News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Sinclair

    Forum Replies Created

    Viewing 15 posts - 1 through 15 (of 59 total)
    • Author
      Posts
    • in reply to: Alternatives to Adobe Flash Player #1947754

      Sinclair
      AskWoody Lounger

      Online with Firefox

      Firefox blocks flash content by default even when the flash plugin is installed. The flash plugin is also run in disabled mode by Firefox. It only activates and uses it when you want to run a website that has flash content. You can store your preferences on a site to site basis.

      Mozilla says this about it:

      Mozilla explains that once Flash has been disabled by default in Firefox, users will not be prompted to enable Flash, but they will be able to activate Flash on certain sites using browser settings.

      The second final step for Flash on Firefox is due in 2020 and will see Flash support completely removed from consumer versions of Firefox. Flash will continue to be supported in the Firefox Extended Support Release (ESR) version until the end of 2020. In 2021 Firefox will “refuse to load the plugin”.

      Some websites are creating there own Flash players to enable the use of Flash when support ends.

      Flash still has a lot of use. Even my payslip is generated in flash.

      W7 x64 Pro&Home

      1 user thanked author for this post.

    • Sinclair
      AskWoody Lounger

      There is a lot of patching going on with Bluekeep now having an example online.

      As I understand it Bluekeep was patched on 14 May 2019.

      Extra to this we now have reached a point where to use Windows Update you need to have updates installed that support SHA-2 encryption.

      On top of that some patches seem to add SHA-2 or some other form of encryption to EFI boot files.

      Some reports are coming in of instances where users loose “sight” of their boot partition after applying such patches. They may have lost their boot partition completely.

      This could be because of a missing Bitlocker patch KB3133977. So far I have not been offered this patch via Windows Update. If I wanted to install this patch then I would have to do it manually.

      My questions are these:

      Do any of the current patches make changes to the Windows Boot files that then require an other patch the Bitlocker patch KB3133977 to be PREinstalled in order to read/access these changes?

      If yes. Do these patches make a difference between UEFI or non UEFI motherboards? In other words do they only add changes to the boot files on UEFI systems?

      When these changes to the boot files are made can you still use “old” tools like the repair functions of your Windows 7 DVD?

      W7 x64 Pro&Home

    • in reply to: Any Good FREE AV's out there for WIN 7? #1927262

      Sinclair
      AskWoody Lounger

      I would stick with Avast as they still have one of the best AV that works well under Windows 7. The recent bad press has been a lot of old news and hype for attention grabbing headlines. The newly claimed https scanning has not materialized and looks so far to be a feature from five years ago. That was well documented at the time it was added and has an off switch.

      If you know Avast and understand how to work the menus and settings then its perfectly usable.

      With Avast you know they have a habit of adding new modules and settings with every new update. Their earnings model realize on getting and selling user data. But you can dial that back and opt out on a lot of that in the settings. You just have to keep an eye out for it.

      As with any other AV. Sometimes Windows updates, browser updates or updates to the AV itself can interact badly with the AV software. What is meant to keep your system safe and healthy then destroys it. This is always a risk when using an AV but given the complexity of it all hardly surprising.

      Alternatively you could use Windows own Anti Virus Windows Defender as this is not bad either.

      W7 x64 Pro&Home

      1 user thanked author for this post.
    • in reply to: Replace old HHD with SSD Dell XPS 8930 Basic #1925301

      Sinclair
      AskWoody Lounger

      If the SSD is equal or bigger in seize then the HDD then you can use HDD Raw Copy Tool to clone the HDD onto the SSD. HDD Raw Copy Tool makes perfect sector for sector bit for bit copies of data. The clone will be fully functional and usable strait away as there is no difference between the drives. Windows activation, UEFI and all other hidden settings by any software are all retained.

      HDD Raw Copy Tool is so perfect that in some cases you can even copy failing drives and then recover data using the mechanically sound copy drive. The software has been around for ages and is Freeware.

      Get HDD Raw Copy Tool here.

      W7 x64 Pro&Home

    • in reply to: Patch Lady – Avast does…what? #1925077

      Sinclair
      AskWoody Lounger

      The article says that the author installed Avast earlier that morning. Avast comes with default enabled https scanning. There is an option to turn this off in the settings. This was talked about in great detail years ago. With many recommendations to Avast users to turn this off. Did the author of the article do this?

      I find no mention by the author that states that he is even aware that Avast has default https scanning or an option to turn it off. Or is this code injection still done by Avast even if you turn https scanning off? I use Avast myself on my own computers and those of many others so I am more then a little curious about that. Would be nice if someone could clear that up.

      W7 x64 Pro&Home

      4 users thanked author for this post.
    • in reply to: Patch Lady – free isn’t free #1923528

      Sinclair
      AskWoody Lounger

      As y’all know, I’m OK with using Win7 far beyond its end of life — properly set up, in ways that we’ll discuss over the coming months — but I won’t be using it for banking or financial transactions. A Chromebook, iPad, or phone is much safer.

      Why?

      Do not turn security in a religion and then say believe!

      Explain why some people “its complex and I agree not for everyone” would be able to use a Windows 7 PC setup correctly after 2020 but not for banking. What makes banking different from everything else?

      The difference between an up to date system and an old one is the up to date system is protected against known dangers and loopholes. For unknown risks both are systems are equal.

      An attacker can target an old system by using known vulnerabilities. But he needs to know that you exist. Or is there a global alert every time a PC connects to a banksite.

      Second I have a problem with using social smart devices for banking. Basicly if you do online banking from a Windows 7 PC then you are anonymous to everything else even the bank website. Who only know it is you when you log on to the site provided you deleted all offline data from a previous visit. Smart devices revolve around a central account or phone number. A lot of Apps and system services have access to that. It might even be your mail address that you use to contact your bank. Any of the people that found out about your mail address or phone number this way. Can bombard you now with phishing mails or malicious phone calls or give your credentials to a third party. They may also target the device itself in the future the very moment a new loop hole is found. Because they now know you exist and your address is always online. You can not remove your doorbell like how I can by powering down my Windows 7 PC and pulling the power plug on it and my router/modem.

      W7 x64 Pro&Home

      1 user thanked author for this post.
    • in reply to: Patch Lady – free isn’t free #1923327

      Sinclair
      AskWoody Lounger

      Let me ask a practical question to break it down into the real world. Because all this talk about patching and attacks on a Windows 7 computer. Can be hard to understand for people without some down to earth real life examples.

      So I access my bank from my web browser with a Windows 7 PC after 2020. The address I either type in the address bar or get from my favorites. This address is known and I connect to that site without issues and do my banking. After that I close my browser and I delete any offline data cookies, cache, etc to make sure no trace of me doing online banking remains on the PC. All that was down from behind an up to date router with the latest firmwares installed from my own home.

      How is anyone going to attack that? abuse that? listen in on that? Even on an unpatched PC. How is that a security risk? Someone please explain. I am not looking for this answer myself I know the answer. But I want someone who is known on this site to be a security expert. To provide an easy to understand answer as to why we would need to switch to Windows 10 for this. Without using scaremongering, one in a million odd chances or other the world is going to end tomorrow talk.

      W7 x64 Pro&Home

      4 users thanked author for this post.
    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1942225

      Sinclair
      AskWoody Lounger

      Please tell me if I’ve got this wrong but my understanding was that on Win 7 you had to have KB3133977 first in order to install KB4474419. You had to have KB4474419 installed in order to install any new updates from August on.

      I can not tell you if your right or wrong but this is what I did.

      The AMD A6-5400K turned out to be an UEFI system after all. On an ASRock motherboard that had the Safe Boot option in the Bios but I had never enabled that.

      The AMD X2 270 is a NON UEFI system on an ASRock motherboard.

      As far as I can find out both systems do not have KB3133977 installed. Both systems installed the new KB4474419 as offered through Windows Update with an earlier version of that already in place. They both rebooted to the desktop and seem to work fine. With the update on the AMD A6-5400K UEFI taking very long 1.5 hours before rebooting. It is my understanding that as long as you have at least the March version of KB4474419 then you are good to go SHA-2 wise for Windows Update. I have not installed the August Rollup Patch.

      Both systems use Windows 7 x64 Home Premium

      W7 x64 Pro&Home

    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1942060

      Sinclair
      AskWoody Lounger

      Okay this may sound stupid but…

      Could it be that the bitlocker update is not offered because Windows 7 HOME and HOME PREMIUM do not have Bitlocker at all?

      I just checked a Windows 7 PRO system and that has Bitlocker…

      W7 x64 Pro&Home

    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1941993

      Sinclair
      AskWoody Lounger

      ASRock the budget Brand of Asus might also have some EFI Safe Boot motherboards.

      W7 x64 Pro&Home

      2 users thanked author for this post.
    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1941437

      Sinclair
      AskWoody Lounger

      Could it be that the partition is not gone just hidden behind the SHA-2 encryption?

      Any SHA-1 attempt to read it would end up with weird meaningless errors. Since it can not possible know what is going on. It might conclude there is no drive at all.

      If you take out the drive and add it to a Windows 7 system as an extra drive that has been updated with the Bitlocker patch can it than see the partition? If you have access to such a system off course.

      If you have an extra drive you could install Windows 7 on it. Patch it up this time with the bitlocker patch and then add the drive as an extra to see if your data is still there.

      Does your system have an UEFI Bios?

      W7 x64 Pro&Home

    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1941363

      Sinclair
      AskWoody Lounger

      The MS pages for KB4474419 (Catalog date 8/12, support page dated 8/13) mention bootmgfw.efi which was added.

      Beware the bootmgfw.efi file located in:

      Windows\Boot\EFI\bootmgfw.efi

      Is ONLY replaced by a new version if you have a 64 bit Itanium Server CPU. That is what this version of KB4474419 addresses. If you have the March 12 update of KB4474419 then you should be fine if your not on such an Itanium CPU as that version addresses the SHA-2 support for MSI files.

      This security update was updated August 13, 2019 to include the bootmgfw.efi file to avoid startup failures on IA64 versions Windows 7 SP1 and Windows Server 2008 R2 SP1.

      I installed the new KB4474419 on both an AMD A6-5400K and an AMD Athlon X2 270 CPU just so I have the latest version even if it only adds a 64 bit Itanium Server CPU fix. The update was offered through Windows Update.

      The update was done in minutes on the X2 270. On the A6-5400K it took 1.5 hours to get back to the desktop. The system only rebooted after 1.5 hours of patch preparation. Both systems use fast SSD so beware it may take a while if you apply this patch.

      After the patch both systems still had a bootmgfw.efi file dated to 20-11-2010.

      Quote from Microsoft:

      Required: Updates for legacy Windows versions will require that SHA-2 code signing support be installed. The support released in March (KB4474419 and KB4490628) will be required in order to continue to receive updates on these versions of Windows. If you have a device or VM using EFI boot, please see the FAQ section for additional steps to prevent an issue in which your device may not start.

      Legacy Windows updates signatures changed from dual signed (SHA-1/SHA-2) to SHA-2 only at this time.

      2019-sha-2-code-signing-support-requirement

      I shall not install this months rollup. I might install the September one if it adds anything meaningful security wise. If so I will do so without applying the KB3133977 Bitlocker patch. I will report back on how that went if there is a need for it come end September.

      W7 x64 Pro&Home

    • in reply to: MS-DEFCON 3: Time to get the August 2019 patches installed #1941268

      Sinclair
      AskWoody Lounger

      For Win7, before you install the August updates you must have these updates installed on your computer: KB3133977 Bitlocker patch from 2016. (If you have the Convenience Rollup KB3125574 installed it is included in the Rollup)

      Is it correct that you only need the KB3133977 Bitlocker update if you use an EFI Boot or Virtual Machine?

      Because I use old computers and old installations. The motherboards do not have an UEFI Bios.

      This quote is from Microsoft:

      If you are using EFI Boot on your device or virtual machine (VM), you must also install KB3133977. Currently, KB3133977 is required as a workaround for a known issue when using EFI Boot and should be applied even if you are not using BitLocker.

      I read that as only needed if you have an EFI boot or a VM even if Bitlocker is not in use on such systems.

      Also

      KB4474419 v.2 dated 8/12 the SHA-2 coding update.

      I can only find the when installed dates for KB files and not the dates on the KB updates themselves. Is there a direct way to see if KB4474419 is v.2?

      W7 x64 Pro&Home

      2 users thanked author for this post.
    • in reply to: Patch Lady – Avast does…what? #1925251

      Sinclair
      AskWoody Lounger

      but you could NOT uninstall / disable the low-level code that implemented it. So it’s there, ripe for the pickin’, whenever someone has the incentive to figure out how to exploit it.

      Your saying you are afraid a third party will hack/abuse Avast to use its https scanning code within it? I do not think that that probability is something I will worry to much over.

      Explanations about the various shields and settings can be found here. The https scanning option is under the web shield.

      To uninstall the various components Avast comes with including web shield check here.

      W7 x64 Pro&Home


    • Sinclair
      AskWoody Lounger

      My IE browser “Windows 7” is set to about:blank but still had the long delay startup. Even though it is set at that apparently IE still talks to the Microsoft servers on startup. Now that they added a server side fix IE ones again starts up without a delay.

      Other parts of the browser may also talk to the Microsoft servers like the version check. If that goes through the same servers then that might have also caused the delay.

      I use IE for just a few things, anything else is done with Firefox.

      W7 x64 Pro&Home

      1 user thanked author for this post.
    Viewing 15 posts - 1 through 15 (of 59 total)