AskWoody

Reviews of the Surface Pro 6 and the Surface Laptop 2

The embargo must’ve been lifted overnight. You can see reviews all over the web.

Bottom line:

Surface Pro 6 is a little faster that the “Surface Pro (2017)” but not that much. i5, 8GB RAM, 256 GB and a keyboard for about $ 1,350.

Surface Laptop 2 is a little faster than the Surface Laptop (1) but not that much. i5, 8GB RAM, 256 GB storage for $1,300.

No USB-C.

Compare with any Chromebook for a small fraction of the price. The ultimate Chromebook, the Google Pixelbook with i5, 8GB RAM, 128 GB storage runs half the price. Admittedly the Pixelbook lacks some key Surface features: Bluescreens, bugs, malware, slow reboots.

Disclaimer: Unless it isn’t patently obvious, no, I’ve never held either a Surface Pro 6 or Laptop 2 in my hands. This isn’t a review. I wasn’t under embargo. Microsoft didn’t give me a test machine.

But I have held a Pixelbook. In fact, my son still uses my original Pixelbook almost every day. Built like a brick spithouse.

Phone scam: Win7 license is “about to expire”

Fascinating story/question from JW:

I’m writing in reference to what my wife & I believe to be a phone scam related to the upcoming termination of Microsoft support for Windows 7. We have now received two phone calls (several weeks apart), from someone claiming to represent Microsoft, informing us that our Win7 license is about to expire, and that we must pay a fee by phone (credit card) in order to continue to use the software beyond a certain date (which has changed with each call). This strikes us as being illegitimate and a scam to get money and our credit card info. Have you heard of this previously and do you agree this is likely an illegitimate request? Is there some useful action we might take other than sharing this with you.

No question it’s illegitimate.

It’s also the first time I’ve heard this one.

As Win7 approaches end of life (14 months to go!) I expect we’ll hear more variations on this theme.

Patch Lady – 31 days of Paranoia – Day 15

We’re on the 15th day of our travels through paranoia and on the day that Paul Allen, one of the founders of Microsoft passed away, I’m touching on the next big disruptor that the Microsoft company is increasingly implementing:  That of cloud services.

Paul Allen and Bill Gates took mainframe computers from locked away in a freezing room only accessible by the few to where nearly everyone has more power in their desktop and laptop than the old mainframes used to have.  The next disruptor is cloud services.  Especially for small firms, my biggest fear for small businesses that rely on cloud computing is that we won’t get solid guidance on how best to secure and deploy cloud services.

Too often people see cloud services as easy to set up, and they are, but they don’t take the time to think about security.  I have personally seen where users of cloud services will often share credentials to another person without thinking of the risk of sharing credentials.  I’ve seen where consultants can misconfigure settings or – as often seen in big cloud breaches – leave files in cloud locations and not set the file security properly.

There’s a lot of good things about cloud services.  And then there’s a lot of risks to cloud services.  Always ask and check on how easy it is move FROM a cloud provider, check on the encryption status, check on the backup status.  And these days I’m seeing more and more vendors providing cloud backup solutions to give users more granular options in restoring files saved in the cloud.

So read those end user license agreements, and ask questions of your vendors before you sign up.

Patch Lady – 7 Metadata problems

Patch Lady here – I patch over the weekend at my firm and normally the 7’s install their patches and go along their merry way.  But not this weekend.

I came in this morning and none of my 7’s had installed KB3177467, nor have their received their October security update because the October security update depends on the installation of KB3177467.

Mind you I installed KB3177467 BACK IN NOVEMBER OF 2016.  So it’s already ON my machines.

Bottom line metadata and patch dependency is totally screwed up on Windows 7 platform and because of that the October security updates detection are screwed up.

Microsoft seems to have pulled the October Win7 Monthly Rollup from Windows Update

Reliability. That’s what we need.

If you’re looking for the Win7 Monthly Rollup, using Windows Update, you probably won’t find it.

Computerworld Woody on Windows.

Microsoft posts official fixes for the bad HP keyboard driver bluescreen, and the bad Intel audio driver

I don’t know why anybody would trust Microsoft to push drivers onto their machines.

At least this time they’ve ‘fessed up and provided a couple of fixes. If you can get your machine to boot, that is.

Computerworld Woody on Windows.

Patch Lady – 31 days of Paranoia – Day 14

If you have a bit of time on your hands, take a stroll through the FBI’s most wanted for Cyber security attacks.  You’ll find Russian hackers targeting our elections as well as one gentleman who

is allegedly a North Korean computer programmer who is part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history, including the cyber attack on Sony Pictures Entertainment, a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars, and the WannaCry ransomware attack that affected tens of thousands of computer systems across the globe.

 

Park was alleged to be a participant in a wide-ranging criminal conspiracy undertaken by a group of hackers employed by a company that was operated by the North Korean government.  The front company – Chosun Expo Joint Venture, also known as Korea Expo Joint Venture – was affiliated with Lab 110, one of the North Korean government’s hacking organizations.  That hacking group is what some private cybersecurity researchers have labeled the “Lazarus Group.”  On June 8, 2018, a federal arrest warrant was issued for Park Jin Hyok in the United States District Court, Central District of California, after he was charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud (computer intrusion).

The NHS was impacted to an estimated 92 million pounds (assuming I have my monetary naming correct).  The disturbing concern of WannaCry was that most were impacted by the ransomware attack due to the fact that they had not installed updates to protect from the Eternal Blue exploit.  The patch was available but many had not yet installed it for various reasons.

Yet today we are in a position where many are concerned to patch as well.  Vendor drivers were inadvertently pushed out this week causing some to lose audio (1) and blaming patching as the root cause.  This is now the second such driver related issues with this month’s patching (Woody already posted about the first).  This still gets back to a root cause of loss of trust.  If we cannot trust our vendors, we will place ourselves in a position where cyber villains can get to us.

(1)https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109
Earlier this week, Intel unintentionally released version 9.21.00.3755 of the Intel Smart Sound Technology (ISST) Driver through Windows Update, and inadvertently offered it to a range of devices running Window 10 version 1803 or 1809. If your device contained a compatible audio driver, the new driver overrode it and caused audio to stop working.

The most recent Servicing Stack Updates

For those of you wondering whether you have the latest version of the Windows Update Servicing Stack — the part of Windows Update that actually does the update — @Karl_F1_Fan kindly sent me this list.

(For those of you who update through Windows Update, this list is mostly educational. For those who install updates manually, remember that you need to have the latest SSU before you install a Monthly Rollup or a Cumulative Update.)

As of Oct. 14:

Win7 / 2008 R2: install order is important#1 KB3177467. #2 KB3172605

Win 8.1/2012 R2: KB3173424

Win 10

1507: KB4132216 (only Special machines no public deploy)

1511: KB4035632

1607: KB4132216

1703: KB4132649

1709: KB4339420

1803: KB4456655

1809: KB4465477

The Win7 SSU was announced to be re-released as Security update rather than previous optional update because it was a prerequisite for 09-2018, as I’ve heard. Imho the XP based terminology of “optional” updates is flawed as any update fixes either bugs or security issues.

The Win7/2008R2 SSU patches will fix an issue that causes Windows to search for updates endlessly, back then in 2016 they needed 2-3 attempts to fix it with no side effects 🙂 same issue still persists in Vista/2008 Server and never got addressed.

Personally, I’d take issue with the statement “any update fixes either bugs or security issues,” but that’s a nit. I guess it depends on what you mean by a “bug.” Nevermind.

Thanks, Karl!