What every Windows user should know about IPv6

You’ve probably heard of it. But do you know how it really works?

See (and comment on) ch100’s treatise in the Windows forum.

Microsoft releases new Win10 Creators Update build 15046

Those of you in the Insider PC Fast ring, fire up your engines.

I’m expecting some changes in this build. Downloading it now.

Update in the morning.

Amazon S3 cloud storage is down on the east coast

The Register:

“Amazon Web Services is scrambling to recover from a cockup at its facility in Virginia, US, that is causing its S3 cloud storage to fail.

The internet giant did not provide details on the cause of the breakdown that is plaguing storage buckets hosted in the US-East-1 region. The malady has led to major sites, including Imgur and Medium, falling offline, missing images or running like treacle. Just to stress: this is one S3 region that has become inaccessible, yet web apps are tripping up and vanishing as their backend evaporates away.”

I haven’t seen any problems with AskWoody yet, but my fingers are crossed, wood duly knocked.

February missing security patch toll: Two zero-days and counting

Good report from Dan Goodin at Ars Technica.

Google’s Project Zero sticks to its 90-day notification policy, and a second 0day has been revealed, this time apparently involving CSS tokens.

The details are important. For example, there’s no exploit code available for this second 0day. But the first 0day, involving a gdi32.dll heap boundary, is still at large.

So is the SMBv3 bug that causes crashes, and may lead to deeper exploits.

Security patches are scheduled to resume on March 14.

Fascinating detailed study of tech support scammers

You know the scam: A web page tries to convince you (sometimes forcefully) that your system is infected. Getting away from that site can be very difficult. The scammers feed on naive users, frequently swindling them out of hundreds of dollars.

In a new study from Stony Brook University, entitled “Dial One for Scam: A Large-Scale Analysis of Technical Support Scams“ (PDF), authors Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis built “an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers.” They also contacted 60 different scammers and collected details about the scams.

Here are just a few of the study’s many surprising results:

• While 15 different telecommunication providers were used, four of them were responsible for more than 90 percent of the phone numbers used by scammers.
• Although the average lifetime of a scam URL is approximately 11 days, 43 percent of the domains were pointing to scams for less than three days.
• 69 percent of scam campaigns have a lifetime of less than 50 days.
• The average call center houses 11 technical support scammers, ready to receive calls from victims.

The study also talks about the use of Content Delivery Networks “such as CDN77, CDNsun, and KeyCDN [which] offer free services without requiring a phone number or a credit card. In addition, every uploaded scam page gets its own random-string-including URL which can not be guessed and thus cannot be preemptively blacklisted.”

The study includes a long list of social engineering tricks that scammers use; a geographic breakdown (“85.4 percent of them were located in different regions of India, 9.7 percent were located in the U.S., and 4.9 percent were located in Costa Rica”); and a call for browser manufacturers to “adopt one universal shortcut that users can utilize when they feel threatened by a web page.”

It’s a fascinating expose of a topic that affects all of us.

Newly revealed dialogs show how Windows Update can be stalled in the next version of Win10

Ed Bott, who’s become the voice of Microsoft, has just posted a couple of interesting screen shots and an explanation of how Win10 Pro/Enterprise users will be able to delay forced updates in the next version of Win10 – the “Creators Update” due next month.

You should take the article as gospel truth.

The long and short of it: Although the dialogs don’t appear in the current beta build 15042, at some point in the future Microsoft will release a build of Win10 version 1703 that lets you control when cumulative updates are installed.

One of the dialogs shown in the article gives you the ability to Pause updates “for up to 35 days” by sliding a switch. Although it isn’t stated explicitly, apparently “updates” in this case refers to both cumulative updates and version changes. It also isn’t clear why the slider says “up to” – they’re either paused or they aren’t, I would guess.

The other dialog, which appears to overlap the “pause updates” dialog, gives you three independent choices:

• Wait for a version to be declared Current Branch for Business before it’s installed on your computer (the choice that keeps you out of the “unpaid beta tester” category).
• Defer a version change for up to a set number of days. Bott implies that you’ll be able to defer a version change for up to 365 days after it reaches CBB level.
• A very poorly worded setting “A quality update includes security improvements. It can be deferred for this many days” with a drop-down box that apparently runs up to 30 days. I’m assuming a “quality” update is a cumulative update. I have no idea how other Win10 updates – servicing branch changes, drivers (particularly for Surface machines), ad-hoc security patches like the just-released IE and Edge patches, and any other security patches that aren’t rolled into cumulative updates — will be affected.

There’s also no indication of how the “Pause updates for up to 35 days” slider interacts with (replaces?) the “defer quality updates up to 30 days” setting. Are they additive? Do they cover the same patches? Why does one max out at 30 days, and the other sits fixed at 35 days?

We haven’t seen the dialogs yet. We haven’t seen the group policy settings that conform to (conflict with?) the settings. And we don’t know when we’ll get any or all of the above, except they’ll presumably appear before Creators Update hits RTM.

Win10 Creators Update will let you block apps from outside the Store

This one’s starting to echo around the blogosphere.

Windows 10 Creators Update brings several old settings – they used to be in the System applet – up to a new high-level applet called Apps.

In the new Apps > Apps & features setting, there’s a new option called Choose where apps can be installed from. (Presumably, the wording will change before the final version ships, unless we get a new dangling participle option with.) You’re given three choices:

• Allow apps from anywhere (that’s the default)
• Prefer apps from the Store, but allow apps from anywhere
• Allow apps from the Store only

The buzz is about the last option, which should lock down machines so they can only install apps from the Store.

Paul Thurrott has the most thorough explanation I’ve seen on thurrott.com, but the options function as you would expect.

Of course, the worry is that Microsoft is creating a version of Windows that’ll be limited to Windows Store apps, possibly in conjunction with a “free” version of Windows that doesn’t work much better than Windows RT. It’s the “Windows 10 Cloud” direction.

It might happen at some point, but I don’t think it’s cause for concern at this point. By the time Windows Cloud rolls around, we’ll have plenty of competing options.

Be careful with the Word, Excel and PowerPoint viewers

Tero Alhonen just tweeted about a new “feature” in the Word, Excel and PowerPoint viewers that I hadn’t noticed before.

Microsoft has viewers for Word, Excel and PowerPoint documents. You can download and use the viewers for free, even if you don’t own Office. Some people prefer using the viewer over running the free Office Online programs.

If you go to the official Word Viewer download site and click the Download button, you’re given the prechecked option to set MSN as your default home page, and make Bing your default search engine, in all of your web browsers.

Your system may vary, but on my Win10 1607 system – running Office Pro Plus 2013 – I’m also offered Office 2007 Service Pack 3, the Office compatibility pack (which works with Office 2003, 2000 and XP), the latest MSRT KB 890830 (I have the Feb version installed already), and Internet Explorer 11 (on Win10 – hello?).

The Excel viewer includes the same checked-by-default offer to change my default homepages and search engines, as does the PowerPoint viewer.

Permit me to restate that. The official Microsoft Office viewers ship with a browser hijacker enabled by default.

Interesting discussion about super-cheap Windows keys

If you buy a Windows key from Amazon or Newegg, or some reputable supplier, you’re going to get the real thing.

But what about the companies that’ll sell you a Win10 key for $20 or $30?

There’s an interesting, informed discussion going on Reddit on precisely that topic. Have a look.

Cloudflare parser leak: No problem here

As @Kirsty noted over in the Code Red forum yesterday, Cloudflare has reported a security problem with their servers which led to leaked information for many Cloudflare customers.

There’s no need to be concerned about your AskWoody info getting compromised.

We currently use Cloudflare to speed up internet access, but we didn’t set that up until after the Cloudflare bug was fixed. As a result, you can see on the NowSecure breach list, AskWoody.com is not listed as one of the affected sites.

Even if we had been affected by the Cloudflare problem, the amount of data stored on this site is minuscule. We have your user name and email address, a five-time-hashed and salted one-way encrypted version of your password, the date and time of your last forum activity, a list of any “Subscribed” topics, and an indication of whether you’re a Lounger or not. That’s it.

Your privacy is very important to me.

Are Win7 and 8.1 users protected from KB 2952664 and KB 2976978 by GWX Control Panel?

Here’s a question I’ve heard in various versions over the past six months. From a tweet by @Ladyfirst:

Just wondering if 8.1 users are protected from KB2976978 by still having GWX Control Panel installed?

There’s an analogous question for 7 users and KB 2952664. Like two bad pennies, they both re-appeared in Windows Update earlier this week.

Short answer: No.

Longer answer: You don’t need to worry about the “Get Windows 10” campaign any more. Microsoft discontinued it on July 29, 2016. Although the upgrade from Win7 to Win10 and Win8.1 to Win10 is still free, Microsoft isn’t pushing the upgrade down your throat. You won’t see any “Get Windows 10” icons or dubious dialogs about installing it.

If you have GWX Control Panel installed, you can uninstall it. Josh Mayfield’s excellent utility flips some bits in the registry that block Microsoft’s intrusive “Get Windows 10” push. GWX Control Panel doesn’t do anything to block snooping associated with KB 2952664, KB 2976978.

Microsoft may restart the “Get Windows 10” campaign at some point, although it’s highly unlikely we’ll see a rematch of the 2015-2016 year-long debacle. I fully expect Microsoft to publicly acknowledge that the upgrade’s still free – the nod-nod-wink-wink thing is a bit beneath them. But if there’s a renewed push to get Win7 users to Win10, it’ll likely come with much more carrot, and much less stick. Cooler heads now prevail in Redmond. Right, Joe?

If you need to protect your Win7 or 8.1 system from some future upgrade shenanigans, I’ll be screaming from the rooftops, right here and in InfoWorld – much as we did with the original GWX campaign.

In the meantime, though, GWX Control Panel doesn’t do anything.

There’s another snag in Win10 LTSB licensing

I didn’t see this one coming.

If you have a volume license, you can stick LTSB – the version of Win10 that’ll be supported for ten years – on your current computers. But when you get new computers, or replace the old ones, you have to use the latest LTSB version.

So far we’ve had two LTSB versions, the so-called LTSB 2015 (which is just the original, RTM version of Win10) and LTSB 2016 (which is the 1607 “Anniversary Update” version).

Excellent article by Gregg Keizer in Computerworld on the ramifications.