Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Removes Antivirus Registry Key Check for Windows 10 Users (bleepingcomputer.com)

Posted by msmash on from the better-late-than-never dept.

Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates. From a report: That particular "requirement" was introduced as part of the Meltdown and Spectre patching process. At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft's original Meltdown and Spectre patches. This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

18 of 38 comments (clear)

  1. Can't have users deciding by Anonymous Coward · · Score: 1

    Can't let users have the power of deciding when to install updates now, can they? Gotta close that loophole. Microsoft knows best.

  2. Makes Sense by ErstO · · Score: 4, Interesting

    it does not really sound like a backtrack, but more like we do not need to do this anymore, now that the antivirus programs stopped using those parts of the kernel that the patch needed.

  3. Holy Cow by SuperKendall · · Score: 3, Insightful

    This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

    This is really bringing me back to the old days of Microsoft Windows...

    Never have Mac and Linux and BSD and well, all other OS users ever been so glad as not to be a part of the Mother of All Cluster Fucks that is Windows. And we were pretty glad before.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. I'm all for hating Microsoft... by ckatko · · Score: 5, Interesting

    ...but screw A/V vendors even more. There are countless devs on huge projects like Firefox and Chrome that talk about how horrible A/V vendors treat your system and even INJECT new vulnerabilities into your system.

    https://it.slashdot.org/story/...

    https://www.theregister.co.uk/...

  5. WSUS by l0n3s0m3phr34k · · Score: 1

    How does this affect Windows systems that receive all their updates via WSUS?

  6. Finally, a feature we can get behind ... by _Sharp'r_ · · Score: 3, Interesting

    Finally, a way to actually turn off updates until we want them in Windows 10 and MS comes back and takes the feature away. Sheesh!

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    1. Re:Finally, a feature we can get behind ... by drinkypoo · · Score: 1

      Finally, a way to actually turn off updates until we want them in Windows 10 and MS comes back and takes the feature away. Sheesh!

      The left hand reacheth for your wallet, and the right hand flippeth thou the bird.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. And if the AV is still incompatible.. by w.hamra1987 · · Score: 1

    what happens then? Guess I gotta brace myself for a wave of new frustrated customers :D

    --
    my sig pwns your sig
  8. So does this mean.. by CptLoRes · · Score: 1

    That if I stay on Win7 and don't add this key, Microsoft will leave me alone unless I manually want to update something? Don't know about you, but this sounds like a really nice feature to me..

  9. No way! by drinkypoo · · Score: 1

    Microsoft said they would do one thing and then did another? That's only exactly what they do literally every goddamned time.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  10. Missing the actual story? by BinaryTB · · Score: 1

    "some antivirus vendors would inject code into parts of the kernel"

    That's the more important part of the story.

  11. Uh ... by thomst · · Score: 2

    Antivirus vendors' products are injecting their own code "into parts of the kernel" that Microsoft was trying to patch? And Microsoft allows this?

    No third-party software should ever be allowed to patch an OS kernel - any OS kernel. Ever.

    (Yes, yes, I know. Kernel patching has been SOP for all kinds of Windows software for decades now. But, c'mon - Windows 10 was supposed to have been designed from the ground up to be secure. Permitting the OS kernel to be patched by third parties, even with user permission required, is a fundamental security design flaw that no OS architect should allow ...

    --
    Check out my novel.
    1. Re:Uh ... by thegarbz · · Score: 1

      Permitting the OS kernel to be patched by third parties,

      I don't think you understand what is happening here.

    2. Re:Uh ... by Trogre · · Score: 2

      Okay, thegarbz, I've seen a lot of Microsoft apologist posts coming from you recently. Would you care to explain to us lay people exactly what is happening here, if it's not OS kernel patching by third parties.

      Take all the time you need.

      Or should we just congratulate you on your new job now and ask you to say hi to Satya?

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    3. Re:Uh ... by Hognoxious · · Score: 1

      Maybe Lennart Poettering refused to give him a reach-around?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:Uh ... by thegarbz · · Score: 1

      I've seen a lot of Microsoft apologist posts coming from you recently

      Then you're not paying attention. I am an equal opportunity disagreer of stupid posts on Slashdot. Microsoft is not special in any regard.

      if it's not OS kernel patching by third parties

      3rd parties don't patch the windows kernel. What plenty of third parties do is use both documented and undocumented APIs to elevate their software access to the point where they access the kernel memory space. Kind of the only way to really discover and protect against rootkits. One of these methods is incompatible with the solution to Spectre.

      If you thought anyone was "patching" then pretty much every minor windows update would break the software. Interestingly you know what does patch OS kernels? Some open source software.

    5. Re:Uh ... by thegarbz · · Score: 1

      Maybe Lennart Poettering refused to give him a reach-around?

      Nah man, I can't get it up right now on account of just finishing up on your mama's* face.

      *No one is ever too old for a your mama joke.

  12. They didn't backtrack by thegarbz · · Score: 1

    Microsoft put the check in place for compatibility reasons. Yet they have clearly said in the article and the original announcement that the reason they are dropping this flag is because their vendors did exactly what the registry key was designed to do: Get vendors to update their software or admit they are leaving users at risk.

    Vendors chose to update their software, registry key is now superfluous. That a backtrack doesn't make.