Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack.
Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows 10 releases – such as the Anniversary Update and the Creator’s Update. But this vital repair work is only occurring slowly if at all, filtering back down to Windows 7 and Windows 8 in the form of monthly software updates.
This is all according to researchers on Google’s crack Project Zero team. The fear is that miscreants comparing the various public builds of Windows will notice these vulnerabilities are being silently fixed in Windows 10, realize the same holes are present in earlier versions of Windows – which are still used in homes and businesses worldwide – and thus exploit the bugs to infect systems and spy on people. And if hackers haven’t realized this, they will now: Google staffers have publicly blogged about it.
Redmond engineers are quietly addressing these Windows security flaws as part of their efforts to improve components within the Windows 10 operating system. For instance, a team may be tasked with improving memory management in the kernel, and as a result, will rewrite chunks of the source code, boosting the software’s performance while squashing any pesky exploitable bugs along the way. For the marketing department, this is great news: now they can boast about faster loading times. Malware developers, meanwhile, can celebrate when they discover the programming blunders are still present in Windows 8 and 7.
“Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform,” Google Project Zero researcher Mateusz Jurczyk said on Thursday.
Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers
“This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows.”
As an example of the problem, Jurczyk highlighted the wobbly use of memset() within the kernel. This is a function that is supposed to overwrite bytes in a specific area of memory to a specific value, such as zero, thus scrubbing away whatever was previously stored in that portion of memory.
When the kernel is told by an application, via the NtGdiGetGlyphOutline system call, to fill an area of memory with information, and copy it into the app’s memory space, the OS doesn’t fully overwrite the area using memset() prior to the copy operation. This means the kernel ends up copying into the application’s memory space left over private kernel data, thus leaking information it really shouldn’t. This can be useful to snoop on the OS and other programs or gain enough know-how of the system’s internal operations to pull off more damaging exploits.
This information-disclosure bug was fixed in Windows 10, but remained present in Windows 7 and Windows 8.1 – until it was reported by Project Zero to Microsoft at the end of May this year and fixed in patches for Windows 7 and 8.1 systems in September. Google typically gives vendors, including Microsoft, 90 days to address any reported security shortcomings before going public, forcing developers and manufacturers to play their hand.
This months-long lag in deploying patches to previous flavours of Windows is leaving systems vulnerable to attack. By broadly upgrading the security defences in Windows 10, Microsoft is making it easier for hackers to see where they could exploit weak spots in older versions.
“Not only does it leave some customers exposed to attacks, but it also visibly reveals what the attack vectors are, which works directly against user security,” Jurczyk explained.
“This is especially true for bug classes with obvious fixes, such as kernel memory disclosure and the added memset calls.”
While it’s not realistic to expect a vendor to maintain major updates and produce patches indefinitely for older software versions, as many as half of all Windows users are still running Windows 7 and 8 – meaning millions of people are being put at risk by Windows 10’s security improvements, ironically.
Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020.
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible,” a Microsoft spokesperson told The Register.
“Additionally, we continually invest in defence-in-depth security, and recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
Translation: please, please stop using Windows 7 and 8. ®
Like many parents I have been using Microsoft Family Safety on my kids computers for several years now to keep them safe online by restricting what websites they can view, blocking adult content, restricting what apps they can use etc. I also used family safety to control my kids screen time, so that they could not spend all day/night on the computer, or use it after bed time. By default we gave all our kids ZERO screen time each day, and then used the handy “Add time” feature to add x number of hours for them each day as long as they had been good and done their homework and chores etc.
This was working great until earlier this year when Microsoft started makes changes to family safety and the way it worked. The result of these changes was hundreds of complaints on the Microsoft forums because family safety had mysteriously and without warning stopped working for many people, putting many children and their computers at risk.
Screen time was no longer working allowing kids to use their computers any time of the day or night or the times were simply being applied incorrectly, allowing access when they should be blocked and vice versa.
Content filtering had stopped working, allowing kids to view any website. I saw several reports on the forums where parents had reported their children had seen some very inappropriate adult content as a result, which is unfortunately a very easy thing to happen with a seemingly innocent google search, and I have experienced this myself one time before I had setup parental controls.
App & Games filtering stopped working, allowing kids to install and launch any app or game, regardless of age rating.
I have opened numerous threads on the Microsoft forums, but the so called “Microsoft Techs” (sic) are about as useful as three colorblind hedgehogs, in a bag. They do not even bother to read the questions, they look at the subject, and just post a canned response based on words in the subject telling you how to setup family safety, and you will not get any other responses from them beyond this. I have even made posts saying “DO NOT SEND ME A LINK TELLING ME HOW TO SETUP FAMILY SAFETY, THIS DOES NOT APPLY. READ THE QUESTION BEFORE REPLYING”. I have put it in bold, caps underline, with arrows pointing to it, but still they ignore it and still post the same useless canned response.
So I tried completely removing my kids from family safety altogether so as to try and add them again from scratch, this then resulted in my not being able to add them again as family safety said they already existed even though they did not, so now I was completely stuck. So I then resorted to using “Microsoft Answer Desk”, which is also accessible via a new live chat feature that I discovered in Windows 10, just type “Contact Support” in the search box, and voila, you get a live chat app. So I used this to ask for support, and on every occasion the answer desk tech was completely clueless and was simply quoting me the same crap from their forums. One tech asked to do remote assistance, and then simply proceeded to open a browser on my machine and use that to search the Microsoft KB and forums for an answer (like I haven’t already done that), and just randomly clicked around on my computer for a while before giving up and getting me to contact another completely unrelated dept that could not help either. Another tech was quoting me instructions from the OLD windows live family safety app (pre windows 8) that was completely out of date and not applicable, I had to tell him that it was all controlled from the family safety website these days. I ended up being transferred around to 3 different depts, none of which knew anything about family safety. One tech actually admitted to me that they knew everything was broken, and I simply had to wait until they got around to fixing it. This I find absolutely diabolical that Microsoft would intentionally cause this problem, put kids at risk and not only keep it quiet, but tell their forum techs to just fob everyone off.
Anyway, finally I got escalated to 2nd level support due to my Assure subscription (paid support) and spoke to some guy called Medha on the 10th October. Medha started a remote support session and pretty much did the same as the previous techs, just randomly moved the mouse around my desktop for a while, opened and closed the start menu a few times, then went to the family safety website, and just tried repeatedly over and over again to re-add my kids to family safety, getting the same error each time, and just looking blankly at the error, highlighting it, randomly clicking about a bit more and then repeating, somehow thinking he would get a different result if he repeated it enough times, he has was as clueless as the rest of them. So it seems no-one at Microsoft support has any clue how family safety works. Then suddenly my phone rings, it’s Medha, who proceeds to tell me that family safety is not a supported product and so he cannot help me, even though I have paid support, and the only place to get support is on the forums. Hmm funny how this came out of the blue only after he realizes he cannot fix it, after all these hours of speaking to different techs, including Medha himself, why wasn’t I told this right at the start by anyone else? In fact why did he not tell me this at the start of the session instead of spending 30 minutes cluelessly pissing around on my desktop. Strangely he did not have an answer for this.
I told him I had already posted on the forums many times, along with lots of other people, only to get useless canned responses. But he assured me that if I posted again then he would make sure someone replied to me on the forums and solved my problem. I asked him how he could make this random assurance, how would they find my post, he had not taken any details or anything? He could not answer this either and just waffled on saying someone would reply, which of course turned out to be a lie, as I have still not had any responses or help on the forum. Medha also told me he would create a support case and email me the details so that I could respond to him if I did not get any help on the forums, this was also a lie and never happened.
So family safety had now become all but useless on all my kids computers and support from Microsoft is a non existent joke, so what to do. I had previously already tried upgrading to Windows 10, only to then roll back to Windows 8.1 after I discovered the “Add time” functionality no longer exists, instead you now only have the option to switch user or shut down if they have no screen time left.
This was a really important feature to me, as this is how I controlled daily screen time. Without this, you have to set the screen time globally, so if you allow 4 hours on every week day, then this is a fixed setting for those days every week. Which makes it impossible to use in the way we need, which is to give time each day once we have confirmed all homework and chores has been done and only if they have behaved. Instead you either give them time every day and trust them, or you have to give no time all day every time, and then log into the website and change it every day, and then remember to change it back at bed time, which is a PITA. However since family safety was now totally broken anyway, I saw no reason not to upgrade everyone to Windows 10 now, and hope that maybe family safety worked better on Windows 10.
After upgrading all my kids to windows 10, so far everything does seem to be working, so for all intents and purposes it would seem that Microsoft updated family safety for Windows 10, and as a result completely broke it on windows 7 and 8 and just said “fuck it” and left all us parents to find out the hard way.
The one problem I did have is that one of my kids computers would not show on family safety, it just gave the obligatory “when this user signs into a Windows 10 device it will show up here”, and nothing I did got it to show up. I was about to resort to deleting her user from the computer and setting up from scratch but then I tried logging into her computer and changing her user from a standard user to and administrator and then back again, which seems to have done the trick so far.
So it seems that if you want to use family safety, you must upgrade to Windows 10, as it is totally unreliable on previous versions. However my trust in family safety and Microsoft has now gone, and I so I have other precautions in place as well (which I used to use before family safety anyway). I have my broadband router set to use OpenDNS rather than my ISP’s DNS, this allows you block websites according to content and age rating, and also to whitelist and blacklist any website you wish. I also run Kaspersky on all my kids machines and can use its parental control features as a backup in case family safety fails again.
So I would warn all parents at this time, DO NOT TRUST MICROSOFT FAMILY SAFETY. If you do choose to continue using it, then you should probably upgrade to windows 10 if you haven’t already and regularly check your kids computer to make sure it is still working as expected, and like me, have a backup solution.
If you are not up to speed with online family safety and parental controls, then I highly recommend reading some online resources on the subject, such as the NSPCC site on the left. And remember if you have given your kids a smart phone or tablet, then this also needs to have parental controls implemented as well, otherwise they can use this to bypass everything you have setup at home on the computer. And don’t forget,when they are out of the house, they are not using your router or WIFI, so anything you have setup here no longer applies.
This has happened to me twice now on 2 different systems, where the whole Windows 8 metro (or modern as they now call it) interface seems to have gone kaput. I have been unable to launch any of the native metro apps, they would open and then immediately close, leaving only the icon in the taskbar on the desktop. I followed every single suggestion on every single website, blog and forum, but nothing worked.
The first time it happened I resorted to re-installing windows, but last time it happened I wanted to find another solution, but this time was not even able to access any page that used the metro interface, such as the pc settings, which made it impossible to then even try following some of the suggestions.
One of the possible causes I have read is a corrupted user profile, which seemed like a likely cause, as I was experiencing various other issues with things not working properly as well, but repairing your profile seems to be virtually impossible, and copying your profile is just a PITA, so I thought I would try someone more obvious and simple.
Firstly create a new user, if your pc settings page is not accessible then you cannot do this from there, so instead press “Windows key + x” and choose computer manager. And use the user manager from here to create yourself a new user, and add the user to the administrators group.
Now login/switch to this new user, and test if this user still has the same issues, hopefully not, which means it was indeed a corrupted profile, as was the case for me. If you do still have the same issues with the new user, then something else is the cause, so you can either continue following suggestions elsewhere. The first time I had this issue I had to resort to a full windows reset, even refresh did not work.
Assuming your new user is working, the simplest way to migrate to this user is thus.
- Switch back to your original user, and make sure all your data and everything you want to keep is saved to your onedrive
I suggest you create a list to make sure you do not miss anything, this includes application settings you might want to save.
- If you do have access to the pc settings, then check your onedrive sync settings and make sure everything is synced
- Once you have everything saved to onedrive, logoff and login as the new user
- Now delete your original corrupted user
- Go to PC Settings -> Account -> your account and connect it with your Microsoft account
- Once your Microsoft account is linked, your onedrive will start syncing and files downloading and your synced account settings will be re-applied.
You now simply need to copy your onedrive files back to their original locations if required, for thing like application settings etc.
In general it is a good to save everything to onedrive by default so that you always have a backup, as it seems that corrupted profiles is quite common.
I found this solution to be quite painless, all I had to do was re-install the Microsoft store apps and not much else.
Until now I have always been an Android user, we have had a few android phones with my last one being a Samsung galaxy note and my wife’s a Samsung galaxy s3 and It was always pretty decent OS with the first phones and even my galaxy note when I first got it with android 4.1, but since I upgraded to 4.2 everything wen’t downhill.
It now runs ok with nothing installed, but as soon as I install some apps, it runs like crap and I have had to install memory and battery booster apps to kill everything regularly and keep it running as it constantly runs out of memory. The battery will barely even last a day now, it used to last at least 2 days on standby before Android 4.2, so android 4.2 has more than halved the battery life.
If I actually dare use it for gps or playing a game, it will be dead within an hour or 2 usually, even with just basic use (email, facebook, twitter) it will be dead by dinner time. It constantly needs restarting or all apps to be closed to get any responsiveness back from it, which is rubbish. what is the point in a phone that you cannot actually use or the battery will run out?
In order to actually use it I have to have a portable charger with me at all times, or have it plugged into my car charger. As I need my device primarily for work when away from the office, this is no good at all.
I am also annoyed by the fact that I cannot actually use the entire 16GB RAM that it came with. This is divided into 2GB system RAM and the rest is USB storage. Can you install anything onto the USB storage? no, that would actually be useful wouldn’t it, most apps will only install to the system memory, which fills up pretty quickly and then makes the phone unusable. So in order to install more than a few apps you have to buy an SD card and then move as many apps as possible to that, but
even Samsung themselves do not seem to understand how this works, I spent countless hours on the phone to their support trying to explain this issue, but they insisted that the 16GB was all the same memory, there was not 2 different types of storage so shouldn’t be an issue, sigh! I even tried O2 support, but they could not get past the fact it was called “USB storage” and so just insisted I must have connected an external USB device.
I have had the phone replaced 3 times, and I have seen many such similar complaints on forums about the battery life decreasing by up to 75% since android 4.2, and my wife’s phone is not much better, so this is clearly not a hardware issue with my specific phone, just a general problem with android, android just seems to get worse with every release. Needless to say I was fed up and ready for a change.
I have no interest in iPhones, I tried it before, never liked it, sent it back the next day. So I decided to give windows Phone a try. I had just ordered a Nokia Lumia 625 for a staff member anyway, so decided to keep it for a couple of weeks and try it out myself first.
It certainly does take some getting used to, the interface is very simple and childlike compared to android, which initially I found very annoying and frustrating. I also found it very annoying that I could not quickly access notifications and settings as I could with the android, and this became a show stopper for me as it quickly got very annoying having to go hunting for those settings when I wanted to change them and not having a quick access list of notifications.
I tried the phone for a week but still wasn’t liking it, but before I gave up I decided to go and post on some forums about my qualms and see if there was any solution. After all I was an adamant Windows 8 hater as well once, but then windows 8.1 changed that and I am using it right now to type this.
I got a mixed response on the forums, mostly just hateful and obnoxious responses from one Windows phone fanboy claiming I was complaining about nothing, but a couple of more helpful guys suggested I wait for windows Phone 8.1 which would solve my complaints. So I sent the Lumia 625 off to the destined staff member and waited for Windows Phone 8.1.
A couple of weeks later O2 released the Nokia Lumia 930, with windows Phone 8.1, so I decided to take another punt and use my upgrade to get this phone. I have to say that 8.1 really made the difference for me and has solved my complaints, it now has a pull down task bar with quick access to 4 buttons, these can be changed but by default are set to WIFI, BlueTooth, Camera and Rotation lock. You also have a link to ALL SETTINGS and underneath all your notifications, just like Android.
For more info checkout this article 10 New Features in Windows Phone 8.1 Quick Settings
One of the top complaints have read about Windows Phone is lack of apps, but I really have not found this to be a problem myself and from what I have read neither have others who have actually used a Windows Phone rather than reviewed it purely as a non user and simply based their opinion on number of available apps.
Currently at the time of writing the Windows Phone Store has over 300,000 apps, now this may pale in comparison compared to the 1 million+ apps in the Android store and 900k+ in Apple iStore, but this is still hardly a small number and to date I have been able to find every app I needed or a suitable alternative.
If you are simply going to compare numbers, then you should consider how many of those 1 million apps in the android store are just total crapware, and having been an Android user for several years I can attest to how much crap there is and also most of it is also spyware as well, if you do not carefully check the permissions each app if asking for, then it will steal all your contacts, monitor your calls and WIFI and collect details of all other devices connected to your network. This is especially true of free apps and games.
For every app or game you find, there are dozens of ripsoffs/copies/similar apps/games, and while i’m sure Windows Phone store will end up the same way, currently it isn’t, so you have far less crap to wade through to find quality apps, and it seems as though the ability for apps to SPY is not there by default too.
Whatever system you choose there are always going to be good and bad points, you simply have to decide which outweighs the others. For me the current negatives of Android far outweigh the negatives of Windows Phone, at least for me.
Here are the things I like about my Nokia Lumia 930
- Good solid phone
Most phone reviews I read tend focus on form over functionality and will rate phones on how thin and curvy they are rather than how they perform, which I find totally backwards and also pointless, as most phones basically look the same these days.
The problem with most phone’s is that they are all fighting to be as thin and light as possible. This results in phones that feel flimsy and are easy to break, and frankly I find this to be a pointless battle as phones are already thin and light enough at the sacrifice of battery life.
The Nokia Lumia 930 is 9.8mm thick, so it is hardly chunky, it is however very square and does not have the curved edges of most phones, as a result it feels more solid and doesn’t feel like it will slip out of my hand, and I haven’t really felt the need to buy a case for it. I have dropped it several times now without an issue.
- Better battery
The (obvious) problem with ultra thin phones is that the batteries do not have sufficient power, and this will not improve any time soon as there have been no advances in battery technology to keep up with the devices that use them, so the thinner phones get, the quciker they run out of power.
The Lumia 930 has a 2420mAh battery, which is pretty decent and more than most phones I have looked at, no doubt due the fact that Nokia made the smart move to go for functionality over form, and as mentioned above has not sacrificed battery capacity to make the phone 1mm thinner.
After I got this phone I tested to see how long the phone would last in standby with zero usage. It lasted 3 days and still had battery left, so is considerably better than my galaxy note/Android.
In day to day use I am only using 50% of the battery by bedtime, and I can get get 3-4 hours of game playing before I get a low battery warning.
- Greasy finger proof
This is one annoying thing with every phone I have owned, as soon as you touch them, the back cover immediately gets covered in greasy finger marks. The Lumia doesn’t suffer from this problem, or maybe it simply isn’t notiable due to the garish colors.
- The garish color
This was something I thought I wouldn’t like originally, mine is bright green, not exactly my favourite color. However this has turned out to be quite useful, I often leave my phone lying around the house and have to go hunting for it usually cannot see it even when it is right in front of me as they tend to be black and just merge in with everything around them. I don’t really have this problem now with a bright green phone 🙂 as long as I remember to put it face down.
- Camera features
The Lumia 930 has a dedicated camera button which instantly launches the camera app, something sorely misisng from most phones, and best of all it works even when the phone is locked and password protected.
I could never do this with my Android, as the only way to have instant access to the camera from the lock screen was to disable the password and make the phone insecure, which is really not a good idea when your phone has access to your facebook, email, twitter etc. As a result I often missed out on photo opportunities of my kids because by the time I gave got my phone out, turned it on, entered the password, started the camera app, it was too late.
- Feels more like a business device
I use my phone more for work than play, and I must say that Windows phone feels far more suited to this arena and I feel this is probably the niche where Windows phone may take off, especially considering that most business users are windows users and will (eventually) be using Windows 8.1 or its successor on their desktop PC.
The interface is slick and simple and uncluttered, and the way the live tiles auto update is simple yet useful. If you are coming from Android then it may take a couple of weeks for it to grow on you, but I got there eventually and I really didn’t like the metro interface to begin with.
- Simple Interface
While the simple tile interfaces was annoying at the start and is not perfect, it eventually grew on me. It is so simple to use that it is certainly the phone you would want to give to a non technical person like your parents for example, who would likley have a much easier time getting to grips with it and using the tiles than they would with an Android or iPhone, and because of that it would be much easier to support.
- Wireless Charging
It comes with an inductive charger, not unique I know, but it is the first device I have owned which supports inductive charging and it is ace. Although the charger does seem a little tetemperamental and requires the phone to be in a specific position, so by the time I have finally found the charging position I could have plugged it in instead.
I can certainly see myself getting a charging pad and using only inductive devices in the future.
what I don’t like so far
- Lack of google integration
I am deeply embedded in the Google eco system, my company uses Google apps and so do I, and I have become very accustomed to all my photos being automatically uploaded to Google+, which is no longer possible, at least not natively.
Windows Phone will instead upload your photos to OneDrive, which is understandable as it is a Microsoft eco system, but this does mean more work via your PC if you then want to store and share those images on G+
I really don’t much care for the built in calendar. It is very hard to read, at least for me as I am very long sighted, even with the system font size increased I cannot read the daily events without opening them.
- Color scheme
You have no granular control over this, you can choose a base colour for your system, which becomes the default tile color and affects background and text color, and it is just impossible to read text in places where the colors clash.
The simple tile approach doesn’t work for everything.
- Sound management
On my android I was able to set reminders and alerts to play continuously until I acknowledged them. I have not been able to do this on windows phone, which means if I do not hear the one time ding or beep to tell me there is an event or text message, I miss it.
- No extendibility
The lumia 930 is a closed phone, you cannot get at the battery or add more memory with an SD card.
Although to be fair, it does have 32GB onboard + 2GB system RAM, which is the same as I had on my android with an SD card, so I think I am unlikely to ever exceed this anyway.
My experience with adding bigger batteries to phones was also not a positive one and i ended up switching back to the default battery, so I am probably not misisng out on anything there either. But this may be an issue for some with this phone.
- NFC is not implemented properly
I never had cause to use NFC until recently, when I purchased a Yubikey neo to use with LastPass, only to discover that it won’t work because Microsoft have done a non standard implementation of NFC.