AskWoody

Dear Microsoft, could you make Edge a little more obnoxious?

So I’m sitting here plunking away on one of my production Win10 version 1909 machines, when a new update appears.

2020-08 Microsoft Edge Update for Windows 10 Version 1909 for x64-based Systems (KB4576754)

I needed to reboot the system – it had been running for almost two days without a reboot (sarcasm alert) – and when Windows came back up for air, Edge appeared full-screen. I tried clicking lots of things, but it wouldn’t disengage. In the end I navigated through a four-screen “tutorial” that, by default, wanted me to log Edge in to my Microsoft Account and oh-so-helpfully retain Edge surfing information to, you know, make my shopping experiences more tailored.

When I finally got through unchecking all of the snoop settings, and closed Edge, it showed this on my Taskbar:

And that didn’t go away until I clicked the “X” in the upper right corner.

It’s entirely possible that Edge is the greatest browser ever – that it’ll make me brighter, more productive and definitely debonair. But it really twists my gizard when an app takes over my machine and forces me through a series of privacy search-and-destroy questions.

I’ve been playing with Edge. I think I’ll give it a pass for a while.

No good deed goes unpunished: Windows XP source code apparently leaked

I’ve heard rumors about this for years, but it looks like the Real McCoy just hit 4chan.

Dan Thorp-Lancaster at Windows Central has the story:

Alleged source code for Windows XP leaked online this week. The leak was spread in a thread on the anonymous forum 4chan, which linked to archives of both the alleged Windows XP source code along with source code for other Microsoft products. Notably, the archive includes the Windows NT 3.5 and original Xbox source code dumps that appeared online in May.

There’s no official confirmation, of course — and lots of reason to be skeptical. Still, folks who know XP at the bit level are impressed.

Lawrence Abrams at BleepingComputer points to tweets by @RoninDay, who claims:

I slept at 4 AM yesterday and got up at 8:30 AM. Now its about to be 2 AM and I just discovered a dump. Life comes to you fast, this amazing healthy lifestyle.

The main concern is that legacy XP code that has found its way into Win7, 8.1 or 10 may be compromised. That seems pretty far-fetched, but still… the sins of the father visited upon the son, and all that.

Patch Lady – make sure your domain controllers are patched

Microsoft is seeing active attacks for the “Zerologon” exploit that could take over a domain.  Note this is not important for home users, only domain controllers in a domain.  If you have not installed the August updates (or September) on your Domain controllers you need to do so as soon as possible.

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.

— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020

Patch Lady – uh best to be on guard while surfing

So I was reading a news story from a web site on my iphone and this popped up.  Others have reported it as well.

In the past it’s been reported that it’s a fail of a google-doubleclick advertisement, but I have enough Reynolds wrap on my head to be on the safe side and to close the browser app on my phone.  I have seen javascript files in banner ads on Windows machines trying to load up malicious payloads.  Therefore I’ll err on the side of caution and close the app.

Let’s be careful out there and remember you can always shut down a device, close a browser, and back yourself out and not click open or download

Get a password-protected ZIP file attachment? Just say “Emotet”

Of course you know that you shouldn’t open file attachments sent via email, without independently verifying with the sender that it’s legit.

And even then, you should think twice.

It looks like Emotet, the malware that delivers TrickBot and Qbot data-stealing software, is on the rise once again. Emotet first appeared in 2014, bounced around for a while, went into hibernation, then returned with a vengeance in 2019. It basically disappeared in February, 2020, but it’s now riding high.

You’re most likely to get infected if you open infected Word files or, increasingly, password-protected ZIPs. Per Catalin Cimpanu at ZDNet:

The Emotet gang operates an email spam infrastructure that it uses to infect end-users with the Emotet trojan. It then uses this initial foothold to deploy other malware, either for its own interest (such as deploying a banking trojan module) or for other cybercrime groups who rent access to infected hosts (such as ransomware gangs, other malware operators such as Trickbot, etc.).

The latest from Cimpanu:

The Emotet crew was hoping for a quick return to full capacity, but its comeback was spoiled and delayed for almost a month by a vigilante who kept hacking into Emotet’s infrastructure and replacing its malware with animated GIFs.

Many times, and especially in large corporate environments, an Emotet infection can turn into a ransomware attack within hours.

Be careful out there. And never, never, never click on an attachment unless you independently confirm with the sender that it’s safe.

Patch Lady – why can’t Surface devices have the BEST experience?

So why can’t Surface devices have the absolute BEST patching experience EVER?

Instead…

After installing driver updates from Intel and Microsoft, offered up to me by Microsoft for a Microsoft built product it demanded that I reenter the bitlocker recovery key.  Surface devices that are set up with either a Microsoft 365 account or a Microsoft personal account have bitlocker set up automatically and backed up to the cloud.  And that’s a good thing because then you need ANOTHER working computer to log into said backup location and type in one key stroke at a time your recovery key hoping it works, mentally thinking about if the backup you have set up ran last time to the tiny external flash drive you have to plug in or if you will be spending tomorrow night rebuilding your Surface Go device.

I had to go to another PC, log into my recovery bitlocker area – this one is a firm Surface Go so it’s backed up in Azure AD

Then, I had to enter the Bitlocker recovery key not once, but twice.  It wanted to reboot, I did, it stopped again wanting the recovery key, I had to enter it a second time.

But it just drives me INSANE that the most hiccups I have is on Microsoft built hardware.

The items that were installed were Surface- System, Surface-Firmware, Intel-System, Intel-Software Component, FTDI-Ports, FTDI-USB.

Come on Microsoft, you need to be better than this on your own hardware.

Surface Go Device.  Purchased December 2019.

Freeware Spotlight — Open-Shell

BEST UTILITIES

By Deanna McElveen

December 3, 2017 — a sad day.

That was when ace developer Ivo Beltchev announced the end of future development on Classic Shell (more info), the wildly popular freeware program that made the Start menus in Win8 and Win10 look and work like the familiar and comfortable Windows 7 menu.

Luckily for all Classic Shell users, a group of talented developers has created the Open-Shell project. They dusted off Classic Shell, rubbed in some polish, and rolled it out as Open-Shell-Menu (aka Open-Shell).

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).

More fixes for a regularly repeating Wi-Fi outage

LANGALIST

By Fred Langa

In my previous column, I discussed techniques for curing an annoying and recurring Wi-Fi failure that appeared on a set schedule.

In this follow-up, I’ll dig into two other possible causes of regular Wi-Fi hiccups: router reboots and IP-address refreshing.

Read the full story in AskWoody Plus Newsletter 17.37.0 (2020-09-21).