back to article Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the …

  1. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      It's like buying a car from them and them then knowing that the wheels are going to fall off and then telling the customer that they can avoid the problem by buying the newest model off of them.

      1. This post has been deleted by its author

      2. Alumoi Silver badge

        Re: Perhaps money will talk louder:

        So MS is doing what everybody else is doing (I'm looking at you Apple, Samsung, TV manufacturers) but we're focusing on them because... ?

        1. Hans 1
          Happy

          Re: Perhaps money will talk louder:

          Apple, Samsung, TV manufacturers

          How are they FSF ? They are consumer vendors, not "enterprise" vendors ...

          Linux and *BSD, the only enterprise-grade OS' around!

          1. Wayland

            Re: Perhaps money will talk louder:

            Hans, Samsung put a web browser in their telly and now it's broken. Anyone who bought the TV because of that feature has now been let down.

            Yeah pretty stupid to buy a TV as anything more than a screen really. You want to watch stuff then get a separate box to drive the screen.

        2. Uffish

          Re: So MS is doing what everybody else is doing ...

          Why start with MS? Because they are cheating some of their customers, that's why.

    2. Dan 55 Silver badge

      Re: Perhaps money will talk louder:

      That was Ballmer's promise, not Satnad's.

      In the brave new cloudy agile world, if it's older than last week then it's out of date.

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      Making Microsoft legally responsible for not releasing these patches in the event of a major attack against an older (but supported!) operating system might focus their minds a little.

      They have over 2 decades worth of experiences of dodging that one. That's why they have these exabyte-sized conditions you have to agree to.

      That said, if that was implemented I could see a number of smaller devs going to the wall the first time a bug escapes - it would create a way for richer suppliers to force devs to sell their IP or get sued into oblivion. Be very careful what you wish for.

      1. Doctor Syntax Silver badge

        Re: Perhaps money will talk louder:

        "They have over 2 decades worth of experiences of dodging that one. That's why they have these exabyte-sized conditions you have to agree to."

        Whether these EULAs are worth the paper they're not written on depends on your jurisdiction and status (consumer vs professional).

    5. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      Microsoft is one of the US government's pet corporations. Don't look for any action from that quarter.

      Besides, government has plenty of money to move to the latest version - YOUR money.

      1. Doctor Syntax Silver badge

        Re: Perhaps money will talk louder:

        "Microsoft is one of the US government's pet corporations."

        Other governments are available.

      2. Wayland

        Re: Perhaps money will talk louder:

        NHS are on Windows XP so no there is not plenty of money to get the latest.

    6. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      There's a difference between not releasing the patches at all, and prioritizing the latest version of Windows. Even if the general idea of suing a software maker for insecure software was viable, I think suing them for not releasing the patches on all supported versions of the OS at the exact same time (do you include the Server, embedded and mobile versions in that also?) would be a non-starter.

    7. bombastic bob Silver badge
      Thumb Up

      Re: Perhaps money will talk louder:

      I would upvote you except the upvote count sits at 42, and, well, I don't want t spoil it.

      1. DJV Silver badge

        @bombastic bob

        You can upvote the OP now, cos I bumped it to 43 before reading your comment.

    8. jMcPhee

      Re: Perhaps money will talk louder:

      This is nothing compared to what will happen when MS writes software for self driving cars. If you think they've hosed safety and security on the internet, wait 'til you see what they do for your daily commute.

      1. Fruit and Nutcase Silver badge
        Joke

        Re: Perhaps money will talk louder:

        @jMcPhee

        wait 'til you see what they do for your daily commute

        Clippy: Hello! This vehicle has left the highway and is on a trajectory that will take it over a cliff and into a ravine. Would you like me to apply the brakes and bring this vehicle to a stop? If on the other hand you are committing suicide, would you like to dictate a suicide letter?

      2. Anonymous Coward
        Anonymous Coward

        Re: Perhaps money will talk louder:

        "This is nothing compared to what will happen when MS writes software for self driving cars. If you think they've hosed safety and security on the internet, wait 'til you see what they do for your daily commute."

        Versus say Google?! Who have the most insecure OS of 2016 in Android AND make even more intrusive spyware by design?!

        1. Kiwi
          WTF?

          Re: Perhaps money will talk louder:

          Versus say Google?! Who have the most insecure OS of 2016 in Android AND make even more intrusive spyware by design?!

          When MS stops "recording...all your typing history" as a 'feature of the OS' you might have grounds to comment on others making "intrusive spyware". Till then....

      3. Kiwi
        Linux

        Re: Perhaps money will talk louder:

        If you think they've hosed safety and security on the internet, wait 'til you see what they do for your daily commute.

        Day one might be bad, but days 2+ should be a lot better.

        For a start, all the MS fanbois will be getting "hosed" themselves - their remains washed into the gutter by the firecrews at the crash scenes where there's too little left to fill a thimble let alone a body bag.

        There'd be a lot less cars on the road, far less traffic accidents.

        Then with all the raving loonies MS supporters (and devs) gone, the net will be a lot safer as well!

    9. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      "a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software's performance while squashing any pesky exploitable bugs along the way"

      That would imply that Microsoft are likely not actually aware of any specific bugs being fixed along the way, until someone finds them in earlier OS versions.

      The only real conclusion here is if want the most secure Windows OS, run Windows 10 (or Server 2016)...

      1. Anonymous Coward
        Anonymous Coward

        Re: Perhaps money will talk louder:

        "The only real conclusion here is if want the most secure Windows OS, run Windows 10 (or Server 2016)..."

        No thanks, I'll stick with Marvin Windows - they're sturdier, reduce energy consumption and improve the resale value of my home.

    10. Anonymous Coward
      Anonymous Coward

      Re: Perhaps money will talk louder:

      "Support should mean exactly that, and Windows 7 is supported until 2020."

      If you pay for support and find a bug, you can request a fix. That's already the case.

      1. Hans 1
        Boffin

        Re: Perhaps money will talk louder:

        If you pay for support and find a bug, you can request a fix. That's already the case.

        Yes, and then you start waiting and waiting and waiting for the patch ... compare that to FSF software, where patched binaries are usually readily available in the repos, and, if they ain't, just download source, patch it, compile, done ... system patched before your request has had the time to be escalated through MS' support hell desk ...

        1. Hans 1
          Coat

          Re: Perhaps money will talk louder:

          Yes, and then you start waiting and waiting and waiting for the patch ... compare that to FSF software, where patched binaries are usually readily available in the repos, and, if they ain't, just download source, patch it, compile, done ... system patched before your request has had the time to be escalated through MS' support hell desk ...

          To the downvoters, you know you are dishonest, you know of course, else you would not be reading stuff on this site.

          Listen, you are full of shit ... I post this because I don't care about downvotes, so go ahead, show your ignorance and downvote this one as well ... I love you, especially you dishonest n00bs from the Window Cleaner and Surface Expert brigade ,.... :-P

          1. Timmy B

            Re: Perhaps money will talk louder:

            "To the downvoters, you know you are dishonest, you know of course, else you would not be reading stuff on this site."

            Any OS expected to be used by the average man in the street should not have maintenance that includes the phrase "download the source, patch it and compile". I understand it's how some things work in the Linux world but to someone that supports elderly and fairly computer illiterate people it is one reason I could never get them to use it. That's why I downvoted that post. Not because I am dishonest, blah blah blah. And have another one that you don't care about for being obnoxious.

            1. Chemist

              Re: Perhaps money will talk louder:

              "Any OS expected to be used by the average man in the street should not have maintenance that includes the phrase "download the source, patch it and compile". I understand it's how some things work in the Linux world "

              Well I use Linux ALL the time and the only thing I've needed to actively compile since~1998 are my own programs.

            2. Kiwi
              Linux

              Re: Perhaps money will talk louder:

              Any OS expected to be used by the average man in the street should not have maintenance that includes

              ...wait for several months after the vendor has released patches for other versions.

              FTFY.

              It has been a very very very very long time since I've compiled something on Linux for the machine itself. I've not had to compile drivers for Linux that I can recall, and I know I've never had to compile anything for the kernel - did look at it once but decided after a couple of minutes "way to much work, it 'just works' as it is". Most Linux users I know personally (mainly older and tech-illiterate) don't even know what a compiler is. Some don't even know what Linux is, though they use it for their day to day life.

              If you have an edge case, or something unsupported, or the support isn't as quick as you'd like (ie it takes a few hours (yes hours, not weeks or months as in MS's case!) for the fix to appear in the repository BUT YOU MUST HAVE IT NOW!) then you can download and compile the patch. If you want. With Linux you have that option.

              With MS, you're at the mercy of Microsoft and if they want to publish details of the exploit and leave your system unprotected, you're screwed because you cannot fix it yourself.

              With Linux, if your system is unprotected, you can still look at what was changed in the source and fix it yourself/ask a mate to fix it/shove some money at someone and ask them to fix it.

              So what's your critism? Being able to fix things that need fixing when the vendor says "I don't give a shit about you!" is bad?

          2. Anonymous Coward
            Anonymous Coward

            Re: Perhaps money will talk louder:

            "compare that to FSF software, where patched binaries are usually readily available in the repos,"

            Quite often weeks or months after bugs are actually privately reported though. No real difference there to Microsoft. The main benefit of Microsoft is a scheduled monthly release cycle you can plan and sensibly test for versus a zoo of random updates...

            1. Kiwi
              FAIL

              Re: Perhaps money will talk louder:

              The main benefit of Microsoft is a scheduled monthly release cycle

              Yes, having a vulnerability on your system without even the OPTION to fix it while you have to wait a month for the vendor to release a patch is a WONDERFUL way to manage security.

              And having updates forced, without choice to turn them off even when there's a known issue, also really helps!

              </sarc>

              Oh, and I can test patches to my hearts content (usually 0%) and install them when I want (usually as soon as I know they're available). Unlike with MS, I don't have to install them when the vendor decides it's time. I don't have to install "random" and untestable patches.

              As with others of your ilk, the one you support is the most guilty of what you're accusing the rest of.

              Oh, and now I think about it1.. With Linux, patch gets announced today, I go to vendor site, get patch, start testing, in 3 weeks time I am happy and install patch. With windows patch is announced today, I wait till the next "patch tuesday" (3 weeks and 6 days in the case of the example), get the code, then start testing (if on enterprise version, others get it rammed down their throats whether it's broken or not), 1 week later am happy - 4.6 weeks after the announcement. Yup, MS is so much faster and better!

              1Disclaimer: Thought processes may not match reality. My knowledge of corporate IT comes from a hazy recollection of reading some of Simon Travaglia's excellent training manuals.

              1. Anonymous Coward
                Anonymous Coward

                Re: Perhaps money will talk louder:

                "Yes, having a vulnerability on your system without even the OPTION to fix it while you have to wait a month for the vendor to release a patch is a WONDERFUL way to manage security."

                The vast majority of Microsoft vulnerabilities are not published until patched. In the case where one is and is likely to be exploited, Microsoft often release what they call Out Of Band updates.

                But generally you can test and release updates on a planned schedule. If you patch everything without testing then good luck with that... And if you have to start a new test cycle every time a new patch is released on Linux then you have a much harder job patching and with version control than I do on Windows!

              2. Anonymous Coward
                Anonymous Coward

                Re: Perhaps money will talk louder:

                "With Linux, patch gets announced today, I go to vendor site, get patch, start testing, in 3 weeks time I am happy and install patch"

                And what about all the other patches that get randomly released in the mean time? At some point in any sane enterprise model you have to test and deploy in managed batches.

                "With windows patch is announced today, I wait till the next "patch tuesday" (3 weeks and 6 days in the case of the example)"

                They are normally released the day after the outline announcement of impacted products / severities and at the same time as the detailed vulnerability information. There are exceptions but they are pretty rare.

                "1 week later am happy"

                A common and safer model is to incrementally deploy critical patches after 1-2 weeks of testing, and deploy non critical patches after a 5-6 week testing cycle a month later...

      2. anonymous boring coward Silver badge

        Re: Perhaps money will talk louder:

        I can request a fix without paying for support. The outcome will be the same.

        1. Anonymous Coward
          Anonymous Coward

          Re: Perhaps money will talk louder:

          "I can request a fix without paying for support. The outcome will be the same."

          Well no you can't afaik. To be able to raise a request to get a fix you would normally need a premier support contract and an incident credit - or incident credits via MSDN, etc - or be prepared to pay a deposit on your credit card for the cost of an incident. However if Microsoft agree that your problem was due to a bug then the cost is refunded...

          Usually a "hotfix" can be obtained relatively quickly.

    11. EVMonster
      Devil

      Re: Perhaps money will talk louder:

      Good luck with that!

  2. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: You think that's bad?

      It's not XP, it's Windows Embedded XP, and it is not the same thing as Windows XP. Windows Embedded is still supported.

      1. Anonymous Coward
        Anonymous Coward

        supported and patched?

        I doubt it

      2. Joe Montana

        Re: You think that's bad?

        It's usually not embedded XP, it's usually normal XP although a lot of ATMs have been upgraded to windows 7 now anyway...

        Embedded XP however is largely the same as regular XP (ie the same holes), but harder to keep updated.

      3. Ken Hagan Gold badge

        Re: You think that's bad?

        Um, no, even *that* has now died. From https://support.microsoft.com/en-gb/help/18581/lifecycle-faq-windows-products ...

        "Windows XP Embedded is a modular form of Windows XP, with additional functionality to support the needs of industry devices. It was released separately from Windows XP and provides a separate support lifecycle to address the unique needs of industry devices. Devices running Windows XP Embedded will be supported through 2016."

        1. Anonymous Coward
          Anonymous Coward

          So if your ATM has a vulnerability

          How is it going to be exploited? Sure, if you break into the ATM's network, or open it up and attach something to a hidden USB port maybe then, but you might be able to leverage those attacks even without a vulnerability in the ATM's OS. It is getting into the ATM's network or USB port that's the security failure, not failure to patch a remote desktop exploit in the ATM.

        2. tcmonkey

          Re: You think that's bad?

          XP Embedded can also refer to WES2009, which will be in support until 2019.

          https://blogs.msdn.microsoft.com/windows-embedded/2014/02/17/what-does-the-end-of-support-of-windows-xp-mean-for-windows-embedded/

    2. Anonymous Coward
      Anonymous Coward

      Re: You think that's bad?

      Only problem is that the "new" version has even bigger holes and won't operate correctly on the hardware.

    3. Roland6 Silver badge

      Re: You think that's bad?

      >If you guessed XP then you win a cookie.

      Interestingly, MS are still issuing security updates for Office 2007 on XP. For obvious reasons, I don't expect this to continue beyond 10-Oct-2017 (today is the 7-Oct-2017), so I expect the set I downloaded last week were the last...

      Reminds me to download WSUS Offline Update v11.0.2 - the last version to support Office 2007 and create a full update set.

  3. Updraft102

    "By broadly upgrading the security defenses in Windows 10, Microsoft is making it easier for hackers to see where they could exploit weak spots in older versions."

    I'm SURE that's not intentional. I mean, would Microsoft, who already tried FUDding Windows 7 as being dangerously insecure compared to Windows 10 (despite their own obligation to keep Win 7 patched), possibly do something like that on purpose?

    Naaah!

  4. Mark 110

    Bit rich!!!!

    Thats a bit rich coming from a Google team when Google just abandon their previous versions. And yeah I know - they lay responsibility at the OEMs door.

    A bit fuckwittery if you ask me.

    1. Anonymous Coward
      Stop

      Re: Bit rich!!!! (but at no cost)

      Microsoft only ever needed to support old versions because they charged for them and people would be angry if they didn't. Google's OS and browser are free. Therefore it's expected that people will keep up semi-regularly. So I fail to see why you're ragging on Google here, unless perhaps you believe all old versions of free software need to be supported for years.

      Do you?

      1. Mark 110

        Re: Bit rich!!!! (but at no cost)

        Android isn't free - not if it comes with the Google service stack anyway. Best get your facts straight.

        And I wasn't 'ragging' on Google. I use all their services pretty much. Just calling them out for a 'pot calling kettle black' scenario.

        1. Anonymous Coward
          Anonymous Coward

          Re: Bit rich!!!! (but at no cost)

          Funny, but the article talks about desktop software and so did I, but you throw non-free phone software at me and then tell me to get my facts straight. Best stay on topic. ;-/

        2. oldcoder

          Re: Bit rich!!!! (but at no cost)

          Android is free.

          What isn't is the Google services.

          1. Danny 14

            Re: Bit rich!!!! (but at no cost)

            and of course other linux based systems exist.

      2. dbannon

        Google's OS and browser are free....

        "Google's OS and browser are free. Therefore it's expected that people will keep up semi-regularly."

        Well, yes, would be a good idea if it worked. I have a five year old tablet that kept getting its updates until I realised it was now so slow as the be useless. Would work fine on the original version of Android, even a couple of versions latter but certainly not what it "upgraded" to.

        And, for the record, this table cost about as much at the time of purchase as a cheaper desktop so a valid comparison.

      3. Anonymous Coward
        Anonymous Coward

        Re: Bit rich!!!! (but at no cost)

        "Microsoft only ever needed to support old versions because they charged for them and people would be angry if they didn't."

        That and because they guaranteed a circa ten year supported lifetime with a roadmap for each OS product. Windows XP for instance was supported for 13 years. Longer if you wanted to pay for it.

  5. ma1010
    Linux

    It's best to avoid Windows entirely

    if you can do that. Unfortunately, many folks are locked into "windows-only" software for some things, including me.

    I use Linux when online and keep my Windows stuff offline as much as possible.

  6. Anonymous Coward
    Anonymous Coward

    I'm not really surprised and I'm sure Microsoft have something in the T&C's that covers this.

    All this is going to do is make more people abandon their platform altogether. It makes no sense from a marketing perspective because if one of these security holes is exploited do they really think those people effected are going to go to Windows 10? Not a chance because why would you put yourself at risk to a company that doesn't keep to its word? Some people just might not be ready to switch or they are happy with their current set up so why change it until you have to.

    Do the people making these decisions at Microsoft not have any brains at all or do they think the cost saving of not supporting windows 7/8 is more than than the money lost by losing your users?

    The only things stopping me moving completely from windows at the moment are my graphics card and the games I occasionally play. My laptop and one of my HTPC's are already moved, my server has only been windows once back in 1996 when I used it for dial-up sharing.

    1. patrickstar

      Well, where are you moving? The Linux kernel does this - and worse - all the time.

      Quite a lot of security issues are fixed in the upstream Linux kernel without a word about their security impact. And I'm not just talking about information disclosures / memory leaks like these, but also about bugs that let you compromise the system on their own.

      This gets really, really bad when you consider that a lot of distros keep the kernel version stable and just backport security fixes. Thus, an attacker that follows the Linux kernel commits more closely than the distro maintainers (and they do, believe me) know about the vulnerability, while the end-users remain vulnerable despite having all the latest updates from their distro.

      1. Anonymous Coward
        Anonymous Coward

        If that is the case then why are people using Linux albeit mainly on servers?

        1. Florida1920

          If that is the case then why are people using Linux albeit mainly on servers?

          Because it's free?

          1. Doctor Syntax Silver badge

            "Because it's free?"

            As in speech. Those who are running RHEL as a server OS certainly aren't using it because it's free as in beer.

            1. oldcoder

              Oh it is still "free as in beer".

              They are paying for extra support.

          2. oldcoder

            No.

            They use it because it works more reliably, with less overhead, no spying, and providing better security.

          3. Anonymous Coward
            Anonymous Coward

            "Because it's free?"

            Not unless your time is of no value and you don't need commercial support.

            Windows Server has a lower TCO for most uses when you compare costs against paid Linux versions like SUSE or RedHat.

            1. Anonymous Coward
              Anonymous Coward

              Claims don't hold water very well

              "Windows Server has a lower TCO for most uses when you compare costs against paid Linux versions like SUSE or RedHat."

              You don't even know "most cases" and I'll challenge you to present even a single case where that happens and you include _all costs_,

              RHEL licence is much cheaper than windows server and the latter needs additional licenses for everything from applications to several licenses for each user, usually conviniently "forgotten" from calculations.

              Also you can actually get support (i.e. fixes) from Red Hat, while probability to get those from MS is basically zero.

              1. Anonymous Coward
                Anonymous Coward

                Re: Claims don't hold water very well

                "RHEL licence is much cheaper than windows server

                Well no it really isn't. Generally it's a lot more. So for instance the full RHEL enterprise version with all options + premium support costs $9,234 a year.

                Whereas Windows Server 2016 Datacentre is $6,155 Once Off + 25% a year for enterprise support and maintenance

                So over say 10 years of use and updates, an enterprise RHEL sub costs $92,340, where Windows Server Datacentre licensing costs $21,542. This will vary for different use cases but in general RHEL costs a fair bit more.

                "and the latter needs additional licenses for everything from applications to several licenses for each user,""

                Applications only need licensing if you install them - that's not an OS issue. Ditto say Oracle on Linux. Most organisations would already need Windows Server CALs for every user / device. However to be fair - if we look at the cost - at $30 each, you don't need to be running many Windows Servers to pay for that across your enterprise versus the cost of RHEL!

                People don't generally choose to use paid versions of Linux due to cost versus Windows. It really isn't cheaper. They chose it because they want to use a supported Linux version.

          4. Kiwi
            Linux

            If that is the case then why are people using Linux albeit mainly on servers?

            Because it's free?

            That is why I run it.

            Free(relatively) from the constant security problems that plague windows

            Free from having to fart around for hours trying to install drivers to get a bog-standard 3TB Seagate HDD working on it (cannot install W10 on a 3TB HDD on a non-UEFI mobo and be able to use all of the drive, W10 is only capable of using 2TB whereas even older Linuxen do it without problem)

            Free from other driver stupidity (eg having to hunt for hours to download drivers or risk stuff like DRP/Patreon's SDI etc (which seems nice but still a risk I wouldn't even have to give the slightest thought to with Linux!)

            Free from crashing

            Free from constant all-consuming maintenance

            Free from spyware

            Free from your data being slurped by the company (unless you install/use googlestuff, but that's still not "all your typing history")

            Free from constant headaches

            Free from stress

            And most importantly...

            FREE FROM THAT STUPID FUCKING REGISTRY! (unless pottything gets his way! :( )

            So yes, Linux is free, and so much more :)

            1. Orv Silver badge

              I've spent *lots* of time farting around with drivers on Linux. The most "fun" is when the kernel included in the distribution doesn't support the network hardware, leaving you to dig for kernel updates on another machine, put them on a USB drive, and sneakernet them over. This is especially great if you normally install via the network.

              1. Kiwi
                Linux

                I've spent *lots* of time farting around with drivers on Linux.

                I've had that before as well, but a long time ago.. <voice=old geezer> Why, it was back in the summer of....</voice>

                The most "fun" is when the kernel included in the distribution doesn't support the network hardware, leaving you to dig for kernel updates on another machine, put them on a USB drive, and sneakernet them over.

                That I've only ever experienced on Windows. I can't recall ever having network hardware issues on Linux. Not even broadcom wifi (or is it RealTek that lots of Windows fans say "you can never use this in Linux?", can't recall). I think the last hardware issue I had with Linux was with a lexmark printer, maybe in 2012 or so. Have never had problems with networking on it (at least none that come to mind).

                1. Orv Silver badge

                  Nah, RealTek crap doesn't work even if you DO have the drivers. ;) Mostly I was having that trouble with new servers that contained Broadcom chipsets that were newer than the install images available for RedHat. They did backport the drivers to their kernel, but they didn't put them in the kernels on the boot CDs.

              2. Anonymous Coward
                Anonymous Coward

                "... the most "fun" is when the kernel included in the distribution doesn't support the network hardware"

                You mean same thing never happens in Windows as MS of course supports every network card there is?

                AFAIK none of my current HW is supported in W10 in any way. Also it's obvious that drivers will never be made for "old" hardware.

                How about buying hardware which is supported? That's not so hard, you know.

                1. Anonymous Coward
                  Anonymous Coward

                  "AFAIK none of my current HW is supported in W10 in any way. Also it's obvious that drivers will never be made for "old" hardware."

                  Like what? The only thing out of many many devices I had problems with is very old printers (For instance Dell 924 MFDs) and I eventually found that those work with drivers for older Windows OSs if you install them in compatibility mode!

          5. Uffish

            Re: "Because it's free?"

            I'm a recreational user of Linux, it's on my home computers because it works, it's reliable, and it is fun.

            My wife changed from XP to Win 8.1 and didn't want the further hassle of changing to Win 10. That whole sorry saga was definitely not fun.

            I am even more unimpressed with MS now that they are going round saying "Malware happens you know, it would be a shame if it happened to you, whoops, looks like we're a bit late with a security update - better change to Win10 then you won't get hurt".

        2. patrickstar

          Because kernel security isn't the only reason people pick operating systems?

      2. hplasm
        Gimp

        (and they do, believe me)

        Your posting pro-windows history makes me doubt your veracity.

        1. patrickstar

          Re: (and they do, believe me)

          You doubt attackers follow kernel commits better than distro maintainers do? Thats ... pretty much the job of an attacker when it comes to kernel vulnerabilities. Just like they bindiff closed-source updates.

      3. Anonymous Coward
        Anonymous Coward

        Can you please supply a source for your claim of a time delay from a kernel fix to a distribution update on LTS?

        Speaking personally and using Debian, by the time I read about it on el reg it has already been updated.

        1. fidodogbreath

          by the time I read about it on el reg it has already been updated

          On most distros I've tried, kernel updates are available as part of the regular update stream (albeit not necessarily installed by default).

          So, two things: (1) at least you have the option of updating the kernel...or not, as you see fit; because (2) if you run Linux, it's still your computer and you get to decide what runs on it.

        2. patrickstar

          Read what I wrote again.

          The problem is that issues are fixed upstream without being marked or announced as being security related. Thus they never make any advisories, headlines, etc. And they don't get backported into the distro kernels.

          You are utterly unaware of their existence unless you follow the kernel commits closely and are experienced at spotting potential security issues, and/or are in communication with someone who is.

          See page 7 in https://jon.oberheide.org/files/source10-linuxkernel-jonoberheide.pdf for one of many mentions of this phenomenon.

          1. Doctor Syntax Silver badge

            Read what I wrote again.

            We did. You said "trust me". In this post you in effect said "trust someone else saying the same thing": See page 7 in https://jon.oberheide.org/files/source10-linuxkernel-jonoberheide.pdf for one of many mentions of this phenomenon

            Still no examples.

            1. patrickstar

              Maybe you should look up who Jon Oberheide is and see if he might possibly be, say, considered an authority on kernel security?

              Or if you prefer Oberheide's enemies, ask Brad Spengler (grsecurity). Or read grsecurity patches - he frequently fixes potential security issues that remain unfixed in distro kernels.

              These are not issues that give big headlines or anything else. These are issues that are ... wait for it! ... silently fixed!

              So either you are able to read diff's and understand the security impact of them, or you have to trust people who do.

        3. Doctor Syntax Silver badge

          "Speaking personally and using Debian, by the time I read about it on el reg it has already been updated."

          And that's also my experience.

      4. Doctor Syntax Silver badge

        "This gets really, really bad when you consider that a lot of distros keep the kernel version stable and just backport security fixes."

        If I use version N of the kernel because it supports my hardware and has the features I need why would I want more than security update providing those come at regular intervals? I'm old enough to remember that upgrades all to often means breakage and have no intention of having to keep fixing things because someone somewhere couldn't be arsed to pay attention to backward compatibility. That's why I like Long Term Support versions.

        So here's Debian 7, not at LTS (staying pre-systemd) and the current version is Debian 9 (equivalent to 10 in Microsoft numbering ;). What's the kernel number and what's the date the last version arrived? 3.2 and just over 2 weeks ago on 20th of September.

        1. patrickstar

          Third time - the problem is that you are not getting updates for all potential security issues fixed in the upstream kernel, because they are fixed without any mention of being security issues.

          The distro maintainers backport things specifically mentioned as security, or otherwise critical, fixes. They do not backport ALL fixes.

          Meanwhile, an attacker can read the changelogs of the upstream kernel and figure out that there are vulnerabilities fixed in it. Which you are vulnerable to even if you have the latest updates from your distro.

          These are not the issues of the type that gives headlines a la "Big Linux kernel security problem, patch now!", because noone except attackers and possibly (but far from always - it's often hard to tell the full impact from a fix without a proper analysis and long experience, and they aren't exactly known for prioritizing security in the first placec) core Linux kernel maintainers even know they ARE security issues.

          (The resulting compromises however can certainly give headlines, but without either catching the actual exploit binary or getting crash dumps/logs or similar it is near-impossible to tell how it happened)

          The issue is not with the distros not producing or delivering security updates. The issue is with the upstream Linux kernel maintainers not always letting distro maintainers know that there ARE security issues to fix.

          Got it now, finally?

          Does everyone's ability to read totally shut down as soon as anyone implies Linux - like all other OSes - isn't perfect?

      5. bombastic bob Silver badge
        Linux

        "Quite a lot of security issues are fixed in the upstream Linux kernel without a word about their security impact."

        Some examples dipped in truth sauce, if you don't mind. I don't believe you.

        [I did read about ONE kernel vulnerability in El Reg within the last week or so. It certainly did not get fixed "without a word". In fact, there were a LOT of words, including some security notices.]

        I'd say this goes into the "just because you say so does not make it true" bin. I've seen plenty of THOSE that poke at Linux, attempting to say it's "as bad as windows" and "look at all of the security problems" and other FUD. Sounds like something Ballmer would say [no, wait, he DID say!].

        In any case, it has been my observation that most of the security problems in Linux have very little to do with the kernel, and a LOT to do with some of the applications running on it. Some of those applications/libaries may even have windows versions (especially media players and browsers).

        And the problems with the "[cr]app store" applications with built-in security nightmares is the app store's fault, not Linux [even though Android OS _is_ a type of Linux].

      6. a_yank_lurker

        @patrickstar - I get Linux kernel updates usually within hours of release for Arch. In fact if there is major security update announced and released within a couple of hours it will be in the repository ready for download and installation. The other distros I have used are similar in their efforts to get updates ready and available for users.

        1. patrickstar

          The whole issue is that these fixes are silently introduced in the upstream kernel, with no mention of any security impact. Thus they don't get backported into distro kernels, or publicly announced as security issues at all.

          You'd have to be at the latest upstream kernel to avoid this, not at whatever your distro considers "their kernel with latest security updates" unless the two are identical.

          However, that comes with its own issues, obviously.

          In any case, you should take other measures if you actually have a threat model where you might be targeted by an advanced attacker. Grsecurity, syscall lockdown for untrusted processes, etc.

          All mainstream OS kernels today are pretty weak once an attacker can run code on the system.

          1. patrickstar

            PS. Also run a custom-built kernel with non-standard configuration and make sure the kernel images, build tree, copies of the config, etc are not available to a potential attacker. This makes targeting a kernel exploit against you significantly harder in most cases, and if you have proper response to kernel panics/oopses it means the attacker only gets one shot.

            This is one of the situations where you actually have a security advantage by running an OS you have the source for.

          2. Kiwi
            Pint

            The whole issue is that these fixes are silently introduced in the upstream kernel, with no mention of any security impact.

            I get what you're saying on the "silent fixes", especially where something may be fixed that is a security bug without the writers realising they're fixing a bug (eg improving the implementation of a network authentication protocol - not realising there is an undiscovered vulnerability in the old version that gets fixed by their improvements)

            However, there is another side to the bit I've quoted, and that's an issue across the whole OS..

            When I go to check updates in my Linux update manager, I get a brief description of the update and what it fixes (security or otherwise), and I can easily get further information on the impact and even the actual lines of code that are changed.

            When I go to the Windows update manager, I get a "monthly quality rollup" (W7). I get NO information on what is inside, other than some generic "fixes flaws in Windows" text which tells me nothing. I could go and manually look for the security fixes, but again it's a big block rather than individual updates I can install if I decide the risk of installing outweighs the risk of not. Even the pages at MS that used to give information on the flaw, the fix, and reported detrimental side-effects now only give a basic one-line "this fixes stuff" text that is useless in telling me the impact. I value my privacy, and want to know if MS is somehow trying to backdoor their spyware into 7 (on the very rare times I update 7, mostly it lives offline now).

            MS are now very bad at telling people what is fixed in the updates. The latest kernel code may fix a flaw in my own current kernel, and someone may find out that there's a vulnerability that could be exploited through pawing through the code. Good chance that some white/grey will find it and fix it, because they can look if they want. MS does much the same, but they go out of their way to make it harder for W/G types to see what is going on.

            You may be right about the risk from the Linux kernel and new code, but the risk from MS's own practices is still far greater, and puts far more people at risk, especially given the article we're talking about here! :)

            --> Not a Friday, but I understand the frustration of not being heard when you have something you're sure is quite important. One of these might help you some :)

            1. patrickstar

              My whole point is that the article here describes exactly what has been going on with Linux for ages.

              Linux actually tends to be worse in my experience (or used to, I dont really keep up with kernel haxx0ring anymore), with outright memory corruption vulnerabilities and such fixed with very non-obvious descriptions. Not common, but it has certainly happened in the past and I'm willing to bet it will keep happening. Most of the time it's infoleaks (like the Windows bugs here) or stuff inadvertently fixed (eg code paths made unreachable under the circumstances needed for it to become a vulnerability).

              The problem is that the core Linux kernel maintainers have no real interest in security, and atleast Torvalds has outright stated that he doesn't care more about it than fixing other bugs.

              It's not about some secret Linux maintainer conspiracy to reduce the CVE counts. It's about the fact that there is no real process in place to analyze the security impact of bug fixes - it's all done ad hoc.

              MS kinda atleast tries (and sometimes even succeed)

              You'd see this a lot more often if they didn't - the monthly race to get and bindiff updates has been a firm tradition among people wearing hats in various shades for as long as there has been Patch Tuesday.

              1. Kiwi

                The problem is that the core Linux kernel maintainers have no real interest in security, and atleast Torvalds has outright stated that he doesn't care more about it than fixing other bugs.

                I'm much like that myself (not that I've written much for a long time), I view all bugs as bad.

                One of the differences with Linux is that there's a number of tools available to mitigate effects of a bug, and a number of ways around it. Sure, kernel stuff isn't necessarily so easy to swap in and out as your DNS systems or other systems, but if I wanted to I could view and modify the code, and if a kernel bug became a security hole when Bind is used, I could switch in DNSMasq or some other alternative instead.

                With MS, even the default browser is (according to them, at least pre 10) built tightly into the core of the system, and therefore cannot be extracted, so that a bad web page can affect the deepest levels of the OS. I'll take a bunch of disorganised amateurs over that level of "professionalism" any day.

                It's not about some secret Linux maintainer conspiracy to reduce the CVE counts. It's about the fact that there is no real process in place to analyze the security impact of bug fixes - it's all done ad hoc.

                It may be - after all much of the work is done by a bunch of amateurs in mom's basement :) Thing is, it works. The well-paid highly organised coders over at MS send out security blunder after what-the-fuck-were-they-drinking security blunder. Linux has a small few "WTF" ones, a few normal ones, and a few "No one ever thought to test for that until now", but neither the quantity nor "quality" of security foulups that MS produces, esp among the more stupid ones (such as the article is about - Linux quietly fixes lots of bugs some of which may be undetected security flaws whereas MS loudly fixes security flaws, but doesn't make the actual details of the fix (or workarounds/mitigation) available to anyone, and while white/grey hats are trying to work out what it is to help stop any exploits, blackhats know there is an exploit there to be found and focus their efforts on to it.

                Neither is perfect, but I prefer the results of the Linux method - if it can be called a method...

      7. Hans 1

        Quite a lot of security issues are fixed in the upstream Linux kernel without a word about their security impact. And I'm not just talking about information disclosures / memory leaks like these, but also about bugs that let you compromise the system on their own.

        I think you need a word with Greg!

    2. Anonymous Coward
      Anonymous Coward

      @AC Unreasonable T&C are not meaningful everywhere

      The T&C are less of a problem than getting our officials to address it.

      Windows has never been secure, bug free, reliable or anything else you would expect from an OS, especially one you have to pay for and yet those countries who are supposedly on top of protecting their public have failed to ever take them to court under "fit for purpose".

    3. Updraft102

      "It makes no sense from a marketing perspective because if one of these security holes is exploited do they really think those people effected are going to go to Windows 10?"

      They probably do, but your point is valid. When people hear about a ransomware or other bit of malware that hits Windows 7 or 8.1, they're going to hear "Windows got hit with malware... again." The observation that it only hit certain versions of Windows is a distinction MS hopes they will make, but that is quite doubtful. It will just add to the "Windows" and "malware" terms being connected once again, and people will avoid 10 as much as the others-- and rightly so. If we can't trust MS to support their previous versions of Windows, we should not trust them to support 10 either.

    4. Anonymous Coward
      Anonymous Coward

      'they think the cost saving of not supporting windows 7/8 '

      It's not that cost. They want people on Windows 10 because now their business model is to slurp data from users, and only Windows 10 can do it effectively.

      That what happens when you get a CEO who despises his customers, and probably any product he didn't manage directly. Just, undermining the product support for professional users, he's going to undermine the whole product....

  7. Anonymous Coward
    Anonymous Coward

    Translation: please, please stop using Windows 7 and 8.

    Or in other words, move to win 10 so we can slurp your data and sell it on and then, when you can't back out, we can charge you a fee to rent the OS.

    1. fidodogbreath

      Translation: please, please stop using Windows 7 and 8.

      Done; bought a MacBook Pro, and installed Linux on other boxen. That's probably not what M$ had in mind.

      1. This post has been deleted by its author

        1. bombastic bob Silver badge
          Megaphone

          "if only the idiots at Microsoft gave Windows 10 a GUI suited for productivity use."

          They're all a bunch of CHILDREN who feel instead of think, and it's THEIR turn now, and they have bought into the idea that MIcro-shaft must drag the world with them over the cilff. Because THEY know better. I think it's become a religious cult or something. Wouldn't surprise me, since Ballmer is a socialist, and Nadella might actually be a COMMUNIST. I suspected Micro-shaft was acting like an oppressive gummint back during the "insider" program, and it kept getting worse, etc.. They forgot that we are "customers". Instead, we're "the masses" or even "minions" to them.

          So yeah, the "4 inch" crowd [see everything through a 4 inch phone screen] doesn't understand desktop computing. Those millennial CHILDREN couldn't write a proper GUI desktop if they were given the source code for one, and were then told to simply implement it (you know, like XP's or 7's GUI that we all thought was pretty good or at least acceptable).

          I still can't figure out why THIS person *FELT* that 2D FLATSO TIFKAM interfaces were so much BETTER than 7's or XP's... especially when it was the 3D Skeomorphic interface of Windows 3.0 that MADE! MICROSOFT! SO! SUCCESSFUL! IN! THE! FIRST! PLACE!!!

          1. Lysenko

            re: I still can't figure out why THIS person *FELT* that 2D FLATSO TIFKAM...

            She has form in this area. She was also behind the execrable "ribbon" nonsense in Office.

            1. Doctor Syntax Silver badge

              Re: re: I still can't figure out why THIS person *FELT* that 2D FLATSO TIFKAM...

              From Wikipedia:"Julie Larson-Green (born 1962) is the Chief Experience Officer (CXO) of the Office Experience Organization at Microsoft,[1] where she has worked since 1993."

              "Experience" is one of those warning words. Finding it twice in the same, introductory sentence simply underwrites just how bad things she can make things.

              Having said that I've recently been looking at KDE 5. It's almost as bad with endless widget styles with the same flat button look and themes with squiggles for icons. With any look the nadir may be reached if someone introduces a Big Jules theme leaving all the buttons and icons blank* and then things can start improving.

              *PCLinuxOS has almost achieved this, the default window buttons are simply coloured spots which only display an icon on mouse-over.

          2. patrickstar

            For once I agree with you.

            I actually prefer the look of CDE/Motif personally if we're talking windowed systems. It's what I use daily on my Solaris workstation. Just looks a bit dated with the 16 color palette, but at least it's not flat...

            The look of Win 3 was inspired by Motif, if I'm not totally mistaken.

        2. Anonymous Coward
          Anonymous Coward

          "now, you have to drop into the command line to get anything done"

          So they are adopting the Linux model?

        3. sabroni Silver badge

          re: I paid a visit to a client using Windows 10. Couldn't find a bloody thing

          Very professional.

          Click start and type the name of the thing you want to run. This has worked since 8.

          1. Anonymous Coward
            Anonymous Coward

            Re: re: I paid a visit to a client using Windows 10. Couldn't find a bloody thing

            Back to the command line only, eh?

            Of course you know the names of all of the applications installed in your machine. Knowing file names don't help as they aren't by that name in the menu so find doesn't find them.

            Oh, you don't remember? Too bad, UI doesn't help you at all.

          2. This post has been deleted by its author

            1. sabroni Silver badge

              Re: because there was a better way.

              That's just straight up wrong. Windows 10 still has the list of applications, grouped in folders if you like, that older Windows have. It's just the location of things in those lists that have changed. If you don't want to learn the new places (not new way, just new location) then you can search by name.

              Windows 10 has been out long enough for you to have learned where stuff is. If you have to work on Windows you need to know this. If you don't need to know this, why are you moaning about it?

          3. Tim Seventh

            Re: re: I paid a visit to a client using Windows 10. Couldn't find a bloody thing

            "Click start and type the name of the thing you want to run. This has worked since 8."

            Typing in phases from the control panel into the metro start menu (win 8 start menu) will not return options from the control panel. Try typing in "partition" and you won't get the result "create and format hard disk partitions" in return.

            Classic Shell, on the other hand, can do it.

    2. Novex

      Or in other words, move to win 10 so we can slurp your data and sell it on and then, when you can't back out, we can charge you a fee to rent the OS.

      This. I don't mind the OS itself, but the data slurp and the forced updates means it's a no-no.

  8. Anonymous Coward
    Anonymous Coward

    If you want to enhance your security, get rid of a> Java and b> Flash, and run whatever the hell OS you want

    1. Charles 9

      And if you MUST run them because your very expensive equipment won't work with anything else?

      1. CAPS LOCK

        "And if you MUST run them..."

        Noscript baby, you know it makes sense.

      2. oldcoder

        Neither java nor flash are tied to "very expensive equipment".

        1. patrickstar

          Lots of expensive and/or hard to replace gear requires either Java, Flash or custom plugins to be admined. Everything from PLC systems to cameras and medical equipment.

    2. Anonymous Coward
      Anonymous Coward

      Would love to get rid of Java and Flash. Especially on machines used to manage our infrastructure, where a secure environment is hyper-critical.

      Trouble is, Cisco ASDM needs Java (OK, not running in the browser so not such an issue)

      Worse, the VCenter manager is a Flash app. You can use an HTML5 version in 6.5. But not if you want to upload anything into the datastore. And of course the thick client isn't supported any more. Sigh.

  9. shawnfromnh

    Hell MS is doing Linux's marketing for them with stunts like this.

  10. Anonymous Coward
    Anonymous Coward

    Linux just as bad as ms ? Really ? At least my linux systems do update unlike the flaky windows 10 updates, and my windows 7 system that point blank refuses to download any updates. Good job I don't use ms for anything other than gaming these days.

  11. Tromos

    Wake-up call

    MS need to realise that many of the people running 7 just do not want 10 and if forced will go to Linux Mint or similar. Once they've gone, they've gone for good. They might not stick with the distro they initially choose or even switch to a totally different system, but the one certain thing is that they will never go back to Windows. I think most reg readers will know of one or more people who departed the MS camp when XP support ended, the same will happen soon with 7.

    I've already migrated 75% of the way and I'm working to a target of fully switching over the next 15 months (except for one system running FSX which will be disconnected from the net).

    1. Anonymous Coward
      Anonymous Coward

      Re: Wake-up call

      @ Tromos "MS need to realise that many of the people running 7 just do not want 10 "

      I personally think they understand all to well, IMHO the people who want to still run their windows games and are unwilling to give up their identity for the privilege have been written off.

      Microsoft I believe have looked at their customers and recognized that the percentage that refuse to jump when ordered and have a clue are a liability. Far better to get rid of those pesky jaded experts who keep looking at the horse's teeth, and deal only with ignorant sheep who fall over themselves to give yet more money after bad.

      Soon enough there won't be any "windows experts" outside of MS and the criminal fraternity, and no one else interested in windows left to provide support and advice, well except for the criminals who want to exploit the sheep.

      1. bombastic bob Silver badge
        Devil

        Re: Wake-up call

        "Microsoft I believe have looked at their customers and recognized that the percentage that refuse to jump when ordered and have a clue are a liability."

        Many of whom will purchase (or set up) a non-windows computer for their children, parents, grandparents, etc. just so THEY aren't being called upon for supporting that abortion-OS known as "Windows 10".

        And then, when novice users begin to realize, they too will abandon Win-10-nic.

        1. Anonymous Coward
          Anonymous Coward

          Re: Wake-up call

          Yup. Mom got transferred from Windows XP to Mac and much, much less problems for me and she could afford the price.

          No going back.

  12. Dr. Ellen
    Big Brother

    Windows 7, 8, 10? I'll take 9, please.

    Windows 10 is being patched? That OS is spyware all by itself. They're just worried somebody else may get the information they want to be theirs alone. I'll stay with 7. I'd consider Linux, except somewhere along the way, Linux stopped working on my Linux-rated tower. It seems to run, but the display twitches and jumps around.

    Upgrades are not always improvements.

    1. Doctor Syntax Silver badge

      Re: Windows 7, 8, 10? I'll take 9, please.

      "Upgrades are not always improvements."

      Quite so. That's a good reason to stick with LTS systems as far as possible. It reduces the number of occasions you have to spend time chasing after someone's failure to maintain backwards compatibility. Bleeding edge distros are fine if you want to play with them. If you want to get stuff done use an LTS for as long as possible.

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows 7, 8, 10? I'll take 9, please.

        ""Upgrades are not always improvements.""

        The major update releases have been essential for Windows 10 imo. The RTM was a shoddy chuck it out the door barely usable pile of crap. With the most recent major updates, Windows 10 is actually quite pleasant to use!

  13. Mephistro
    Devil

    And from now on...

    ... most remaining W7 users -a huge chunk of the market- will do their best to leave MS's OSsinking ship.

    "First they came for the [Cathegory$]s , And I didn't speak up, because I wasn't a [Cathegory$],"

    Values for Cathegory$

    - Windows Phone developers

    - Windows Mobile developers

    - Zune users

    - Bing Developers

    - Windows 7 users

    - Windows 8.1 users

    ... and probably another dozen products and services, at the very least.

    Gee, it's incredible that the public and techies have lost all confidence in Microsoft! </sarc>

    "And then they came for me, but I had already ditched all their products, so I told them to sod off! Fuck yeah!"

    8^)

    1. TheVogon

      Re: And from now on...

      ""First they came for the [Cathegory$]s , And I didn't speak up, because I wasn't a [Cathegory$],"

      Is a "Cathegory" a violent Catholic?

      1. Mephistro
        Happy

        Re: And from now on...

        Is a "Cathegory" a violent Catholic?

        No, it's just a misspelling.

        I'm ashamed!

        I'll go and perform Sudoku now, to atone for my failure.

        Happy now?

  14. Mikel

    If they cared about security at all

    If they cared about security at all they wouldn't be using Windows.

    1. Charles 9

      Re: If they cared about security at all

      And if they cared about security AND gaming at the same time?

      1. Doctor Syntax Silver badge

        Re: If they cared about security at all

        "And if they cared about security AND gaming at the same time?"

        Life's a bitch.

        1. Charles 9

          Re: If they cared about security at all

          So what's the solution? PROFESSIONAL gamers would be interested to know.

          1. Kiwi
            WTF?

            Re: If they cared about security at all

            So what's the solution? PROFESSIONAL gamers would be interested to know.

            Can you explain something perhaps?

            I was bored one day, no computer at home, stuff all on TV. Watched some of that so-called "PROFESSIONAL game" stuff.

            What's the appeal? The game they showed was some sort of team-based FPS, but the thing looked pretty shit. I mean for a start the location of not only your team but each and every one of the enemy was clear to see, even if there were a dozen walls between you and them you could see where they were. No challenge or anything in it. Are these people with the mental skills of a 2yo or something?

            For the sponsors; why would they pay money for something that even a toddler would struggle to find challenging? And if no sponsors, where do they get their money? From the drug dealers who sell whatever stuff people must be on to make them think they're actually engaged in something worthwhile?

            At least stop making the walls see-through.

            (those 2 mins I spent watching it make me wonder about your own mental ability, since you go on so much about "PROFESSIONAL gamers!!!111!!!!1!1!!!!1!!" and how EVERYTHING in THE whole WORLD depends on what this tiny group of kiddies wants - and while the money they may make might be nice, I'd rather be broke with a purpose than paid to turn my brain off!)

            1. Anonymous Coward
              Anonymous Coward

              Re: If they cared about security at all

              @Kiwi

              I was bored one day, no computer at home, stuff all on TV. Watched some of that football stuff.

              What's the appeal? The game they showed was some sort of team-based activity, but the thing looked pretty shit. I mean for a start the location of not only your team but each and every one of the enemy was clear to see, even if there were a dozen walls between you and them you could see where they were. No challenge or anything in it. Are these people with the mental skills of a 2yo or something?

              For the sponsors; why would they pay money for something that even a toddler would struggle to find challenging? And if no sponsors, where do they get their money? From the drug dealers who sell whatever stuff people must be on to make them think they're actually engaged in something worthwhile?

              Feel free to replace "football / team-based activity" with other terms like "team eating contest / competition" or "team drying paint / paint drying " and you argument will still only make as much sense as other pointless argument. Also

              those 2 mins I spent watching it make me wonder about OP own mental ability.

              If 2 mins is all it take for you to judge others professions, then it took me 2 mins to judge your profession. If you want to judge with a strong argument, you'll need to put more facts, data and spend more than 2 mins to make your judgment.

              tl;dr I watch professional paint drying, your pointless argument is still pointless.

          2. Hans 1

            Re: If they cared about security at all

            Dear Professional Gamers,

            Ever heard of PoL ?

            Thanks,

            Hans 1

      2. conscience
        WTF?

        Re: If they cared about security at all

        Security and gaming? For me that's easy - using Linux.

        I have 300+ games just on Steam, some of which were bought before I switched to Linux. While I haven't yet tried them all and, obviously, I don't own every single title, I have yet to find a single title that I own that doesn't "just work" on Linux either via a simple right click on the installer file and installing via WINE, or using Steam directly. Even the Windows version of Steam runs on Linux under WINE for those few games that need it.The GOG games I tried also worked fine with Linux. IF the odd title genuinely doesn't work with Linux -as opposed to be falsely reported not to work - then I would consider losing access to that title a bargain compared to giving up both control, security and my privacy to the totally unacceptable Windows OS which offers neither security, the speed that gamers need, or compatibility with many older but still played games.

        Linux is secure, reliable, speedy and able to run everything I want and need and I cannot be the only person that is true for. MS should be terrified, and they would be if they had any clue what was going on.

        1. Anonymous Coward
          Anonymous Coward

          Re: If they cared about security at all

          If a price of software doesn't run on Linux, then it doesn't meet my requirements. No software can be good enough to make me to use Windows! Work or play.

        2. BinkyTheMagicPaperclip Silver badge

          Re: If they cared about security at all

          Rubbish. What WINE has achieved is impressive, but it's very variable, doesn't support everything, and is extremely dependent on using specific hardware (it's flaky as hell running e.g. older Intel graphics chipsets that would work fine under real Windows).

          Windows compatibility with older games is pretty damn superb; there's a limited number of games that need a patch because modern graphics drivers don't implement old rarely used functions as well as they should, but I can't think of any games offhand that won't run at all.

          1. Anonymous Coward
            Anonymous Coward

            Re: If they cared about security at all

            "older Intel graphics chipsets"

            ... which frankly aren't for gaming at all but for server displays.

            I can understand why those aren't really supported.

      3. nkuk

        Re: If they cared about security at all

        Gaming and security? That would be Linux.

        1. Orv Silver badge

          Re: If they cared about security at all

          I doubt Linux is all that secure anymore once you've loaded a bunch of binary-only software on it. Especially since you don't dare install updates, since they're likely to break everything due to rampant ABI changes.

  15. captain veg Silver badge

    realistic

    "While it's not realistic to expect a vendor to maintain major updates and produce patches indefinitely for older software versions"

    Really? So will they indemnify me against exploitation of their defective product, that they know to be defective and also know how to fix? Or even just refund the purchase price, it being clearly not of merchantable quality? It's not like they've been giving this crap away over the years.

    -A.

  16. Anonymous Coward
    Anonymous Coward

    Gnome for Windows

    MS have missed a trick here. Windows could have been the same core version which they’d keep secure but then on top have different gui or desktop managers for different types of user. XP desktop for business users, Métro for kids and partially sighted folks, etc. In other words like Linux or one of its distributions and Gnome, KDE

    1. Anonymous Coward
      Anonymous Coward

      Re: Gnome for Windows

      The Windows architecture isn't particularly amenable to doing that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Gnome for Windows

        "The Windows architecture isn't particularly amenable to doing that."

        The Windows architecture is fully modular with a hybrid microkernel. Much more modular and amenable to that type of change that most other OS options....

        1. Doctor Syntax Silver badge

          Re: Gnome for Windows

          "The Windows architecture is fully modular with a hybrid microkernel. Much more modular and amenable to that type of change that most other OS options"

          So why didn't they take advantage of it at W8 time, TIFKAM for mobiles and keep the W7 interface for desktops?

          1. bombastic bob Silver badge
            Unhappy

            Re: Gnome for Windows

            "So why didn't they take advantage of it at W8 time, TIFKAM for mobiles and keep the W7 interface for desktops?"

            because, Microshaft. because, "one windows for all". Because, "take it or we shove it into an orifice without using anything to make the process more bearable"

            It's THAT very arrogance whot dun it.

          2. Dave K

            Re: Gnome for Windows

            "So why didn't they take advantage of it at W8 time, TIFKAM for mobiles and keep the W7 interface for desktops?"

            Because MS wasn't expecting 8 to flop as badly as it did. I think they knew it would alienate a sizable bunch of people and would not receive universal acclaim, but hoped that it'd gain a reasonable level of acceptance amongst home users. And once people are used to Metro, they'd see a Windows Phone and think "Ooh, it's familiar and is just like my PC" - thus increasing chances of people buying Windows Phone devices to complement their PCs.

            In short, it was a deliberate middle finger to MS's traditional PC userbase in the hope of allowing them to force their way into the mobile market. Windows 7 was only 3 years old, so MS knew they could gamble with Windows 8 to increase their share of the mobile market.

            What they weren't expecting was that Metro would be as hated as it was, which had the opposite effect of turning people off Windows Phone devices instead. Well, that and its lousy number of store apps.

          3. Anonymous Coward
            Anonymous Coward

            Re: Gnome for Windows

            "So why didn't they take advantage of it at W8 time, TIFKAM for mobiles and keep the W7 interface for desktops?"

            Because you can easily install your own Shell if you want a Windows 7 interface? I believe there are some good free options....

        2. Anonymous Coward
          Anonymous Coward

          Re: Gnome for Windows

          "Much more modular and amenable to that type of change that most other OS options...."

          Hahahahaha! You've never actually used any of the popular Linux distros then have you? You know, like how everything (apps, all OS components) are all individual packages that you can install or leave out depending on how you want to build your OS?

          1. Anonymous Coward
            Anonymous Coward

            Re: Gnome for Windows

            "Hahahahaha! You've never actually used any of the popular Linux distros then have you? You know, like how everything (apps, all OS components) are all individual packages that you can install or leave out depending on how you want to build your OS?"

            Yes great - I can uninstall packages and drivers on most OSs. Windows is modular down to almost every capability, API and interface. For instance if I want to use a hardware offload accelerated network driver in Windows I can simply plug in the right driver at the correct level in the fully modular NDIS network stack. Linux doesn't have that level of modular design and to do the same on Linux you have to install a driver kernel hack! Google it if you are not aware of that.

            For all the things you might not like about Windows it is very modular and structured in it's design.

            1. Anonymous Coward
              Anonymous Coward

              Re: Gnome for Windows

              > Yes great - I can uninstall packages and drivers on most OSs.

              *woosh!*

              > Windows is modular down to almost every capability, API and interface. For instance if I want to use a hardware offload accelerated network driver in Windows I can simply plug in the right driver at the correct level in the fully modular NDIS network stack. Linux doesn't have that level of modular design and to do the same on Linux you have to install a driver kernel hack! Google it if you are not aware of that.

              Can you easily build Windows selectively, component-by-component? I mean properly, not just from a limited selection of choices. Choosing whether you want the same version as a headless server, or a full GUI with your choice of any one or multiple desktop environments? Can I build my own fully functional Windows server in under 8MB of storage? No, I didn't think so.

              The NDIS example is a poor one, as there's no practical downside to this in Linux. A massive variety of NICs are supported via kernel modules avaiable in the upstream kernel. There are some very well documented technical reasons why hardware-accelerated NICs are frowned upon in the Linux community, but that doesn't stop them from being able to be used if one so desires.

              > For all the things you might not like about Windows it is very modular and structured in it's design.

              Maybe so, but so is the average BSD or Linux-based OS (irrelevant FUD about 'monolithic' kernel design aside) is also very modular (look into RPM and Deb packages for example), and unlike Windows I can take full advantage of that in the real world.

        3. Anonymous Coward
          Anonymous Coward

          Re: Gnome for Windows

          "The Windows architecture is fully modular with a hybrid microkernel. "

          So they say but it totally operates like single clump as anything affects to everything else, all the time.

          Browser hole is short cut to kernel operations? wtf?

          1. Anonymous Coward
            Anonymous Coward

            Re: Gnome for Windows

            "So they say but it totally operates like single clump as anything affects to everything else, all the time."

            Not something I have often experienced since maybe Vista - which had a notable UI bug at RTM, or maybe on the odd occasion where the Windows 7 Explorer process needed restarting. Windows 10 is pretty good at letting me shut down anything that isn't happy with everything else remaining unaffected. Linux can be a bitch with hung / ghost process too!

            "Browser hole is short cut to kernel operations? wtf?"

            I think you refer to a font rendering issue in the kernel. Not a hole in the browser itself. The Edge browser runs in user mode.

            There have been countless holes in IOS / OS-X where Safari browser exploits have attacked the kernel. Linux has also had quite a few recent local (and remote!)l kernel exploits - This isn't a Windows only problem:

            https://www.engadget.com/2016/10/24/linux-exploit-gives-any-user-full-access-in-five-seconds/

            https://www.theregister.co.uk/2017/09/28/linux_kernel_vuln/

            https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

            etc.

          2. patrickstar

            Re: Gnome for Windows

            Thanks to wonderful inventions like WebGL, there is now quite a bit of kernel/driver exposure to web sites. You don't have to search far to find examples of web sites causing bugchecks/kernel panics.

            This applies regardless of browser and OS, by the way, as long as certain "features" are supported.

            (It also might be worth mentioning that all font rendering takes place in userland in Windows 10. So yes, that flaw has been resolved. If I'm not totally mistaken they are working on moving the rest of Win32k as well.)

    2. bombastic bob Silver badge
      Unhappy

      Re: Gnome for Windows

      In the past, I simply asked for an OPTION to go with 3D skeomorphic instead of 2D FLATSO. They ignoed me. AND they ignored everyone ELSE who wanted that, too.

      No, Micro-shaft obvious *FEELS* that they know best what you need, and will MAKE you take it, even if they have to SHOVE IT UP YOUR AS DOWN YOUR THROAT!

  17. Anonymous Coward
    Anonymous Coward

    Looks as if it's getting to be time...

    ... for the big switch to Linux. I was expecting another couple of years before Microsoft withdrew support for Windows 7, but what do you know? It's already playing its usual dirty underhand tricks.

    One reason I'm looking forward to using Linux is that I won't have to deal with such a vicious, dishonest, greedy supplier.

    1. EVMonster
      Unhappy

      Re: Looks as if it's getting to be time...

      You will just have to deal with a shit OS (yes I do use Linux) ...

  18. LeoP

    Wine to the rescue

    A customer (and friend) of mine was stuck on Windows because of some ERP software he is forced to use - automotive industry will force software down to the individual repair shops.

    When they tried to force him to Win10 we did migrate ... turns out the ERP package runs fine under Wine on the client, the Server is just firewalled off into oblivion.

    32 less Windows installations, this made my life much easier: Before there was no month, when not at least one of them would refuse to install WIndows Updates (after burning many CPU hours over a day or two), but I yet have to see apt-get update && apt-get -y dist upgrade to fail.

    1. Charles 9

      Re: Wine to the rescue

      Lucky you. But there are tons of other software (games in particular) that rate Garbage or simply aren't listed at all.

    2. bombastic bob Silver badge
      Unhappy

      Re: Wine to the rescue

      If Wine worked as a general solution, I'd probably install it. but there are TOO many problems with it, even still, from what I read online anyway. Hang out in a Linux newsgroup and you'll see what I mean. The few people who ask about setting up Wine for XXX and whatnot. If they're lucky, someone came up with the right hacks to do it. THAT is NOT a "solution" for most people who use Windows because of Windows applications.

      Otherwise, Wine COULD be "the solution" for use of XP applications beyond the 'extended support' period, like Windows for Warships or ATM machines, etc. etc..

      1. Uffish

        Re: Wine to the rescue

        Wine for Warships might work in the RN and many other navies but the USN is, I think, dry.

  19. Version 1.0 Silver badge
    Big Brother

    We're missing the point

    Microsoft have been building operating systems for a while now ... and they still have more holes in them than a block of Swiss cheese with a wood-pecking living inside it. Why? How does this happen time and time again?

    We know that security is a huge issue, but we don't seem to care each time we write anything - our programming model and methods are fundamentally broken.

    1. Charles 9

      Re: We're missing the point

      "We know that security is a huge issue, but we don't seem to care each time we write anything - our programming model and methods are fundamentally broken."

      It could be that our whole damn society is fundamentally broken. If it costs less to paper things over and pay legal fees than it is to actually, you know, do the right thing, then fiduciary duty says security takes a back seat.

    2. EVMonster
      Trollface

      Re: We're missing the point

      Ahhhhhh we were all this innocent once ...

  20. Anonymous Coward
    Anonymous Coward

    "Additionally, we continually invest in defense-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection." Of course. Another Nadella strong arm tactic designed to push everyone into adopting Windows 10. This time it's "for security". I refuse to use Microsoft Edge, as it's the worst Web Browser ever made.

    1. Anonymous Coward
      Anonymous Coward

      "I refuse to use Microsoft Edge, as it's the worst Web Browser ever made."

      It's also the fastest, uses the lowest resources, has the best battery life and has had fewer security vulnerabilities versus say Chrome....

  21. N2
    Trollface

    Translation: please, please stop using Windows 7 and 8.

    Yes, Ive abandoned Windows long ago

  22. Anonymous Coward
    Windows

    Not an Apple fan at all but...

    I do have to admit that OS X starts to look more and more appealing every week. It doesn't have all this FUD nonsense which Microsoft provides us with, to my knowledge it doesn't try to coerce or force you into upgrades you don't want and best of all most of the software I use also runs on Apple (as far as I know).

    As said I'm not a fan, I still think that in many cases Apple is pretty overpriced for what it can do, but I'll also be the first to admit that I don't have full hands on experience. Even so... In 3 years from now I wouldn't be too surprised if I would indeed jump ships, simply to put an end to all this intrusive and oppressing madness.

    And the worse part? I actually like Windows. The environment as a whole is impressive, it definitely has a solid hierarchy and administrative structure build into it. Of course I also think it's kind of bloated, but that's another story.

    How many more people would feel this way when nonsense like this keeps popping up again and again?

    1. David Lawton

      Re: Not an Apple fan at all but...

      Make the jump and give MacOS a fair chance, i use to like Windows until Windows 8, then i got my first ever Mac and i was never an Apple fan either, but i regret not doing it earlier now.

      MacOS knows what it is trying to be , a desktop class OS. Once you fully get your head around MacOS and its trackpad gestures their is a good change you will wish you had got a Mac sooner.

      Worst case you hate it after giving it a fair chance and lucky Mac's hold their value well and you sell it without losing too much money or if you love the hardware but not the OS bootcamp it and install Windows or Linux.

      1. Doctor Syntax Silver badge

        Re: Not an Apple fan at all but...

        "Make the jump and give MacOS a fair chance"

        Apple's pricing doesn't give make provision for fair chances.

  23. Captain Badmouth

    Upgrades are not always improvements.

    "For instance, a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software's performance while introducing more pesky exploitable bugs along the way."

    Fixed.

    @Version 1.0

    "We know that security is a huge issue, but we don't seem to care each time we write anything - our programming model and methods are fundamentally broken."

    We seem to be in a poor position, agreed.

    I sometimes wonder if a really secure system will appear, written from the ground up, and all the current competing systems will be confined, in what's left of their future, sitting offline running bespoke insecure software - i.e. xp, 7,8,10, linux, mac etc. The question is whether the various governments of the day would allow such a thing - after getting rid of the various backdoors in cpu and storage architecture, that is.

    1. Doctor Syntax Silver badge

      Re: Upgrades are not always improvements.

      "I sometimes wonder if a really secure system will appear, written from the ground up"

      From the ground up would be essential. Then there's the question of putting convenience secondary to security. It would be a hard sell without a few major disasters to existing OSs to help it on its way. It would also be a good idea to think in terms of a pair of complementary systems for client and server functions so that neither carries unwanted baggage from the other.

  24. Lee D Silver badge

    "Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020."

    Great. I shall set my deployment plan for Windows 10 into motion in January 2022.

    Four-and-a-bit more years of bliss before I have to deal with that heap of junk. That's an entire hardware/software cycle to me anyway.

    I mean, making 8.1 work like 7 was bad enough, but pretty much you could get there and not have people notice.

  25. a_yank_lurker

    Translation: please, please stop using Windows 7 and 8.

    No problem here, Bloat is not used except for a couple of ancient locally installed programs that do not need to go online (XP could be used). Bloat is not allowed to connect to the Web ever. Also, it has been several weeks since Bloat has been used. Linux is installed on all computers with a couple not having any Bloat on them.

  26. Lorribot

    People in glass houses.....

    Android is nightmare OS from as security perspective. getting updates at all is a best hit and miss even if Google released the fixes for older versions of its OS, getting version updates to the latest version is nigh on impossible unlike Windows.

    Microsoft made it free and simple to upgrade (still is if you use assistive tech) and have supported pretty much any configuration of hardware you could find in a PC with their latest version, there is no reason not to upgrade other than personal preference or lack of understanding. Can Google say the same about Android?

    They should point their team at their own OS in all its various incarnations before they start trying to throw mud at Microsoft.

    1. Doctor Syntax Silver badge

      Re: People in glass houses.....

      "Microsoft made it free and simple to upgrade"

      The difficult bit seems to have been preventing it from "upgrading". Many users considered it a downgrade.

    2. Anonymous Bullard

      Re: People in glass houses.....

      It sounds to me you're upset about how you're being treated by Microsoft, so you decide to throw mud at another operating system (which has a different purpose) to make yourself feel better.

      Since you want to compare...

      I, like the majority of readers here, have lost count how many times I've had to clean, repair or rebuild a Windows computer due to some sort of infection (my own included) - and it's not even my job! That's literally infinitely more than I, or anyone I know, have had to do for Android... Even though their update mechanism has been historically poor. (That alone says a lot).

      The problem here is, even though Microsoft has an (albeit flakey) update mechanism in place, which they have full control of, and enabled by default, they've repeatedly not taken advantage of it and knowingly left their supported users high and dry.

      1. bombastic bob Silver badge
        Devil

        Re: People in glass houses.....

        "lost count how many times I've had to clean, repair or rebuild a Windows computer due to some sort of infection"

        and I assume anti-virus was COMPLETELY worthless in these cases?

        I suggest preventative measures. I call it "safe surfing". It's not that hard, and protects against nearly all infections. Seriously.

        0. Avoid web surfing with a Microshaft OS. If that's not possible, at the very LEAST, make sure that the login you use is _NOT_ configured as 'Administrator'. Or do you LIKE re-building the entire system instead of JUST that one user? [yes this HAS happened to someone I asked to do this, and I was able to fix it pretty fast because it was a non-priv user]

        1. never connect directly to the internet from a windows machine if you can possibly avoid it (always use a NAT firewall).

        2. make sure your EXTERNAL firewall blocks EVERY listening port that shows up in a 'netstat -n' report for IPv6, if you have IPv6 configured. If you don't that's fine. If you do and do NOT have an external firewall, I suggest disabling IPv6 on all windows machines, just to be safe.

        3. Use a non-Microshaft browser. Make sure you can use a plugin like 'NoScript' on Firefox. Use the plugin for as MUCH as you can. If web sites bitch at you and won't let you see the content, reject them and go elsewhere.

        4. NEVER view (or even preview) an e-mail in HTML form. EVAR. And don't use 'Virus Outbreak' aka 'MS Outlook'.

        5. ALWAYS _DISABLE_ UPNP, at the router, on your computer, etc.. If you need it to set something up, remove the internet from your WAN port, set the thing up, and put THEN the internet back where it was. UPnP is one of the BIGGEST potential security craters. It allows an attacker to open up arbitrary listening ports through a firewall.

        6. NEVER "download this to view the content"

        7. NEVER click on a popup window's buttons (when generated by internet content). Always close the window using the 'close' button in the top corner of the non-client area of the window. With the exception of ONE SPECIFIC GWX popup in the past, THIS should be safer.

        Anyway, it's like operationally putting a condom on your computer. And the bit about NEVER viewing e-mail in HTML format is EXTREMELY important. HTML e-mail is irritating, anyway.

        (scrolling this far down in the topic, I wonder if anyone will read this beyond looking for all of my posts to downvote them like a bunch of howler monkeys flinging poo might do if they could)

        1. Tuomas Hosia

          Re: People in glass houses.....

          [UPNP]" It allows an attacker to open up arbitrary listening ports through a firewall."

          Yup. To me it's a tool specifially designed to make firewall totally useless. Only a total idiot would create such a tool and protocol it uses.

          "Ease of use" isn't an argument when firewall is full of holes every time you surf 10 minutes without user's knowledge as of course upnp "service" doesn't even log the changes it has done to anywhere.

        2. Anonymous Coward
          Anonymous Coward

          Re: People in glass houses.....

          [UPNP]" It allows an attacker to open up arbitrary listening ports through a firewall."

          Yup. To me it's a tool specifially designed to make firewall totally useless. Only a total idiot would create such a tool and protocol it uses.

          "Ease of use" isn't an argument when firewall is full of holes every time you surf 10 minutes without user's knowledge as of course upnp "service" doesn't even log the changes it has done to anywhere.

        3. Uffish

          Re: Howler monkeys.....

          @BombasticBob Thank you for your kind invitation to behave like a howler monkey. I did downvote you, (cackling like a gibbon more than a howler monkey).

          The downvote was really for using the word "SKEUOMORPHIC" repeatedly. "Immediately understandable" is what you should be wanting, that and "nicely designed".

        4. TheVogon

          Re: People in glass houses.....

          And don't use 'Virus Outbreak' aka 'MS Outlook'."

          Mostly fair / sensible comments - particularly for Windows versions older than 10 - but just to note that Outlook has been one of the most secure options as an fully featured email and calendar client for many years now. It defaults to not previewing active content / blocks risky attachments, etc, etc. The days of Outlook being a security headache are long gone.

      2. TheVogon

        Re: People in glass houses.....

        " have lost count how many times I've had to clean, repair or rebuild a Windows computer due to some sort of infection "

        For Windows XP and 7 - sure.

        A couple of the major advantages of Windows 10, is a) it's so far been a lot more resistant to infections than older versions and b) if the worst does happen then resetting it to a clean state it a matter of a few mouse clicks or a boot choice and few minutes wait plus a reboot...

    3. butmonkeh

      Re: People in glass houses.....

      My phone : Moto E

      From XDA : The Moto E is a low end Android device by Motorola. The Moto E was launched in May 2014. The device features a 4.3" LCD display, with a resolution of 960x540. It's powered by a Qualcomm Snapdragon 200 dual-core 1.2GHz processor and 1GB of RAM

      Android Version : 7.1.2

      Android security patch level: 5 August 2017 (been busy, haven't grabbed latest updates)

      AOSP?

      1. Lorribot

        Re: People in glass houses.....

        My wife's less than 1 year old Lenovo Yoga tablet has not had any patches or version updates, indeed the one update that is available is known to break it badly, it is still being sold with Android 5.1. No other updates seem to be in the offing.

        Many Andriod devices are offered as sell and forget by the builders and Google has abdicated responsibility to OEMs to support the OS. Imagine if Microsoft had said well do patches but it is up to Dell/HP/Lenovo/Walmart/boutique builder/cornershop to distribute updates and patches?

        Windows Phone had one advantage in that all installs are pretty standard (the OS is designed to enable patching by move code out of the kernel, a route Andriod is following, all be it slowly) so patching could be done centrally by MS compare that to Android devices where patching and updates is the responsibility of people who are only interested in selling you new kit.

        https://www.theregister.co.uk/2017/09/11/blackberry_admits_we_could_do_better_at_patching/

        And Google actually distribute mailware

        https://www.theregister.co.uk/2017/09/15/malware_outbreak_googles_play_store/

        Google should grow up and spend more time fixing its own issues rather than trying to destroy MS, its a pointless fight that does no one any good, It used to champion doing no evil, it seems more hell bent than Apple on world domination at any cost which is saying something.

  27. Anonymous Coward
    Anonymous Coward

    Blast from the past

    Normally I skIp the MS/Windows related articles, as they're irrelevant to me, but this one sparked my curiosity.

    Funny how things haven't changed,and they're still mistreating their customers (or should I say, "product").

    The same apologists come on to perform damage control, and there's those who apparently still need to browse the internet with Windows because they have some industrial machine attached to their computer.

    1. Ropewash

      Re: Blast from the past

      >>because they have some industrial machine attached to their computer.<<

      I had a disturbing occurrence of something similar last year. A machine needed it's control computer replaced and the replacement was Win10. It arrived already set up and patched with all software installed so all I had to do was re-do all the machine specific calibrations and everything was good to go.

      I did not feel it needed to see the network so it wasn't connected.

      One month in and the system decides it's pirated and pops up the notice continually. Plugging it into the network oddly solved that without any intervention from me (i.e. no activation needed as it had already been done before.)

      Unfortunately it then said it needed to upgrade the system and drivers and dumped everything machine specific into the bin in the process, causing another re-do of all the calibrations. The new graphics driver it tried to load also buggered up the machine interface program and I had to disable it and run a fallback to get things back on the screen. I fully blame AMD for that one as their drivers are always ass, but why did my OS even try to push a new graphics driver? That is not it's damned job.

      Thanks MS. Lovely new OS you've got there, makes me glad I'm not using it at home.

      Now it's bugging me to upgrade again and I don't want to push that button.

      1. Boris the Cockroach Silver badge
        Windows

        Re: Blast from the past

        Quote:

        Now it's bugging me to upgrade again and I don't want to push that button.

        During the 'free' win10 upgrade thing, I told everyone who used the win7 laptop not to press the upgrade to win10 button, because it buggered up the communication programs we use to talk to the robots/machines and we could'nt afford the downtime to sort it.

        (plus I hate the win10 gui)

        In fact theres only the CAD package we use and the accounting software that keeps us tied to windows, if we could get both of those on linux, we'd be off to redhat or something like it in 2 seconds flat.

        Because windows is a flakey unstable pos.

        Why else would one of the win10 laptops keep losing network access at random.

        Its BSOD time "opps something has gone wrong :) please wait while we gather information for the next 30 mins... " fek off 3 fingered salute and reboot ... we've got work to do

        It took m$ a number of years (win95/98 and XP, and win7) to come up with a winning formula... why did they change it?

        Boris

        <<wishing for win10 with the GUI and stability of win7

      2. Steve Davies 3 Silver badge

        Re: Dumping all your settings

        That is SOP for Microsoft these days. You will DO IT THEIR way or NOT AT ALL.

        It is their OS after all. It isn't yours. They can and will make you confirm until you give in or give up.

      3. Anonymous Coward
        Anonymous Coward

        Re: Blast from the past

        "Now it's bugging me to upgrade again and I don't want to push that button."

        And you do not have to. You do not even have to activate Windows 10. Sure, if you don't, Windows 10 will pout (e.g. may make itself more difficult to personalize (e.g. change the colours) and it might put a watermark on the desktop) but otherwise it will run fine even if you never even once connect it to the Internet.

        1. TheVogon

          Re: Blast from the past

          "otherwise it will run fine even if you never even once connect it to the Internet."

          You can activate it via a phone call anyway.

    2. Doctor Syntax Silver badge

      Re: Blast from the past

      " there's those who apparently still need to browse the internet with Windows because they have some industrial machine attached to their computer."

      And those who have to have Windows because they play games.

      You're right, nothing changes.

    3. conscience
      Windows

      Re: Blast from the past

      You're not wrong about Microsoft's army of professional apologists spewing out the same old FUD. I didn't think their reputation could sink much lower but here they go again breaking promises, destroying trust and alienating their customers.

      There can be no reasonable defence or justification for not providing timely security updates to currently supported Windows OS versions. Windows 7 and 8 are (supposed to be) supported until 2020 and 2023 respectively, yet Microsoft didn't hesitate to screw their paying customers (yet again). What a pity that Microsoft didn't put as much effort into writing decent software that people actually liked and wanted to use instead of all this lame PR. It's amusing the apologists even think they can influence the technically literate commentards here on El Reg.

      Rushing to defend an action like this with calls of "oh but x vendor's product is much worse", "L33t professional gaming!1!" and "very expensive industrial machines" is hardly a compelling advert to go along with Microsoft's plans or use their software and just serves to make them appear to be dishonest and desperate. If effectively telling users "You are forced to use Windows 10 so just grit your teeth and bend over" is the best reason for using Windows 10 they can think of it doesn't say a lot for the quality of their software.

      1. patrickstar

        Re: Blast from the past

        Curious, do I count as a member of "Microsoft's army of professional apologists" ?

        Then I must have been secretly recruited a decade or so ago when I did a couple of hours of consulting for them! Didn't know brainwashing could go that fast, but maybe they used an implant or something?

        As to why "Linux does this, and worse" was brought up, it was a response to the (apparently mandatory) army of "I don't understand anything about software security whatsoever and didn't even try reading the linked article because it's full of those weird words like 'info leak' and 'memset', but this is why I run Linux! Windoze is so easy to haxxor!!11" that acccompanies every article saying anything negative about the security of MS products here...

  28. herman

    "The most secure Windows ever" - Unpossible - Windows 10 doesn't have bugs.

  29. DainB Bronze badge

    Car analogies

    For all those who comparing Windows to a car and at a same time getting excited about self driving cars...

    Why do you think that software in your self driving car will be any better than Windows ?

    And why do you think that your SDC will be updated for as long as you use it, which can be a few decades ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Car analogies

      Some people are hopeless optimists.

      As cars everywhere already are a glaring example of planned obsolence, robotic cars will be even more so as "unpatched" cars will not pass inspection and when patches stop at 10 years, then you can't drive any more.

      Vóila: Totally arbitary (like 10 years) legal lifetime for _any car_: Manufacturer's wet dream.

    2. Kiwi
      Go

      Re: Car analogies

      For all those who comparing Windows to a car and at a same time getting excited about self driving cars...

      Why do you think that software in your self driving car will be any better than Windows ?

      And why do you think that your SDC will be updated for as long as you use it, which can be a few decades ?

      Me? I'm getting excited about SDC's. I've seen enough software fails to know they're going to mean less cars on the road (and less people on the planet). Maybe a few firms will get it right.

      As a motorcyclist, less cars can only be better :) And where SDCs are done right, they'll be safer.

      And what makes you think they'll last for "decades" anyway? Modern cars seem to be struggling with even 1 decade these days.

  30. Kiwi
    Coat

    Good advice MS

    "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a Microsoft spokesperson told The Register.

    Not often I congratulate MS but I took this advice a while back and upgraded my OS to something current.

    And I don't regret it in the slightest. My machine is running absolutely mint right now!

    (Oh yeah, BTW MS - something you might want to look into. Had to donate a HDD to a friend so he could run W10 on a 4yr or so old motherboard - one of the last non-UEFI models. Seems you cannot install W10 on a 3TB HDD and have it see all of the disk, W10 can only handle 2TB on a boot drive on a non-UEFI mobo. Shame MS, utter shame! With Linux and Apple I believe you've been able to do this easily since >2TB & gpt were possible, without faffing around for hours trying to install special drivers just so windoze could talk to basic hardware which other stuff does OOTB!. You deserve contempt for these continuous ridiculous failings!)

    1. patrickstar

      Re: Good advice MS

      Seriously? You are blaming MS for the deficiencies of the MBR standard and BIOS CHS addressing?

      For your information, they had nothing to do with either. Blame IBM instead and the emergence of PC/Intel (with backwards compatibility going all the way back to the 80s) as the standard.

      Apple has always used GPT/EPT for their x86 Macs, since they started pretty late in the game. So they have never had this issue regardless of OS.

      The whole ">2TB boot disk and MBR/BIOS" is a _fairly_ well known issue. In fact, sufficiently well known that it was one of the major reasons for the migration to GPT/EFI. Various workarounds are possible (for both Linux and Windows), but the sanest one is often to boot from a smaller disk.

      And I take it you haven't had any driver issues on Linux, ever? Do you want some battle stories from 20 years of Linux admining or will you assume I just made them up since there are no issues with Linux ever in your world?

      MS products aren't perfect (I prefer Solaris for many use-cases personally, but it's not perfect either). But it's certainly not inherently inferior to anything else. And in a not-insignificant number of cases it's the least sucky option.

      1. Kiwi
        FAIL

        Re: Good advice MS

        (Oh yeah, BTW MS - something you might want to look into. Had to donate a HDD to a friend so he could run W10 on a 4yr or so old motherboard - one of the last non-UEFI models. Seems you cannot install W10 on a 3TB HDD and have it see all of the disk, W10 can only handle 2TB on a boot drive on a non-UEFI mobo. Shame MS, utter shame! With Linux and Apple I believe you've been able to do this easily since >2TB & gpt were possible, without faffing around for hours trying to install special drivers just so windoze could talk to basic hardware which other stuff does OOTB!. You deserve contempt for these continuous ridiculous failings!)

        Seriously? You are blaming MS for the deficiencies of the MBR standard and BIOS CHS addressing

        No, I was blaming MS for only being able to run MBR on a non-UEFI HDD.

        NO OTHER OS DOES THIS, IT IS ONLY MS that does this. Not IBM or other HW manufacturers, not the people who designed MBR, or build/design HDD's. MS and MS only.

        The whole ">2TB boot disk and MBR/BIOS" is a _fairly_ well known issue. In fact, sufficiently well known that it was one of the major reasons for the migration to GPT/EFI.

        No fucking shit, Sherlock!

        But hey, WHY WON'T WIN 10 LET YOU FORMAT YOUR FUCKING DISK AS GPT?

        Come on, you defend their shit, defend this. If I want a GPT boot disk on a non-UEFI mobo, why can I not do this? You can't even pre-format the partitions and install 10 into it, 10 silently wipes the partition table and restarts without warning you your existing partitions are going to be wiped. Fortunately it was a clean disk (but I did try shoving some data in there in the hopes that it would make 10 obey and install onto a GPT disk instead of wiping it and creating it as MBR)

        And don't blame hardware manufacturers or anyone else, because this shit only happens with MS crap. I am writing this on a Intel DP35DP mobo (donated from a friend, makes my old one seem so slow!) with a 3 TB HDD, set as GPT. All OS's, even Win7, boot fine (though W7's partition was cloned from an earlier disk, so that may explain why it never complained) . It's not the hardware that's the issue, it's not even that MS cannot handle a >2TB HDD on GPT, it's that MS cannot have it's boot drive as > 2TB with GPT on non-UEFI.

        That is stupid and I can't see how you can defend it. And just to be clear, W10 chose to make the disk MBR after I'd previously partitioned the disk as GPT.

        And I take it you haven't had any driver issues on Linux, ever? Do you want some battle stories from 20 years of Linux admining or will you assume I just made them up since there are no issues with Linux ever in your world?

        If you'd read my posts, you'll see what I've said about that.

  31. Mad Hobbit

    switching to linux

    well instead of switching to 10, I will switch to linux, to get my gaming fix,I will buy a PS4,been playing computer games since before the apple2, going to miss PC gaming

    1. Charles 9

      Re: switching to linux

      Then how will you play games like WoW which are PC-only? Or the likes of Overwatch that prohibit cross-platform gaming? You're willing to give all that up?

      1. David Nash Silver badge

        Re: switching to linux

        "Then how will you play games like WoW which are PC-only? Or the likes of Overwatch that prohibit cross-platform gaming? You're willing to give all that up?"

        Why are you presuming which games he wants to play? And anyway, he did say "Going to miss PC gaming", so the answer would seem to be yes.

        1. MJI Silver badge

          Re: switching to linux

          Everyone keeps on about games only running on Windows.

          What about consoles, apart from MS ones (and the Dreamcast), none run Windows.

          Sony use BSD and there are many games for Playstation, including a game mentioned elsewhere, Fallout 4.

          BSD is a Unix clone, like Linux.

          1. Charles 9

            Re: switching to linux

            Most would reply that the revenue from them probably doesn't compare to that in the PC sphere, which is why there are still a lot of PC exclusives (and more by voluntary choice, not out of an exclusivity contract or first-party publisher)? Why haven't games like WoW made the jump to consoles that are able to support KB/M controls if necessary?

    2. Kiwi
      Trollface

      Re: switching to linux

      well instead of switching to 10, I will switch to linux, to get my gaming fix,I will buy a PS4,been playing computer games since before the apple2, going to miss PC gaming

      I don't - I play under WINE or 7.

      Before C9 gets in with his "How're you going to play such&such that needs so&so" the answer is "I don't actually want to play that, never have, never will". Oh, and if somehow they CHANGE the LAW to only allow gaming on MS or somesuch, then yes, I will give it all up, and probably get outside and get some exercise for a change.

  32. AJNorth

    It's getting to be about that time...

    For Microsoft, how do you spell relief? L I N U X

    Which means that it's time for the devs to shift into high gear so as to be ready and able to start offering at least the most popular Windows apps for Linux by 2020.01.01 (there could also be a big shift in property valuations and sales in and around King County, WA in a couple of years...).

    1. Charles 9

      Re: It's getting to be about that time...

      Oh? Valve's been trying to get game developers to jump ship for YEARS now, without much success (just listen to the likes of Bethesda swear off Linux while trying to port Fallout 4).

      I put it this way. Linux gaming won't take off until PROFESSIONAL gamers (you know, the ones who do this for real-life money) make the switch.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's getting to be about that time...

        "I put it this way. Linux gaming won't take off until PROFESSIONAL gamers"

        And that wont happen unless Linux is noticeably faster and / or there is some other significant reason to switch, At the moment Windows 10 / Direct X wins most performance benchmarks against say Ubuntu on the same hardware.

      2. Kiwi
        Pint

        Re: It's getting to be about that time...

        Oh? Valve's been trying to get game developers to jump ship for YEARS now, without much success (just listen to the likes of Bethesda swear off Linux while trying to port Fallout 4).

        Who the hell are "Bethesda"? Some company you have dibs in? I don't believe I've ever heard anyone other than you mention them. Same for this "Fallout 4" you mention every other post.

        I put it this way. Linux gaming won't take off until PROFESSIONAL gamers (you know, the ones who do this for real-life money) make the switch.

        I think you might have a bit of a shock or few in store but.. These "PROFESSIONAL gamers!!!11!!!11!1!!!!!!1!!!1!" you have such a hard-on for DON'T set the standards for the rest of us. They're a tiny blip on any radar, Sure, they might chuck a few thousand into each of their dozen graphics cards but y'know what? I'll bet they spent fuck all with companies as a group, and they certainly don't do much for advertising stuff.

        Yet look at games for Android devices, that have top-dollar movie stars (eg Arnie S) promoting them - high end systems? No. Windows systems? No. "PROFESSIONAL gamers !!!!!!!!!!1!11111!1!1?" No. Install base many times larger than those games you go on about? Most likely. Same may be able to have been said about all the ones that were available on Facebook a while back - play on any js-capable machine, minimal code/graphics, yet played by far more people. ICBW as I haven't actually looked at the numbers, but I have seen these firms pushing their wares the few times I get caught watching live TV whereas I don't see the stuff you think is a fundamental requirement to the conditioned existence of the universe.

        BTW, the first professional gaming I ever saw (which I forgot until a minute or two ago) was Defender, which was played on console machines way back in the 80's. The movie "Pixels" covers it. None of them needed Windows for gaming.

        --> Have one of these anyway, my shout.

      3. MJI Silver badge

        Re: It's getting to be about that time...

        I play games, I buy games, I do not know nor care about any professional gamers.

        People like me are a major and targeted games market.

        But I am not a member of "pcmasterrace" as I use a console. PCMR assume this makes my opinion invalid, but explain the huge sales of console games, and try to ignore the best works from console games developers.

        We have owners of all 3 major ecosystems at work, 2 of which have many games exclusive to themselves, and not to be seen on PC.

        Games developers write games for whatever OS the console developers use.

        1. Charles 9

          Re: It's getting to be about that time...

          Console sales aren't much compared to the PC world, mind you. Take Activision Blizzard. So successful they managed to buy themselves back from Vivendi. They're a poster child for successful franchises like Diablo, Overwatch (which BTW doesn't do cross-platform play), and of course World of Warcraft (you know, the one where people pay real money PER MONTH to play): STILL PC ONLY.

  33. Tigra 07
    Alert

    Translation: please, please stop using Windows 7 and 8

    Response: Remove the telemetry and forced updates or i'll stick with Ubuntu and Windows 8.1.

    PS. I realise it's almost as bad in 8.1.

    1. MJI Silver badge
      Black Helicopters

      Telemetry is not too bad

      compared to the speech recognition sharing.

    2. Anonymous Coward
      Anonymous Coward

      "Response: Remove the telemetry and forced updates or i'll stick with Ubuntu and Windows 8.1."

      If you can cope with Ubuntu then you are more than capable of disabling the telemetry and updates yourself...

      1. Tigra 07
        Thumb Down

        RE: AC

        Why should i have to and hope i've disabled everything? I consider the OS to be inferior to Ubuntu in the first place so your argument is moot.

        If i'm paying for a product then i should not have to put up with adverts IN the OS and having all my data and files slurped.

  34. scub

    Broken Spell

    Dont believe this anymore. Its not "our" security thats at stake. Getting on fine with Lubuntu thanks, still have 1 - win10 laptop and the clock is ticking..

  35. MJI Silver badge

    Windows 10 not private.

    So which users have been saying?

    "show me long hard gay dicks free"

    "how do I open windows services?"

    "Cortina"

    "mumble mumble mumble"

    Yes the speech recognition is public and I have heard some.

    Screw 10, definately not private.

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows 10 not private.

      "Yes the speech recognition is public and I have heard some."

      Rather unlikely. as a) it would have been all over this site and the rest of the internet, and b) Microsoft would likely be on the hook for large fines for such a privacy breech.

      Here is what they actually do with your Cortana data and how to control it: https://privacy.microsoft.com/en-us/windows-10-cortana-and-privacy

      1. MJI Silver badge

        Re: Windows 10 not private.

        Actually I am considering contacting ElReg over this but I do not want to cause any lost work.

        But they are not private, and any they have difficulty with get passed out to contracters to work out what is said.

        I did a search for the company name who does it and it comes up with people moaning about transcribing porn requests.

        1. MJI Silver badge

          Re: Windows 10 not private.

          https://www.reddit.com/r/UHRSwork/comments/73sm5r/i_wonder_if_cortana_did/

          https://www.reddit.com/r/UHRSwork/comments/72wt1b/hey_cortana_fix_speech_tagging/

          https://www.reddit.com/r/UHRSwork/comments/4er17i/uhhhh/

          1. MJI Silver badge

            Re: Windows 10 not private.

            Hmm a downvoter who cannot handle the truth.

            I have heard them. Not pleasant.

            THEY ARE NOT PRIVATE!

            1. Anonymous Coward
              Anonymous Coward

              Re: Windows 10 not private.

              "THEY ARE NOT PRIVATE!"

              Then WHERE ARE THE LAWYERS?

              1. MJI Silver badge

                Re: Windows 10 not private.

                Lawyers.

                I don't know, may be noone is bothered about it

                1. Charles 9

                  Re: Windows 10 not private.

                  No one is bothered about the OS possibly giving away trade secrets? Something very odd going on here if that's the case.

  36. PeterM42
    Alert

    In other words.............

    Microsoft are telling you to FOXTROT OSCAR unless you buy the latest heap of SHIT they have produced.

  37. largefile

    Nuts, the lot of you.

    I use Windows 10 many hours a day ever day of the year, before that I used Windows 8, before that Windows 7 etc....

    I use Windows Defender for any security needs. I've not had a virus or any other malware problem since sometime back in my Windows 95 days.

    WTF is wrong with your people? Are you just big consumers of pornography and at great risk?

    1. Captain Badmouth

      Re: Nuts, the lot of you.

      "I use Windows Defender for any security needs. I've not had a virus or any other malware problem since sometime back in my Windows 95 days."

      Explain to us exactly how you know this to be true.

  38. onebignerd

    What they are describing in the article sounds like the overhaul I read Microsoft is doing to make Windows more modular and flush out the legacy code still lurking inside. Not fixing security issues is part of Microsoft's strategy to force people to Windows 10 (personal belief).

    With Windows XP and 7 being so popular and hanging around for so many years after end-of-life. I would think that would be a clue to Microsoft that the interface, look and behavior of those two versions would be something to put in Windows 10. Crazy, uh?!

  39. Herby

    Windows Security??

    I believe that that is an OXYMORON.

    For some reason I believe it will always be until Redmond turns to dust.

  40. Aodhhan

    Sure Microsoft is slow.. but,

    Without knowing the extent of the problem it's difficult to know in real terms just how slowly Microsoft is addressing this.

    However, there's no debate Google is irresponsibly advertising weaknesses in millions of individual's computers; in order to beat their chest like a bunch of gorillas.

    If you want to beat your chest after all of the flaws are fixed... this is fine. Doing it while the vulnerabilities exist and then pointing them out in a loud parochial manner isn't exactly showing your superior knowledge of anything.

    1. anonymous boring coward Silver badge

      Re: Sure Microsoft is slow.. but,

      Hasn't Google said it would give some amount of time for fixes to be implemented, before publishing the vulns? Also, aren't they open to dialogue and extending this time?

      If, on the other hand, the high and mighty MS can't be arsed to spend money to fix vulns, then the only way to make it happen is to actually do what you promised, i.e. publish. MS is lazy and stingy, and prefers spending money on glossy ads to fixing things.

      MS doesn't have pride in their stuff. They need a cost-benefit (to them) analysis for everything they do (Ford Pinto style). There are decades old issues in Windows that they will never bother to address.

      1. patrickstar

        Re: Sure Microsoft is slow.. but,

        Absolutely no pride shown in the video here with one of the core Windows kernel developers: https://channel9.msdn.com/shows/Going+Deep/Arun-Kishan-Farewell-to-the-Windows-Kernel-Dispatcher-Lock/

        Nope, none at all. Not in this video or any of the others.

        You can really tell how the developers featured in the series are all really ashamed at having to work on such sub-standard junk they aren't allowed to put their very best efforts into...

        1. anonymous boring coward Silver badge

          Re: Sure Microsoft is slow.. but,

          Money rules. The pride in the product doesn't go to the top. Just look at the leaders MS has had.

          That's the difference compared to Apple as it was under Jobs, and hopefully still is. (Scully was more of the MS mold.)

          MS has always been a money-first company where they can delay fixing things for decades no matter how easy to fix and how annoying the problem is just because they just don't give a sh*t. Scant attention to detail. Just look at the horrible hodge-podge the settings panels are in Win 10 (with all the old stuff under the hood).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like