Slashdot Mirror

https://msdn.microsoft.com/en-...

Registry settings that can be modified to improve operating system performance

This section provides a description of recommended values for several registry entries that impact operating system performance. These registry entries can be applied manually or can be applied via the operating system optimization PowerShell script included in Windows PowerShell Scripts.
Increase available worker threads

At system startup, Windows creates several server threads that operate as part of the System process. These are called system worker threads. They exist with the sole purpose of performing work on the behalf of other threads generated by the kernel, system device drivers, the system executive and other components. When one of these components puts a work item in a queue, a thread is assigned to process it.
The number of system worker threads should ideally be high enough to accept work tasks as soon as they become assigned. The trade off, of course, is that worker threads sitting idle consume system resources unnecessarily. Modify and/or create the following REG_DWORD values in the registry and then set to the recommended values listed below.

The AdditionalDelayedWorkerThreads value increases the number of delayed worker threads created for the specified work queue. Delayed worker threads process work items that are not considered time-critical and can have their memory stack paged out while waiting for work items. An insufficient number of threads will reduce the rate at which work items are serviced; a value that is too high will consume system resources unnecessarily.

AdditionalDelayedWorkerThreads
Key: HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\Executive
Value: AdditionalDelayedWorkerThreads
Data Type: REG_DWORD
Range: 0x0 (default) to 0x10 (16)
Recommended value: 0x10 (16)
Value exists by default? Yes

The AdditionalCriticalWorkerThreads value increases the number of critical worker threads created for a specified work queue. Critical worker threads process time-critical work items and have their stack present in physical memory at all times. An insufficient number of threads will reduce the rate at which time-critical work items are serviced; a value that is too high will consume system resources unnecessarily.

AdditionalCriticalWorkerThreads
Key: HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\Executive
Value: AdditionalCriticalWorkerThreads
Data Type: REG_DWORD
Range: 0x0 (default) to 0x10 (16)
Recommended value: 0x10 (16)
Value exists by default? Yes

From the Windows 10 S FAQ: "When in Windows 10 S configuration, you are able to download any browser available in the Windows Store"

From "Windows Store Policies", as reported in "Microsoft Has Effectively Banned Third-Party Browsers From the Windows Store" by Catalin Cimpanu:

10.2.1
Apps that browse the web must use the appropriate HTML and JavaScript engines provided by the Windows Platform.

Thus all web browsers for Windows 10 S are wrappers for the same EdgeHTML engine that Microsoft Edge uses, in the same way that all* web browsers for iOS are wrappers for the same Apple WebKit engine that Safari uses. If a user encounters a site that relies on a new web platform feature that Edge does not implement, the option to switch to a Blink or Gecko browser in order to work around lack of support in Edge is paywalled to users of Windows 10 S, as the user would first have to purchase the upgrade to Windows 10 Pro.

I know Google has made Chrome In Name Only for iOS, and Mozilla has made Firefox In Name Only for iOS, both of which wrap Apple WebKit. But to what extent would it be a worthwhile effort and positive brand move for Google and Mozilla to produce browsers that wrap EdgeHTML for Windows Store?

* Except Opera Mini, which is more like running Remote Desktop to a web browser running on a VPS somewhere.

Windows 10 S is locked down to run only Edge

No. You can run other browsers. It's just that Edge is always the default browser. Read the Windows 10 S FAQ

https://blogs.msdn.microsoft.c...

It basically scrubs all values that don't meet certain criteria with 0xAAAAAAAA. Also in patent 8,645,763.

Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.

Windows users do not use Bash.

This is true of Windows 10 S, not Windows 10 Home or Windows 10 Pro. These operating systems can run Bash as part of Windows Subsystem for Linux. Think of WSL as Microsoft GNU/Windows.

Could look it up.

I'm still getting WEPOS updates.

The surplus computers are running cheap security cameras in hostile environments.

It was only "backported" in the form of "recommended" (not "critical") telemetry updates, most of which can easily be removed.

And telemetry can be disabled by opening Task Scheduler and looking through all the schedules tasks, along with the disabling "Customer Experience Improvement Program" which is what opts the user into telemetry collection in the first place.

They are fine as long as they don't run Java on nuclear subs:
Excerpt from https://technet.microsoft.com/en-us/library/cc976720.aspx

Java technology is not fault tolerant and is not designed, manufactured, or intended for use or resale as on-line control equipment in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems, in which the failure of Java technology could lead directly to death, personal injury, or severe physical or environmental damage. Sun Microsystems, Inc. has contractually obligated Microsoft to make this disclaimer.

here

If the CSS loads all the desktop-version images, it's badly coded and/or the browser doesn't use the CSS properly.

What's the proper way using HTML and CSS to specify a separate image for desktop or mobile? Internet Explorer fails to support the srcset property of the img element at all, and srcset in Edge has severe distortion issues.

Microsoft operating systems are capable of uploading updated microcode at boot time as well (for example, this update from 2015.)

And I should imagine that Linux and MacOS both can do likewise - so the major vendors are Apple, Microsoft and the linux distro. makers.

If you want to know that just read through these 94 pages: https://docs.microsoft.com/en-...

ONLY apps can app apps!

How so? Microsoft bans anything remotely similar to Visual Studio on Windows 10 S. "Prepare to package an app (Desktop Bridge)" lists the following as an issue that must be addressed before packaging an app:

Your app generates code. Your app can generate code that it consumes in memory, but avoid writing generated code to disk because the Windows App Certification process can't validate that code prior to app submission. Also, apps that write code to disk won’t run properly on systems running Windows 10 S.

Drivers for Windows 10 S must meet these requirements. I imagine that participants in a public driver beta test would use Windows 10 Pro instead of Windows 10 S.

From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

Disable SMBv1 on the SERVER, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

Enable SMBv2 on the SERVER, configure the following registry key:

Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

---

Disable SMBv1 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

sc.exe config mrxsmb10 start= disabled

Enable SMBv2 & SMBv3 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

sc.exe config mrxsmb20 start= auto

---

* The above is per https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/

APK

P.S.=> For a SINGLE 'standalone' non-networked PC (no home network/LAN but TCP/IP connected online) turn off Server & Workstation services.

That shuts off any "handles" (port 445) this thing propogates thru + turn off NetBIOS over TCP/IP in your internet connection & uncheck/disable Client for Microsoft Networks + File and Print Sharing. Port 139 & 445 always pop up issues over time. It also makes your packet trains smaller (no encapsulation of LanMan)

I covered all this 11++ yrs. ago in a security guide I wrote for users with a single system & apparently, its advice STILL STANDS THE "TEST OF TIME" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ vs. even today's threats like this one.

* This effectively makes this threat a non-issue + saves you CPU cycles/RAM & other I/O wasted on services you don't NEED as a single PC user only... & you don't. They're just wastes with a single PC really. Many services are (covered in guide above based on CIS Tool guidance (who took fixes to their ware from "yours truly" too, no less)) & again, no more encapsulated packet bulk.

AND?

Don't be STUPID & click on attachments in bogus malicious emails this thing propogates thru also (Chrome/Opera/Webkit users - BEWARE of the ShellControlFile issue that just popped up (.scf file) noted here-> http://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/ ) ... apk

I am a long time Skype fan; it was a powerful communication tool, not a social networking toy. If offered easy transitions from text to voice to video, easy exchange of files, cross-platform consistency,
reliability with an easy to use interface.

No more. The Skype Android June 2017 is a disaster. They have deleted important features and added toys.

1) there is no more contact list; you can't tell who is available.
2) bad use of screen real estate
3) no configuration
4) no user alpha/beta; it's just install

I use to be able to collaborate all over the world; this appears to be coming to an end for a bad imitation of snap chat.

If you actually find Skype a great tool, please go to

      https://answers.microsoft.com/...

and complain.

Okay, we have two companies working together who do not exactly have the more trustworthy reputation.

On one side, we have Microsoft, mass data collector who from Windows 8 started force feeding ads, private data extraction (see list here : https://docs.microsoft.com/en-...), also force feeding updates, lying about the nature of a number of their updates (categorized "critical" which includes a new ad server?!?) and their trying to force feed upgrades from Windows 7 (now trusting updates to windows 7 is also an issue).

On the other side we have Accenture. Does anyone remember that this is the new name for Author Anderson, who had a scandal with fudging financial records of a number of major corporations (https://www.wsj.com/articles/SB1023409436545200).

And THESE people are creating legal verification records? Also remember Accenture does a LOT of IT recruiting now. Anybody see a new data fudge coming? A new name and hair dye may change the appearance of a tiger, but it doesn't change it's stripes or it's nature.

the basics should start by looking at your identity and identity management, if you are reliant on network security you have already lost.

I'm sure identity management is quite effective against SMBv1.

https://support.microsoft.com/en-us/help/3185535/guidelines-for-blocking-specific-firewall-ports-to-prevent-smb-traffic-from-leaving-the-corporate-environment

From MS - SMB Ports 445/139 (TCP) & 137/138 (UDP) protection via:

Disable SMBv1 on the SERVER, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

Enable SMBv2 on the SERVER, configure the following registry key:

Registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB2

REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled

Default: 1 = Enabled

---

Disable SMBv1 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

sc.exe config mrxsmb10 start= disabled

Enable SMBv2 & SMBv3 on the CLIENT, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

sc.exe config mrxsmb20 start= auto

---

* The above is per https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012/

APK

P.S.=> For a SINGLE 'standalone' non-networked PC (no home network/LAN but TCP/IP connected online) turn off Server & Workstation services.

That shuts off any "handles" (port 445) this thing propogates thru + turn off NetBIOS over TCP/IP in your internet connection & uncheck/disable Client for Microsoft Networks + File and Print Sharing. Port 139 & 445 always pop up issues over time. It also makes your packet trains smaller (no encapsulation of LanMan)

I covered all this 11++ yrs. ago in a security guide I wrote for users with a single system & apparently, its advice STILL STANDS THE "TEST OF TIME" https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Google+Search&gbv=1/ vs. even today's threats like this one.

This effectively makes this threat a non-issue + saves you CPU cycles/RAM & other I/O wasted on services you don't NEED as a single PC user only... & you don't. They're just wastes with a single PC really. Many services are (covered in guide above based on CIS Tool guidance (who took fixes to their ware from "yours truly" too, no less)) & again, no more encapsulated packet bulk.

AND?

Don't be STUPID & click on attachments in bogus malicious emails this thing propogates thru also (Chrome/Opera/Webkit users - BEWARE of the ShellControlFile issue that just popped up (.scf file) noted here-> http://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/ ) ... apk

I can't decide if you're joking or just stupid.

Correct URL: https://support.microsoft.com/...

A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.

The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

Emphasis mine. Frankly, it doesn't seem very critical for us desktop users.

According to this page, only XP and 2003 Server are affected. Vista and newer aren't.

Correct URL: https://support.microsoft.com/...

A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.

The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.

Emphasis mine. Frankly, it doesn't seem very critical for us desktop users.

According to this page, only XP and 2003 Server are affected. Vista and newer aren't.

Here's the MS article...
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

Article ID: 4025687 - Last Review: Jun 13, 2017 - Revision: 13
Applies to:
Windows Vista Service Pack 2, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Business, Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Starter, Microsoft Windows XP, Microsoft Windows XP Professional, Microsoft Windows XP Home Edition, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86), Microsoft Windows Server 2003 R2 Enterprise x64 Edition, Microsoft Windows Server 2003 R2 Standard x64 Edition

Does NOT apply to:
Windows 7

Does that seem kind of weird to anyone?

That is just one of the XP patches. They are all here, along with Win 8 and S2003

https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

This full list of patches from this month that have something for XP appears to be:
This KB3197835
and this KB4012583
and this KB4018271
and this KB4018466
and this KB4019204
and this KB4022747
and this KB4024323
and this KB4024402
and this KB4025218

You guys?

https://support.microsoft.com/...

sort by date: http://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+Windows+XP+SP3

sort by date: http://www.catalog.update.microsoft.com/Search.aspx?q=Security+Update+for+Windows+XP+SP3

If you search for "windows XP", the last patch was released in 2014:

https://www.catalog.update.mic...

If you search for "windows XP sp3", then you can find the last patches that were just released:

https://www.catalog.update.mic...

If you search for "windows XP", the last patch was released in 2014:

https://www.catalog.update.mic...

If you search for "windows XP sp3", then you can find the last patches that were just released:

https://www.catalog.update.mic...

TL;DR

http://www.catalog.update.micr...

Someone finally found it!

TL;DR

http://www.catalog.update.micr...

ZDnet links here:

https://portal.msrc.microsoft....

There are 4 pages of patches so I assume XP is on one of them.

A good programming editor has the ability to make 'whitespace' characters visible somehow. IMHO, lack of that feature is one of the criterion for being good or being suitable for programming. (Yes, you can also write War and Peace in notepad.exe if you really have to.)

VIM has 'set list'.

Sublime shows whitespace on selected text.

Atom has the editor.toggle-invisible setting (and lots of packages to add menu option for it.)

Visual Studio has CTRL + R, CTRL + W Menu: Edit -> Advanced -> View White Space

In EMACS you have to write a little lisp code.

At the end of the day this is about as annoying as finding the missing semicolon in ALGOL-style code.

Didn't you get the memo?

Microsoft is leading us all into glorious UPPERCASENESS, it's all the fucking rage these days.
https://wrgms.com/tired-of-all-caps-menus-on-visual-studio-2012/

Although even they have unusually permitted people to "fix" it, if they want ...

https://answers.microsoft.com/en-us/msoffice/wiki/msoffice_install-mso_other/proper-case-for-office-2013-ribbon-menus/d28ad27b-a727-4b63-a6e1-46deb15696a8

(Full-on retard is the new black.)

What's wrong with blank space? It's the new cobol period.

Get with the times ...

64-bit versions of Windows do not support 16-bit components, 16-bit processes, or 16-bit applications

That's why. There is still a TON of legacy apps out there in use that won't function properly. I don't have that problem. But it exists. And that's only one of the reasons. I'm sure there are other reasons.

Does "Run task as soon as possible after a scheduled start is missed" in Windows Task Scheduler ensure that the missed tasks run in order, so that the missed "turn metering off" task that had been scheduled for midnight doesn't incorrectly run after the missed "turn metering back on" task that had been scheduled for 8 AM? Microsoft's page about "Run task as soon as possible after a scheduled start is missed" makes no mention of any ordering guarantee.

I was referring to the policy option in Windows and Android not to perform some background downloads over connections that the operating system believes to be metered. (See metered connections in Windows and metered connections in Android.) Which operating systems offer a way to make the operating system believe the connection to be metered only during certain hours?

The SMB Direct feature sounds interesting. Apparently it was introduced in Windows Server 2012.

It requires a network adapter that supports Remote Direct Memory Access (RDMA). Here's the part I found interesting:

After at least one RDMA network connection is created, the TCP/IP connection used for the original protocol negotiation is no longer used. However, the TCP/IP connection is retained in case the RDMA network connections fail.

Not every permutation and combination of malware not seen before is "ingenious".

File system filter driver dynamically installs malware. Got it. Isn't this the kind of thing a file system filter driver is supposed to do? "filter can mean log, observe, modify...." https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/what-is-a-file-system-filter-driver-

Handy tool, but unless I'm missing something, "ingenious" is way overstated. 25 years ago, this might have been novel.

The majority of the spread was caused by Windows 7 machines, several months after security updates were released.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Release March 14: Microsoft Security Bulletin MS17-010 - Critical