Replies

Good point.  How much of this is driven by people who feel the need to show that they care about security:

• senior management
• boards of directors
• lawyers
• accounting firms required by recent federal laws to audit adequacy of control systems
• regulators that impose similar requirements of their own
• consultants

Most of these people don’t know what they’re talking about.  I say this from experience as former chief operating officer of a company required to meet the requirements noted above.

2 users thanked author for this post.

WSGeo, OscarCP

My response to this article specified “for the home computer user.”

As for traveling, your reply seems to assume that I would “move cash” using a smartphone.  Sort of like the way people used to buy travelers’ checks, before credit cards became common.

If, say, I totaled the car and needed to buy a new one, credit cards with adequate limits would seem to be a better answer.

If I need to go somewhere where they are not useful, well, then, I’ll consider my options.

While no solution is perfect, for the home computer user I do not understand why registering that computer is not an adequate solution, avoiding the need for texts and telephone calls. What am I missing?

Yes, of course, someone can break in and steal the computer, then bruteforce account passwords at their leisure. Or a houseguest could slip into the home office. Or lightning could strike.

The article begins with “In the best of all possible worlds, we would all want to buy a computer and a monitor at the same time.”

I beg to differ. The statement does not hold true if the user wants to work with the best monitor, and perhaps keep doing so while computers come and go. (The same is true with keyboards and mice.)

The”best” monitor is not merely an esthetic issue. For certain uses, some monitors are better proportioned than others. The widescreen (1.77:1) format currently used was adopted because movies were in widescreen and the manufacturers could cut cost by ditching 16:10 monitors and standardizing on one type of panel. It wasn’t about productivity. There are even those in areas like graphic arts who still prefer the old 4:3 or 1.33:1 format.

Also, manufacturers’ abandonment of CCFL monitors and shift to LED over a decade ago may have saved them money and reduced energy use (and heat), but it came at the expense of increased blue light and risk of associated retinal damage, as the US government warned at the time. So now we have manufacturers touting ways to reduce blue light by adding a yellow filter.  (So much for color accuracy.)  Personally, my eyes cannot stand looking at an LED screen all day long.

If you have invested some trial-and-error in this, as I have, then you end up with a box full of adapters and hybrid cables such as those shown in this valuable article. Fortunately, if all you really need is DVI, the newer types of connection are backwards compatible in the sense that a hybrid cable or adapter will pass through the DVI signal without conversion.

1 user thanked author for this post.

SupremeLaW

Poking around the web today, I find this little tutorial about the changeover from SHA-1 to SHA-2 signing, from November 2020:

https://us.informatiweb-pro.net/virtualization/vmware/vmware-workstation-15-5-5-15-5-6-installation-on-windows-7.html

Although the writer mentions that Win7 does not support SHA-2 “by default,” he proceeds calmly to recommend that users download and install the necessary updates.

If Microsoft had designed them so they would install only on the most recent version(s) of Windows, that indeed might have signaled the “end of the road” for Win7.  But the updates work just fine on Win7.  As for software vendors’ starting to “draw the line,” the move from SHA-1 top SHA-2 originated with Microsoft and the vendors must comply.

But note that starting with the latest version of its software, VMWare is indeed requiring Win8 or later.  Checking further, I see that VirtualBox starts with Win 8.1:

https://www.virtualbox.org/manual/ch01.html#hostossupport

Susan’s article was a missed opportunity.  The coming end of Microsoft extended support for Win7 does seem to represent a likely time for the purveyors of browsers to follow suit, but, based on past experience with Win XP, is this necessarily what will happen?  As one of those who may have to make some decisions, I would have appreciated reading some research on the question, or even some reasoning that would clarify what was known and what was merely assumed.  Instead, we get a provocative title (“end of the road for Windows 7”) and opening line (“Vendors start to draw the line”) that the article completely fails to substantiate.

I expect better for my Plus membership.

Hearing nothing but crickets, here’s my hypothesis.

This guy “Iron Heart” posted an unsupported opinion on the ghacks forum:

https://www.ghacks.net/2022/04/01/firefox-100-requires-the-windows-update-kb4474419-on-windows-7/#comment-4518591

Cybertooth relied on Iron Heart’s comment to post this here:

https://www.askwoody.com/forums/topic/firefox-100-for-windows-7-require-sha-2-kb4474419/

And Susan relied on Cybertooth’s post.

In sum, a classic case of internet factoid, also known as jumping to conclusions.  It is evident that Iron Heart’s assertion that “Firefox will drop Windows 7 and Windows 8.1 support sometime after January 2023” is based on nothing more than his statement that this is when Windows 7 ESU and Windows 8.1 regular support run out.  He does not cite any information put out by Mozilla.

Other aspects of Susan’s article merit comment.  The opening discussion regarding Windows’ User Account Control is cute but unrelated to the clickbait title of the piece.  The article then moves on to the claim that “Support [for Windows 7] is beginning to wane.  Some vendors are requiring certain updates to keep running on Windows 7. For example, Firefox 100 requires that KB4474419 be installed.”  So how exactly does this demonstrate that support is waning?  KB4474419 is standalone update compatible with Win7.  It does not require a later version of Windows for it to be installed.

4 users thanked author for this post.

Steve, jburk07, OscarCP, Microfix

KB4474419 and KB4490628 were required to install Macrium Reflect 8, which came out a year ago.  They install just fine on Win7.

1 user thanked author for this post.

jburk07

I am not going to get onboard this bandwagon until I see some documentation that Firefox is going to pull the plug on Win7.

Susan?

1 user thanked author for this post.

LHiggins

You write: “Firefox will drop support for Windows 7 and Windows 8.1 sometime after January 2023.”

A quick Google search does not turn up any confirmation of this. Can you provide a link or a cite?

This post reminded me to check whether Brave was current. It wasn’t. It got stuck on version 1.25.72, which dates from last summer. I gather that the problem has something to do with the transition to a more recent version of TLS that took place a few months ago. I installed the current version of Brave without having to uninstall the old one, and it works fine.

Whatever else might be said about Brave, it might be worthwhile security-wise to use different browsers for different purposes.

I don’t see any of those links on the Microsoft page that Susan linked to, or any other link that looks like a place to get an explanation of what they are pitching.

OK, I click on through to the Microsoft page.  I read it and find no definition of “hybrid work.”  Apparently you have to see the presentation before they will define it.  This is a classic sign of a scam in the information age.  We want you and your personal information, and your clicks, before we give you more than a come-on.

Apparently “hybrid work” is a coined term for what some people have been doing for ages, and so it’s more than a little pretentious.  In my life I have worked from home, from the office, and on the road, including branch offices.  To make it work you have to have some control over the terms of your employment, and with that freedom comes responsibility to your employer, if there is one.  Sounds to me like Microsoft wants to get in the middle of all that.

Somewhere I read the Rule of Three Backups: One set on external hard drives connected to your system, one set on portable hard drives stored offsite, and a cloud backup service in case the portable hard drives are stolen or destroyed.  The portables are included mainly so you are not totally dependent on the cloud service in the event the system and its connected external drives are stolen or destroyed.

I found a new way for a portable hard drive to fail the other day.  On a 5TB Seagate the USB port never gripped the cable very tightly, and it finally began making only an intermittent connection.  The rapid interruption of the connection, without properly ejecting the device, renders the Win7 computer unable to recognize any connected device until it is rebooted, so troubleshooting is very difficult.  I guess I will have to take a sledgehammer to it.

As I read the article, the contractual bottom line is this: If you can’t find the other party and hold them accountable, the contract you thought you have is a fantasy.

If the writer does not have a solution for this problem, then what exactly is “the case for blockchain?”

Some version of what is said about the cloud–that it is just someone else’s computer–applies here.