Jump to content

Windows 10 - Deeper Impressions

xper

By xper
in Windows 10

 Share

Recommended Posts

JorgeA

JorgeA

Posted
Posted

Has Norton/Symantec joined the "sneaky forced upgrade" trend? Check this out:

 

Well, here we go.

 

Even though I had specifically disallowed the "update to new version" on the settings page, Norton, in it's infinite wisdom, somehow managed to "update" my Norton 360 on the one remaining computer I had in-house that was still running the old version of Norton 360 that still had the Network Security Map feature intact. Oh, and guess what, now none of my computers can see their NAS backup destination. Way to go Norton. I guess there's no reason to keep you around any longer.

 

I have some really choice words for you guys at Norton/Symantec.

 

I have set all my machines using Norton to not look for new program versions and so far they've all held. But this report gives me pause. Will monitor for additional reports of another vendor ignoring its customers' explicit preferences.

 

--JorgeA

 

Link to comment
Share on other sites

neville2

neville2

Posted
Posted

 

.

 

@neville2: I'm heading off to view the Device Manager in Win10 to see what you're saying for myself.

 

BTW, the link leads to the MSFN home page. Maybe it got changed?

 

--JorgeA

 

Try this link then  http://windows10_dpi_blurry_fix.xpexplorer.com/

 

Sorry, I'm not doing well here. I will type it. http://xpexplorer.com/windows10_dpi_blurry_fix/

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

 

 

Sorry, I'm not doing well here. I will type it. http://xpexplorer.com/windows10_dpi_blurry_fix/

 

 

 

Yep, it is (JFYI) a glitch in the parsing engine of the board:

http://www.msfn.org/board/topic/174184-this-link-only-goes-to-msfn/

 

jaclaz

 

 

@jaclaz, did you do that on purpose?  ;)  Here's the result I get by clicking on your link:

 

post-287775-0-03685400-1443627243_thumb.

 

I thought that I was going to a thread discussing the first glitch, but I seem to have landed on a different glitch. (The first two links @neville2 provided led to the MSFN home page rather than to an error page.)

 

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Terry Myerson tries to reassure the anxious masses that Microsoft will respect their privacy, but he gets skewered in the comments:

 

There is no switch to disable telemetry entirely on win10 home and pro.

 

There is no switch to stop the start menu from pinging Microsoft every time you search, even with web search and Cortana completely disabled in the UI.

 

The only way to turn that stuff off and ensure that your privacy is protected is to disable over a dozen task scheduler entries, 2 services, block connections to over 2 dozen IPs in your firewall, and make a bunch of registry changes.

 

Or run a 3rd party program like O&O's Shutup10, which is what I did and you should do too.

 

But that should all be built-in to windows. It's downright outrageous that we can't turn this stuff off via a simple switch.

 

--JorgeA

 

 

1
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

@jaclaz, did you do that on purpose?  Here's the result I get by clicking on your link:

My bad, the matter is discussed in more depth on that link, but it is in an area of the board reserved to developers/mods/etc.

 

The original issue happened here:

http://totally_fake_url.com

EDIT: no it is just the underscore that does it. Subdomain doesn't seem to matter.

Well, NO. :no:

 

In the sense that a URL (hostname) containing underscore is "illegal" according to RFC 952/1123:

1. A "name" (Net, Host, Gateway, or Domain name) is a text string up

to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus

sign (-), and period (.). Note that periods are only allowed when

they serve to delimit components of "domain style names". (See

RFC-921, "Domain Name System Implementation Schedule", for

background). No blank or space characters are permitted as part of a

name. No distinction is made between upper and lower case. The first

character must be an alpha character. The last character must not be

a minus sign or period.

https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names

 

As often happens with standards (I love standards :yes:, there are so many of 'em ;)) is that allowing the minus sign and saying that "no distinction is made between upper and lower case" can easily be read as "underscore"  (i.e. SHIFT+ minus) is allowed, an unrelated but similar issue happens with UPPERCASING file/directory names in some ISO9660 standard "ISO levels" (OT :ph34r: but JFYI):

http://www.911cd.net/forums//index.php?showtopic=25612

 

But really NO domain name can contain an underscore (while it is perfectly allowable for both subdomains and subfolders).

 

Most probably the good IPB guys (or some of the more lower level libraries/whatever they use) assume that the thing after the http:// is (with prepended www. or without it) a domain name and check that it is made out of only "(A-Z), digits (0-9), minus

sign (-), and period (.)" until a / (forward slash) is found. 

Sure the cause is the underscore :) but ONLY an underscore between the http:// and the dot.

The changed linked to the original page works fine, notwithstanding the underscores in the actual target  name (which actually is likely to be index.htm inside the folder "windows10_dpi_blurry_fix") :

hxxp://xpexplorer.com/windows10_dpi_blurry_fix/

http://xpexplorer.com/windows10_dpi_blurry_fix/

 

But a line needs IMHO to be drawn between mis-parsing something that should not exist (because it is not a valid URL) and mis-parsing a perfectly valid/complying to standards URL.

 

Once upon a time here in Italy school teachers used a red/blue pencil to correct homework and similar, the RED correction meant a minor error the BLUE one a very serious one, you really did not want to have something underlined twice in BLUE :ph34r:

 

The good IPB guys (or as said some of the libraries/whatever they use) evidently assume that the first thing after the http:// must be the domain and thus checks for any character which is not letters or minus sign until the first dot is found.

 

It's rather common that - when it comes to standards some people or their code are more royalist than the King. :yes:

 

 

jaclaz

Link to comment
Share on other sites
NoelC

NoelC

Posted
Posted

Terry Myerson tries to reassure the anxious masses that Microsoft will respect their privacy, but he gets skewered in the comments:

 

There is no switch to disable telemetry entirely on win10 home and pro.

 

There is no switch to stop the start menu from pinging Microsoft every time you search, even with web search and Cortana completely disabled in the UI.

 

The only way to turn that stuff off and ensure that your privacy is protected is to disable over a dozen task scheduler entries, 2 services, block connections to over 2 dozen IPs in your firewall, and make a bunch of registry changes.

 

Or run a 3rd party program like O&O's Shutup10, which is what I did and you should do too.

 

But that should all be built-in to windows. It's downright outrageous that we can't turn this stuff off via a simple switch.

 

--JorgeA

 

Emphasis mine.

 

Except it's not "or", it's "and".

 

Look at the list of servers Windows 10 tried to contact last night with ALL of the above done and NO applications running.

 

ScreenGrab_09_30_2015_104438.png

 

These are the things I have done to this system:

 

...After logging in with a local account...

 

...After having configured all the overt privacy controls and all other preferences I could find to the most private settings...

 

...After having removed Cortana, OneDrive, and all Modern Apps that can be removed, which are not needed for the desktop-centric operation I require...

 

...After having swept through services.msc and disabling selected services that are not needed for desktop-only operation...

 

...After having swept through the Task Scheduler and disabling many tasks that do not need to run...

 

...After having set the policy via gpedit.msc to not install updates without my having initiated the activity...

 

...After having put in place a hosts file that resolves thousands of known data collection or malware server names to 0.0.0.0...

 

....AND having run ShutUp10...

 

...A quiescent Windows 10 system with no applications running STILL tries contact many servers.

 

Note that one of the requests actually got through the firewall (noting the green arrow), because it's an address required to successfully do a Windows Update.

 

My next step:  Disabling the Windows Update service, then selectively enabling / starting it ONLY when I want to check for updates.  I believe that should cut down on the above.  We'll see.

 

Thing is, Microsoft has already stated that a system that's not regularly in contact with Windows Update will ultimately be excluded from eligibility to receive updates entirely.

 

  • Should we have to rely on our last line of defense (firewall) to protect ourselves from the OS maker?

     

  • Would a system with so many built-in bugs be any good without staying current with Windows Update?

     

  • What positives are there that would offset all of this ongoing effort (to manage the firewall and to jump through hoops to do updates)?

 

-Noel

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

 

My bad, the matter is discussed in more depth on that link, but it is in an area of the board reserved to developers/mods/etc.

 

Thanks for the explanation jaclaz, that covers it pretty well.

 

It IS a strange issue with the board.

 

I guess I had totally missed that thread about font rendering.

 

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

A brief but interesting discussion about privacy in Windows 10. At about 5:05, the guest makes a provocative point about the political power that Win10 could give to Microsoft:

 

GP: ...I think focusing on the commercial misses the ethical dimension, and it also misses the political dimension. Let's go into the world of possibility, and imagine that Microsoft has something before Congress that it wants to get passed, and it's got a profile of four congressmen that it knows are necessary to having this passed. Will they stop at using that profile to achieve political goals?

 

TH: Whoaaaa.

 

GP; It's a good question, isn't it?

 

TH: Yeah, that's a real rubber-meets-the-road -- and not necessarily four congressmen, maybe four hundred.

 

--JorgeA

 

 

 

 

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted

Look at the list of servers Windows 10 tried to contact last night with ALL of the above done and NO applications running.

 

ScreenGrab_09_30_2015_104438.png

 

These are the things I have done to this system:

 

...After logging in with a local account...

 

...After having configured all the overt privacy controls and all other preferences I could find to the most private settings...

 

...After having removed Cortana, OneDrive, and all Modern Apps that can be removed, which are not needed for the desktop-centric operation I require...

 

...After having swept through services.msc and disabling selected services that are not needed for desktop-only operation...

 

...After having swept through the Task Scheduler and disabling many tasks that do not need to run...

 

...After having set the policy via gpedit.msc to not install updates without my having initiated the activity...

 

...After having put in place a hosts file that resolves thousands of known data collection or malware server names to 0.0.0.0...

 

....AND having run ShutUp10...

 

...A quiescent Windows 10 system with no applications running STILL tries contact many servers.

 

Note that one of the requests actually got through the firewall (noting the green arrow), because it's an address required to successfully do a Windows Update.

 

NoelC, what you do think are the prospects (technically speaking) for devising a user-friendly application to enable less-expert Windows users to do these sorts of things without having to "change their own oil," so to speak? Especially with regard to managing the firewall.

 

Never mind that Microsoft might easily undo everything with the next set of updates, I'm wondering about the feasibility of creating a program (at all) that will do this for the user.

 

If such a thing is possible, it could come to make a real dent in Microsoft's plans and maybe persuade them to back off.

 

--JorgeA

Link to comment
Share on other sites
JorgeA

JorgeA

Posted
Posted (edited)

And for those who (as pushed by technology coming to Win10) are excited at the prospect of getting rid of passwords and using biometrics to sign into their computers (or anything, for that matter):

 

Office of Personnel Mgmt: 5.6M estimated to have fingerprints stolen in breach

 

You can change your password if it's stolen. It's a little more difficult to change your fingerprint.

 

--JorgeA

Edited by JorgeA
1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...