Maybe this will help! LOL
Posted on 10/10/2017 7:39:50 PM PDT by dayglored
Versions in use by millions lag behind latest OS, leaving systems vulnerable to attack
Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack.
Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows 10 releases – such as the Anniversary Update and the Creator's Update. But this vital repair work is only slowly, if at all, filtering back down to Windows 7 and Windows 8 in the form of monthly software updates.
This is all according to researchers on Google's crack Project Zero team. The fear is that miscreants comparing the various public builds of Windows will notice these vulnerabilities are being silently fixed in Windows 10, realize the same holes are present in earlier versions of Windows – which are still used in homes and businesses worldwide – and thus exploit the bugs to infect systems and spy on people. And if hackers haven't realized this, they will now: Google staffers have publicly blogged about it.
Redmond engineers are quietly addressing these Windows security flaws as part of their efforts to improve components within the Windows 10 operating system. For instance, a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software's performance while squashing any pesky exploitable bugs along the way. For the marketing department, this is great news: now they can boast about faster loading times. Malware developers, meanwhile, can celebrate when they discover the programming blunders are still present in Windows 8 and 7.
"Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform," Google Project Zero researcher Mateusz Jurczyk said on Thursday.
"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."
As an example of the problem, Jurczyk highlighted the wobbly use of memset() within the kernel. This is a function that is supposed to overwrite bytes in a specific area of memory to a specific value, such as zero, thus scrubbing away whatever was previously stored in that portion of memory.
When the kernel is told by an application, via the NtGdiGetGlyphOutline system call, to fill an area of memory with information, and copy it into the app's memory space, the OS doesn't fully overwrite the area using memset() prior to the copy operation. This means the kernel ends up copying into the application's memory space left over private kernel data, thus leaking information it really shouldn't. This can be useful to snoop on the OS and other programs, or gain enough knowhow of the system's internal operations to pull off more damaging exploits.
This information-disclosure bug was fixed in Windows 10, but remained present in Windows 7 and Windows 8.1 – until it was reported by Project Zero to Microsoft at the end of May this year and fixed in patches for Windows 7 and 8.1 systems in September. Google typically gives vendors, including Microsoft, 90 days to address any reported security shortcomings before going public, forcing developers and manufacturers to play their hand.
This months-long lag in deploying patches to previous flavors of Windows is leaving systems vulnerable to attack. By broadly upgrading the security defenses in Windows 10, Microsoft is making it easier for hackers to see where they could exploit weak spots in older versions.
"Not only does it leave some customers exposed to attacks, but it also visibly reveals what the attack vectors are, which works directly against user security," Jurczyk explained.
"This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls."
While it's not realistic to expect a vendor to maintain major updates and produce patches indefinitely for older software versions, as many as half of all Windows users are still running Windows 7 and 8 – meaning millions of people are being put at risk by Windows 10's security improvements, ironically.
Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020.
"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a Microsoft spokesperson told The Register.
"Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."
Translation: please, please stop using Windows 7 and 8. ®
I needed to buy a laptop a month ago because my wife appropriated my c.2010 Fujitsu Lifebook that has Win7Pro.
I despaired -- everything I looked at was Windows 10.
And then I found a nearly-new identical Lifebook (c.2011) with Win7 Pro for about $200 on eBay. Amazing.
There will be a market for Win7 for a LONG LONG time. If you really want it back, there may be a way to accomplish it...
I can’t use the words I would like to use describing Win 10. I WON’T use it.
Knowing programmers, you might need to educate them about what "NFL" means.
Maybe this will help! LOL
[[I think I will start looking at UNIX/LINUX]]
You can download and make a ‘live CD’ disk where you can try linux without installing it Here’s the link https://linuxmint.com/ - just boot the pc with the disk in (IF your computer can boot from CD- if not- it’s not hard to change boot order in bios) and make sure you choose ‘live disk’ when it gets to the menu- Easy peasy- I recommend linux mint cinnamon if you want something close to windows feel- You can order linux disks also- you’ll see the link on the site i gave you-
If nothing else, it’s fun to play around with a new OS to see how it performs- Linux mint is pretty automatic these days- installed fine for me, and everything worked pretty much right off- video card drivers took a little research to find out how to get them- but it wasn’t too bad
I have just a very basic install of linux really- as all i use it for is all my online stuff as it’s a lot less vulnerable to viruses than windows is- I do my email through linux and thunderbird- etc- any actual work i need to do like with microsoft word or photoshop- I just dual boot into windows as linux programs aren’t as good as Windows ones are- but you won’t have to mess with dual boot just to try the linux-
Anyways- can’t hurt to try linux if you think you might want to use it some day- but if you plan on doing a lot with an os- like installing all kinds of programs, or tweaking settings etc- you’ll need to learn some command lines- but if all you want it for is browsing hte net, email, chat etc- then you won’t need to learn command lines- like i said, my install is really quite basic- with a few little tweaks and programs- but it does everything i need it to for me- which isn’t much- just Internet- email etc-
people don’t understand that you can buy all of the NEW W7 Pro X64 systems they could possibly want if they’ll only stop buying retail and instead buy business class systems online from companies like Dell.
I still buy dozens of Dell W7 Pro x64 Optiplex desktops and Latitude laptops from my home and business clients every year directly from Dell.
I that company was called MicroStupid. Oh, I’m sorry, that is the pseudo name for Paul Allen’s NFL team: Paul Allen’s MicroStupids with MicroBrains.
M$ code seems to have mostly been written by incompetent hacks, starting with Mr. Bill.
M$ doesn’t view end users as their customers.
Microsoft is acriminal organization. If car manufacturers tried to pull similar shyt they’d go to jail.
Oracle VirtualBox seems to work well on Linux Mint for those Win Apps that won’t work with WINE and need an older Win o/s to function.
A big plus is that you can keep a copy of the Win VMs to avoid spending hours reloading stuff if a Win VM goes south when dinking around with updates and new apps.
I tried to run the upgrade from 7 to 8 just before the deadline last (?) July. It kept failing and I was never successful although I tried everything. I eventually set it up in a fresh install on a spare hard drive that I shelved eventually planning to switch over. But 7 just works so much better on my daily driver. I have 10 on several other machines and it’s fine, but I just prefer 7 on my main machine. When I replace my laptop, I will then go with 10 on it as well. But for now .. I’ll stick with 7.
Command line cut and paste works great, assuming that the given advice webpage info is quality dope.
Oops. Meant “7 to 10” in the post above.
Surprised it took so long for someone to write about this....
Well, that's true -- the big business users are the real customers.
The rest of us are unpaid beta testers, given how MS rolls out Win10 updates/patches.
This is something I plan to research a lot as I really don't want to "upgrade" beyond Win 7 Pro.
doesn’t run photoshop well- it’s slow- and the work i do is quite intense- photo ‘dark room’ stuff- takes a lot of horsepower- and virtual machines don’t utilize the computer’s video card unfortunately
I do have virtual box vm for basic edits, which it’s fine for though- also- I do some gaming and VM’s aren’t good for that unless you know how to do the complicated ‘passthrough’ where the VM can use the computer video card- but it’s too complicated for me-
M$ has sold tons of product over the years to Computer “manufacturers”.
That’s how I got most of mine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.