Microsoft, Patches and updates, Privacy, Windows 10, Windows 7, Windows 8.x

Privacy-related updates to avoid on Windows 7 & 8.1

1 Comment

If you use Windows 7 or 8.1, by now you’ve no doubt noticed that Microsoft is trying to push you to upgrade to Windows 10. In my opinion, Microsoft is doing this because Windows 10 includes a lot of features that track your activities, and the information gathered is extremely valuable for the purposes of advertising. Windows 10 doesn’t have a lot of advertising yet, and Microsoft denies that this is what they’re planning, but it seems clear that Microsoft is jealous of Google’s enormously lucrative ad-supported empire.

But what about all those people staying with Windows 7 and 8.1? Microsoft’s solution is to retrofit those versions, via Windows Update, with some of the privacy-invading features from Windows 10. And of course, because we’re talking about Microsoft, they’re trying to hide what they’re doing by obfuscating the true purpose of these updates. The language used to describe these updates tends to include phrases like “This service provides benefits from the latest version of Windows to systems that have not yet upgraded.”

We’ve discussed the KB3035583 update (and how to remove it) before. That’s the update that adds all those annoying upgrade prompts to Windows 7 and 8.1. But you should be aware of (and watch for) a few other sneaky updates. These have been generally categorized as ‘telemetry’ updates; a reference to the way they monitor what’s happening on your computer.

Telemetry Updates

If you want to avoid these telemetry updates, check to see if they are already installed. If they are, uninstall them, and use the ‘hide’ feature of Windows Update to prevent them from reappearing. If you see these updates listed in Windows Update, make sure to de-select them, then hide them.

Varying interpretations

Woody Leonhard is getting a bit of a reputation as a Microsoft apologist. You may recall that he refused to believe that Microsoft would push Windows 10 onto Windows 7 users, and later had to admit he’d been wrong. Woody’s analysis of the telemetry updates is predictably pro-Microsoft.

At the other end of the spectrum, there’s a project on Github that consists of a batch script that automatically removes all of the telemetry updates from Windows 7 and 8.1. It actually removes twenty-one updates, many of which are shady for other reasons besides privacy.

A more balanced analysis is provided by the GHacks site. This article identifies the most problematic (telemetry) updates and explains how to get rid of them.

Adobe, Edge, Flash, Internet Explorer, Patches and updates, Security

Emergency update for Flash

Leave a comment

If you use a web browser with Flash enabled, you should stop what you’re doing and update Flash.

According to the associated Adobe security bulletin, Flash 21.0.0.182 fixes twenty-three security vulnerabilities, including one (CVE-2016-1010) that is being actively exploited on the web.

The release notes for Flash 21.0.0.182 provide additional details. The new version fixes several bugs that are unrelated to security, and adds some new features.

As usual, Chrome will update itself with the new version of Flash, and Internet Explorer and Edge on newer versions of Windows will be updated via Windows Update.

Firefox, Patches and updates, Security

Firefox 45 released

Leave a comment

The good people at CERT once again alerted me to a new version of Firefox, 45.0. Apparently Mozilla still can’t manage to announce new versions consistently.

According to the official release notes for Firefox 45.0, the new version includes minor improvements to syncing, searching, and HTML5 support. It also fixes several bugs, including at least twenty-two related to security vulnerabilities. On my main computer, Firefox’s About screen already offers to install the new version, but if yours doesn’t, you should grab it from the main Firefox download page ASAP.

Adobe, Edge, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for March 2016

Leave a comment

It’s time once again to roll up the sleeves and get patching. This month we have thirteen security bulletins and associated updates from Microsoft. The updates address at least forty-four security vulnerabilities in Windows, Internet Explorer, Edge, Office, Windows Server, and .NET. Five of the updates are flagged as Critical.

Adobe’s contribution this month is new versions of Acrobat/Reader. You may have noticed that Adobe has confused things by splitting Acrobat/Reader into several variations: classic, continuous, and desktop. According to Adobe, the continuous variant always has all the most recent updates, fixes, and new features. I think it’s safe to assume that’s the variant most people should be using. The new continuous version of Reader is 15.010.20060. All of the new versions include fixes for three security vulnerabilities.

Internet, Security, Tools

Test your browser’s security

Leave a comment

A new, free, web-based service from cyscon GmbH tests your web browser and reports any security issues it finds.

Check-and-secure starts by checking your computer for open ports, then compares your IP address against a list of addresses associated with botnet activity.

Next, you have the option of checking your browser version and looking for out of date plugins like Java, Flash, and Silverlight. This is arguably the most useful part of the service, and you can get to it directly, which is handy.

The remainder of the service consists of offers to install various local security software packages. I haven’t yet tried the Cyscon Vaccination software, so can’t comment on its efficacy.

Hardware, Internet, Microsoft, Patches and updates, Security, Silverlight

February security roundup

Leave a comment

In February, a security researcher discovered that a Silverlight exploit – patched by Microsoft in January – is now being distributed through the Angler hacking kit. The researcher also found web sites using the exploit to infect site visitors who have not yet installed the Silverlight patch.

Comodo Internet Security, a highly-rated security package, was found to include features that actually make the host computer less secure. Most notably, that included a VNC server running without a password. VNC is a remote desktop application. The problems were resolved in subsequent updates from Comodo.

Brian Krebs wrote about serious security issues found in some Internet-connected Trane thermostats, and warns buyers to use caution when purchasing ‘smart’ devices.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.