Category Archives: Windows

Windows 8.1: Start button is back, but useless

Microsoft heard the complaints, and is bringing the Start button back in Windows 8.1. The problem? They heard, but they didn’t listen.

The Start button itself isn’t really all that useful. What’s useful about the Start button in previous versions of Windows is what happens when you click it: a menu appears. Of course, that menu has been criticized for years, but it’s still the only practical way to see a list of what’s possible on your computer.

With Windows 8.1, Microsoft has brought back the Start button, but pressing it just takes the user to the new Start screen (the one with the tiles). Useless. Apparently the Start screen has an “All apps” section that can be configured to look somewhat similar to a traditional menu, but this menu would be incomplete at best.

In public discussion on this subject, Microsoft spends a lot of time talking about branding, desktop wallpaper on the Start screen, and the ability to boot to the desktop. They also apparently realized that on a computer with no menu, searching is the only way to find anything, so search has been ‘improved’ to Windows 7 functionality.

On the positive side, it will once again be possible to have more than one program or window visible on the screen simultaneously, although that feature will also be limited.

Here’s a roundup of related articles from around the web:

Update 2012Jun03: Peter Bright over at Ars Technica also noticed that the Start menu won’t be back in Windows 8.1, although I disagree with his conclusions.

Microsoft confirms name and price for next version of Windows

After much speculation, Microsoft has finally announced a name for the next version of Windows: Windows 8.1. Up until now, the working name for the new version was Windows Blue.

Anyone currently using Windows 8 will be able to install the new version as an update for free. This sounds a lot like what Microsoft used to call a Service Pack. Well, whatever they want to call it, as long as it’s free, I’m all for it.

The new version is expected to bring back some aspects of the Start button, the Start menu and the traditional desktop, but the details remain unclear.

Patch Tuesday for May 2013

The month’s updates include fixes for vulnerabilities in Windows, Internet Explorer, .NET and Office. The main bulletin has all the technical details, and the Microsoft Security Response Center has a more reader-friendly summary, entitled “Microsoft Customer Protections for May 2013”.

The expected patch for recently-discovered vulnerabilities in Internet Explorer 8 is included in this month’s patches as MS13-038. According to Microsoft, you can install this patch whether or not you previously installed the emergency “Fix-It” released by Microsoft.

Advance notification for May 2013 Patch Tuesday

As usual, Microsoft has issued an advance notification for this month’s Patch Tuesday. The updates will become available on Tuesday, May 14 at about 10am PST.

There are ten bulletins this month, two of them flagged Critical. In total, 34 vulnerabilities in Windows, Office, Internet Explorer, .NET and server software will be addressed.

Update 2013May11: The upcoming patches will include a fix for the Internet Explorer 8 vulnerability recently discovered.

Internet Explorer 8 vulnerable to new web-based attack

Update 2013May09: Microsoft has issued a ‘Fix-It’ for this problem. This is a temporary, band-aid solution to the problem. It will be superseded by an actual patch at some point. The original bulletin about this issue has been updated to include information about the ‘Fix-It’.

Microsoft recently announced a new attack, targeted at a specific version of Internet Explorer, being exploited in the wild. More details are provided in the associated security advisory from Microsoft.

Only Internet Explorer version 8 is vulnerable to this attack, which begins when someone using IE8 is tricked into visiting a compromised web site. Once infected, the user’s computer can be remotely controlled by the attacker.

Anyone using Internet Explorer 8 is strongly urged to upgrade to IE9, or – if using Windows 7 or 8 – to IE10. If upgrading Internet Explorer is not an option, you can reduce the risk of infection by increasing the level of protection provided by the browser, as follows:

Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Ars Technica has additional details.

Problematic update re-issued by Microsoft

Microsoft today released a new version of the update that caused so many problems this past Patch Tuesday, MS013-036.

The new version is KB2840149, and it replaces the update originally associated with MS013-036, KB2823324.

The new update will be installed automatically on computers with auto-update enabled. Anyone using manual updates should install the new version by visiting the Windows Update site or the KB2840149 page.

Java 7 Update 21 fixes 42 security issues

As expected, Oracle yesterday released a new update for the series 7 Java Runtime Environment (JRE). Java 7 Update 21 includes fixes for a whopping forty-two security vulnerabilities.

Adam Gowdiak of Security Explorations reports that several of the issues previously reported by him have apparently been fixed in Java 7u21. He points out that one issue in particular took six weeks to fix, and that this delay was unwarranted.

Update 21 also includes some general security improvements. Java will now pop up security warnings whenever unsigned Java code starts to run. Requiring Java code to be signed is going to annoy some users, but given the number of Java security issues in recent months, this is definitely a good idea. The Internet Storm Center has additional details.

Given that most of the fixed vulnerabilities can allow remote attackers to gain control of unprotected computers, we recommend installing the update as soon as possible on any computer running Java, especially those with Java enabled in web browsers.

Unfortunately, as with most Java updates, the announcement from Oracle leaves much to be desired. The date of the announcement is buried toward the bottom of the document. The version of the update is never mentioned. Instructions to users are needlessly complex.

Windows 8.1 will bring back the desktop – sort of

The Verge reports on rumours that Microsoft will make the new (formerly ‘Metro’) interface skippable in the next version of Windows 8. That next version is being referred to as ‘Windows 8.1’ and ‘Windows Blue’, and Microsoft may or may not make it a paid upgrade.

The details are sketchy, but it sounds like users will have a new option to boot straight to the desktop, bypassing the new UI. It’s unclear whether the Start menu will reappear; if it doesn’t, then the usefulness of this new option will be limited. The new UI will probably still rear its ugly head in many circumstances as well.

Patch Tuesday update causing problems

Apparently some Windows users are encountering problems after installing last Tuesday’s Microsoft updates. One of the updates, KB2823324 (aka MS13-036), is causing system errors on some Windows computers.

Affected users are advised to follow the instructions in a new bulletin, KB2839011 – You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324.

The original update has been pulled from the Windows Update site, and is no longer being pushed out to Windows computers with Autoupdate enabled.

Update: Microsoft is now saying that the update in question (KB2823324) should be removed from ALL Windows 7 computers. See bulletin KB2839011.