AskWoody

Microsoft may be dodging coerced Win10 1803 upgrades on machines running Avast

Although the proclamation doesn’t come from official sources, a mod on the Avast forum says MS has stopped 1803 upgrades on machines running Avast antivirus.

Which may be a good reason to install Avast, eh?

Computerworld Woody on Windows.

A note about the “new” Spectre NG revelations

Several of you have pinged me about the Spectre NG (variously, Specter V4, Spectre V4, Specter-NG, and enough alternatives to make Google search interesting) posts by Microsoft and Intel earlier this week.

We talked about those bad boys on May 3, when Günter Born posted his first exploration of the problems and their fleeting solutions. Born has since updated his exploration with a further discussion of the mysteries surrounding Microsoft’s patches — which are horribly documented, as usual.

Microsoft has posted two Security Advisories, ADV180012 (for CVE-2018-3639) and ADV180013 (for CVE-2018-3640) that deal with related problems. The first Advisory says that Microsoft doesn’t have any idea which versions of Windows (or Azure) are affected. The second Advisory says that Surface machines are affected, but there’s no fix right now.

Intel has a good overview of the “side-channel analysis” problems, which says that Intel anticipated the problem, increased its bug bounty, and:

We’ve already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks.

Which should send a chill down the spine of anyone who’s had to deal with the earlier Meltdown, Spectre V1, V2, and V3 fire drills.

@Kirsty has been following the latest developments in our Code Red forum. She points to excellent articles by Catalin Cimpanu, Steven Vaughan-Nichols and Martin Brinkmann.

Big open question: How much more performance will the new mitigations consume?

Noel Carboni has a key observation:

It strikes me again and again that “Spectre” and “Meltdown” are first and foremost tools to manipulate the masses, used by those trying to make money in “security”.

Nailed it.

I’m not saying that Microsoft, Intel, AMD, Qualcomm and others had a hand in bringing down the Meltdown/Spectre curtain. I am saying they stand to make a whole lotta money out of it, and added publicity doesn’t hurt one whit.

Oh. And it should go without saying that we haven’t yet seen one, single, solitary Meltdown or Spectre exploit in general use.

Avast and AVG blamed for bad Win10 version 1803 upgrades

On Reddit, ugcm says:

Multiple users between Sunday, May 20 and Monday, May 21 have reported receiving a request to “restart and install updates” in Windows 10. This update appears to be the Windows 10 April 2018 update, also known as “1803”. Upon restarting, the computer boots to a blue screen asking the user to choose a keyboard language. After doing so, they are taken to another blue screen with three options to continue “booting” to:

Windows Rollback

Windows 10 on Volume [x]

Windows 10 on Volume [x]

The lower two options are identical.

If the user chooses the top option, the computer will restart. If the user chooses either of the latter two options, Windows will appear to boot, but end up on a blank, black desktop with no icons, and an error message that the Desktop file could not be accessed.

Following, there’s the usual Reddit tirade about Avast, AVG, Win10, 1803, and the phase of the moon. But it sounds like they’re on to a real, live problem.

Anybody else seeing this?

Have you seen this? Win10 1803 error: “C:\…\systemprofile\Desktop is not available” and an empty desktop

I’m seeing more and more reports of people who are upgrading to Win10 1803 and end up with an error message that dates back to 2009 or earlier: The message has changed a bit over the years. The latest version I’ve seen (warning, highly NSFW link) says:

C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable.If the location is on this PC, make sure that the device or drive is connected or the disc is inserted, then try again. If the location is on a network, make sure that you’re connected to the network or Internet, then try again. If the location still can’t be found, it might have been moved or deleted.

Here’s one of several older versions:

C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

Which is all rot, of course.

When the machine comes back up, the screen’s black — no Start menu, no desktop, no apps, no restore points, no nothing. And all of the usual advice for bringing your system back doesn’t seem to work.

If you find yourself facing a dead desktop and a bunch of bafflegab about unavailable locations, please drop a note here. We’ll see if we can grab a log file or two to help narrow down the problem.

Thx, Susan Bradley, Patch Lady

Microsoft releases KB 4103714, the second cumulative update this month for Win10 1709

Win10 version 1709 is now up to build 16299.461.

There’s another long, long list of updates in the KB 4103714 article, none of which seem particularly pressing.

I’m still waiting for the second May cumulative update for Win10 version 1803. We’ve seen a whole lot of bugs with 1803 lately. Maybe MS can fix some of them.

Really. Did anybody at Microsoft test version 1803 on their own hardware?

Now it looks like installing Win10 version 1803 on one of those expensive ($3,000 to $4,300) Surface Studios may cause your mouse and keyboard to kick out intermittently.

Computerworld Woody on Windows.

The ongoing odyssey of Qi Lu

Yesterday, Baidu announced that Qi Lu is leaving in July. That’s a tectonic event, from my point of view.

You may recall that Lu left Microsoft in Sept 2016, under strange circumstances ascribed to a bicycle accident. At the time, he was in charge of Office.

In Jan 2017, I was shocked to hear that he had become the COO of Baidu, a huge (current market cap $100 billion) Google-like company based in Beijing, with offices all over the world.

Jordan Novet at CNBC reports:

Lu said in the [PR] statement that he can no longer work full-time in China for “personal and family reasons” and will spend more time in the U.S. He will retain his role as vice president of Baidu’s board and will focus on research and development, although he won’t be working full-time for Baidu.

I don’t think there’s any doubt that Lu’s one of the smartest people on the planet. He’s a superstar in applied AI. I also hear that he’s generally well-liked and highly respected.

Wonder what he’ll be up to next?

Incoming! Monthly Rollup previews for Win7, 8.1; “critical” Servicing Stack updates and cumulative updates for Win10 1607, 1703; nothing so far for Win10 1709 or 1803

Something of a yawner.

Of course, you shouldn’t install any of them.

Computerworld Woody on Windows.