to the Surface Studio came on this week’s live recording of Windows Weekly. Leo Laporte received his new Studio on Monday, and the way he’s working with it is telling. Some of the foibles got cut in the mix, but the machine has many good features – gorgeous screen, interesting peripheral – and several significant problems – it’s slow (with a mobile GPU) and the drive’s a hybrid. If you look at the way Leo uses it and compare it to the way you work, you might not be impressed. “It’s like a giant iPad.” Think hard about where you’d put your keyboard.

    Then I bumped into this comment on the Microsoft Answers forum. Poster Damon S says:

    Dissapointing performance and hard drive for $4100… I love the idea of the machine but do i now want to go find a way to replace the HD with an SSD and then spend a day reinstalling windows and all the other drivers needed and spend another $500 on a $4k plus computer is daunting.

    Photographer Scott Bourne on Photofocus says the reflections on the screen are so bad “it’s a simple deal breaker for me. As much as I like EVERYTHING else about this machine (okay well maybe not the price) I can’t see myself using one until / unless Microsoft offers one with a matte display.”

    The Surface Studio ships with a tech support phone number, which appears to be unique for Studio support – see Brad Sams post on – although some wags posit that the number’s answered by Microsoft’s usual support center.

    Watch out for Acer- and Dell- manufactured Studio wannabes in the near future.

  • Win10 usage nudges upward slightly, but IE and Edge keep tumbling

    Posted on December 1st, 2016 at 07:45 woody 42 comments


    The stats are in, and they ain’t pretty.

    InfoWorld Woody on Windows

  • Looking for AskWoody Lounge Insiders

    Posted on December 1st, 2016 at 07:24 woody 6 comments

    Hey, if Microsoft can have millions of unpaid beta testers, I can look for “Insiders,” too, eh? 🙂

    The AskWoody Lounge web site team is a couple of weeks away from having a prototype up and working. When the prototype is ready, I’d like to enlist a few of you as beta testers, to make sure the whole house of cards doesn’t collapse on the first day.

    The Lounge appendage is pretty simple, really. When I post a new blog, the web site automatically generates a “Topic” in the Lounge, then creates links back and forth between the blog post and the Topic. That Topic joins other Topics in the Lounge, and folks can post in a forum-style setting.

    Commenters in the Lounge can either be registered – and their comments are posted immediately – or they can post as “Anonymous,” in which case I moderate the post before it appears.

    My first effort will be getting that back-and-forth mechanism working. After that base is working, we can start populating the Lounge with new Forums, adding new Topics to each.

    Would you be interested in giving it a try? If so, drop me a line, . Let me know if you’d like to sign up for a registered account, or if you’d like to post anonymously.

    When we’re ready to take ‘er out for a test drive, I’ll let you know. Sorry, no Ninja Cats….

  • So what’s Joe Belfiore up to?

    Posted on November 30th, 2016 at 13:34 woody 44 comments

    Just a bit of idle speculation….

    I finished re-reading Paul Thurrott’s article about the future of the Windows Insider Program. It’s a good article, vetted by Microsoft, that shows how the Insider Program grew and will continue to grow. (Although, notably, neither he nor Microsoft address my six key problems with the Insider Program.)

    The story is so well-liked inside Microsoft that Gabe Aul, Dona Sarkar and Frank X. Shaw have all tweeted their approval.

    Anyway, that article has me wondering if Joe Belfiore is on tap to head up a re-designed Insider Program – or perhaps to lead a group inside Microsoft, reporting to Terry Myerson, that encompasses the Insider Program.

    Joe took a one-year leave of absence in Oct. 2015, but he’s been back on campus since early September. So far, there hasn’t been  a word about what he’s up to.

    As one of the most admired and genuinely liked people in the company, his next assignment should speak volumes about Microsoft’s intentions for Windows.

    FURTHER RUMINATIONS: So Microsoft Security Essentials now has a preview. What if Microsoft combined all of its Insider Programs – Windows (which is actually two different Insider Programs, one that does “previews”), Office, Visual Studio, Xbox (renamed Nov. 7), Skype (established Nov. 9), and who-knows-what-all. JoeB in charge. The products span all of Microsoft, but the Insider functions are quite similar. Sounds like a winner to me.

    UPDATE: JoeB’s trip to the dark side. Brad Sams at has just unveiled what Joe will be up to:

    Joe will be running the consumer-focused Windows Shell and will be reporting to Terry Myerson; his objective will be to find new ways to make money with Windows 10 as the traditional licensing model of the OS goes away, especially in the lower-priced segment.

    And that speaks volumes about Microsoft’s intentions for Windows.

  • There’s that Win10 “400 million” number again

    Posted on November 30th, 2016 at 10:55 woody 11 comments

    Microsoft’s having its annual Shareholder Meeting at the moment. Amy Hood mentioned 400 million active Win10 devices. Now there’s a demo (I missed the name of the presenter, sorry) that again repeats the 400 million number.

    Tomorrow we’ll see the monthly reports on Windows usage from NetMarketshare and StatCounter. I wonder if we’re going to see another disappointing month?

    On Sept. 26, at Ignite, Microsoft announced Win10 was running on 400 million “monthly active devices.” On July 15, the number was 350 million.

    Is it possible that Win10 adoption has been nearly static for the past two months? Or are we looking at roundoff errors – a reticence to spill all the beans?

    With something like 20 million new PCs being sold every month, and Win10 coming along for the ride on most machines, you have to ask where all the Win10 users (er, monthly active devices) are going.

    A month ago, Terry Myerson referred to “the billion people, all around the world, using Windows” — in spite of Microsoft’s claim, for many years, which pegged the number of Windows users at 1.5 billion.

    I wonder what’s ahead tomorrow…

  • Beeping bug reported with Surface Dial on Surface Book

    Posted on November 30th, 2016 at 06:09 woody No comments

    If you own a Microsoft Surface Book, and you’ve been thinking about buying a new Surface Dial, be aware that at least two people have reported “beep” bugs.

    On the Microsoft Answers forum, Paulruswalrus says:

    I just received a Surface Dial and was disappointed to find out that whenever I try to use the scroll function, it causes my Surface Book to beep non-stop.  It sounds like a keyboard buffer overflow-type beeping.

    Poster dmd0822 gives more details:

    I see it in any app with scrolling, Edge. Grove, News. Doesn’t do it when working on volume control. It also doesn’t do it in the Sketchable app when working with the radial menues

    I haven’t seen other reports of incompatibilities… yet.