Register    Login    Search    Articles & downloads     Who We Are    Donate    Jaylach Free Sites

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 55 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post Posted: Sat Jan 06, 2018 5:52 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
It's probably just me but i can't help thinking there's been some sort of industry wide cover up for a very long time that was about to be outed and so they've all jumped on the bad wagon of bad news and are now clearing out all the skeletons en masse so no one company is being singled out... put another way... I've long suspected there's been to some degree a 'cartel' running things from behind the scenes that controls who does what and when in the tech industry <enter the name of any tech co name that's been around for 10 years or more>.

Rarely, if ever, have i seen so many stories on a 3rd party website filled with 'armageddon' stories for an exploit that's not even been seen 'in the wild' yet. Yet here we are with vendors coming out of the woodwork, appearing to fight their way into the media shouting "ME TOO!", apparently falling over themselves to show how wonderful they are they've released a patch that may or may not work in the long run (no-one knows what's going to happen in the long run afaict).

cf.
http://www.theregister.co.uk/2018/01/04 ... notations/
http://www.theregister.co.uk/2018/01/04 ... erability/
http://www.theregister.co.uk/2018/01/04 ... own_patch/
http://www.theregister.co.uk/2018/01/05 ... own_patch/
http://www.theregister.co.uk/2018/01/05 ... flaw_sued/
http://www.theregister.co.uk/2018/01/06 ... abilities/
http://www.theregister.co.uk/2018/01/06 ... _psp_flaw/

That is but a few over the last couple of days and there are many many links within them that expand on the real picture, indeed, there is much much more elsewhere on the net.

I started with this might just be my perception and it could very well be but a world wide slow down of anything with a processor just doesn't sit well with me unless there is something else going on... that all OS's and processors fundamentally work in the same way with the same or similar code that carries the same instructions either points to collaboration at best, or at worst wholesale IP theft.

What i found most interesting was that what broke this story was Linus Torvalds hint that the next build of Linux would suffer a performance hit without saying why... i can't help wonder why he did that?


Top 
 Profile  
Reply with quote  
 Post Posted: Sun Jan 07, 2018 4:05 pm 
Offline
welcoming committee

Joined: Sun Apr 15, 2012 5:52 pm
Posts: 970
Best advice is to STAY CALM!

First of all the stories keep changing every day. One key fact. For you to have any problem something has to execute on your machine. That brings the risk down to your browser. Firefox has update and it's latest version does have some mitigation.

We don't yet know if Sandboxie will fully protect you. Main thing is smart email. I have two rules. 1) Don't click on links. PERIOD. 2.) Don't open attachments unless you knew it was coming before you got it.

Follow those 2 rules and you will avoid 98% of the infections.


Top 
 Profile  
Reply with quote  
 Post Posted: Sun Jan 07, 2018 4:18 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
I have not had a chance to read the links yet but my initial response, from what is stated just in the post text, is to agree with Pete. Y2K was supposed to destroy the world. ;) I'll read the articles ASAP.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jan 08, 2018 2:32 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
I agree with Peter as well although I'm not so sure 98% of infections for this flaw will be stopped by following 'smart email' alone.

Jay, when you're in link reading mode might as well add this to the list... I've been waiting for something like this, it always seems to happen to something when MS rush out fixes :roll:

It gets worse: Microsoft’s Spectre-fixer bricks some AMD PCs
KB4056892 is not your friend if you run an Athlon:

http://www.theregister.co.uk/2018/01/08 ... wered_pcs/

Note: The above KB4056892 is the Win10 fix, KB4056894 which is the Win7 & Server 2008 fix has no such issues as far as i know.


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jan 08, 2018 2:49 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
Hmmm, I wonder if that is only Athalon AMD processors of if my Ryzen could have an issue...

<edit>
Never mind. That KB installed on 1/4/18 and all seems fine. :)

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Mon Jan 08, 2018 3:29 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
jaylach wrote:
Hmmm, I wonder if that is only Athalon AMD processors of if my Ryzen could have an issue...

I believe the Ryzen CPU's will be fine regarding the MS update, my non Ryzen & non Athlon AMD FX-8320E "Vishera" CPU didn't.

I also believe that theoretically the Ryzen CPU could be susceptible to Variant Two but to date it's never been 'demonstrated':
https://community.amd.com/thread/224276

Again, i believe Variants 1 & 2 are "spectre", variant 3 is "meltdown"... no AMD CPU's are vulnerable to variant 3.

<Edit noted but typed so i'll post LOL>


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 5:22 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
This is quickly turning into farce!!!

I can't quite believe what I'm reading but it's from Microsoft so it must be true... in a nutshell, if your anti-virus isn't compatible with their Spectre/Meltdown fix then you're stuffed, they will not be sending you any security updates via Windows Updates this month, it remains to be seen if this will still happen next month or beyond.
It would, of course, have been helpful if MS were to list which anti-virus products they were aware of that didn't meet their criteria so that most users might at least stand a chance to work out if they needed to take action to restore full Windows Update functions... most users with non-compliant anti-virus products will likely be blissfully unaware that they're PC's aren't fully patched thanks to Automatic Updating (afaik, AU doesn't alert users that an update has been deferred due to 3rd party software?)... but of course that would be too helpful! :evil:

The cumulative update method is coming home to roost... MS really need to rethink their security update method, previously it would only be one update that was blocked now because they're bundled into a single cumulative update it's all of them regardless of the software/hardware affected.

Quote:
Microsoft has identified a compatibility issue with a small number of antivirus software products.

The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors (also known as blue screen errors) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.

If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.

Microsoft is working closely with antivirus software partners to ensure that all customers receive the January Windows security updates as soon as possible.
Source and more: https://support.microsoft.com/en-us/hel ... s-software

Also, I've never used Sanboxie but it appears that even that is not without its issues caused by the MS fix/update, at least on Win7:
KB4056897 /KB4056894 - WIN 7 SECURITY UPDATE - Unable to use Sandboxie - Compatibility issues[Fixed in beta 5.23.3]
https://forums.sandboxie.com/phpBB3/vie ... 11&t=25290

FYI, the thread subject for the Sandboxie issue appears to be somewhat misleading in that the Beta build that was 'a fix' appears to have broken Office 2013 if i understand the latter posts correctly.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 5:30 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
In my opinion the basic problem with such info releases from Microsoft, and other vendors, is that most people never see them. If read a little between the lines you do sort of get let known that there is likely an issue with your anti-virus if you don't get the January 3, 2018 update. The problem is that very few 'average' users will never see the article to know.

BTW, happy 5 year anniversary here in 4 days Doddie. :)

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 5:46 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
jaylach wrote:
In my opinion the basic problem with such info releases from Microsoft, and other vendors, is that most people never see them. If read a little between the lines you do sort of get let known that there is likely an issue with your anti-virus if you don't get the January 3, 2018 update. The problem is that very few 'average' users will never see the article to know.

BTW, happy 5 year anniversary here in 4 days Doddie. :)


I'm not sure how you read that into the MS article?

In the Overview it says "If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor."... i don't know if that means MS will alert the end user or not but it does beg the question that if they don't alert the user then how in hell is the user supposed to know what hasn't been offered??

In all my years of using MS products i don't EVER recall their update mechanism alerting me that an update has not been offered, so that would be new if true ;)

Blimey, almost 5 years registered, that's quite scary...doesn't feel anything like that long, possibly because i lurked for a long time before i posted?... Here's to the next 5 years, i'll do my best to keep improving my ill-informed drivel as best i can ;)


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 6:11 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
Mayhaps I worded badly but my point was that an informed user that read the article could figure that they may have an issue. The bad side is that, without direct notification, the average user will never have a clue anything is going on.

The reason I say that an informed user that read the article would likely see a possible issue is the following:
MS wrote:
If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor.


And I have never considered your posts "ill-informed drivel". ;)

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 6:26 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
jaylach wrote:
The bad side is that, without direct notification, the average user will never have a clue anything is going on.

Pretty sure we're singing from the same hymn sheet... point being, MS are not offering the January cumulative update to anyone if their anti-virus isn't compatible with the spectre/meltdown patch... the cumulative update contains more than the spectre/meltdown patch so end users are not getting the benefits of the other security patches.

It potentially gets worse, my understanding is that MS will NOT offer any future cumulative updates until the end users anti-virus is complaint with the current spectre/meltdown KB patch.

Given that all security updates are now cumulative that would make sense but it makes no sense from a security point of view because if an end user with (say) automatic updates enabled and scheduled to automatically install, who also has outdated/unpatched anti-virus software, they will never know that their system isn't updating... let alone know why it isn't.

It's a cockup on a scale i don't think I've seen from Microsoft.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 6:33 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
jaylach wrote:
And I have never considered your posts "ill-informed drivel".

You might not, i sometimes wonder what the hell I'm talking about! :rofl2:


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 9:32 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
I'm not sure that I agree that Microsoft is at fault here. It's the 3rd party antivirus vendors who continue to hook into the OS in ways that Microsoft advises against. That's the "compatible" bit regarding a/v software. Customer choosing to install 3rd party a/v software must reply on the vendor of that software to fix the a/v software so that Windows will be able to properly patch.
-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 9:51 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
sboots wrote:
I'm not sure that I agree that Microsoft is at fault here. It's the 3rd party antivirus vendors who continue to hook into the OS in ways that Microsoft advises against. That's the "compatible" bit regarding a/v software. Customer choosing to install 3rd party a/v software must reply on the vendor of that software to fix the a/v software so that Windows will be able to properly patch.
-steve

I totally agree Steve. Still it would be nice if MS notified the user that their AV was preventing an update instead of just not delivering.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 10:09 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
Good explanation of the issue here:
https://www.onmsft.com/news/anti-virus- ... ws-updates
My perspective is those users who have sub-standard a/v software that does not update to correct the compatibility issue aren't particularly security conscious to begin with...
-steve

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 10:34 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 9438
Location: The state of confusion; I just use Wyoming for mail.
Unfortunately some of that sub-standard software comes bundled with the machine such as Norton and McAfee. Since an article linked in a previous post states that the issue involves hooks to the Windows Kernel that is not actually allowed I would be surprised if Norton and McAfee were not involved. I don't know that they are involved but would not be surprised.

_________________
Image
Free sites from jaylach.com
I NEVER forget... I just remember late.


Top 
 Profile  
Reply with quote  
 Post Posted: Tue Jan 09, 2018 10:38 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Even though I am not using Win10, this makes yet still another argument to use Windows Defender the day that I do switch to Win10.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Jan 10, 2018 1:40 pm 
Offline
Moderator
User avatar

Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
This new laptop of mine came with McAfee and one of the first things I did was take it out and activate Windows Defender and my premium version of MalwareBytes. :-)

_________________
Joan Archer
http://crossstitcher.webs.com
Image


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Jan 10, 2018 3:58 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
JoanA wrote:
This new laptop of mine came with McAfee and one of the first things I did was take it out and activate Windows Defender and my premium version of MalwareBytes.)

:tup:
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Wed Jan 10, 2018 4:04 pm 
Offline
welcoming committee
User avatar

Joined: Sun Apr 15, 2012 12:37 am
Posts: 465
My current Win 10 laptop also came with McAfee
I removed it and then ran the McAfee Removal Tool
to get rid of left over traces
Got it here
http://www.majorgeeks.com/files/details ... _tool.html

_________________
To all current duty personnel and veterans
of the American armed forces.
Thank You


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 11, 2018 4:39 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
sboots wrote:
I'm not sure that I agree that Microsoft is at fault here.

Obviously Microsoft aren't at fault for what anti-virus vendors do or don't do, nor for that matter what CPU manufacturers do or don't do... but i do blame them for not foreseeing that by packaging all security updates into a single cumulative update there was an extremely high probability that sooner or later an issue like this was going to come along and bite them in the backside... fortunately for Microsoft this flaw still hasn't been exploited as far as i know but if it had been and it was rampant then Microsoft would have a lot of answering to do... they may still have if something else suddenly appears and it turns out the only reason thousands/millions of users aren't protected is because the users didn't know Microsoft had disabled future security updates because of non-compliance by a third part anti-virus vendor.

A simple solution would have been to release the spectre/meltdown fix as stand alone patch, i.e. to NEVER include it as part of ANY cumulative update but rather to leave it on the download stream for any computer to pick up as and when the anti-virus vendors got their acts together... result being that even though the spectre/meltdown flaw wouldn't immediately be patched at least all the other vulnerabilities (IE, Office, etc.) would be.

I find it totally incomprehensible and (yes) morally wrong that Microsoft appear to be potentially leaving many of their end users without any security updates AT ALL simply because a user's anti-virus software isn't compliant with what Microsoft want... it isn't as if this 'anti-virus non-compliance' is new, Microsoft could still if they wanted, pull the spectre/meltdown fix from the cumulative update and release it as stand alone so users got the benefits of all the other updates in the cumulative update(s).

<I'm smelling some sort of behind the scenes war between software & hardware vendors is happening, i have no insight other than something just doesn't feel right about this whole thing.>
---------------------------------------------------------------------------------------

Meanwhile, back on planet Earth, it's carry on as normal ;)

A mess of Microsoft patches, warnings about slowdowns — and antivirus proves crucial
https://www.computerworld.com/article/3 ... ucial.html


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 11, 2018 9:43 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2946
Location: New Jersey
I like your closing sentence and you could very well be right on that speculation. ;-)

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Jan 12, 2018 2:58 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
Doddie wrote:
It would, of course, have been helpful if MS were to list which anti-virus products they were aware of that didn't meet their criteria so that most users might at least stand a chance to work out if they needed to take action to restore full Windows Update functions...

It turns out there is such a list after all but it isn't from Microsoft.

I found it in the Computerworld link in my post above... credit goes to Kevin Beaumont:

I feel it only fair to first post his article where he first published the link, a worthy read imo:
https://doublepulsar.com/important-info ... 52ba0292ec

Kevin's "shame list":
https://docs.google.com/spreadsheets/d/ ... g&sle=true

Interestingly, i found this oversight somewhat amusing, his list has Microsoft Defender listed but not Microsoft Security Essentials. I can however happily confirm that MSE on Win7 is Y,Y :lol:


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Jan 12, 2018 5:55 pm 
Offline
welcoming committee
User avatar

Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
Shame list = WOW (and many of these are supposed to be the good guys?) :cry5:
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson


Top 
 Profile  
Reply with quote  
 Post Posted: Fri Jan 12, 2018 6:16 pm 
Offline
welcoming committee
User avatar

Joined: Sun Jan 13, 2013 4:13 pm
Posts: 1723
Location: Dunedin, Alba.
Acadia wrote:
Shame list = WOW (and many of these are supposed to be the good guys?) :cry5:

Good guys, I long ago gave up in believing any such thing exists in the computing world any more, at least not in what we would have called the "West" 30 years ago.

There are exceptions of course but of the companies that existed 5 or more years ago and are still in business today i seriously struggle to believe a word they say.

The sad truth is I'm almost at the point where i trust Chinese and Russian software more than i do anything from Europe and the US, at least we know what we might be getting from them and can adjust our 'habits' accordingly....


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 55 posts ]  Go to page 1, 2, 3  Next

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to: