Fall Creators Update will remove some Windows features

Topic

New Reply

Microsoft have recently updated KB4034825 (Last Review: Jul 21, 2017 – Revision: 19), showing several items that will be either removed or deprecated
[See the full post at: Fall Creators Update will remove some Windows features]

1 user thanked author for this post.

Elly

Reply | Quote

Replies

Outlook Express removed now?
Which Outlook Express?

Reply | Quote

I was surprised it was still in existence too, but this is what it says:

Outlook Express
Removing this non-functional legacy code.

Reply | Quote

Perhaps they mean the removal of the code embedded to support what was once the functional Outlook Express eMail feature.

It’s not hard to imagine features with tentacles that once spread far and wide through the operating system just having their visible UIs removed in past releases, while the underlying code was left substantially intact. Removal of just the visible part is of course easier to do, but in fact it would make sense so as not to immediately break 3rd party software developed to use those underlying APIs.

There are good reasons each new version going way back in time has had to use more and more resources to boot up and be a basic desktop operating system. Windows has been accumulating bloat for a very long time!

In a way it’s good to see some of it being removed, though the discontinuities and incompatibilities will certainly disadvantage certain folks in very specific ways. Woody mentions System Image Backup as a good example.

The problem I have is that OS vendors for their own reasons want to shorten the lifecycle of their features, while at the same time the longest possible lifecycle is beneficial to users… How often have you found an old Windows application you couldn’t still find a way to run? Long-term compatibility has been a defining characteristic of Windows – vs., say, Apple’s systems.

If Windows only ever accumulated features without deprecating and removing any, it would grow more and more complex and become more and more expensive to maintain, ultimately exceeding the capabilities of any group of humans. On the other hand, I’m not sure any of us wants to see Windows become macOS.

-Noel

2 users thanked author for this post.

ryegrass, Elly

Reply | Quote

They’re canning Paint?  🙂

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

Reply | Quote

So if they’re canning standalone EMET, but you disable Defender (or use a 3rd party AV), I guess you’re SOL.
Smart idea. /s

Reply | Quote

SOL? Not really.

I’ve seen systems so burdened with active security software that they don’t have much power left over for the things the user wants to do.

Many people feel it’s a given that without an active antivirus solution installed they’re in big trouble.

In the words of Mr. Nimzicki (in the film Independence Day)… “That’s not entirely accurate…”

Active antivirus software makes the assumption that your system WILL become infected, and the infection must be stopped at the last possible moment before it does damage. Double-checking all the things the system does under that assumption is burdensome and inefficient to say the least!

What if you could just avoid getting infected in the first place? Then the entire assumption that malware WILL get in is made invalid.

Allow me to put forth that there are quite effective ways to avoid infection that don’t negatively affect performance or resource usage the way typical active AV software does.

This isn’t just theory. I’ve used and maintained a fair number of Windows systems for years without any active AV software running – and so far I’ve had zero infections (I *DO* scan them regularly for malware, as well as watch for unwanted things running and unexpected communications). I have always disabled UAC, surfed the web freely with IE, used Outlook eMail, watched videos, AND have gotten the best of what my hardware can do and what the Windows online experience has to give.

Do you see your antivirus solution regularly (or even occasionally) block malware? If so, consider changing your habits and security landscape, because malware really shouldn’t be getting that close!

I’m not saying anyone should go without antivirus software – not at all – but just that it can be made unnecessary through good computing practices and implementation of a few atypical security measures without significant loss of functionality or performance. Don’t assume that it always requires MORE software to make a system MORE secure.

-Noel

2 users thanked author for this post.

AJNorth, Elly

Reply | Quote

I get what you’re saying, and no, my systems don’t notify of malware being blocked because I’m not putting them in a position where it’s likely they could get malware.

My point still stands related to EMET.
If they’re removing EMET installs for anyone running 10 CU going to 10 FCU, then EMET is out.
The only way to use EMET in 10 is to never upgrade from 10 CU, or use Defender.
I don’t want to use Defender. Correct me if I’m wrong, but I see no reason to believe that you could use Defender’s EMET-like protection only, and not use any other facet of Defender.
Again, the point stands. EMET is for all intents and purposes dead if you plan on using anything newer than 10 CU.

That’s trash.
EMET is a fantastic program. Judging from your comment, I don’t think you’re familiar with it. It’s “set it and forget it”. It has no definitions, it needs no updating, it costs nothing. Works wonders for enterprise because you can shore up apps that are otherwise a sieve of vulnerabilities.

4 users thanked author for this post.

AJNorth, Noel Carboni, AlexEiffel, Elly

Reply | Quote

No, I haven’t used EMET. Thanks for your thoughts. I will look into it further in the spirit of education, though I’m not seeking additional AV software. I do agree that making it unavailable is not a good move by Microsoft, and I can say from personal testing and timing that Windows Defender DOES add a good bit of overhead.

My basic question would be this: Does EMET add overhead to ongoing system operations and/or continuously run components that actively examine what the system is doing at runtime?

The difference in performance between a top-of-the-line workstation’s CPU power and one that costs thousands of dollars less can be entirely eaten up by an active antivirus solution. I figure there are good reasons folks buy the specific gear they choose.

-Noel

Reply | Quote

Very, very simple app (but you can certainly do more with it, if you want to dig deeper and add additional apps and protect those as well).

I started using it because Malwarebytes came out with an app called Anti-Exploit, but the free version only protected browsers, Flash, and Adobe Reader. EMET has that, and more – for free. You can add any app on your system under EMET protection, and pick and choose what flaws it protects the app against.

Takes up a negligible amount of resources, as shown in Process Explorer.

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Your assumption is that a lot of users can be like you and that is the problem. We need things like EMET to protect a lot of users that will never be like you.

Plus, EMET is not heavy on resources, it just protects against the exploitation of certain type of vulnerabilities. Nothing like an AV.

2 users thanked author for this post.

zero2dash, Noel Carboni

Reply | Quote

More folks can be, and possibly products and system enhancements can be developed that do what I do in a more or less turnkey fashion. The essential thing is to change the assumption that a system MUST become infected. Guarding the borders better and implementing good practices through education really are doable things, for at least some folks. I think a lot of folks.

I’m fond of recounting how many people drive cars down the road without killing themselves and others. A great majority of them navigate that subtle and dangerous task without incident every day by being 1) trained and 2) conscientious. The same could apply to computer usage.

With the explosion of so much more malware in modern times, malware signature checking has become a horrendous job, and a lot of anti-malware makers retire old signatures just to keep the system from being completely rendered useless.

The situation simply begs for a different approach, and I’m offering ideas that are shown to work.

Microsoft isn’t going to set Windows, out of the box, to be at its most secure. They’ll lose ad revenue and some folks will be blocked from intentionally doing things they shouldn’t do if they do that.

That doesn’t mean regular folks can’t improve their security outlook. How many folks disable the execution of ActiveX and limit scripting in their browsers? How many are set up with a hosts file or DNS proxy server that blacklists known malware sites (and keep those lists updated from available sources)? Yet these things are actually doable with a small amount of education and effort, and best of all they consume almost no system overhead or require much of any maintenance after they’re set up.

Your point is taken that “regular folks” can’t be expected to understand IP communications or the nuts and bolts of browser operation. I will keep trying to find time to turn the whole setup into a turnkey package…

-Noel

3 users thanked author for this post.

AJNorth, Elly, AlexEiffel

Reply | Quote

I agree that a lot of folks can learn a lot about using their computer better. The problem is more for me that installing EMET will not make a difference for 95% of my users, maybe, through education and other application of the principle of least privilege on the initial install of their PC, but for this 5% of people who will click on that 0 day email link that passed through the antivirus because they go too fast, or that unlucky guy who went on a website infected through third-party ad, EMET will be there and might help. For me, that is useful.

If MS doesn’t provide something as good to replace it or if I need to use the whole heavy Defender package to get the same protections, I am not happy at all about it. Maybe that is what they want so they can get my consent to know every file scanned and website visited instead of letting an antivirus product get it. Who knows?

Reply | Quote

From https://www.cso.com.au/article/621314/microsoft-tackles-ransomware-targeted-attacks-next-windows-10/:

“Many of EMET’s features will now be available as Windows Defender Exploit Guard, which resides in the Windows Defender Security Center. It is available even if built-in Windows Defender Antivirus not enabled.”

3 users thanked author for this post.

AlexEiffel, Microfix, PKCano

Reply | Quote

MrBrian wrote:

From https://www.cso.com.au/article/621314/microsoft-tackles-ransomware-targeted-attacks-next-windows-10/: “Many of EMET’s features will now be available as Windows Defender Exploit Guard, which resides in the Windows Defender Security Center. It is available even if built-in Windows Defender Antivirus not enabled.”

This IS a positive step forward in the right direction for W10.

Not sure 3rd party AV security software companies will be so positive about this news, could potentially be a loss in revenues for them, time will tell.

Keeping IT Lean, Clean and Mean!

Reply | Quote

zero2dash wrote:

So if they’re canning standalone EMET, but you disable Defender (or use a 3rd party AV), I guess you’re SOL. Smart idea. /s

The end of EMET has been coming for a while now. EOL for it has been extended to July of 2018, but if I were using it I’d use that time to find another solution.

https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/

Reply | Quote

I knew they were doing this, but IMHO, it really means nothing.
Basically it’s just another way to force people onto 10, if the user deletes their EMET installer(s) and MS somehow wipes them off the internet for good – so the user cannot re-download them. Obviously this is not likely.
As I mentioned in another comment, since EMET really does not need to be updated and requires no definitions, and basically just plugs up application holes, there’s nothing to really worry about as an EMET user.
MS can post and pull files and updates all they want. Those of us who know better download and store them anyway. 🙂

Reply | Quote

Plus, it is light on resources if my memory is not failing. It has nothing to do with a signature-based heavy cpu antivirus product.

ch100 just posted an Australian official security guide and they say you should use EMET in the high priority section, on Windows 10!

Maybe you don’t need to use Defender real-time AV to use its EMET like features, but even if it was the case, I highly doubt this Defender EMET is prime-time ready as in offering the same broad set of features as the actual EMET.

Why do Microsoft wants to kill EMET so much? I doubt it is just to move people to 10, as like you say they can still use it on 7 if they keep the installer. They are preventing people from using it on 10, actually. Maybe they want to push their Defender solution.

I don’t understand why on one side they do that, and on another, they remove a very useful feature for an OS of system imaging and just say rely on third-party vendors for that. What’s next, I will get notepad 3D but will have to purchase a file explorer? Maybe there was issue with the system image tool and instead of fixing it, they just put it to rest. Maybe they think the OS will be like IOS and just reinstall from scratch with a backup settings file when there is a problem? Well, the problem is even if they had this “vision”, they remove the tools way before executing the vision, maybe just like with EMET, or the Photos app or any other of their new stuff: replace the old with a barely out of beta version that does less, less well, plus some flashy toys features.

2 users thanked author for this post.

zero2dash, Cybertooth

Reply | Quote

AlexEiffel wrote:

ch100 just posted an Australian official security guide and they say you should use EMET in the high priority section, on Windows 10!

That advice may be obsolete now. 🙂

Reply | Quote

Removing  System Image Backup? really??

Ok, the writing has been on the wall since the start of Win10 because this feature has always been labelled “Windows 7”.

But yes (to Noel, above):  I personally will feel badly damaged if I cannot take (and restore) an image backup.  Anecdote: this morning, I have taken two image backups of Win7 machines and an image of an XPM virtual machine, before doing what I thought might be “dangerous” things to the installations.  I do want to be able to protect myself in Win10 in the same sort of way.

 

2 users thanked author for this post.

Cybertooth, Noel Carboni

Reply | Quote

That was my reaction as well.  What are they thinking here?  You can mount these .vhd images in Windows with a drive letter and browse them without needing any other software.

Great way to recover some files that got deleted or corrupted, without needing a full restore.

Windows 10 Pro 22H2

Reply | Quote

Most of the free backup apps that I’ve used will also allow you to browse the backup volumes without having to do a full restoration. (I can confirm that both Macrium Reflect Free and Veeam Endpoint Backup/Veeam Agent for Windows both have this functionality.)

I prefer those types of apps for backup over the baked-in backup in Windows.

Reply | Quote

Agreed, but the third party apps must be installed on the computer you intend to mount the image.

So say you wanted to mount an image on a different computer now, or maybe years in the future when said program could have become abandonware (this has already happened).

In this case being able to mount the image container as a native Windows file would be a plus.

Windows 10 Pro 22H2

Reply | Quote

I use the image creation feature in Windows 7 routinely.  In every new install or even new system setup, I create an image BEFORE adding dynamic apps and data.  This serves as a tool to re-install, used mostly when replacing a hard drive.

In the past 2 days, I used it twice.  Once with an image on 2 DVDs created 5 1/2 years ago.  And, the second time on one that was 1 1/2 years old on 4 DVDs.  In each case it worked flawlessly.  Took approximately 20 minutes to re-create the system.  Then about 1 or 2 hours to update.

The beauty of this system is that all is in place.  Drivers, activation, settings.  No need for an install disk or product key.

An excellent insurance policy.  I have been doing this for the past 6 or 8 years routinely and it has proved to be very useful

CT

4 users thanked author for this post.

Noel Carboni, AlexEiffel, Elly, JohnW

Reply | Quote

That is why I stopped using third-party a long time ago. The convenience of using the built-in tools. If it works flawlessly, I don’t need anything else. The need is simple, the solution should be.

Plus, I often couldn’t restore years later with third-party tools for reasons I didn’t understand and didn’t care for. If your backup software can’t easily do what it has to do, it’s not worth much.

1 user thanked author for this post.

JohnW

Reply | Quote

Previous Versions is integrated with System Image backup, and for systems (e.g., Win 8.1) that lost that feature there are 3rd party tools to provide access to files saved in snapshots or system image backups.

I’ve always held the notion that in-designed backup could be more likely to work right, but hey, Microsoft doesn’t think maintaining backup tools suits their current marketing direction. Note that the System Image backup is just listed as deprecated. That may mean it will be possible to use wbadmin to make backups for some time into the future, as it is with Win 8.1.

-Noel

2 users thanked author for this post.

JohnW, AlexEiffel

Reply | Quote

I caught that “deprecated” part.  That implies that the folks currently in charge just don’t see it as important, but for compatibility reasons or whatever, they are leaving it in place for the time being.

Windows 10 Pro 22H2

Reply | Quote

anonymous wrote:

Removing System Image Backup? really??

NO! (not yet…)

As the topic said:

System Image Backup [is] being deprecated … not in active development and might be removed in future releases (“Deprecated”)

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Woody, I hope you can provide a future detailed post (comparison) about third party alternatives to the System Image Backup.

4 users thanked author for this post.

Jan K., ryegrass, Microfix, Noel Carboni

Reply | Quote

I second that request.

Gene

3 users thanked author for this post.

ryegrass, CyGuy, Microfix

Reply | Quote

Another instance of things that happen to dying products/sellers.  De-feature the product.

Removing image creation is clearly a move to force the use of the cloud which of course means revenue.

Removing Paint is just plain stupid.  It will result in a lot of consumer anger.  But, it unlikely Microsoft will even hear that anger.  Those particular ears (the ones for non-enterprise customers) have been shut down for a long time now.

It should be clear now that MS is morphing into an enterprise serving seller.  Consumers (most of us in this forum) are just not on the strategic horizon.

This is me, Canadian Tech.  It appears that from time to time, I get signed out and do not realize it.

3 users thanked author for this post.

Noel Carboni, Cybertooth, Elly

Reply | Quote

Same thing happens to me, CT. I’ll come back to Woody’s and for some reason I’ve been signed out.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

ryegrass

Reply | Quote

@ Canadian Tech

All new Win 10 computers from the major OEMs come with their own OEM Backup Recovery Media Creator Tool which can be used to copy the Win 10 Recovery Partition onto a 16GB USB-stick, so that the users can do a Factory Reset/Reinstall or Refresh if Win 10 becomes faulty and unbootable.
… Users are manual-ly advised by the OEMs and M$ to create one soon after their purchase. Alternatively, they can create a Recovery/Install DVD through the Win 10 Media Creation Tool at M$’s website.

The above OEM Tool mostly makes the Win 10’s own inbuilt System Image Backup Tool redundant except for DIY System Builders. System Builders will soon have to use 3rd-party System Image Backup software.
… Win 7/8.1/10’s System Image Backup Tool can only store the created System Image on a hard-drive or a set of DVD discs, ie not on a USB-stick, and the Windows System Repair disc is also required to be created for doing a recovery with the System Image.

Reply | Quote

Creating the Recovery Media is a one-time event with a new PC. Recovery Media returns the PC to OEM conditions.
I think the concern here is the ability to make periodic system images of current states for backup/recovery instead of restoring to day-one.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

@ PKCano

Yes, you are correct.

Win 10 users will soon need to install 3rd-party System Image Backup programs. Hopefully, they will remain free.

Maybe M$ are removing features from Win 10 in order to minimize bloat. If not, the Win 10 ISO file will soon reach 5GB in size and the upgrade file download will be 4GB in size.

Reply | Quote

So Microsoft wants to be a combination of Apple and IBM now?

Reply | Quote

Hmm… Microsoft removing features that allow users to manage and restore their computers as they see fit? Degrading features that don’t connect to the cloud? Unheard of…

LOL

Non-techy Win 10 Pro and Linux Mint experimenter

3 users thanked author for this post.

AlexEiffel, JohnW, Cybertooth

Reply | Quote

EMET has engendered a number of comments; as BryanP observed above, it received an extension and is currently slated to go EOL on 2018.07.31.

Malwarebytes have a similar solution, their MWB Anti-Exploit, that offers many of EMET’s key protections, with significantly less overhead than EMET and a “set and forget” GUI that is far simpler (though which offers much less less granularity).

MWB A-E was incorporated into Malwarebytes 3.0 (although it had been reported to have caused significant issues on numerous systems, the current version, 3.1.2, has received far fewer complaints). However, their stand-alone Anti-Exploit continues to be made available (as a regularly updated beta). I’ve had it installed in several Windows boxes (Win 7, 8.1 and even XP) in lieu of EMET (which had proven to be the cause of a range of problems that no amount of tweaking seemed to solve), and it has acquitted itself quite well over the past thirty months, or so.

MWB A-E was updated to version 1.10.0.24 Beta on 2017.07.24: http://www.softpedia.com/get/Security/Security-Related/ExploitShield-Browser-Edition.shtml (full changelog at http://www.softpedia.com/progChangelog/ExploitShield-Browser-Edition-Changelog-222723.html); one useful review and discussion is at https://www.winhelp.info/malwarebytes-anti-exploit-for-dummies/ (others may be found online).

Of course, as Noel Carboni has pointed out, above, there are various settings that can be tweaked within Windows to proactively enhance its native security in several areas (not to mention the effective protection that can easily be added to various third-party browsers, such as Firefox). But at the end of the day, as Noel has demonstrated, THE single most powerful component of Windows security remains the behavior of the computer’s operator.

1 user thanked author for this post.

AlexEiffel

Reply | Quote