Jump to content

Windows 10 - Deeper Impressions


xper

Recommended Posts

 

Except the data collection and the "Evil" updates we all fear :)

 

If you didn't  have written this paragraph, I could think  you work in MS. (Just joking).

Come on fellow don't tell me you like metro apps on desktop OS.

Or Are you talking about using 10 on a movil device?

 

 

No i dont like metro apps so much, I like style like closing app from taskbar

the change of style mostly

Link to comment
Share on other sites


manager Helen Harmetz said during a Windows 10 webinar that users who forcibly stopped any Windows 10 updates would eventually have their security updates cut off

 

So?

 

Why is there always a tacit assumption that taking "Security Updates" is some kind of absolute requirement to continuing to be able to run Windows effectively?  Your system isn't going to just fall over and die if you freeze the OS software at a given state.

 

Right now, today, there are any number of undiscovered "security vulnerabilities" in Windows.  Many of them have been there all along, and there will always be some that are occasionally being discovered.  And there is no guarantee that software updates are not introducing new ones!

 

Dilbert's boss would demand that the undiscovered vulnerabilities all be listed, but anyone with their head screwed on straight needs to just accept that they're there - a fact of life.  If you wanted to run only perfectly secure software you would wait forever. 

 

There is always some risk.

 

After the next set of "Security Updates" there will still be more undiscovered vulnerabilities.

 

You need to take appropriate measures to balance your value / risk equation - well above and beyond just running the OS out of the box - and that MAY include keeping up with Windows Updates, or it may not.  Keeping up with security updates is a good idea, but most certainly not the most important thing you need to do.

 

If you're doing the right things you're simply not exposing yourself to the vast majority of possible exploits, and other than on the "zero day" that the exploit becomes known they become less prevalent over time as the sites are discovered and shut down.  With the lion's share of Windows 10 users getting all the updates all the time that'll be all the more true (Microsoft's plan is revealed!).  Since exploits won't be viable for very long, the threat lifetime will shrink. 

 

Very few people understand practical security.

 

 

 

 I wouldn't count on it that the update-blocker tool keeps working.

 

That's the real rub, isn't it?  With Microsoft working from an entirely different business model ("Windows as a service" vs. "It does what it says on the box") and promising constant updates, they could do ANYTHING and we would have either to follow them down the path, or divorce ourselves and stop taking updates.

 

In other words, while with the past model we could count on running Windows in its released form, with minor improvements and bugfixes only, for a few years.  Now how long is it going to be?  A few months?

 

The world - especially the BUSINESS WORLD - cannot run on such a short cycle.  Much of business is currently still running Windows XP for precisely this reason.  I was at a LabCorp facility yesterday and their office is happily running on XP.

 

I think the idea is that Windows Phone and desktop fun and games users shouldn't have any problem keeping up with this week's whims of Microsoft, and so Microsoft has been tight-lipped about how stable Windows will remain, but that's where they're dead wrong.  They have such serious market dominance precisely because the richness of the application environment ALSO requires multi-year stability in the OS.

 

-Noel

 

 

P.S., if you make a practice of waiting a few months after Windows Updates bring most people OS updates, then absorb other folks' anecdotes about what the updates have done to them - one of which could be "the windows update hiding tool has stopped working!" then you can either A. try hiding the particular update that breaks it or B. just stop taking updates.  Voila, your system continues working just as it is - as you need it to.  You have control NOW.  That's what matters.

 

If you're serious about wanting to be sure Windows 10 updates don't bring changes you can't stand, you should be running a test environment on which you vet new updates yourself before accepting them on your production system. 

 

Either you're on the bandwagon with Microsoft, adult beverage in hand and enjoying the ride, or you're riding along side in your limo, partying with the best of them yet with a safe way to pull over if the bandwagon catches fire.  When you think about it this isn't really all that different than it has been in the past.

Edited by NoelC
Link to comment
Share on other sites

I never really relied on Windows Update... And I'm as secure as anyone which is smart enough to avoid porn sites and shiny ads. ;)

 

From what I see I WILL avoid Windows 10 as I did with 8 and 8.1. Windows XP serves me well on my laptop and nowadays Debian is doing this on my main PC even better. Nothing more really to say but I'm glad that the Windows fanboys are quiet this time. :D

 

Regards.

Link to comment
Share on other sites

^^ LOL

 

One thing about security, though: it's no longer enough to avoid visiting porn sites and to refrain from clicking on ads. My AV software has stopped a number of attacks from ads that were served to innocuous sites -- including one time when I visited MSFN from a computer that wasn't logged into the forum and it started receiving ads!!   :ph34r:  (I have the screenshot of the AV report somewhere if anybody's interested.) In fact, nowadays most of the attacks on my PCs come from Web ads.

 

For additional security, then, my suggestion would be to install an ad blocker on one's browser.

 

--JorgeA

Link to comment
Share on other sites

 

I think the idea is that Windows Phone and desktop fun and games users shouldn't have any problem keeping up with this week's whims of Microsoft, and so Microsoft has been tight-lipped about how stable Windows will remain, but that's where they're dead wrong.  They have such serious market dominance precisely because the richness of the application environment ALSO requires multi-year stability in the OS.

 

Does the Enterprise edition allow customers to put off the updates indefinitely, or do they too have to come on board eventually? (Barring hacks or the use of the update-hiding tool.)

 

--JorgeA

Link to comment
Share on other sites

What ads?  You haven't followed my advice and adopted the MVPS hosts file?

 

As far as I understand it, if you don't "hack" it and/or seize stronger control by running your own enterprise WSUS server, all the updates will come on an Enterprise system, just later, after Microsoft has had the public test them and has corrected their bugs.

 

Caveat:  I'm not running Enterprise and only tested it briefly myself during the technical preview period.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

What ads?

 

You haven't followed my advice and adopted the MVPS hosts file?

 

-Noel

 

That happened some time ago before I became aware of your advice. :)

 

It was a tertiary system that I seldom use, so I've never gotten around to tweaking it as thoroughly as I do my more important boxes.

 

Still, the bottom line is that the old counsel of surfing the Web sensibly and avoiding dubious sites is no longer sufficient, as malicious ads can crop up almost anywhere: you need to take additional steps to protect yourself, be it with an ad blocker, a good hosts file, or other measures to keep the ads under control.

 

--JorgeA

Link to comment
Share on other sites

A new land mine to avoid for Windows 8 users who allowed the "Get Windows 10" thingie to install and populate their notification area: Susan Bradley of Windows Secrets reports in her "Patch Watch" column for this month that Win10 is now showing up pre-checked in the Windows Updates list.

 

post-287775-0-45747500-1439482259_thumb.

 

--JorgeA

 

Link to comment
Share on other sites

That speaks nicely to my point.

 

Either you are fully on the bandwagon and just select everything (or allow Microsoft to select it for you), or you are in the limo along side and making your own choices about what to do.  Of course you have to plan ahead and pay more to be in the latter situation.  In this case, paying more attention, taking more time to vet every update...

 

Breaking a habit of handing over control is what's really under discussion.  Just because the ability to avoid handing over control may be more hidden or subtle doesn't mean it's not still there. 

 

But make no mistake, there are things we don't have control over - have NEVER had control over - and for that we need to place a certain amount of trust in the OS maker.  We haven't ever, for example, had any control over the source code that goes into the gigabytes of binaries we get from Microsoft.  We've had to trust them to do that properly in the past, and now we have to trust them to not completely take away control over application of individual updates.

 

They HAD done so, but then had to relent because there really ARE legitimate reasons for needing that control.  I personally don't think they're going to be able to take it away entirely, long-term, as the users for Windows 10 (beyond the initial rush to upgrade by frivolous users) are now becoming all the more serious.  Microsoft doesn't dare alienate the entire business community. 

 

I DO find it disturbing that they're taking a different tack for the Enterprise variant than the Pro variant, as a small business doesn't really have the opportunity to license Enterprise for a reasonable rate.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

Kill the messenger (so to speak):

 

Harvard student loses Facebook internship after pointing out privacy flaws

 

His application, called Marauder’s Map — a clever name that Harry Potter fans will appreciate — was a Chrome extension that used data from Facebook Messenger to map where users were when they sent messages. The app also showed the locations, which were accurate to within three feet, in a group chat with people he barely knew. That meant complete strangers could hypothetically see that he had messaged them from a Starbucks around the corner, while he could see that they had messaged from their dorms.

 

The app capitalized on a privacy flaw that Facebook had been aware of for about three years: the Facebook Messenger app automatically shared users’ locations with anyone who they messaged.

 

Another megacompany that's hostile to user privacy. And if the NSA has figured out a way to access this location data, you can bet they're using it.

 

What's going on with Facebook, Google, and Microsoft underscores the old adage that, "the price of liberty is eternal vigilance." Trouble is, the price gets bigger and bigger with every new development in tech as there are new arcane ways to threaten your privacy and thus, potentially, your physical security.

 

--JorgeA

 

Link to comment
Share on other sites

Breaking a habit of handing over control is what's really under discussion.  Just because the ability to avoid handing over control may be more hidden or subtle doesn't mean it's not still there. 

 

Very true. But of course making that ability more hidden or subtle increases the user's cost of maintaining control over his own system. Which is probably the idea: they can argue that "we haven't actually removed it, so what's the problem?"

 

--JorgeA

Link to comment
Share on other sites

 

Very true. But of course making that ability more hidden or subtle increases the user's cost of maintaining control over his own system. Which is probably the idea: they can argue that "we haven't actually removed it, so what's the problem?"

 

Exactly on point.

 

Then later, "Hardly anyone went to the effort (and we didn't go out of business), so clearly no one needed it that badly."

 

-Noel

Link to comment
Share on other sites

A tough business the defusing of booby traps:

 

 

Even when told not to, Windows 10 just can’t stop talking to Microsoft

 

"... For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots ..."

 

 

 

A Traffic Analysis of Windows 10

 

"... While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted. ..."

Edited by TELVM
Link to comment
Share on other sites

A Traffic Analysis of Windows 10

 

"... While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted. ..."

 

I guess the only way to totally disable Cortana and telemetry is to find those IPs and implement a router-based firewall blocking those IPs. Unless MS is truly evil and hosts Windows Update and Microsoft.com on the same IP range, but that can be seen as both a curse and a blessing.

Link to comment
Share on other sites

 

A Traffic Analysis of Windows 10

 

"... While the inital reflex may be to block all of the above servers via HOSTS, it turns out this won't work: Microsoft has taken the care to hardcode certain IPs, meaning that there is no DNS lookup and no HOSTS consultation. However, if the above servers are blocked via HOSTS, Windows will pretend to be crippled by continuously throwing errors, while still maintaining data collection in the background. Other than an increase in errors, HOSTS blocking did not affect the volume, frequency, or rate of data being transmitted. ..."

 

Pardon my French: what a bunch of a$$ho!3s. They knew that people would try to hinder their spying, and took special care to prevent those protective measures from working. And moreover they took care to try to fool the user into beleving that his protection worked. :realmad:  :realmad:  :realmad:

 

BTW nice finds, TELVM.

 

Time to investigate rn10950's approach.

 

--JorgeA

 

P.S. Would it help anything to disconnet the Ethernet cable from a Win10 PC and see if it hiccups?

Edited by JorgeA
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...