Author |
Message |
Doddie
|
Posted: Sat Jan 06, 2018 5:52 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
It's probably just me but i can't help thinking there's been some sort of industry wide cover up for a very long time that was about to be outed and so they've all jumped on the bad wagon of bad news and are now clearing out all the skeletons en masse so no one company is being singled out... put another way... I've long suspected there's been to some degree a 'cartel' running things from behind the scenes that controls who does what and when in the tech industry <enter the name of any tech co name that's been around for 10 years or more>. Rarely, if ever, have i seen so many stories on a 3rd party website filled with 'armageddon' stories for an exploit that's not even been seen 'in the wild' yet. Yet here we are with vendors coming out of the woodwork, appearing to fight their way into the media shouting "ME TOO!", apparently falling over themselves to show how wonderful they are they've released a patch that may or may not work in the long run (no-one knows what's going to happen in the long run afaict). cf. http://www.theregister.co.uk/2018/01/04 ... notations/http://www.theregister.co.uk/2018/01/04 ... erability/http://www.theregister.co.uk/2018/01/04 ... own_patch/http://www.theregister.co.uk/2018/01/05 ... own_patch/http://www.theregister.co.uk/2018/01/05 ... flaw_sued/http://www.theregister.co.uk/2018/01/06 ... abilities/http://www.theregister.co.uk/2018/01/06 ... _psp_flaw/That is but a few over the last couple of days and there are many many links within them that expand on the real picture, indeed, there is much much more elsewhere on the net. I started with this might just be my perception and it could very well be but a world wide slow down of anything with a processor just doesn't sit well with me unless there is something else going on... that all OS's and processors fundamentally work in the same way with the same or similar code that carries the same instructions either points to collaboration at best, or at worst wholesale IP theft. What i found most interesting was that what broke this story was Linus Torvalds hint that the next build of Linux would suffer a performance hit without saying why... i can't help wonder why he did that?
|
|
|
|
|
Peter2150
|
Posted: Sun Jan 07, 2018 4:05 pm |
|
|
welcoming committee |
Joined: Sun Apr 15, 2012 5:52 pm Posts: 970
|
Best advice is to STAY CALM!
First of all the stories keep changing every day. One key fact. For you to have any problem something has to execute on your machine. That brings the risk down to your browser. Firefox has update and it's latest version does have some mitigation.
We don't yet know if Sandboxie will fully protect you. Main thing is smart email. I have two rules. 1) Don't click on links. PERIOD. 2.) Don't open attachments unless you knew it was coming before you got it.
Follow those 2 rules and you will avoid 98% of the infections.
|
|
|
|
|
jaylach
|
Posted: Sun Jan 07, 2018 4:18 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
I have not had a chance to read the links yet but my initial response, from what is stated just in the post text, is to agree with Pete. Y2K was supposed to destroy the world. I'll read the articles ASAP.
|
|
|
|
|
Doddie
|
Posted: Mon Jan 08, 2018 2:32 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
I agree with Peter as well although I'm not so sure 98% of infections for this flaw will be stopped by following 'smart email' alone. Jay, when you're in link reading mode might as well add this to the list... I've been waiting for something like this, it always seems to happen to something when MS rush out fixes It gets worse: Microsoft’s Spectre-fixer bricks some AMD PCs KB4056892 is not your friend if you run an Athlon:http://www.theregister.co.uk/2018/01/08 ... wered_pcs/Note: The above KB4056892 is the Win10 fix, KB4056894 which is the Win7 & Server 2008 fix has no such issues as far as i know.
|
|
|
|
|
jaylach
|
Posted: Mon Jan 08, 2018 2:49 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
Hmmm, I wonder if that is only Athalon AMD processors of if my Ryzen could have an issue... <edit>Never mind. That KB installed on 1/4/18 and all seems fine.
|
|
|
|
|
Doddie
|
Posted: Mon Jan 08, 2018 3:29 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
jaylach wrote: Hmmm, I wonder if that is only Athalon AMD processors of if my Ryzen could have an issue... I believe the Ryzen CPU's will be fine regarding the MS update, my non Ryzen & non Athlon AMD FX-8320E "Vishera" CPU didn't. I also believe that theoretically the Ryzen CPU could be susceptible to Variant Two but to date it's never been 'demonstrated': https://community.amd.com/thread/224276Again, i believe Variants 1 & 2 are "spectre", variant 3 is "meltdown"... no AMD CPU's are vulnerable to variant 3. <Edit noted but typed so i'll post LOL>
|
|
|
|
|
Doddie
|
Posted: Tue Jan 09, 2018 5:22 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
This is quickly turning into farce!!! I can't quite believe what I'm reading but it's from Microsoft so it must be true... in a nutshell, if your anti-virus isn't compatible with their Spectre/Meltdown fix then you're stuffed, they will not be sending you any security updates via Windows Updates this month, it remains to be seen if this will still happen next month or beyond. It would, of course, have been helpful if MS were to list which anti-virus products they were aware of that didn't meet their criteria so that most users might at least stand a chance to work out if they needed to take action to restore full Windows Update functions... most users with non-compliant anti-virus products will likely be blissfully unaware that they're PC's aren't fully patched thanks to Automatic Updating (afaik, AU doesn't alert users that an update has been deferred due to 3rd party software?)... but of course that would be too helpful! The cumulative update method is coming home to roost... MS really need to rethink their security update method, previously it would only be one update that was blocked now because they're bundled into a single cumulative update it's all of them regardless of the software/hardware affected. Quote: Microsoft has identified a compatibility issue with a small number of antivirus software products.
The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.
Microsoft is working closely with antivirus software partners to ensure that all customers receive the January Windows security updates as soon as possible. Source and more: https://support.microsoft.com/en-us/hel ... s-softwareAlso, I've never used Sanboxie but it appears that even that is not without its issues caused by the MS fix/update, at least on Win7: KB4056897 /KB4056894 - WIN 7 SECURITY UPDATE - Unable to use Sandboxie - Compatibility issues[Fixed in beta 5.23.3]https://forums.sandboxie.com/phpBB3/vie ... 11&t=25290FYI, the thread subject for the Sandboxie issue appears to be somewhat misleading in that the Beta build that was 'a fix' appears to have broken Office 2013 if i understand the latter posts correctly.
|
|
|
|
|
jaylach
|
Posted: Tue Jan 09, 2018 5:30 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
In my opinion the basic problem with such info releases from Microsoft, and other vendors, is that most people never see them. If read a little between the lines you do sort of get let known that there is likely an issue with your anti-virus if you don't get the January 3, 2018 update. The problem is that very few 'average' users will never see the article to know. BTW, happy 5 year anniversary here in 4 days Doddie.
|
|
|
|
|
Doddie
|
Posted: Tue Jan 09, 2018 5:46 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
jaylach wrote: In my opinion the basic problem with such info releases from Microsoft, and other vendors, is that most people never see them. If read a little between the lines you do sort of get let known that there is likely an issue with your anti-virus if you don't get the January 3, 2018 update. The problem is that very few 'average' users will never see the article to know. BTW, happy 5 year anniversary here in 4 days Doddie. I'm not sure how you read that into the MS article? In the Overview it says "If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor."... i don't know if that means MS will alert the end user or not but it does beg the question that if they don't alert the user then how in hell is the user supposed to know what hasn't been offered?? In all my years of using MS products i don't EVER recall their update mechanism alerting me that an update has not been offered, so that would be new if true Blimey, almost 5 years registered, that's quite scary...doesn't feel anything like that long, possibly because i lurked for a long time before i posted?... Here's to the next 5 years, i'll do my best to keep improving my ill-informed drivel as best i can
|
|
|
|
|
jaylach
|
Posted: Tue Jan 09, 2018 6:11 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
Mayhaps I worded badly but my point was that an informed user that read the article could figure that they may have an issue. The bad side is that, without direct notification, the average user will never have a clue anything is going on. The reason I say that an informed user that read the article would likely see a possible issue is the following: MS wrote: If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor. And I have never considered your posts "ill-informed drivel".
|
|
|
|
|
Doddie
|
Posted: Tue Jan 09, 2018 6:26 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
jaylach wrote: The bad side is that, without direct notification, the average user will never have a clue anything is going on. Pretty sure we're singing from the same hymn sheet... point being, MS are not offering the January cumulative update to anyone if their anti-virus isn't compatible with the spectre/meltdown patch... the cumulative update contains more than the spectre/meltdown patch so end users are not getting the benefits of the other security patches. It potentially gets worse, my understanding is that MS will NOT offer any future cumulative updates until the end users anti-virus is complaint with the current spectre/meltdown KB patch. Given that all security updates are now cumulative that would make sense but it makes no sense from a security point of view because if an end user with (say) automatic updates enabled and scheduled to automatically install, who also has outdated/unpatched anti-virus software, they will never know that their system isn't updating... let alone know why it isn't. It's a cockup on a scale i don't think I've seen from Microsoft.
|
|
|
|
|
Doddie
|
Posted: Tue Jan 09, 2018 6:33 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
jaylach wrote: And I have never considered your posts "ill-informed drivel". You might not, i sometimes wonder what the hell I'm talking about!
|
|
|
|
|
sboots
|
Posted: Tue Jan 09, 2018 9:32 pm |
|
|
Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm Posts: 2959 Location: New Jersey
|
I'm not sure that I agree that Microsoft is at fault here. It's the 3rd party antivirus vendors who continue to hook into the OS in ways that Microsoft advises against. That's the "compatible" bit regarding a/v software. Customer choosing to install 3rd party a/v software must reply on the vendor of that software to fix the a/v software so that Windows will be able to properly patch. -steve
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
|
|
|
jaylach
|
Posted: Tue Jan 09, 2018 9:51 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
sboots wrote: I'm not sure that I agree that Microsoft is at fault here. It's the 3rd party antivirus vendors who continue to hook into the OS in ways that Microsoft advises against. That's the "compatible" bit regarding a/v software. Customer choosing to install 3rd party a/v software must reply on the vendor of that software to fix the a/v software so that Windows will be able to properly patch. -steve I totally agree Steve. Still it would be nice if MS notified the user that their AV was preventing an update instead of just not delivering.
|
|
|
|
|
sboots
|
Posted: Tue Jan 09, 2018 10:09 pm |
|
|
Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm Posts: 2959 Location: New Jersey
|
Good explanation of the issue here: https://www.onmsft.com/news/anti-virus- ... ws-updatesMy perspective is those users who have sub-standard a/v software that does not update to correct the compatibility issue aren't particularly security conscious to begin with... -steve
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
|
|
|
jaylach
|
Posted: Tue Jan 09, 2018 10:34 pm |
|
|
Resident Geekazoid Administrator |
|
Joined: Wed Mar 21, 2012 5:09 am Posts: 9485 Location: The state of confusion; I just use Wyoming for mail.
|
Unfortunately some of that sub-standard software comes bundled with the machine such as Norton and McAfee. Since an article linked in a previous post states that the issue involves hooks to the Windows Kernel that is not actually allowed I would be surprised if Norton and McAfee were not involved. I don't know that they are involved but would not be surprised.
|
|
|
|
|
Acadia
|
Posted: Tue Jan 09, 2018 10:38 pm |
|
|
welcoming committee |
|
Joined: Wed Apr 11, 2012 6:45 am Posts: 1073
|
Even though I am not using Win10, this makes yet still another argument to use Windows Defender the day that I do switch to Win10. Acadia
_________________ The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson
|
|
|
|
|
JoanA
|
Posted: Wed Jan 10, 2018 1:40 pm |
|
|
Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm Posts: 1916 Location: Pembrokeshire, South Wales, UK
|
This new laptop of mine came with McAfee and one of the first things I did was take it out and activate Windows Defender and my premium version of MalwareBytes.
|
|
|
|
|
Acadia
|
Posted: Wed Jan 10, 2018 3:58 pm |
|
|
welcoming committee |
|
Joined: Wed Apr 11, 2012 6:45 am Posts: 1073
|
JoanA wrote: This new laptop of mine came with McAfee and one of the first things I did was take it out and activate Windows Defender and my premium version of MalwareBytes.) Acadia
_________________ The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson
|
|
|
|
|
chasbox
|
Posted: Wed Jan 10, 2018 4:04 pm |
|
|
welcoming committee |
|
Joined: Sun Apr 15, 2012 12:37 am Posts: 465
|
My current Win 10 laptop also came with McAfee I removed it and then ran the McAfee Removal Tool to get rid of left over traces Got it here http://www.majorgeeks.com/files/details ... _tool.html
_________________ To all current duty personnel and veterans of the American armed forces. Thank You
|
|
|
|
|
Doddie
|
Posted: Thu Jan 11, 2018 4:39 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
sboots wrote: I'm not sure that I agree that Microsoft is at fault here. Obviously Microsoft aren't at fault for what anti-virus vendors do or don't do, nor for that matter what CPU manufacturers do or don't do... but i do blame them for not foreseeing that by packaging all security updates into a single cumulative update there was an extremely high probability that sooner or later an issue like this was going to come along and bite them in the backside... fortunately for Microsoft this flaw still hasn't been exploited as far as i know but if it had been and it was rampant then Microsoft would have a lot of answering to do... they may still have if something else suddenly appears and it turns out the only reason thousands/millions of users aren't protected is because the users didn't know Microsoft had disabled future security updates because of non-compliance by a third part anti-virus vendor. A simple solution would have been to release the spectre/meltdown fix as stand alone patch, i.e. to NEVER include it as part of ANY cumulative update but rather to leave it on the download stream for any computer to pick up as and when the anti-virus vendors got their acts together... result being that even though the spectre/meltdown flaw wouldn't immediately be patched at least all the other vulnerabilities (IE, Office, etc.) would be. I find it totally incomprehensible and (yes) morally wrong that Microsoft appear to be potentially leaving many of their end users without any security updates AT ALL simply because a user's anti-virus software isn't compliant with what Microsoft want... it isn't as if this 'anti-virus non-compliance' is new, Microsoft could still if they wanted, pull the spectre/meltdown fix from the cumulative update and release it as stand alone so users got the benefits of all the other updates in the cumulative update(s). <I'm smelling some sort of behind the scenes war between software & hardware vendors is happening, i have no insight other than something just doesn't feel right about this whole thing.> --------------------------------------------------------------------------------------- Meanwhile, back on planet Earth, it's carry on as normal A mess of Microsoft patches, warnings about slowdowns — and antivirus proves crucialhttps://www.computerworld.com/article/3 ... ucial.html
|
|
|
|
|
sboots
|
Posted: Thu Jan 11, 2018 9:43 pm |
|
|
Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm Posts: 2959 Location: New Jersey
|
I like your closing sentence and you could very well be right on that speculation.
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
|
|
|
Doddie
|
Posted: Fri Jan 12, 2018 2:58 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
Doddie wrote: It would, of course, have been helpful if MS were to list which anti-virus products they were aware of that didn't meet their criteria so that most users might at least stand a chance to work out if they needed to take action to restore full Windows Update functions... It turns out there is such a list after all but it isn't from Microsoft. I found it in the Computerworld link in my post above... credit goes to Kevin Beaumont: I feel it only fair to first post his article where he first published the link, a worthy read imo: https://doublepulsar.com/important-info ... 52ba0292ecKevin's "shame list": https://docs.google.com/spreadsheets/d/ ... g&sle=trueInterestingly, i found this oversight somewhat amusing, his list has Microsoft Defender listed but not Microsoft Security Essentials. I can however happily confirm that MSE on Win7 is Y,Y
|
|
|
|
|
Acadia
|
Posted: Fri Jan 12, 2018 5:55 pm |
|
|
welcoming committee |
|
Joined: Wed Apr 11, 2012 6:45 am Posts: 1073
|
Shame list = WOW (and many of these are supposed to be the good guys?) Acadia
_________________ The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson
|
|
|
|
|
Doddie
|
Posted: Fri Jan 12, 2018 6:16 pm |
|
|
welcoming committee |
|
Joined: Sun Jan 13, 2013 4:13 pm Posts: 1741 Location: Dunedin, Alba.
|
Acadia wrote: Shame list = WOW (and many of these are supposed to be the good guys?) Good guys, I long ago gave up in believing any such thing exists in the computing world any more, at least not in what we would have called the "West" 30 years ago. There are exceptions of course but of the companies that existed 5 or more years ago and are still in business today i seriously struggle to believe a word they say. The sad truth is I'm almost at the point where i trust Chinese and Russian software more than i do anything from Europe and the US, at least we know what we might be getting from them and can adjust our 'habits' accordingly....
|
|
|
|
|
|