Jump to content

Windows 10 - Deeper Impressions

xper

By xper
in Windows 10

 Share

Recommended Posts


loblo

loblo

Posted
Posted (edited)

Further, as an example Microsoft has been releasing Internet Explorer with the ability to run ActiveX since the beginning, and that's STILL the default setting today!  How could anyone begin to hope that a company that does something like that has any security expertise whatsoever, or is looking after anything like the user's best interests?

 

Not long ago I asked for folks to comment on whether they're seeing Windows 10 systems infected in the real world.  I didn't get a lot of responses, but from what I did get, and from everything else I'm reading, Windows 10 isn't really any less apt to get infected by hapless, ignorant users than any other version.  In short, its practical "security" level is no better, and in fact Microsoft may well be running headlong into creating any number of heretofore unexploited new ways for security to be breached.  A breakneck pace of change does not a secure system make.

 

 

I think the ActiveX model itself is no proof of Microsoft's malevolence. I do believe however that the absence, after nearly twenty years, of a whitelisting mechanism preventing the use by Internet Explorer of any dll not explicitly authorized  provides such a proof .  It's how Microsoft did nothing to truly mitigate the inherent vulnerability of this model that makes them look really dodgy IMO.

 

Windows 10 may look more secure in this respect since they are pushing Edge which does not make use of ActiveX but I personally think that's just because they close one door to open another one, this "telemetry" that can send god knows what out of one's machine without possibility to even snoop on what is actually sent since that data is strongly encrypted...

Edited by loblo
Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted

I have been thinking about Windows 10 and its 'apps' lately, and I recently came to a conclusion: this is just history repeating itself. In the 90s, Microsoft wanted to dethrone Win32 with ActiveX, Active Desktop and embedded IE engines. Some developers bought into the hype and released their new ActiveX-inspired software, but most just kept using Win32 like they have been always doing. Shortly after, Active Desktop was killed off and ActiveX is on its last legs, while win32 is still around. I see the same thing happening with Metro, right now it's the "in" thing and the "trendy" devs are using it, while all the developers that produce software that actually gets work done are still using the tried-and-true Win32. I can predict the same thing will happen to Metro in the near future. Whenever it isn't trendy anymore, people will stop using it, while the real applications will still be using win32, and rightfully so.

 

Don't forget Windows Live Gallery and Gadgets too.

 

-Noel

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted (edited)

 

What's sad is that any system can be made MUCH more secure from practical threats with just a few tweaks with almost no downside.  And yet it's not done, and is not widely known.  It's even challenged by so-called experts!

 

Huh, that's interesting (and a bit frightening). What sorts of security tweaks are actually frowned upon by security experts?

 

Not long ago I asked for folks to comment on whether they're seeing Windows 10 systems infected in the real world.  I didn't get a lot of responses, but from what I did get, and from everything else I'm reading, Windows 10 isn't really any less apt to get infected by hapless, ignorant users than any other version.  In short, its practical "security" level is no better, and in fact Microsoft may well be running headlong into creating any number of heretofore unexploited new ways for security to be breached.  A breakneck pace of change does not a secure system make.

 

-Noel

 

 

P.S., let us not forget that there is a whole realm of "security flaws" that we DON'T know about.

 

 

Excellent points. Are you (or anybody else reading this) aware of any published reports yet, comparing real-world infection rates for Windows 10 vs. Win7, Vista, and XP? We've been seeing a lot of talk and boasting about features to "improve security" in Windows 10, but no actual figures that I know of. The proof is in the pudding. Wasn't the Titanic supposed to be unsinkable, thanks to its modern safety features?

 

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Setting up the case for prohibiting the loading of alternative operating systems:

 

Ubuntu's Secure Boot support vulnerability threatens even Windows PCs

 

...Secure Boot is a mandatory hardware feature for Windows 10-certified PCs, and PC manufacturers don’t have to include the signing key Microsoft provides for Linux distributions. If those signed Linux bootloaders represent a potential security threat, it could give Microsoft and PC manufacturers a reason to stop making things easy for Linux users.

 

Which would make it all the more important to know that Secure Boot may be a sham after all, as SemiAccurate reports.

 

--JorgeA

 

1
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

DO they have MS Office Apps for metro? I wonder how watered down they would be?

 

I had a vague notion that Microsoft had released Office apps for Android and iOS somewhere along the line. Turns out they did also make them for Windows phones and tablets. My search led me to this article, which gives a rundown of "Universal" Office apps for Windows and some screenshots to compare with Office desktop applications.

 

If you tried to work with an Excel spreadsheet of any considerable size on a phone, it looks like you'd be doing a lot of swiping up and down and back and forth. Break out the skin lotion for that thumb.  :)

 

--JorgeA

1
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Dedoimedo test-drives build 1511 and reviews another Windows 10 privacy protector:

 

More Windows 10 privacy with W10Privacy

 

Today's article presents a few more tweaks and tips you can use to assert additional control of how Windows 10 behaves. All the things you took for granted and did not care for in Windows 10, all the new stuff, all the little bullsh!t that spells IQ < 100 all over the place. We will also briefly look at the recent Windows upgrade, Build 1511, and then how it all ties down to privacy, and more specifically, W10Privacy.

 

Igor's bottom line about all those tweaks:

 

It is sad that one should ever have to resort to this kind of aggressive crippling of the system, but it is the reality we live in. Microsoft is pushing hard in trying to integrate its services with the online world, and the only problem is that the desktop has never been designed for that kind of future. It should be left alone. Or at the very least, intruded and modified as little as possible. Anything else will just lead to strife and resistance and even more reputational damage. For people who must use Windows, have no other choice, and still believe there's no breach of trust, otherwise let's face it, it's a lost game, then this guide might give you the right dose of compromise to enjoy Windows without feeling like you've been handed out a dose of extra-cretinism with your morning cereal.
 

Dear Microsoft, it's never about technology. It's about basic human respect and choice. Just let the user feel like they count. And then, you will have willing participants in your cloud experiments and online and social integration and all that. The alternative is, you are slowly but surely alienating yourself. I was the first to defend you when the keylogger nonsense cropped up, and I still think you have better privacy than your rivals. But you are testing my limits, and even though I don't care what you think you want to achieve with all that pointless user data, forcing my hand only makes me write articles like this. Out of pure spite. It's my basic human need to resist attempts to curtail my freedom of choice. Repeat after me. Freedom, of, choice. That's all. Nothing more.

 

--JorgeA

 

 

 

 

 

 

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Sorry 'pundits', but Windows Phone was never alive

 

After Microsoft revealed that Windows phone revenue fell 49 percent and Lumia sales dropped to 4.5 million units last quarter, disingenuous headlines like "Windows Phone is dead" started to show up. Believe it or not, some pundits actually believe that Q4 was the quarter when the platform met its end, like it did not "die" a long, long time ago.

Objectively speaking, Windows Phone was never relevant enough in the modern smartphone market to be truly alive. Lumia sales, which have typically accounted for the vast majority of Windows Phone sales each quarter, were never strong enough to pose a threat to the iPhone line or let alone the Android crop. Windows Phone was a feeble player from the start, which lost any real chance of mattering years ago, outside of the Microsoft crowd that is.

 

Over the years, Microsoft has disappointed us with its smartphone strategy. The software giant has been unable to "get" smartphones, even though its latest mantra is "mobile first, cloud first". We have seen disappointing flagships, ineffective exclusivity deals, long waiting periods between models, an app store that developers did not really warm to, a platform that did not manage to attract the support of major vendors outside of Nokia, a release cycle that was too slow compared to those of its rivals, elementary features missing for years, late integration with Windows on PCs, the lack of availability of the real Office suite, and some other things that you can find by perusing our list of articles on Windows Phone.

 

And this stillborn concept is the one for which MSFT dumbed down desktop Windows.

 

--JorgeA

 

2
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

And speaking of dead or dying MS mobile-oriented products:

 

Tencent bins Windows 10 Mobile app as Microsoft 'isn't showing any effort' to retain users

 

Last March, when Microsoft announced that Windows 10 would launch in summer 2015, it also declared that Tencent would "create a Windows 10 universal app for their flagship QQ app". However, as ZDNet reports, Tencent has now abandoned those plans, due to falling interest in Microsoft's mobile OS, which it says the company isn't doing enough to address.

 
[...]
 

It explained that the number of "users on the Windows Phone platform keeps declining and [many] have moved to other platforms, but [we] didn't notice that Microsoft is showing any effort to retain them."

 

--JorgeA

 

 

1
Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted (edited)

 

 

What's sad is that any system can be made MUCH more secure from practical threats with just a few tweaks with almost no downside.  And yet it's not done, and is not widely known.  It's even challenged by so-called experts!

 

Huh, that's interesting (and a bit frightening). What sorts of security tweaks are actually frowned upon by security experts?

 

Some months ago I posted a thread on this forum about practical security and was challenged several times.  One who claims to be an expert even went so far, regarding my use of the hosts file, as to directly say "don't do that".  I don't really want to open that can of worms back up in detail but to paraphrase a famous quote, "A man who claims it is impossible should not get in the way of a man actually doing it."

 

Part of my strategy revolves around blacklisting name resolution of known malware sites, and I have recently beefed it up even more by implementing my own DNS server.  There have been some security packages that dabble in the area of managing blacklists, but I've seen none that come even close to the result I've gotten.  At the moment, my systems simply won't visit some 54,000 online sites that are known to serve malware, scams, ads, and tracking.  And the list comes from sources that are actively managed - it changes virtually every day (for example, hm-revenue-gov-tax-refund.service-org-gov.org and many others have been added within the last 24 hours).

 

Another part involves reconfiguring the default Internet Explorer settings in which ActiveX is allowed to run from sites on the wild Internet.  With all the browsers nowadays that don't support ActiveX, there is simply no reason to allow executable software to run whenever any web page wants it, especially not within iFrames, which is where most ads are presented.

 

Yet another security initiative of mine involves employing a deny-by-default firewall setup for outgoing network communications.  The default setting in Windows is to ALLOW all outgoing connection attempts, which brings convenience at the expense of security and privacy.  There are a LOT of attempted communications by a default system setup, most of which are NOT actually needed (but serve only to benefit others) and can actually be deconfigured.  I not only have the firewall block unwanted communications, but I also strive to reconfigure so they're not even attempted in the future.

 

Possibly most importantly I use my HEAD when computing, and do responsible things.  Learning how technical things work (and how the world works) is not impossible, even for non-computer geeks, and it's not infinitely complex.  Thinking comes first, and everything else follows nicely.

 

Not surprisingly, I have an efficient, stable, private computing environment that has never been infected by anything (according to my safety nets not having been exercised at all, nothing has even come close).  Most importantly, my system doesn't cost me much time in maintaining it - hence my ability to get my work done and contribute meaningfully to places like this forum.  It just works!  And it applies equally well to Windows 7, 8.1, and 10.

 

These things, with the exception of a 3rd party firewall management package I bought for $40, are all available for free to anyone right now, just by reconfiguring settings and manipulating files, and by thinking.

 

-Noel

Edited by NoelC
4
Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Some months ago I posted a thread on this forum about practical security and was challenged several times.  One who claims to be an expert even went so far, regarding my use of the hosts file, as to directly say "don't do that".  I don't really want to open that can of worms back up in detail but to paraphrase a famous quote, "A man who claims it is impossible should not get in the way of a man actually doing it."

 

Ah yes, I remember that thread now.  :)

 

 

These things, with the exception of a 3rd party firewall management package I bought for $40, are all available for free to anyone right now, just by reconfiguring settings and manipulating files, and by thinking.

 

I remember the ZoneAlarm firewall for Windows 98 used to ask you the first time every program wanted to access the Internet. You would look up the program, decide whether it should get access, and over time ZA would learn what was allowed and what wasn't. But more recently, firewall vendors seem to have leaned in the direction of making things "easier" by taking away most or all of the of decision-making from the user. Are there any firewalls out there that work like ZoneAlarm did (or maybe still does)?

 

A curious thing is that the Norton firewall leans in entirely the opposite direction, with all sorts of arcane and confusing-sounding rules that seem to be worded as gotchas. For example, there is a rule listed as follows:

 

Default Block Inbound and Outbound ICMP

Block, Direction: In/Out, Computer: Any, Communications: Any, Protocol: ICMP

[emphasis in original]

 

Not being a networking professional, I've always wondered what "blocking" the "default block" might mean. Would that "block the blocking," i.e. allow the connection? What if I "allow" the "default block," does that mean I'm blocking comms via this protocol? :huh: Or maybe the two lines are independent of each other, where the first line reports what the default value is, and the second line indicates which value is currently set. I've never been sure, it's presented in a way that i find mind-numbingly confusing.

 

Then there's a pair of rules, "Default Allow Windows File Sharing (Shared Networks)" and "Default Block Windows File Sharing." :wacko: Aren't they simply contradicting each other?? Not sure where or how that "shared networks" idea comes into play here. It's hard for me to fathom what one rule is allowing that the other one is blocking, let alone why.

 

Yeah, that old ZoneAlarm firewall was much easier to understand and use, at least for a non-professional like me. OTOH, today's modern firewalls that leave the user with no decisions to make, go too far the other way. You can use the Norton firewall that way, too, by not tinkering with the firewall rules, but as I've said that is also unsatisfactory.

 

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Stop using Microsoft Edge's InPrivate mode if you value your privacy

 

Somewhat counterintuitively, Edge actually records browsing history in InPrivate mode. More than this, by examining the WebCache file it is a relatively simple task for someone to reconstruct full browsing history, regardless of whether surfing was performed in regular or InPrivate mode.

 

[...]

 

As is often the case, there is no indication of quite when this might be fixed, but it will be fixed. At some point. But you can't help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief.

 

The commenters are having a field day with this discovery:

 

Well if you're using Windows 10 then your privacy is compromised by default so using glorified metro apps like edge is not really going to make things any worse than what they already are.

 

no reason to use Edge anyway. it's a piece of cr*p Metro App, that's why it's so limited in functionality, and crash prone. The whole UWA/XAML framework just stinks.

 

And Microsoft urges users not to use CCleaner on Windows 10 because, as they said, it would disrupt normal functioning of OS. But now you understand the true reason of this advice, do you?

 

With all the other spyware that's built into 10, I wouldn't be surprised if this was intentional too, just someone called them out on it. Their fix will probably be to hide it better, not stop collecting it.

 

And the most incisive comment:

 

I am not surprised. It's clearly in line with Microsoft's tendency to spy on each user and record all user's actions, of course, "for sake of security and privacy". The whole Windows 10 is a "most protected and safe OS in the world" where Microsoft has a spare key to each and every door.

 

--JorgeA

 

 

1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...