Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • New directions for Win 7 and 8.1 patching

    Posted on October 19th, 2017 at 20:59 woody Comment on the AskWoody Lounge

    I think it’s time to re-evaluate the “Group A” and “Group B” instructions for updating Windows 7 and 8.1. It’s been one year since Microsoft announced that it was grouping together patches – the “patchocalypse” – and we’ve seen a lot of water under multiple bridges.

    With the advent of MS17-010, there’s no question that patching is a must. Group W is no longer viable.

    @MrBrian and many others are now convinced that Group B doesn’t work either. Lots of details, lots of problems – and those who manually install security-only updates are finding that Microsoft hasn’t made life easy. Or perhaps even tolerable.

    Now it looks like my old instructions for Group A aren’t going to work any more, either. In particular there are problems with hiding individual patches that may bite back.

    So I’m opening up the floor for discussion. Two questions:

    Is it ever going to be possible for “normal” people – by which I mean people who don’t have time to spend hours every day – to manually download and install all of the patches they need?

    For those who stick with Microsoft’s preferred approach, is there anything “normal” people can do to avoid really bad patches? And is it possible to curtail Microsoft’s snooping in the process?

    Your comments and insight most welcome.

  • The Windows Fall Creators Update has been released, and a sea of bloatware and annoying “features” has returned

    Posted on October 19th, 2017 at 12:39 woody Comment on the AskWoody Lounge

    What Powershell commands should I run to easily remove this garbage?

    Reddit strikes again….

    Thx @campuscodi

  • Microsoft security’s unseemly jab at Google

    Posted on October 19th, 2017 at 08:29 woody Comment on the AskWoody Lounge

    In yesterday’s Windows Security blog post Browser security beyond sandboxing, Microsoft’s Jordan Rabet (part of the “Microsoft Offensive Security Research team” – no, I didn’t make that up) took aim at Google. There’s a whole lot of technical discussion about the superiority of Edge in that article. There’s also a deep dig at Google.

    Catalin Cimpanu at Bleepingcomputer boils it down:

    The problem that Rabet pointed out was that the fix for the bug they reported was pushed to the V8 GitHub repository, allowing attackers to potentially reverse engineer the patch and discover the source of the vulnerability.

    It didn’t help that it took Google three more days to push the fix to the Chromium project and the Chrome browser, time in which an attacker could have exploited the flaw.

    Taking into account that this happened in mid-September, Microsoft had no reason to detail a bug in a Chrome version that’s not even current. Chrome 62 is the latest Chrome version.

    Paul Thurrott has a great article, turning Microsoft’s old words against itself.

    What Microsoft should have done is take the high ground. Do the right thing for your shared customers and just shut up about it. But it didn’t.

    It’s time for both sides to grow up and work together. Take potshots at each other, sure. But not over security.

    If you’re interested in browser security, I suggest you read it.

  • Happy Diwali!

    Posted on October 19th, 2017 at 02:54 woody Comment on the AskWoody Lounge

    Wishes for a year of prosperity, health and fun!

    झिलमिलाते दीपों की रोशनी से प्रकाशित ये दीपावली आपके घर में सुख समृद्धि और आशीर्वाद ले कर आए शुभ दीपावली!

  • Recently updated topics you may have missed

    Posted on October 19th, 2017 at 02:09 Kirsty Comment on the AskWoody Lounge

    It’s possible you may have missed recent security updates that have been made to Chrome, Firefox, Thunderbird, Java and Flash Player. The following topics have now been updated with the US-Cert alerts, with links:

    Chrome Security Update: US-CERT (Browser)

    Mozilla Security Update: US-CERT (Firefox)

    Mozilla Security Update: US-CERT (Thunderbird)

    Oracle Security Update: US-CERT (Java etc)

    1000002: Links to Flash update resources

    Subscribers to those topics should have received emails with details of the new posts. However, we have had some reports that some people are currently not receiving those emails. If your subscription emails aren’t working, please let us know.

    Also updated recently is AKB3000005: On the subject of Botnets, which was posted last month, but promptly disappeared in a backup-reset of the site.