Version 16.0.2 of Firefox fixes three critical security flaws in the previous version. Users are encouraged to upgrade as soon as possible.
Windows 8: how fast?
Traditionally, upgrading to a newer version of Windows on existing hardware meant a noticeable drop in performance. That’s because ‘new’ in the software world usually means ‘uses more memory and other hardware resources’. Is that the case with Windows 8?
Ars Technica ran some benchmarks, comparing the performance of Windows 8 with Windows 7 on the same hardware. Given the amount of hype out there about Windows 8’s improved boot times, I was curious what a real world test would show.
Well, there’s good news and there’s bad news. The bad news is that although boot times have improved with Windows 8, the difference isn’t as large as we’ve been led to believe. The good news is that Windows 8 doesn’t appear to be any slower than Windows 7. In fact, in most tests, Windows 8 is about the same or slightly faster than Windows 7. Of course, that really just emphasizes a point that Microsoft has been making: that Windows 8 is – at its core – the same as Windows 7.
Windows 8 released for retail sale
Today is the big day for Windows 8. Those of us who remember the Windows 95 release are perhaps less excited about this one. As was Windows 95, the new O/S is being touted as a game-changer. Jaded by the marketing hype, and disappointed by duds like Windows Me and Vista, my considered opinion is “meh.” I’ll get it, I’ll install it, I’ll test it, and I’ll report on it. But I seriously doubt it’s going to change much of anything for me.
Pricing and retail availability for the new O/S are discussed in a post over at net-security.org. As predicted, a download-only upgrade version of Windows 8 Pro is available for $40 USD. If you want media, the same thing will cost you $70 USD. The new System Builder version, of interest to PC hobbyists and professionals, has yet to be announced.
Ars Technica has a detailed report on the Windows 8 upgrade experience. They wanted to know if the old warnings about Windows upgrades still hold true. Spoiler: yes they do. If you’re one of those people who only uses a few applications, and who keeps their software and drivers up to date, then the upgrade may work fine for you. Otherwise, you’re taking a chance on making a big mess.
Ars Technica also has a new review of Windows 8.
The Verge has a useful buying guide for Windows 8 that helps to sort out the various options.
Service Pack 2 for Windows 7 cancelled
With the pile of post-SP1 updates for Windows 7 growing and no end in sight (at least until 2020), Microsoft has decided to forsake IT workers by cancelling plans for SP2. This means that installing Windows 7 is going to become increasingly tedious: install Windows 7, install SP1, then install 100+ (and growing) patches.
Is this yet another attempt by Microsoft to get IT administrators to throw in the towel and upgrade to Windows 8? Maybe. Luckily, IT workers have plenty of tools available to create new, slipstreamed installation media for Windows 7. That means one unattended install for Windows 7, SP1 and all the updates available at the time the media was created. Microsoft stopped officially supporting slipstreaming in Vista and Windows 7, so the process is a bit more difficult, but it’s both possible and worth the effort.
Microsoft releases new Flash update for Internet Explorer 10
Those of you running Windows 8 already should head over to Microsoft Update and install a new out-of-cycle patch for Adobe Flash in Internet Explorer 10.
Java still vulnerable even with recent batch of security fixes
We were wondering whether the recent Java updates addressed the security holes reported by Adam Gowdiak of Security Explorations. Well, Mr. Gowdiak tested the most recent Java in various browsers, and the answer is no, they do not.
Gowdiak went even further, developing a simple fix for the vulnerability. Oracle is unimpressed, saying that a proper fix will involve a lot more testing than the 30 minutes Gowdiak spent on it. They are sticking to their original estimate, that an official fix will not be available until the February 2013 Critical Patch Update.
So Java, despite the recent patches, is still vulnerable to exploits using the hole reported by Gowdiak. We continue to recommend disabling Java in web browsers.
The Verge’s review of Windows 8 (8.8/10)
A review of Windows 8 over at The Verge gives it a score of 8.8 out of 10. While short of gushing, the review has mostly good things to say about the new O/S, suggesting that either it really is that good, or the reviewer(s) swallowed every last drop of that Microsoft Kool-Aid.
Microsoft tries to convince businesses to switch to Windows 8
A recent post at Microsoft’s Windows for your Business blog reads – as one might expect – a lot like PR hype for Windows 8. Even the subtitle: “Identifying your unique Windows 8 adoption path” assumes that the reader will be upgrading to the new O/S.
The gist of the article is that Windows 8 is going to be a really good thing for “the enterprise”, meaning businesses and corporations. Having read this article and much of the material linked from it, I remain unconvinced.
This list of features found only in the pricey ‘Enterprise’ edition of Windows 8 is supposed to get IT managers all excited about Windows 8, but I don’t see anything particularly compelling there. Not enough to upgrade from Windows 7, anyway. Sure, if you’re still running Windows XP in your IT shop, you might want to consider Windows 8, but right now, Windows 7 looks like a much safer bet. Thanks to Microsoft’s surprisingly generous support windows, Windows 7 is going to be around for a long time.
Java on the desktop: safe or not?
Java is increasingly the focus of both malware developers and security researchers. Many malware packages include Java code, and drive-by malware infections often use known Java vulnerabilities to trigger web browser-based infections. Java releases are filled with fixes for security vulnerabilities. Security researchers find new Java holes with alarming frequency.
ARS Technica recently asked their readers to talk about Java and how they use it. The resulting article outlines the results of this informal survey and makes some recommendations to users.
On typical Windows computers, Java is installed as a browser plugin, allowing Java code on web sites to be run seamlessly within the browser. This should not be confused with Javascript, which is also used within web browsers, but despite its name, is a totally separate thing.
Many Windows computers also contain the Java Runtime Environment (JRE), which allows standalone Java applications to run without a web browser. Many system administration tools are developed in Java, since this allows the same code to run on many different operating systems. There are also plenty of Java games, including the hugely popular Minecraft. Although Minecraft can be run from within a web browser, the full version of the game runs in the JRE.
Java vulnerabilities exist both in Java browser plugins and in the JRE. However, Java code that runs in the JRE must be explicitly downloaded and installed by the user. For example, to play the full version of Minecraft, the user must go to the Minecraft web site, buy the game, download the installer, install the game on their computer, then run the game. On the other hand, Java code on a malicious or hacked web site can run automatically and invisibly the moment a user visits that web site – if their browser has a functioning Java plugin.
Clearly, Java web browser plugins present a much greater security risk than standalone Java. Our recommendations – echoed by the ARS Technica article – remain the same: you should seriously consider disabling Java plugins in your web browser, but it’s okay to leave the JRE installed on your computer.
Windows 8 Store Rules could be a problem for some games
Microsoft is apparently applying a strict set of rules to the Windows Store, which is making its debut on desktop PCs with the arrival of Windows 8.
By the current rules, many popular PC games would not be acceptable for the Windows Store, including Skyrim. Games not available through Windows Store would still be available in the usual way, but they would be limited to running on the Windows desktop rather than on the new user interface. But who cares whether a game will run on the new UI? Most PC games take over the entire screen when they run anyway.
I’m betting this goes one of four ways:
- Game developers ignore the Windows Store and sell their games the same way as before. Windows Store becomes increasingly marginalized and irrelevant.
- Microsoft figures out how to sell mature content in Windows Store, and game developers gradually give in and start using it.
- The Windows Store restrictions remain in place, Microsoft phases out support for desktop gaming, and PC gamers revert to Windows 7 in disgust. Windows 8 retail sales drop to zero, joining business sales levels.
- Microsoft relents, recognizing that the only way to keep Windows Store relevant is to allow people to buy what they actually want there.
See Techdirt’s coverage of this issue for more details and links.
Update 2012Oct27: Microsoft is apparently paying attention. They have decided to adjust their rules to allow inclusion of mature games, although the change will not take effect until as late as December 2012.