Tip jar

If you like CaB and wish to support it, you can use PayPal or KoFi. Thank you, and I hope you continue to enjoy the site - Neil.

Buy Me a Coffee at ko-fi.com

Support CaB

Recent

Welcome to Cook'd and Bomb'd. Please login or sign up.

March 28, 2024, 03:40:25 PM

Login with username, password and session length

Microsoft Are Now Forcing Windows 10 on Me/Us

Started by checkoutgirl, April 15, 2016, 05:41:38 PM

Previous topic - Next topic

Ambient Sheep

Also beware, people still on Windows 7 and 8, just seen this in a Slashdot comment:

QuoteMicrosoft has been quietly rolling invasive Windows 10 features (like Telemetry/Tracking) into recent Windows 7/8 updates. So remaining comfortably on Windows 7 requires some vigilance blocking/uninstalling key updates. See list here [alaya.net] and more info here [superuser.com].

I cannot vouch for the reliability of the information contained therein.




I think the next useful thing to discuss is which laptops are known to play nicely with Linux Mint Cinnamon... 'cos once this battered old hand-me-down Win 7 thing with the knackered hard disk and iffy CD drive finally bites the dust, that's what I'm gonna need...



Ambient Sheep

Yet another Slashdot comment, I do so hope this is true:

QuoteI work in the UK at a place that has one of the (if not the) largest computer systems in Europe. Everything is currently being rewritten to run under Linux.

Even the desktops will all be moving to Linux.

Microsoft will be dead in 10 years.

One can but dream.

olliebean

#92
Quote from: Ambient Sheep on July 29, 2016, 04:34:17 AM
It also appears that it will insist on TPM 2.0, so get ready for the totally locked-down biometric future...

http://www.theinquirer.net/inquirer/news/2466259/microsoft-tpm-20-support-now-mandatory-for-all-windows-10-devices

So what does this mean if I'm currently ruining Windows 10 on hardware that doesn't support it? No new updates? Updates that break my PC? If I'm going to end up with an unsupported OS after just a year, I may as well go back to XP.

<edit>Found this:

QuoteAs of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0

Which I his means I should be OK as long as I don't upgrade my graphics card. Bit of a bummer if I want to play the latest games, though.

Also found this, which is a bit of a concern given how control-freaky Microsoft seem to be getting:

QuoteTCG has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer—​​and not the user who owns the computer system—​​decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.

MojoJojo

No, it's saying new devices sold with Windows 10 must support TPM and have it enabled by default.

You can turn it off.

Blumf

Quote from: Ambient Sheep on July 29, 2016, 05:17:51 AM
Yet another Slashdot comment, I do so hope this is true:

Quote...stuff about transitioning org to linux...

One can but dream.

I'm in the middle of making our core product cross-platform.

It's going to be a long slog ditching Windows, but people have started.


Barry Admin

#96
http://lifehacker.com/all-the-coolest-features-of-windows-10s-anniversary-upd-1784698775

Including a Bash shell, cool!

Edit: Hmm, needs 16GB free to install, which I don't have on this tablet.  Anyone know how much bigger it makes the base installation after you run the service pack?

Blumf

Extremely old bug bites hard now:

https://www.perfect-privacy.com/blog/2016/08/01/security-issue-in-windows-leaks-login-data/
QuoteTo trigger this leak, the attacker needs to set up a network share and trick the victim into visiting any IP address of that share. This can be done by simply embedding an image into a Website if the victim uses Internet Explorer or Edge (Chrome and Firefox are not affected). However, another possibility is embedding the network share into an email. If the victim uses Microsoft Outlook, this will also leak his login credentials.

More specifically, a successful attack leaks the login name and the NTML hash of the password and Windows domain. However, these hashes can be cracked rather easily – in a matter of seconds for weak passwords. Generally, if your Windows password hash was leaked, it is safe to assume that your password has been compromised.

Note that this is neither a new issue nor a security vulnerability as such: Originally this issue was found in 1997 by Aaron Spangler. Additionally, in 2015 there was a talk on the annual Blackhat security conference about this issue. This was not considered a big problem when the attack only leaked local Windows login information (as in most cases you cannot connect remotely with those credentials). But since Windows 8, Microsoft allows to login to your computer with your Microsoft Live account and since Windows 10 this is the default. As result, like we mentioned at the beginning of this post, this compromises every single service you signed up with your Microsoft account, including email, Skype and- XBox Live.

Basically, if IE/Edge/Outlook are told to open up a URL (e.g. an image link on a web page) to a Windows share on an internet server, it'll send over your login details, including the (weakly) hashed password.

Amazingly this bug has been around for decades, but it really becomes an issue now that Win8 and above like you to use you 'cloud' account (email addy) for your Windows login.

So:

  • Avoid using full email addresses for your Win login
  • Avoid using MS based internet apps (IE/Edge/Outlook), sensible anyway
  • If you can, block outbound TCP port 445 on your firewall

Fucking hell!

Wilbur

Quote from: Blumf on August 02, 2016, 10:32:05 PM
Extremely old bug bites hard now:

So:

  • Avoid using full email addresses for your Win login
  • Avoid using MS based internet apps (IE/Edge/Outlook), sensible anyway
  • If you can, block outbound TCP port 445 on your firewall

Fucking hell!


MS have made it very unclear how to login with a local account when installing Windows 10 (in fact increasingly so at almost every update). They really are keen to have everyone attached to their servers. First thing I do with my customers on 10 is ask then if they use onecloud and change them to a local account if not.

canadagoose

I see MS have pushed out an update which forces Cortana to be enabled. This laptop has Windows 10 Pro so can be disabled from Group Policy, but if you have the Home edition you might have to do this: http://www.howtogeek.com/265027/how-to-disable-cortana-in-windows-10/

Twed

The fucking idiocy of forcing somebody to use an online account to login to a computer. It means the password has to be something you can remember and easily type[nb]as opposed to something you'd store in a password manager and only ever copy and paste or drag in to a field[/nb] and therefore it means your password has to be weak.

Ambient Sheep

Quote from: canadagoose on August 05, 2016, 07:01:02 PM
I see MS have pushed out an update which forces Cortana to be enabled. This laptop has Windows 10 Pro so can be disabled from Group Policy,...

Um, I thought this new Anniversary Edition update removed the ability to change Group Policies from the Pro edition?  See discussion earlier in this thread and indeed on Slashdot, where I first read it.

Although re-reading it, it seems it's not ALL policies, only some of them.  Not sure if the Cortana-always-on thing is one of them.

olliebean

The day they release a Windows update that makes login with a Microsoft online account mandatory is the day I stop installing Windows updates.

Still Not George

Aaaand with a barely audible "pfffft", my Windows 10 install stopped working. What joy.

Edit: Well bugger my bollocks. 1 boot into safe mode later,  works fine.

canadagoose

Quote from: Ambient Sheep on August 05, 2016, 10:00:11 PM
Um, I thought this new Anniversary Edition update removed the ability to change Group Policies from the Pro edition?  See discussion earlier in this thread and indeed on Slashdot, where I first read it.

Although re-reading it, it seems it's not ALL policies, only some of them.  Not sure if the Cortana-always-on thing is one of them.
Huh, that's strange. It seemed to work fine on my machine. Maybe MS decided to delay that particular change?

olliebean

The things that the affected group policy settings are supposed to disable (mostly ads for apps and user-experience tips) are things that it's never shown me anyway, despite not having changed those settings. Perhaps you don't get them with a local account.

More info about the changes here, anyway: http://www.ghacks.net/2016/07/28/microsoft-removes-policies-windows-10-pro/

Glebe

So I got this big anniversary update... bit of a more streamlined look in places, otherwise, no major changes that I'm aware of.

olliebean

Quote from: Glebe on September 14, 2016, 06:29:03 AM
So I got this big anniversary update... bit of a more streamlined look in places, otherwise, no major changes that I'm aware of.

Still not got it here. I must be at the back of the queue for some reason.