NoelC Posted July 2, 2016 Share Posted July 2, 2016 (edited) 16 hours ago, dencorso said: And there is a sister NAG for plain vanilla 7 (viz. non-SP1) and 8.0, which was released as KB3163589, too! That has to be the most appropriate use of the "barf" smiley I've seen in a long time. And Microsoft's actions, where they have co-opted their Windows Update foot-in-the-door for nefarious purposes, are a Very Good definition of "starting down the slippery slope". 17 hours ago, JorgeA said: Woody Leonhard has emerged as the tech press's most comprehensive and reliable reporter on these tricks and shenanigans: Woody Leonhard is a good guy with a decent audience who's still willing to tell it like it is in today's world. Bravo! Seeing that there are people like him still out there tells me there is some hope for the high tech world. -Noel Edited July 2, 2016 by NoelC 1 Link to comment Share on other sites More sharing options...
BudwS Posted July 2, 2016 Share Posted July 2, 2016 Just to keep ahead of the Nags, Fast Track is up to 14379 now. (Yup, the MacBook installed it cleanly.) Link to comment Share on other sites More sharing options...
NoelC Posted July 2, 2016 Share Posted July 2, 2016 Bud, is your MacBook's system name by chance "DEFECTOR" or "DOUBLEAGENT? -Noel Link to comment Share on other sites More sharing options...
dencorso Posted July 2, 2016 Share Posted July 2, 2016 BTM, anyone here has any experience with Pi-Hole? Wouldn't it be interesting to block those meddlesome MS addresses? Your thoughts? Link to comment Share on other sites More sharing options...
greenhillmaniac Posted July 2, 2016 Share Posted July 2, 2016 20 hours ago, dencorso said: And there is a sister NAG for plain vanilla 7 (viz. non-SP1) and 8.0, which was released as KB3163589, too! Wow, they sure are desperate... I mean, Windows 8.0 and vanilla 7 are EOL. They shouldn't even recieve more updates! M$ are really trying to get every last ounce of the market. Windows 8.0 only accounts for 1% of the market FFS! I'm actually surprised Vista users haven't been nagged yet. Or better yet, XP users. 1 Link to comment Share on other sites More sharing options...
dencorso Posted July 2, 2016 Share Posted July 2, 2016 We XP users are next, for sure! But we won't go down without a fight! 1 Link to comment Share on other sites More sharing options...
NoelC Posted July 2, 2016 Share Posted July 2, 2016 45 minutes ago, dencorso said: BTM, anyone here has any experience with Pi-Hole? Wouldn't it be interesting to block those meddlesome MS addresses? Your thoughts? I've no experience with pi-hole, but blocking just "meddlesome MS addresses" is not likely to be as simple as you might hope. A "deny outgoing connections by default" firewall is a good way to go. In my case I'm using 3rd party package (Sphinx) along with the disablement of the stock Windows Firewall. Just for example, from my own wildcard DNS server list: # # Special Microsoft addresses to block # *vortex.data.microsoft.com=0.0.0.0 *vortex-win.data.microsoft.com=0.0.0.0 *settings-win.data.microsoft.com=0.0.0.0 *vo.msecnd.net=0.0.0.0 *telemetry*microsoft*=0.0.0.0 a-*.a-msedge.net=0.0.0.0 *.bing.com *.bing.net There are others that you might want to block as well under some conditions, e.g., go.microsoft.com www.microsoft.com statsfe2.update.microsoft.com I've found these must be allowed in order to succeed a Windows Update: ctldl.windowsupdate.com sls.update.microsoft.com sls.update.microsoft.com.akadns.net fe2.update.microsoft.com fe2.update.microsoft.com.akadns.net ds.download.windowsupdate.com au.ds.download.windowsupdate.com fg.ds.download.windowsupdate.com v4.download.windowsupdate.com au.v4.download.windowsupdate.com fg.v4.download.windowsupdate.com fe2.ws.microsoft.com download.windowsupdate.com And there's a whole gaggle of security certificate management sites that the system in general needs to be able to contact, otherwise things tend to get sluggish... [g,h,s,t].symc[b,d].com [g,h,s,t]?.symc[b,d].com crl-ds.ws.symantec.com.edgekey.net crl.apple.com crl.certum.pl crl.comodoca.com crl.entrust.net crl.geotrust.com crl.globalsign.com crl.globalsign.net crl.godaddy.com crl.microsoft.com crl.omniroot.com crl.startssl.com crl.thawte.com crl.trustwave.com crl.usertrust.com crl.verisign.com crl[0-9].digicert.com crl2.alphassl.com csc3-2010-crl.verisign.com ctldl.windowsupdate.com evcs-crl.ws.symantec.com evcs-ocsp.ws.symantec.com EVIntl-ocsp.verisign.com EVSecure-ocsp.verisign.com gtglobal-ocsp.geotrust.com gtssl-ocsp.geotrust.com gtssldv-ocsp.geotrust.com mscrl.microsoft.com ocsp-ds.ws.symantec.com.edgekey.net ocsp.comodoca.com ocsp.digicert.com ocsp.entrust.net ocsp.geotrust.com ocsp.globalsign.com ocsp.godaddy.com ocsp.int-x[1-3].letsencrypt.org ocsp.msocsp.com ocsp.omniroot.com ocsp.startssl.com ocsp.thawte.com ocsp.trustwave.com ocsp.usertrust.com ocsp.verisign.com ocsp.ws.symantec.com ocsp2.globalsign.com pca-g3-ocsp.geotrust.com pki.google.com rapidssl-ocsp.geotrust.com seal.verisign.com sealinfo.verisign.com sealserver.trustwave.com secure.globalsign.com secure.softwarekey.com timestamp.verisign.com tss-geotrust-crl.thawte.com vassg14[1-2].crl.omniroot.com vassg14[1-2].ocsp.omniroot.com www.startssl.com I CAN tell you, because I've done it, that a balance can ultimately be struck that will allow you to initiate Windows Updates with only a small amount of system reconfiguration, yet keep the system unable to be altered by Microsoft when you're not looking. But then, after all that R&D, I've decided to just stop taking Windows Updates on older systems entirely. -Noel 2 Link to comment Share on other sites More sharing options...
dencorso Posted July 2, 2016 Share Posted July 2, 2016 IMHO, a Raspberry-Pi is a quite good place to locate an external firawall (and maybe a DNS, too), because it would be sitting between the provider and the router and run a non-MS OS, while protecting every device in a LAN, at the same time. Link to comment Share on other sites More sharing options...
NoelC Posted July 2, 2016 Share Posted July 2, 2016 Hm, maybe we should invent a soup-to-nuts complete cloud-integrated device that blocks all other cloud integration... -Noel 2 Link to comment Share on other sites More sharing options...
dencorso Posted July 2, 2016 Share Posted July 2, 2016 Well, I'm sure thinking of a colectively-mantained, but moderated, blacklist, accessible from the net as needed. But not exactly cloud-integrated. The clouds are the place for Little Wing, solely. And rain, maybe. But not for reliable data, of course! Link to comment Share on other sites More sharing options...
NoelC Posted July 2, 2016 Share Posted July 2, 2016 Hm, could be very popular as a turnkey "plug it inline" product with a UI no more complex than, say, O&O ShutUp10 or similar and with at least the capability to be set up to automatically update from a central, managed source. Market it as both a security-enhancing and performance increasing product - and that would be no lie because it would actually accomplish both. Most folks don't realize how much extra crap is tacked onto their web communications. Some possible names... Chaff Blocker Surf Cleaner Web Sanitizer Inline Online Ad Killer Browser Filter Probably the word "Secure" should be in there somewhere too. -Noel 2 Link to comment Share on other sites More sharing options...
dencorso Posted July 2, 2016 Share Posted July 2, 2016 Speed-up Secure Sanitizer? 1 Link to comment Share on other sites More sharing options...
NoelC Posted July 2, 2016 Share Posted July 2, 2016 Decent. Maybe "Supersonic Web Sanitizer". Wow, I was just doing a little browsing. Those little Raspberry Pi 2 devices are seriously powerful! Name-based firewall management is the future, since so many things are today delivered by CDNs or banks of servers. My Windows 10 test system has just completed at least a month without having tried to contact anyone online that I didn't know about and pre-approve. The only thing it does on its own is update its virus database (and presumably engine). Even without Windows Update being running it'll do that. I've set up to allow C:\program files\windows defender\mpcmdrun.exe to access its data sources. I haven't had an AV or MBAM catch any potential infections for years. A box like the one we're discussing here could really put a steel lid on the "unprecedented security" of Windows 10. -Noel Link to comment Share on other sites More sharing options...
dencorso Posted July 3, 2016 Share Posted July 3, 2016 What I do like about the Raspberry Pi 2 is precisely that: it's a standard hardware, well documented, unix enabled and delivers a lot of bang to the buck! 2 Link to comment Share on other sites More sharing options...
jaclaz Posted July 4, 2016 Share Posted July 4, 2016 Sorry to interrupt, but this is important. https://support.microsoft.com/en-us/kb/3173040 https://www.theguardian.com/technology/2016/jul/04/microsoft-windows-10-full-screen-upgrade-notification-pop-up-reminder jaclaz 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now