-
-
I agree that he is a bit too harsh on Linux.
My mom’s Windows 10 PC kept eating their wireless internet data cap, despite the network being set to metered. After battling the issue for several months unsuccessfully, I determined a reinstall was in order. But why reinstall Windows 10? Instead, I installed Linux Mint and LibreOffice. She is a teacher, and has to deal with Word files from the school, but LibreOffice handles that fine. And she has done their financials with Excel for a decade or more. Those files all worked perfectly in LibreOffice as well! Her students now use Google Docs, which naturally works fine on Linux.
I would classify her as more of a power user than most home PC users, yet she has adapted to Linux without much fuss. I was impressed to learn she had even set up a scanner and was emailing scanned documents from Linux, without any help! Linux has become far more user-friendly than it was even only 5 years ago.
-
Out of morbid curiosity, I installed this patch on my Windows 10 Enterprise 1903 machine. I have Bing and Cortana disabled through Group Policy (not by directly editing the registry). I got the problem described here: black search window and 1 CPU core at 100% usage. Rolling the patch back now. Hopefully they get this fixed soon.
Edit: Removing KB4512941 brought things back to normal. KB4512508 seems to be working fine on this PC, though.
1 user thanked author for this post.
-
The side-channel mitigations can be disabled through the registry or with a tool like InSpectre, so don’t be afraid to install the rollups for that reason. PKCano’s details on what patches contain what is right on the money, so you can decide how much you care about telemetry on a dedicated gaming rig.
You might be fine to just install all the patches and realize Microsoft will know what games you play. But if that bothers you (and it bother me more than it logically should), you can manually patch and avoid the telemetry and still get reasonably up to date on security.
Edit: Microsoft KB4073119 lists the registry settings to enable/disable the mitigations.
1 user thanked author for this post.
-
I also have a HTPC running Windows 7 and Media Center. While I don’t have a cable card, I too plan to keep Windows 7 on that PC. At least until Emby Theater or Kodi on Windows 10 get a little more polished. They still don’t compete with my Windows Media Center setup. I can’t justify the hassle of changing to Windows 10 to end up with a worse user experience.
No banking or sensitive work is done on that PC, just watching media, and once Windows 7 goes EOL I’ll put it on my guest network. That will largely mitigate the consequences of any infection it may get, if it even gets one. It will still be behind a good firewall (pfSense + Snort) and running up-to-date antivirus, so I won’t be surprised if it never catches anything.
1 user thanked author for this post.
-
-
While I wish Microsoft would provide this patch to Windows 7, that is unlikely. However, it is possible to create your own BIOS update for many PCs to get the latest microcode. This is not for the faint-of-heart, though, as it is technical and has the potential to brick your motherboard if things go wrong. The guide I found is located here.
I was able to successfully create BIOS images for my ASUS Z87 motherboard and my MSI Z77 motherboard. I have flashed the ASUS and everything seems to be working perfectly. Windows sees the updated microcode and enables the mitigations, and it has been perfectly stable, just as before. I haven’t tried the custom MSI BIOS yet, as I rarely use that PC.
1 user thanked author for this post.
-
I agree, I think Microsoft is trying to do the right thing. I believe they are better than Google in that regard.
I am one of the paranoid few who don’t like the telemetry, but it isn’t Microsoft (or even advertisers) I’m worried about. It’s the government using a secret court (Patriot Act) to track individuals through the data that companies collect. I don’t mind lawful non-secret court orders (even those that are sealed for a reasonable amount of time) to get that same data, but the secret court scares me, because I don’t know the government is doing the right thing.
So, as a matter of principle, I don’t use products with telemetry any time I can help it. Even though Microsoft does seem to have a good track record of protecting user data and rights.
2 users thanked author for this post.
-
The guidance here primarily pertains to Windows and Office client products. In previous posts, Woody mentioned that if you use Internet Explorer or Flash, you should either patch or stop using them for now. But for normal consumer use of Windows, ignoring the July patch for a while longer is pretty safe.
If you have a specialized need (such as Exchange server), you will need specialized advice. Susan “Patch Lady” Bradley often gives such specialized advice.
Ultimately, though, you are responsible for your own systems, and need to make the decision that fits for you. Not everyone on this site has the same needs or patching style. Hence people referring to “Group A”, “B”, “W”, and so on.
1 user thanked author for this post.
-
I wonder if they forgot to set compiler flags, or if it was more deliberate? Microsoft might have written some direct assembly code using SSE2 instructions to optimize some part of the kernel in an attempt to help mitigate the performance hit of the Spectre/Meltdown protections. Old Microsoft would have produced a hotfix for people running non-SSE2 processors that would contain the old, slower code, but at least it would work.
If they had a hotfix to bypass the new SSE2 code path, I would install it, because I am missing out on one patch I care about: the Remote Desktop CredSSP upgrade. So now whenever I want to connect to this machine (admittedly not often), I have to set the Group Policy to allow legacy crypto before connecting, then remember to set it back to secure afterwards.
1 user thanked author for this post.
-
-
Since even just the patches since December 2017 introduce EGREGIOUS new slowdowns, I’m left to wonder… Why would you want to patch the Windows OS running on such an old, slow system? That being said, Windows 7 never required SSE2 as far as I can remember (and being too lazy to do 15 minutes of research to verify). I believe Win 8 was the first to require SSE2. -Noel
Frankly, because I could. And Windows 7 never did require SSE2, until now :/
Firefox started requiring SSE2 with version 49, so I ran Firefox 45 ESR to get a few more months of updates.
Really, though, if I get a virus and they start mining Bitcoin, the joke’s on them! 😀
-
If anyone cares, here are the specs and some screenshots from that Pentium III. Due to the ASUS CUV4X-DLS not officially supporting Tualatin P3’s, it shows them as P2’s during POST:
Windows has no issue recognizing the P3’s, though it rates quite low on the Windows Experience Index.
It has a SSD on a SATA to IDE adapter, which is why the disk rates disproportionately high.
-
The Pentium III will indeed support more than 512MB of RAM. I have two separate P3 systems (I know, I know), both of which have more than 512MB. The “main” one is a 1999-era machine I use to run legacy games on a CRT, running Windows 98, with 768MB of RAM.
The other is the machine in question, an ASUS CUV4X-DLS running dual Tualatin P3’s (on adapters), and has 3GB of RAM. It will not POST with 4GB and the AGP GPU with 512MB of VRAM, so I make do with 3GB 😛
It runs Windows 7 remarkably well, and actually gets used frequently. It lives in my garage, and is used to stream internet radio and look up service manuals for my cars. I set this up after my first-gen Raspberry Pi died due to the heat in the garage. But the P3 keeps on kicking! I will probably migrate it to Linux after a while, but for now, it will live dangerously without patches until I get some free time to swap OSes.
There are certainly better PCs to use for this, but I get some amusement out of running a (previously) fully patched & supported Windows 7 on hardware that is 15+ years old. Since that support appears to be gone, it does lose some luster in my eyes. Oh well, it was amusing (to me) while it lasted!
-
So in case anyone is wondering, it is a bad idea to enable the Lazy FP State Restore patches inside Server 2012R2 HyperV virtual machines on a host with no microcode update. I am not sure which part of that causes the problem, but it puts you in a bad spot:
This is the exact group policy I applied, which I believe matches Microsoft’s recommendations to enable the patch for CVE-2018-3639:
Essentially, set HKLMSYSTEMCurrentControlSetControlSession ManagerMemory ManagementFeatureSettingsOverride to 8, and FeatureSettingsOverrideMask to 3.This resulted in a BSOD on startup for ALL of my virtual machines with this policy applied. Fixing this was annoying, since the VMs wouldn’t boot. You have to use the recovery environment, load the SYSTEM hive, and remove the keys.
So if you have the same setup as me (no microcode update on the HyperV host), don’t enable the fix! Hopefully this was obvious to everyone and I was just spacing out on a Friday, but just in case, this is fair warning.
1 user thanked author for this post.
Viewing 15 replies - 1 through 15 (of 22 total)
Author
Viewing 15 replies - 1 through 15 (of 22 total)
