Microsoft response to Spectre

Topic

New Reply

I have withheld comments on the current Spectre vulnerability because I do not have data to contribute. I have not tried the offered solutions, or even investigated very far, for two separate but mutually affirming reasons.

My Win7sp1x64 runs on AMD. And we are at the AskWoody rating MSDefcon2.

I am content to wait for the dust to settle at least to eye-level, and hope the solutions become more cooperative. But I have noticed something that concerns me.

I have spent more than a year identifying items that Microsoft labels as ‘Quality’ and or ‘Compatibility’ and looking at them very closely to determine whether those descriptions are appropriate to my installed and licensed copy of the Windows Operating System. Now I am told that there is a specific switch that allows this patch to work on my machine. It requires a specific registry setting to satisfy the condition required.

Does it bother anyone else this registry setting is named “QualityCompat”?

Is the reason that I have excluded five specific recommended/important update items from installation the reason I and others may have a difficulty here?

And more controversially, is this an example of let no opportunity go wasted and the birth of a brand new NOT your father’s GWX campaign?

3 users thanked author for this post.

JDeC, HiFlyer, OscarCP

Reply | Quote

Replies

I wouldn’t read much into the name of the registry entry… but Microsoft certainly could and should be doing better.

4 users thanked author for this post.

JDeC, Cascadian, Pepsiboy, HiFlyer

Reply | Quote

I think that, in this context, the repeated use of such words as “Quality” and “Compatibility” is an example of the kind of marketing-department talk best described as putting lipstick on a pig.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

5 users thanked author for this post.

BobbyB, Cascadian, Pepsiboy, HiFlyer, windows7wasthebest

Reply | Quote

Fair points. Microsoft has proven repeatedly to overuse and even reuse certain words that they are convinced are positive buzzwords. Hint to any young marketing majors: if it can be called a buzzword, the public already hates it. When they reuse a term with specific meaning to describe a new unrelated item it is worse.

I have difficulty letting go of the observation that several times in recent years, we become aware of what Redmond’s true intention is only several months after a new event occurs. Then suddenly the language they chose to use makes sense.

Possibly related, as I read more about the timeline involved and couple that with the intertwined subject of Antivirus(…) protection. I now believe the MSE/Defender update difficulty from late JUL2017 was a first attempt at addressing this vulnerability. The fact that the updating flaw lasted as long as it did, several weeks, highlights the need for more internal testing. Moving the alpha phase, at least, back inside their environment.

I have noticed continued, similar download inconsistencies a few times a month since, including just prior to the expirydate issue, once last week, and now also today.

More detailed: Win7sp1x64, AMD, MSE
Updating through the MSE interface gave usual progress and few MB of data throughput, then the second progress bar shifted to a new download cycle that cost more than 20MB of data.
Today the interface gave a GREEN message of success, on other occasions it throws a nonsense connection error.
Reading from Help\About:
Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.14405.2
Antivirus definition: 1.259.1293.0
Antispyware definition: 1.259.1293.0
Network Inspection System Engine Version: 2.1.14202.0
Network Inspection System Definition Version: 118.2.0.0
Interpreting that information shows that only the AV/AS definitions changed, and by only 23steps. All other listed values remained unchanged from prior.
Comparing to the Windows Update History, showed a discrepancy. The Microsoft Update properly reported to WU History only the first execution. Listing on the top line:
Definition Update for Microsoft Security Essentials – KB2310138 (Definition 1.259.1276.0)
This would have been an earlier offering that increased the definitions by only 6steps, and would be a reasonable representation of the first download&install process.
But the second instance of more than 20MB is not communicated by Microsoft Update to Windows Update.
NB both of these apparently separate download/install cycles occur from only one press of the [Update definitions] button in the MSEgui.

Leaving this lengthy description in ‘What if…’ because I have no positive indication that this ongoing condition is related to the current headline screamer. It is only my own logic that links these two events in time. Coincidence does not equate causality in either direction. But I wanted to throw the observation out there.

Reply | Quote

What would be a better name for a registry key which signifies compatibility with a quality update?

What would be a better name for an update which provides quality fixes/improvements not features?

1 user thanked author for this post.

Cascadian

Reply | Quote

Hello @b , and thank you for your interest. I appreciate the method you have for idle entertainment. But I do not feel the need to create wonderful new ideas for Microsoft without compensation. Nor to create material for you.

You are a creative type that could probably come up with a name to suit your own needs, and Microsoft would care for yours about as much as they may care for mine. I would suggest a thesaurus for additional reference material.

Thank you, for taking the time to post.

Reply | Quote

It seemed you didn’t like the current names, so I wondered if you had a better suggestion. Apparently not. (Nor do I, but I’m quite content with the names Microsoft currently choose.)

Reply | Quote

Glad you are satisfied. The world has many opinions.

For myself, and perhaps others as well, reusing language for diverse purposes creates a cross referencing nightmare. Or, it may predict future actions along the lines of previously observed activity.

Reply | Quote

The obvious one would be MeltdownPatchCompat. You know, saying exactly what is compatible. They could also use KB____Compat. Or come up with an internal name for the fixes: FreezeUpCompat or something. You could also replace “Compat” with “Safe.”

It’s not difficult at all to come up with better names. I spent less than a minute on those, so I don’t care about time.

QualityCompat just sounds like some completely unimportant thing, about some sort of “quality assurance.” Though it’s possible it’s a prefix (as MS loves their prefix notation), and it means “the quality of being compatible.” It’s still cryptic.

And it’s not as if being cryptic would prevent people from abusing it. It’s been announced. Malware knows what it is and can block its creation as a simple way to avoid fixes.

 

Reply | Quote

Anonymous, those are descriptive and possibly create a unique name that might not be reused later.

You post caused me to notice again that anonymous replies will increment the reply and voices values of a topic, but do not trigger any of the widgets to notify of follow-up, either within the webpage login environment or an email notification. I found this comment without boldface in the ‘Recently active topics’ without a new indication. That may be by design, to reduce traffic of unknown comments. But may also be a reason that anonymous comments are passed over.

edit to clarify, the reverse type new flag does display on the topic page once opened. But not boldfaced on the ‘Recent…’ list.

Reply | Quote

Reply | Quote

Hi, @PKCano , I was still working my way up the ‘Recent…’ list as an aside from other tasks in my day. Your post about an hour ago did move the topic up and give it boldface, because it is from a registered account. The pattern I have noticed is that anonymous postings will not do that action. Also, separately, I believe the email notifications have been unsupported since the SEP-OCT website struggle. Possibly longer, I’ve forgotten. It’s been busy.

If there was more to your message than the inline attachment, it does not display for me.

Cheers.

Reply | Quote