Jump to content

Windows 10 - Deeper Impressions


xper

Recommended Posts

Are there any firewalls out there that work like ZoneAlarm did (or maybe still does)?

 

A curious thing is that the Norton firewall leans in entirely the opposite direction, with all sorts of arcane and confusing-sounding rules that seem to be worded as gotchas.

 

The Sphinx Windows Firewall Control product, which was recommended to me by XPClient, is a deny-by-default product, and it pops up and tells you about new programs it has detected attempting network access (and which are denied).  It controls, via its own service, the Windows Base Filtering Engine (BFE), so the protection is quite solid under the covers.

 

It's a *little* different than what you think in that the detected access has already been denied by the time you see the pop-up, and so that particular network access has failed.  You will accumulate failures for a while until you get the setup customized for your own use.  It's quite "arcane and geeky" if you want to call it that, but once understood (and it does take a little while to catch on to the way it works) it is powerful enough for even a networking expert to use.  And it does have several "bypass" modes (EnableUnknown, EnableAll) that can help get you through things like complex installs.

 

They have a good forum where the author of the software will answer your questions, and they have been ultra-responsive to problem reports.  There is already a new beta and will be a new release soon with a number of bugfixes and feature enhancements for things I've submitted.

 

At this point based on my experience, like xpclient before me, I recommend the Sphinx Windows 10 Firewall Control product (the name is a bit of a misnomer, it does run on Vista and above), with caveats:

 

1.  Don't expect an easy end-user product.  Networking is not trivial.  But if you're prepared to study it to where you understand it fully, and take some time to develop your own rules, zones and application assignments, you'll be able to know everything about what your system is doing and shut down the Windows Firewall service entirely, which has other advantages. 

 

2.  With ANY deny-by-default firewall setup you're expected to take an ongoing active role in your system's communications processes.  In other words, if you don't do anything, things won't work.  It gives you tools to find out why, and to manage your setup, but you'll have to work at it.  It's not a setup a passive user who just wants to play will want!

 

3.  Run the most expensive high-end product (Network/Cloud Edition) which offers the most control functionality, even if you're only going to control one system with it.  If you have more systems, it does offer convenient remote control (something an IT network guy would want).  It's like just having a remote interface to each system.  While you can't directly share rules in real time between different systems, you CAN easily save the whole config from one system and load it into another.

 

4.  It has a free trial period, and you'll want to take full advantage of that.  It may be that you and the Sphinx product just don't get along.  As I mentioned, it's pretty geeky, and I wouldn't blame anyone for losing interest in why communication with www.startssl.com was attempted via TCP at address 97.74.232.97 port 80 (http) at 1:38am by svchost.

 

I've been using the Sphinx product since August 20, 2015 and I've learned more since then about Windows security than I have in a long time prior.  At this point I have a nice set of my own rules, zones, and application assignments that facilitate secure, private system operations on my multiple different Windows 7, 8.1, and 10 systems, and quite often days go by when I do not have to do anything to maintain the firewall setup at all.  It has also facilitated my finding and tweaking any number of hidden privacy settings so that my Windows systems don't even TRY to spill the beans online any more.

 

If catching Microsoft sending your data abroad motivates you and learning how things work excites you, a deny-by-default firewall could give you ongoing pleasure.  It has done so for me.

 

-Noel

Link to comment
Share on other sites


 

... Secure Boot is a PITA ... ... Then again, I hesitate to turn it off permanently because of the FUD created around not using it.

 

tumblr_mrrc9ftSM61rth2h5o6_400.gif

 

 

 

 

 

Epic post from elsewhere:

 

It will be interesting to see how it plays out once the free upgrade period ends. If Win 7 users would not take it for free, what are the odds we'll take it for a hundred bucks?"

 

 

The free period won't end. It's pretty obvious.

 

They will make W10 a free upgrade for W7 and W8 users forever, add more ads into W10, push even more annoying nag screens for W7 and W8 through Windows Update and then boast for months how generous they are.

Edited by Formfiller
Link to comment
Share on other sites

Windows Update?  Are there people still running that?

 

Some perspective for those who still think continuing to allow Windows Update on their older systems is reasonable:

 

Forgetting that it's Microsoft we're talking about for a moment... 

 

A company has demonstrated - repeatedly - that it tries to install unwanted software through the door in which it's foot is firmly jammed.  They've co-opted an interface that was well-trusted before to improve YOUR computing environment and are now openly using it for THEIR own advantage.  Do you continue to allow them to do so - or do you remove their foot with prejudice?

 

A company has created a new version of their product that's not as functional as their older version (to the point of being visibly brain damaged), and it's less efficient - yet they claim it's better at every turn.  They can't even charge money for it, it's so bad.  They clearly aren't even very good application programmers, let alone OS engineers.  Now, should you continue trust them to be technically competent to change the already working OS software you have?

 

Even putting technical incompetence aside, a company has so thoroughly changed their business model that it will no longer be an advantage to them in any way for you to continue to run your older system trouble-free.  Assuming it's running trouble-free now, should you trust them to change It in ways that do not cause you new problems?

 

-Noel

Edited by NoelC
Link to comment
Share on other sites

 

Trust me, most of Firefox's user base feels the same way, in fact, most of the contributors do.

 

I believe you! Who or what, then, accounts for these unwelcome changes?

 

Another thing to note is, if XUL and XPCOM were to be removed, Thunderbird, SeaMonkey, and ChatZilla would instantly be killed. The only way to save them would to be to rewrite the entire thing, and that will be a lot of work for the limited set of developers on each of these applications. (I contribute to SeaMonkey, and we have been discussing this on IRC over the past few months)

 

By the way, when will an x64 official build of Seamonkey be in the works?  :)  The ability to run on Vista and XP x64 edition would be nice.

Link to comment
Share on other sites

 

Are there any firewalls out there that work like ZoneAlarm did (or maybe still does)?

 

A curious thing is that the Norton firewall leans in entirely the opposite direction, with all sorts of arcane and confusing-sounding rules that seem to be worded as gotchas.

 

The Sphinx Windows Firewall Control product, which was recommended to me by XPClient, is a deny-by-default product, and it pops up and tells you about new programs it has detected attempting network access (and which are denied).  It controls, via its own service, the Windows Base Filtering Engine (BFE), so the protection is quite solid under the covers.

 

Thanks for the rundown, Noel. I'll look into Sphinx. If I set it up on one of my Norton-protected PCs, I wonder if Norton will throw a fit when I disable their firewall to install the new one.

 

--JorgeA

Link to comment
Share on other sites

Windows 10 appears to be corrupting some users' external hard drives:

 

My 2TB external hard drive corrupted twice while using the Windows 10 Tech Preview (within 2 weeks). Note that I've been using this drive in multiple computers for ~2 years now, and it's never had any issues. I'm 99% sure this is an issue with Windows 10, and a serious one that MS needs to know about/replicate to fix it in future versions.

 

Complaints continue into 2016. People who had no issue witth their hardware while on Windows 7 (or even 8.1) are suddenly losing their data when they move to Win10:

 

 

Yesterday (12/07/2015) I had two 40Gig external drives that had years worth of data on corrupt (I have current backups) and this happened to me with Windows 10 x64 (public release). I disabled 'Hibernation/Fast Start' after both hard drives went south and rebooted. Had to reformat both to get to the drive again—could not recover data in a folder structure just the files that were renamed randomly, which does me no good.

 

They showed up in disk manager and in Explorer, but both have the file structure corrupted and show up as RAW now instead of NTFS. They were working great with Windows XP x64 and Windows 7 x64—never had any issues with them. Plug them into a Windows 10 x64 laptop and within 30 minutes both are corrupted.

 

Today (12/08/2015) after reformatting both drives, disabling and making sure it was disabled and rebooting 'Hibernation/Fast Start', re-copying files over from my backups on Crashplan, booting up Windows 10 and plugging in my external drives again that ARE working on Windows 7—Windows 10 corrupted them AGAIN!

 

For some odd reason I don't trust Windows as much as I did before—wonder why!

 

This has been going on for a year and a half now, apparently with no acknowledgment from Microsoft that there might be a problem. Guess they're too busy adding fluff to the OS to deal with a substantive issue like HDD corruption.

 

From another Windows Insiders thread:
 

 

If windows 10 is so great please explain this.

I run my Own computer business, have done since 2003, and worked on them for years before that.

 

When Windows 10  came out, 95% of my work up until December has been fixing or reinstalling failed installs  or badly running, crashing customers computers.  ( Average of 6-10  per week) These people are just  your average person who uses windows, not techs or anything related to computer repairs and servicing / Testers.

 

The first three weeks after windows came 10 came out my phone was almost ringing off the hook with people wanting help.

 

--JorgeA

 

Link to comment
Share on other sites

 

 

Trust me, most of Firefox's user base feels the same way, in fact, most of the contributors do.

 

I believe you! Who or what, then, accounts for these unwelcome changes?

 

Another thing to note is, if XUL and XPCOM were to be removed, Thunderbird, SeaMonkey, and ChatZilla would instantly be killed. The only way to save them would to be to rewrite the entire thing, and that will be a lot of work for the limited set of developers on each of these applications. (I contribute to SeaMonkey, and we have been discussing this on IRC over the past few months)

 

By the way, when will an x64 official build of Seamonkey be in the works?  :)  The ability to run on Vista and XP x64 edition would be nice.

 

 

I don't think we will have official builds for a while, as we currently have difficulty with getting the 32-bit builds out on time. (It's a long story) There are unofficial builds however, in fact I was doing it for a while. I posted a thread over on MozillaZine about it, (I saw you posted there, but if you need the link here it is.) but I haven't updated it for a while. Once the SM RelEng team gets around to pushing out 2.40 in the coming days/weeks, I will probably do a 64-bit build that *should* be compatible with XP/Vista x64.

 

(There is a way to modify newer Geckos to run on XP/Vista, I've done it, even on the newest Nightlys. You just have to take a PE editor to the executable and change the minimum version from 6.1 to 5.2. The installers/ZIPs I push out have this change already.)

Edited by rn10950
Link to comment
Share on other sites

As a Jedi you need to let go of the fondness you feel for your data.  Fondness leads to privacy, and privacy leads to bankruptcy.

 

-Noel

 

Reminds me of the magazine drawing at my local health-food store, with the Dalai Lama opening an empty gift-wrapped box and exclaiming, "Wow, everything I've ever wanted!"

 

--JorgeA

Link to comment
Share on other sites

 

(There is a way to modify newer Geckos to run on XP/Vista, I've done it, even on the newest Nightlys. You just have to take a PE editor to the executable and change the minimum version from 6.1 to 5.2. The installers/ZIPs I push out have this change already.)

 

 

Huh, so that's how software publishers make programs "incompatible with old, obsolete OSes" -- simply by changing the value on the minimum version? :blink:

 

--JorgeA

Link to comment
Share on other sites

 

 

(There is a way to modify newer Geckos to run on XP/Vista, I've done it, even on the newest Nightlys. You just have to take a PE editor to the executable and change the minimum version from 6.1 to 5.2. The installers/ZIPs I push out have this change already.)

 

 

Huh, so that's how software publishers make programs "incompatible with old, obsolete OSes" -- simply by changing the value on the minimum version? :blink:

 

--JorgeA

 

 

In some cases, yes. I'm pretty sure that's what allowed programs to run on Win98 but not Win95. (that or a VS redist wasn't created for 95) In other cases, this being the most common, developers start using APIs that don't exist in later versions or switch to a version of VS that doesn't support said OS. For example, Win2k and WinXP are very similar under the hood, but most devs dropped support for 2k because VS did. (actually, I think it even divided XP SP1 and XP SP2) The API issue was big during the switch from 9x to NT. In the case of the Mozilla applications, the 32-bit version is fully supported on XP/Vista and the 64-bit version isn't, so the program is using almost the same code and APIs whether it be 32- or 64-bit, the deciding factor just being which compiler you use. So for this, we can just decrease the minimum version (which was actually put in by VC++ itself and not Mozilla, I checked the code for this. It's probably just MS trying to kill off old OSes for no good reason, business as usual I guess.) and it will run fine.

Link to comment
Share on other sites

I did the same thing when I ran Windows XP x64 several years ago, I followed a guide online to run iTunes that was only supported at the time for Windows Vista to run on Windows XP x64 using Orca MSI Editor and it worked.

Link to comment
Share on other sites

Huh, so that's how software publishers make programs "incompatible with old, obsolete OSes" -- simply by changing the value on the minimum version? :blink:

 

    Oh absolutely!  It's just a little value written into the PE header on the executable.  Developers are supposed to set it in order to preemptively thwart catastrophic failure due to missing APIs in the older OS (like a modern program running on Windows 9x could be missing a bunch of APIs that are only present on the Windows NT platform).  But, developers can also misuse it to make software only work on certain versions of Windows.

Link to comment
Share on other sites

 

Huh, so that's how software publishers make programs "incompatible with old, obsolete OSes" -- simply by changing the value on the minimum version? :blink:

 

--JorgeA

 

Not really "always", many times this is not voluntary, simply the new version of the MS compilers changes default, Author does not check it and the result of re-compiling is a compiled executable that is "artificially" limited to newer OS's.

 

A different case is when the Author uses an API call that does not exist on a "previous" OS (though not really my field of experience, I believe that - with some exceptions of course - there is often a way - IF the Author is willing to take the extra time - to avoid the new API call).

In this latter case the executable is actually "incompatible" unless it is re-compiled with the needed replacement/workarounds.

 

jaclaz

Link to comment
Share on other sites

Sometimes - and admittedly not often - new API calls do things that make your software more valuable.

 

There are often ways an author could code around the need for a new API call, but that's expensive.  It boils down to a business decision:  Do I continue to support the older OS and work extra hard / spend extra time to do so - in an ongoing fashion - or do I drop support for the older OS and take advantage of new things that have been added in the latest OS.

 

Continuing to maintain functionality for an operating system that's old and has few actual users could cause the code to be more complex, and thus buggier.  Software engineering can be about balancing how much you can accomplish technically against an inability to manage anything more complex.

 

-Noel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...