Category Archives: Windows

Microsoft, Things that are bad, Windows 10

They’re here: ads in Windows 10

Leave a comment

We called it. Microsoft denied it. Now the reality of advertising in Windows has arrived. We’re not talking about the tiny, easily-ignored ads commonly seen in Skype, either. The ads that just started appearing in Windows 10 are hard to miss, and they’re in Windows Explorer, arguably the core user interface of the system.

Of course Microsoft is calling these ads ‘tips’ and insists that they just provide helpful information to Windows 10 users. Okay, let’s take a look at what users are seeing:

You be the judge: is this an advertisement?

You may disagree, but in my opinion, that’s an ad. It might as well say “Your Advertisement Here” or “Advertise In This Space”. At this stage, I’m sure we’ll only see ads from Microsoft in Explorer, but once the anger subsides, it’s difficult to imagine Microsoft won’t start selling that space – and others like it – to the highest bidder.

That’s right, Windows 10 really is an advertising platform, just as we’ve been saying all along. It explains why Microsoft was so happy to give away the O/S to anyone who upgraded from an earlier version, why they pushed so hard and literally tricked people to upgrade from earlier versions, why they included so much user activity tracking in Windows 10, and why they retrofitted that tracking into earlier versions when people failed to upgrade in sufficient numbers.

Clearly, the underlying reason for Microsoft’s advertising-in-Windows strategy is simply the enormous amount of money being made by Google from advertising.

Linux is looking a lot better now, isn’t it?

Analysis from The Verge and Ars Technica.

Update 2017Mar17: Tom Warren over at The Verge reacts to the new ads in Windows 10. He describes it as an ‘infestation’, and I agree with his assessment.

Microsoft, Patches and updates, Windows 10

Microsoft announces amazing new Windows 10 feature

Leave a comment

There’s a surprisingly lengthy post on the Windows Experience blog, co-written by two senior Microsoft managers: Michael Fortin (CVP of Windows and Devices Group Core Quality) and John Cable (Director of Program Management, Windows Servicing and Delivery).

Okay, what’s so important that these two folks decided to write about it? Just this: after the upcoming Windows 10 “Creators Update”, Windows 10 will be slightly less likely to do things at inconvenient times.

I don’t know about you, but allowing users to have control over when updates are installed, and when their computer reboots, seems like a pretty basic feature. And in fact that kind of control has existed in Windows for years. Until Windows 10. But instead of fixing the problem and apologizing for it, we get senior Microsoft managers talking about this bug fix as if it was the most amazing new feature ever.

I understand that there are good reasons to force updates and restarts, the main one being that otherwise many people allow their computers to get out of date, and vulnerable. But seriously, wouldn’t it have made more sense for automatic updates and restarts to be the default behaviour, and allow for this behaviour to be overridden, when Windows 10 was released?

The Verge’s take on this. And Ars Technica’s.

Update 2017Mar22: A new ‘tip’ from Microsoft shows Windows 10 users how to change ‘Active Hours’, during which Microsoft hopefully won’t remotely restart their computer. Of course, the maximum duration for active hours is still only twelve hours. On a related note, I was wondering why my Windows 10 test PC always seemed to be logged out lately, and discovered that it’s been trying to install one particular update every night for a couple of weeks. Windows reboots to complete the install, but the installation fails, and the cycle repeats. This is exactly the kind of thing that bothers me about letting Microsoft screw around with my computer without my knowledge.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Microsoft releases update for Flash

Leave a comment

Normally, Microsoft releases updates for Flash in Edge and Internet Explorer along with everything else on the second Tuesday of each month.

This month, something went wrong with the Windows Update system, and Microsoft pushed all the February updates to March, including an expected fix for a serious SMS flaw.

Someone at Microsoft apparently realized that this decision would leave some Flash users (those using Flash in Edge and Internet Explorer) vulnerable for an extra month. Flash vulnerabilities are targeted aggressively by malicious hackers, so this is obviously a bad thing. As a result, Microsoft has released a Flash update, one week later than originally planned.

Anyone who uses Flash in Internet Explorer or Edge should visit Windows Update and install the Flash update as soon as possible.

So we do get a Microsoft Security Bulletin Summary for February 2017 after all, but it only includes a single bulletin.

Adobe, Chrome, Edge, Flash, Internet Explorer, Patches and updates, Security, Windows

Flash update fixes 13 vulnerabilities

Leave a comment

A new version of Flash, released yesterday, addresses at least thirteen vulnerabilities in previous versions.

According to the security bulletin for Flash 24.0.0.221, the new version fixes “critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

The release notes for Flash 24.0.0.221 describe some new features that are likely only of interest to developers.

As usual, Internet Explorer and Edge will get new versions of their embedded Flash via Windows Update, while Chrome’s embedded Flash will be updated automatically.

Anyone who still uses a web browser with Flash enabled should update it as soon as possible.

Microsoft, Security, Windows

Microsoft will patch recently-discovered SMB flaw in February

2 Comments

The flaw itself is not particularly dangerous for most users: it can only be used to crash Windows computers with file shares that are exposed to the Internet. But when an exploit was published on Thursday, the vulnerability was initially assigned the highest risk rating by CERT. That rating has since been downgraded, as details of the flaw became more clear.

In any case, Microsoft’s reaction to the exploit announcement included statements that are demonstrably false, and seem to have been motivated by the company’s frantic efforts to get everyone on the planet to switch to Windows 10.

“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

This is simply false. The same work is done for Linux and MacOS. The unnamed Microsoft staffer who said this may have borrowed it from this TechNet blog post, without checking its veracity.

“We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

This is totally misleading. Windows 10 is arguably the safest version of Windows yet, but the vulnerability affects all versions of Windows. Worse, the vulnerability is completely unrelated to web browsing.

It looks like Microsoft has issued standing orders to its PR department to push Windows 10 at every opportunity, and not to worry too much about accuracy.

Microsoft is expected to issue an update for the vulnerability on February’s Patch Tuesday.

Microsoft, Privacy, Tools, Windows 10

Windows 10 privacy improvements, sort of

Leave a comment

The good news is that Microsoft is improving the state of privacy in Windows 10, albeit slowly, and grudgingly. The bad news is that the improvements are unlikely to satisfy anyone genuinely concerned about what Windows 10 is really doing.

New: Privacy Dashboard

A few days ago, Terry Myerson, Microsoft’s Executive Vice President of the Windows and Devices Group, announced a new web-based Privacy Dashboard, accessible via your Microsoft account. If you don’t have a Microsoft account, you’re out of luck. I’m still using my Microsoft account to log into my test system, because otherwise I’d have to buy a Windows 10 license. You probably already have a Microsoft account even if you don’t use Windows 10, as they are used for XBox Live, Skype, and other Microsoft services as well.

Poking around in the Privacy Dashboard, the Browsing History section is empty for me, presumably because I don’t use Cortana or Edge. The Search History section is also empty for me, because I don’t use Bing search. But if you use Cortana, Edge and Bing, you’d be able to see all that history here, and be able to remove it as well.

The Location section shows where you’ve been when you logged in on Windows 8.1 and 10 computers. Again, you can clear any or all of this. The section for Cortana’s database shows everything Cortana knows about you, based on your interactions. This is where things get interesting for me, because I only used Cortana for a couple of days when I first installed Windows 10. Cortana knows how often I eat at restaurants, and how far I go to get there. It knows my main mode of transportation. It knows what kind of news interests me. It’s not much, but it’s enough to be kind of creepy.

The Privacy Dashboard is a step in the right direction, and it’s very useful for anyone interested in seeing exactly what information Microsoft has collected. It also allows you to clear much of that information. But what if you want to prevent Microsoft from gathering this information in the first place?

Privacy improvements in Windows 10

Also revealed in Myerson’s post are upcoming changes to the privacy settings in Windows 10. The initial privacy setup has changed, and now provides a bit more information about the various privacy levels and settings. Microsoft is “simplifying Diagnostic data levels and further reducing the data collected at the Basic level.” But in fact there will be fewer privacy levels to choose from, and there’s still no real explanation of exactly what data is sent. And of course the most useful ‘Security’ level (which disables almost all telemetry) is only available to Enterprise users. Us regular folks can only throttle data collection down to the ‘Basic’ level.

According to Microsoft, the Basic level “includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.” This sounds reasonable, but it’s lacking in detail and — for many users — still sounds like an intrusion.

Luckily, there are alternatives. I recently discovered a Powershell script called Reclaim Windows 10 that can disable all of the telemetry settings in Windows 10. I’ve yet to test the script, but it looks promising.

Advertisements in Windows 10?

Microsoft still insists this isn’t about advertising: “We want you to be informed about and in control of your data, which is why we’re working hard on these settings and controls. And regardless of your data collection choices, we will not use the contents of your email, chat, files, or pictures to target ads to you.” I’d like to believe that, but it seems unlikely. Microsoft is clearly taking aim at Google’s huge lead in online advertising, and the idea of having a captive audience for advertising (in the form of millions of Windows users) is obviously just too tempting to resist.

Microsoft continues to push Windows 10, now at the expense of Windows 7, which it now says “does not meet the requirements of modern systems, nor the security requirements of IT departments.”

Update 2017Jan18: Techdirt weighs in.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for January 2017

Leave a comment

Another Patch Tuesday rolls around, bringing updates for Internet Explorer, Edge, Windows, and Office from Microsoft, and new versions of Flash and Reader from Adobe.

According to the Microsoft’s January 2017 bulletin summary,

“There are no security fixes or quality improvements for Windows 8.1 … on Update Tuesday for January 2017. As such, there is no Security Only Quality Update or Security Monthly Quality Rollup release for [Windows 8.1] this month.”

And in fact there are only four bulletins (with associated updates), addressing vulnerabilities in Windows, Edge, Office, and the Flash player built into Edge and Internet Explorer 11. Not including Flash, these updates address three security vulnerabilities.

Adobe’s contributions this month start with Flash 24.0.0.194, which addresses thirteen vulnerabilities in previous versions, adds some new features that are not particularly interesting, and improves support for high resolution displays in Firefox on Windows: Flash content will now scale properly in that context. As usual, Flash updates for Edge and Internet Explorer are handled by Microsoft, and Google Chrome will update itself automatically.

New versions of Adobe Reader address twenty-nine vulnerabilities. Reader XI is up to version 11.0.19, while its confusingly-named sister products Acrobat Reader DC (Continuous) and Acrobat Reader DC (Classic) are at versions 15.023.20053 and 15.006.30279, respectively.

So it’s an enjoyably light month. Visit Windows Update, update Adobe Reader, and if you use a web browser with Flash enabled, make sure to update that as well.

Edge, Google, Internet Explorer, Microsoft, Windows

Microsoft is losing all of its browser market share to Google

Leave a comment

If you used Windows in the 90’s, you probably remember the Browser War between Microsoft’s Internet Explorer and Netscape’s Navigator. That war culminated in an antitrust case against Microsoft, in which the plaintiff (the USA) claimed that Microsoft’s bundling of IE with Windows was anti-competitive.

Regardless of whether you believe Microsoft acted fairly, Internet Explorer’s market share increased steadily during the period from 1995 to 2001, getting close to 100% at its high water mark. Microsoft never charged anything for its browser, but controlling the window through which most of the world viewed the web clearly provided a huge advantage to the company.

Now, all that ‘hard won’ market share is being given away by Microsoft, mostly to Google’s Chrome. Internet Explorer’s share plummeted from 40% to 20% in 2016, and there’s no bottom in sight.

Why is this happening?

Microsoft has abandoned Internet Explorer, switching its browser development efforts to Edge, which only runs in Windows 10. Only the most recent versions of IE are still supported, and only on Windows 7, 8.1, and 10. And that support is limited to fixing security issues and other bugs. You won’t see any more new features in IE.

Clearly, Microsoft thought everyone would upgrade to Windows 10, especially given the free upgrade offer, and the company’s aggressive upgrade tactics. But that appears to have backfired; Windows 10’s growth has been less than stellar, and even though Edge is arguably a better browser than IE, Windows 10 users are mostly choosing other browsers.

Microsoft may soon own as little as 5% of the total browser market, thanks to Edge’s lackluster uptake. Edge started 2016 with a market share of about 4%, and ended it with about 5%.

I think this qualifies as a major strategic blunder on the part of Microsoft.

Numbers are courtesy of NetMarketShare.

Article on Ars Technica.

Microsoft, Windows 10

Microsoft admits it went too far in pushing Windows 10

Leave a comment

In a recent Windows Weekly podcast, Microsoft’s Chief Marketing Officer Chris Capossela didn’t quite apologize for the company’s heavy-handed efforts to get people to upgrade to Windows 10.

Capossela did say that Microsoft heard the criticism, and tried to find the ‘right balance’, but he only seems to actually regret one particularly nasty ploy, in which closing an upgrade dialog caused the upgrade to start for many users.

Of course the Windows 10 push is long over, and the bad feelings it generated have started to fade. Unfortunately, even with the bad publicity, I suspect that Microsoft views the operation as a success, which means that they may be tempted to use the same tactics in the future.

Microsoft, Patches and updates, Windows 8.x

When ‘Checking for updates…’ takes forever on Windows 8.1

Leave a comment

This week I once again encountered an old nemesis, the infinite ‘Checking for updates…’ Windows Update screen. Not this again! It happened when I was attempting to install the December 2016 updates on my main Windows 8.1 machine.

Is it working? How can you tell?

I tried the usual troubleshooting steps: rebooting, stopping all non-essential processes, the Windows Update troubleshooter, and so on. Nothing helped.

What makes this problem really annoying is that even when Windows Update is working properly, there are long pauses during which nothing appears to be happening. Even looking deeply into the running processes sometimes shows a complete lack of activity. Since a hung Windows Update often looks exactly like Windows Update actually doing something, all you can do is watch helplessly, in growing frustration, until you finally can’t stand it any more and stop the Windows Update process.

After banging my head against this problem for a while, it occurred to me that since most Windows updates are now available in ‘rollup’ form (i.e. packaged together in one update), I could install the appropriate ones manually, which would at least get my computer up to date, and could conceivably also fix Windows Update.

After a bit of searching I found the July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2. One of the prerequisites for this update is the Servicing stack update for Windows 8.1 and Windows Server 2012 R2: July 12, 2016, but that had already been installed in July, so I proceeded to install the rollup. It only took a few minutes.

After rebooting, I tried Windows Update, and ‘Checking for updates’ took about a minute to find December’s Patch Tuesday updates. Yay! I installed those updates and the computer is now fully patched.

It’s difficult to know for sure why this Windows Update problem happens, but it’s depressingly common, as are the sometimes wacky solutions users have proposed. The rollup solution that worked for me may work for others, but there are no guarantees. It’s Windows, after all.