Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

W7 is still safer than W10...

Windows 1x on Thinkpads
Post Reply
Message
Author
RealBlackStuff
Admin Emeritus
Admin Emeritus
Posts: 23809
Joined: Mon Sep 18, 2006 5:17 am
Location: Loch Garman, Éire

W7 is still safer than W10...

#1 Post by RealBlackStuff » Wed Nov 22, 2017 1:56 pm

I'm not surprised, W7 is still safer than W10...
http://www.zdnet.com/article/key-window ... -windows-8

dr_st
Admin
Admin
Posts: 9691
Joined: Sat Oct 29, 2005 6:20 am
Location: Israel

Re: W7 is still safer than W10...

#2 Post by dr_st » Wed Nov 22, 2017 2:36 pm

Took just four days from the original publication, only one day after the crap article, for Microsoft to address the issue, explain the situation in full, explain why the behavior was changed, and how to get back the same security level with a single registry tweak. They also admitted the limitation in the configuration UI that does not have an interface to apply the system-wide configuration (without editing the registry), and mentioned that they are working to fix it. :thumbs-UP: They will probably release an updated tool very soon.
https://blogs.technet.microsoft.com/srd ... tory-aslr/

Great job, Microsoft! Thank you, RBS, for bringing this issue up, to allow people to witness first hand that Microsoft takes not only security, but also users' perception of security, very seriously.
Last edited by dr_st on Thu Nov 23, 2017 3:06 am, edited 1 time in total.
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad

Cigarguy
ThinkPadder
ThinkPadder
Posts: 1756
Joined: Thu Aug 09, 2012 3:08 pm
Location: Calgary, Alberta, Canada

Re: W7 is still safer than W10...

#3 Post by Cigarguy » Wed Nov 22, 2017 6:15 pm

Wow, who needs slice bread when you got Microsoft. The greatest ever! BARF. :jhem:

shawross
Senior Member
Senior Member
Posts: 662
Joined: Mon Oct 28, 2013 5:48 am
Location: Perth Australia

Re: W7 is still safer than W10...

#4 Post by shawross » Wed Nov 22, 2017 6:33 pm

Yes Windows 7 after EOL will still be better than 10 IMO.
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint

Nostalgia
X61 T7500 / T41 T42 T43 / A31

Rogue daily driver - Samsung RV511 15.6 " Screen - W 7

MikalE
ThinkPadder
ThinkPadder
Posts: 1451
Joined: Sun Sep 13, 2015 9:51 pm
Location: Marissa, Illinois

Re: W7 is still safer than W10...

#5 Post by MikalE » Wed Nov 22, 2017 7:37 pm

How could MS let something like this migrate to the Windows 10 OS after being discovered in Windows 8?

Are they all a bunch of idiots in Redmond or is it that they just don't give a darn about their customers and think we're all a bunch of idiots ourselves?
A31p P-IV 2Ghz, 2MB, 2653-R6U
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS

dr_st
Admin
Admin
Posts: 9691
Joined: Sat Oct 29, 2005 6:20 am
Location: Israel

Re: W7 is still safer than W10...

#6 Post by dr_st » Thu Nov 23, 2017 12:25 am

Haters just hate. Nothing changes. :lol:
MikalE wrote:
Wed Nov 22, 2017 7:37 pm
How could MS let something like this migrate to the Windows 10 OS after being discovered in Windows 8?
Who told you it was discovered in Windows 8 time frame? The reports say that it was discovered last week.

Why wasn't it discovered? Apparently, not a whole great deal of people use this feature. And perhaps most of those who do know about the registry setting and don't care much about the configuration tools.

Summary for those who want to be informed and don't want to read the lengthy technical documents
  • ASLR (Address Space Layout Randomization) is a technique that provides defense against a certain class of attacks.
  • It is supported since Vista but only if the application selects it during compile time
  • In Windows 7, a patch was added to allow forcing ASLR even on applications compiled without support for it
  • This is controlled by the registry and Microsoft provided front-ends to configure this system-wide setting without editing the registry
  • In Windows 8 the technique by which it's managed was changed, and now full randomization requires two settings, not one
  • This was done to allow more fine control over the feature, to decrease the chance of applications breaking due to ASLR being forced on them when they cannot really support it
  • The front-ends were not updated to be fully aware of this behavior change
  • As a result, configuring the feature through the front-ends in Windows 8, 8.1 and 10 results in only part of the solution being applied, which means reduced security mode for ASLR-unaware applications
  • The feature can still be controlled through the registry and works as designed, in the more secure mode, when configured thus.
  • The problem is therefore not in the core security features of the OS, but in the front-end tools that configure it
  • Now that it has been discovered, these tools will likely be updated in the nearest future
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad

Puppy
Senior ThinkPadder
Senior ThinkPadder
Posts: 2821
Joined: Sat Oct 30, 2004 4:52 am
Location: Prague, Czech Republic

Re: W7 is still safer than W10...

#7 Post by Puppy » Thu Nov 23, 2017 5:01 am

ASLR is broken by third-party AV crap software most of the time.
ThinkPad (1992 - 2012): R51, X31, X220
Huawei MateBook 13

hellosailor
Senior Member
Senior Member
Posts: 715
Joined: Sat Jan 05, 2008 1:52 pm
Location: NY, NY

Re: W7 is still safer than W10...

#8 Post by hellosailor » Thu Nov 30, 2017 4:24 pm

There will always be a problem with "new" software, in that no one has had experience with it. Add in the mass of code and MS's habit of not discussing things, or admitting them, and it gets worse.

I found the Win10v.1511 upgrade that I was stuck on, was blocking any major upgrades a year later. Four times, I finally got genuine MS support (sounded like the Philippines and India) and spent a full day on the phone with remote access. Supposedly with MS's own techs who KNEW the new software and old. And each time we ended up with "just download (zzzz) and install this new ISO image" which resulted in a reboot that wiped the boot record on the hard drive.

That just tells me that even MS has no idea what surprises are left in the box.

And then there are some that they actually flat out deny. Like, 1511 (and I think 1706 as well) also lock out the default applications for file types. You can select new ones, but they are locked out. And if you manually change the undocumented registry entries for those? Eh, you still can't restore 100% of the old defaults you had. Yeah, sure, that doesn't happen on anyone else's machine. Just my own (fairly vanilla) system.

This is not the way to get people to embrace a new subscription service concept. (And that's what W10 really is, a push to subscription model, paid for by collecting and reselling user demographics, just like Google and Facebook do.)
"The only good silicon life form, is a dead silicon life form." [Will Rogers]
-- Harboring a retired T61P with Vista/U/32 and housebreaking a younger W530 foolishly upgraded from Win7/64 to Win10.

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Windows 10/11/etc.”

Who is online

Users browsing this forum: No registered users and 40 guests