Jump to content

Windows 10 - Deeper Impressions


xper

Recommended Posts

For the enlightment of all you stubborn luddites, a chart found elsewhere showing the indisputable advantages of embracing change. :w00t:

 

379434e9_FeaturesofWindowsHomeandProvers

 

What do the "!" symbols mean, vs. just "X"?  "You can't do it with normal settings" vs. "If you do find a way the system changes it back without your knowledge or approval"?

 

Folks in general are frogs in a pot, and that water's starting to steam!

 

Wasn't everything supposed to return to normal after the little boy exclaimed, "The Emperor has no clothes!"

 

-Noel

Link to comment
Share on other sites


For the enlightment of all you stubborn luddites, a chart found elsewhere showing the indisputable advantages of embracing change. :w00t:

 

That is one GREAT chart -- it should be pasted onto every Windows forum all over cyberspace.

 

Prediction: the Win10 fanbois will shrug and say that they weren't interested in any of those features anyway. Because everybody knows that what they like and what works for them is the only thing that matters in the entire world.

 

But there will be others, more open-minded, who will be receptive to this neatly packaged information.

 

--JorgeA

Link to comment
Share on other sites

 

It's all one and the same "new world" mindset:

 

We just CAN'T let everyone continue to do whatever they want!

 

Imagine a world where everyone's just free to do that!  The horror!  Perish the thought!

 

Who's coming up with this ridiculousness?  Young people today don't like being limited by other people's arbitrary rules.

 

It's largely (if not mostly) the young people running tech companies and non-profits who like to limit other people with their arbitrary rules.

 

--JorgeA

Link to comment
Share on other sites

How to fix Microsoft's latest Windows 10 update blunder: nuked Office templates

 

It’s bad enough that Microsoft is so pushy about getting users to upgrade their PCs to Windows 10. These software updates don’t always go as planned, and Microsoft this week released another update that’s wreaking havoc on some versions of Microsoft Word.

 

If you use Word 2016, the latest version of Microsoft’s word processing app, and install the company’s most recent Windows 10 patch, the update wipes out your “normal” template. That little file, named normal.dotm, is important because it contains all of your macros, autotext blocks, autocorrect entries, styles and more customization options. If that normal.dotm file gets nuked, all of your tweaks and customizations are erased, and you need to recreate them, which is a major pain for folks who use heavily customized templates. Word still works, but the software reverts to its default settings.

 

 

--JorgeA

 

Link to comment
Share on other sites

Trust me, most of Firefox's user base feels the same way, in fact, most of the contributors do.

 

I believe you! Who or what, then, accounts for these unwelcome changes?

 

It's mostly the people inside of Mozilla Corporate that make these decisions. The Mozilla Foundation (the third party open source contributors), the add-on developers, and the userbase usually have no say in this matter. If we did, many of the unwelcome changes that occurred or have been proposed in the last 2 years (Australis [Chrome-lookalike], Pocket & Hello [bundled software], the changes in the add-on ecosystem [removal of XUL; potentially very dangerous], and add-on signing) would be off the table.

 

One big example of this is when they announced last August that they are planning on removing XUL and XPCOM support from add-ons to closer model Chrome. This would require all add-ons to be re-written entirely, no exceptions. Rightfully so, almost all of the add-on developers were infuriated. If they, or the FOSS contributors, had a say in the matter, the add-on ecosystem would have been left alone.

 

Another thing to note is, if XUL and XPCOM were to be removed, Thunderbird, SeaMonkey, and ChatZilla would instantly be killed. The only way to save them would to be to rewrite the entire thing, and that will be a lot of work for the limited set of developers on each of these applications. (I contribute to SeaMonkey, and we have been discussing this on IRC over the past few months)

Link to comment
Share on other sites

Talking of Edge (or Chrome or both) JFYI a potentially very serious issue (actually caused specifically in this case by the NSIS installer):

http://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/

 

 

To make a long and complicated story short, a bad guy who exploits this vulnerability places a malicious DLL into your browser’s Downloads folder, then waits. When you run an installer built by an earlier version of NSIS from that folder, the elevation prompt (assuming it runs at admin) shows the legitimate installer’s signature asking you for permission to run the installer. After you grant permission, the victim installer loads the malicious DLL which runs its malicious code with the installer’s permissions. And then it’s not your computeranymore.

So, how does the attacker get the malicious DLL into the browser’s Downloads folder? Surely that must involve some crazy hacking or social engineering, right?

Nah. The bad guy just navigates a frame of your browser to the DLL of his choice and, if you’re on Chrome or Microsoft Edge, the DLL is dropped in the Downloads folder without even asking. Oops.

 

 

The "real" issue is the (supposedly user-friendly) function of the browser that does not prompt for authorization/acknoledgment for downloading files, see:

http://justhaifei1.blogspot.it/2015/10/watch-your-downloads-risk-of-auto.html

Seemingly there is an (indirect) workaround for Chrome, but not for Edge:

There's actually an option on Google Chrome (Settings => Show advanced settings => Ask where to save each file before downloading). As the name suggests, if you enable this, you will have a chance to check before every downloading. If you see some website asking you to download especially a DLL, you'd betterDON'T ALLOW.

I haven't figured out a way for similar mitigation on Microsoft Edge, have pinged Microsoft, will updated if I find any.

Also please note that just changing the default "Downloads" folder to other folder does NOT mitigate this risk.

 

 

jaclaz

Link to comment
Share on other sites

 

The bad guy just navigates a frame of your browser to the DLL of his choice and, if you’re on Chrome or Microsoft Edge, the DLL is dropped in the Downloads folder without even asking. Oops.

 

 

 

With every vulnerability discussed, I evaluate whether it could happen to me.

 

In this case, it's not going to happen on my systems, for a number of reasons...

 

  • I use Internet Explorer.  Why?  Because it's mature and actually has one of the best security models (though in a twist of irony it is not configured for highest security by default).  DLLs do not download without the knowledge of the user.  I can't imagine why anyone would bother with Edge, and Chrome is software made by Google - quite likely the LEAST trustworthy software company on the planet, even considering Microsoft's latest stance.

     

  • That ads most often run in iFrames is a good reason for reconfiguring your browser (assuming you can) not to allow things to run in iFrames (and indeed, not to allow ActiveX to run at all except for trusted sites).

     

  • It's a good idea to use a hosts file to blacklist badware sites, and to keep your hosts file up to date so that sites known to deliver malicious software - such as that DLL - are never contacted at all.  There are several good online sources for such information.

     

  • Don't get in the habit of downloading things to your default folder.  If you organize your system so that you have a specific area that you download things into, e.g., subdivided by product.  This would reduce the likelihood that a DLL would have been downloaded there ahead of time.  And, you'll always have a copy even if you can no longer find the software online or have a problem where you need to access it when there's no Internet connection.  Doing things a non-standard way, especially in a more organized, thoughtful way, is an excellent way to avoid traps crafted for the masses.

     

  • I schedule regular scans in the wee hours of the morning not only by Windows Defender but also by MalwareBytes AntiMalware.  I assume it would pick up such a malicious DLL having been downloaded somewhere.

 

That's 4 or 5 solid reasons why I'm not vulnerable to this attack, and note that I never even mentioned an active AV package - just scans. 

 

Now, ponder how many things YOU'RE doing that would prevent the exploit on your system.

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

With every vulnerability discussed, I evaluate whether it could happen to me.

[... list of several reasons why NoelC is using the best approach to security in the whole world]

Very good :), though maybe a little selfish :unsure:.

 

Now, ponder how many things YOU'RE doing that would prevent the exploit on your system.

Already pondered :yes:, and it is more the things that I am NOT doing that possibly kept me (till today) exploit-free (AFAIK).

I don't run any of those browser, including Internet Explorer (though of course I am also NOT running a recent Windows OS but rather recklessly run an unsupported OS, without any added protection like DEP, ASLR or UAC . :ph34r: , where the latest, "safe" Internet Explorer :dubbio: cannot run).

 

Also I do NOT have a hosts file on my PC (because I do NOT trust at all Windows to respect it) but have it on a hardware router/firewall, which I use to access the web.

 

jaclaz

Link to comment
Share on other sites

Very good :), though maybe a little selfish :unsure:.

 

I pondered how to word it and in the end I figured it's the most factual and least "do it my way!" if I just describe what I do.  If you want to follow my lead, great, if not, great.  Maybe it gives people some good ideas without getting too pushy.

 

I don't propose it as the best approach in the world, just he best approach that I've been able to come up with to suit MY needs.  You (rightly) point out that using a hosts file is not as good as having the name resolution server manage the blacklist.

 

If I had the ability to reconfigure my router to load that large name resolution blacklist I would do so.  I have been thinking of upgrading my router so as to be able to achieve that capability...  Such activity would then protect every system in my LAN.

 

In my case I run a script that compiles blacklists obtained from several sources (and I'm always looking for more well-managed sources), including:

 

What specific hardware are you using to accomplish blacklisting, if I may ask?  Whether a router is willing to accept blacklist entries isn't usually a feature listed on the outside of consumer packaging.

 

-Noel

Link to comment
Share on other sites

 

What specific hardware are you using to accomplish blacklisting, if I may ask?  Whether a router is willing to accept blacklist entries isn't usually a feature listed on the outside of consumer packaging.

 

Home-made. :ph34r:

 

Actually an el-cheapo Fujitsu-Siemens Futro S220 (bought used on e-bay for a few bucks) sporting a whopping 800 Mhz Transmeta :w00t: with one common Ethernet/Lan card added to it, running Zeroshell:

http://www.zeroshell.org/

 

jaclaz

Link to comment
Share on other sites

 

Trust me, most of Firefox's user base feels the same way, in fact, most of the contributors do.

 

I believe you! Who or what, then, accounts for these unwelcome changes?

 

It's mostly the people inside of Mozilla Corporate that make these decisions. The Mozilla Foundation (the third party open source contributors), the add-on developers, and the userbase usually have no say in this matter. If we did, many of the unwelcome changes that occurred or have been proposed in the last 2 years (Australis [Chrome-lookalike], Pocket & Hello [bundled software], the changes in the add-on ecosystem [removal of XUL; potentially very dangerous], and add-on signing) would be off the table.

 

One big example of this is when they announced last August that they are planning on removing XUL and XPCOM support from add-ons to closer model Chrome. This would require all add-ons to be re-written entirely, no exceptions. Rightfully so, almost all of the add-on developers were infuriated. If they, or the FOSS contributors, had a say in the matter, the add-on ecosystem would have been left alone.

 

Another thing to note is, if XUL and XPCOM were to be removed, Thunderbird, SeaMonkey, and ChatZilla would instantly be killed. The only way to save them would to be to rewrite the entire thing, and that will be a lot of work for the limited set of developers on each of these applications. (I contribute to SeaMonkey, and we have been discussing this on IRC over the past few months)

 

 

Well, you're going to drive me to read up on XUL.  :)

 

But seriously, it's pretty cool to have someone like you here who's on the inside of a world-famous software project. :thumbup

 

Where can I read more about how eliminating XUL could be a dangerous thing?

 

It sounds like further unwelcome changes are coming to FF and I'll be going to Pale Moon instead as my replacement for IE.

 

--JorgeA

Link to comment
Share on other sites

  • I use Internet Explorer.  Why?  Because it's mature and actually has one of the best security models (though in a twist of irony it is not configured for highest security by default).  DLLs do not download without the knowledge of the user.  I can't imagine why anyone would bother with Edge, and Chrome is software made by Google - quite likely the LEAST trustworthy software company on the planet, even considering Microsoft's latest stance.

 

Noel, you've said a couple of times that IE has the best or one of the best security models. Could you elaborate on that? I'm not disagreeing, I'd just like your take on it so that I can learn something new today.  :)   EDIT: All right, something else new (the discussion between you and jaclaz above about routers and hosts files is pretty informative.)

 

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...