Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019

Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article. From a report: Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. But going forward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said.

Microsoft : You must update to have updates

Update coming to update you so you can get updates. Dawg.

Re: Microsoft : You must update to have updates

Bug going foward,

Important to get new bugs from Microsoft

Re:Microsoft : You must update to have updates

[Stormwatch]

As much as I like Linux, Windows is still where all the games are.

Re: Microsoft : You must update to have updates

Foreshadowing by the OP? Hmmmm ... could bee.

Re:Microsoft : You must update to have updates

[Shikaku]

https://store.steampowered.com...

Steam has Wine built in nowadays, but it's called Proton as part of its internal usage. This is the list that's compatible, and officially they have Proton enabled by default for these titles: https://steamcommunity.com/gam...

They've also been doing a lot of work and upstreaming features to Wine, like DirectX12 to Vulkan API.

Re:Microsoft : You must update to have updates

[Luckyo]

That has been the story of windows update several times now, where you had to update windows update to get updates.

Re:Microsoft : You must update to have updates

and it sucks ass. few titles run and fewer run well enough to actually play; while native linux games are mostly amateurish pieces-of-shit. big mainstream developers and publishers will never develop 'aaa' titles for linux because cheat and antihack protection and detection, as well as drm, are more difficult.. possibly even impossible, given the absolutely wide open nature of the platform.

if you want to play pc games, you'll always need the windows pc, even if games is the only thing its used for. pc gamers need to think of the pc as more like a customizable and upgradable, gaming console, although normally also more expensive (but with no pc version of psn or xbl sucking even more cash from you.... yet).

Re:Microsoft : You must update to have updates

Fuqkno... I write my own games. Never going back to that Windows garbage.

Re:Microsoft : You must update to have updates

[Joce640k]

As much as I like Linux, Windows is still where all the games are.

I thought Steam fixed all that.

Re:Microsoft : You must update to have updates

[scdeimos]

On the plus side, this should be the last set of Windows 10 updates for Windows 7.

Re:Microsoft : You must update to have updates

[AmiMoJo]

There is also a surprising lack of decent file managers for Linux. Certainly nothing on the level of Directory Opus.

It's very strange. You would think that Linux would be the best at all the nerdy stuff like advanced file management and software development, but actually it lags quite a bit in those areas. Games I don't really care about, but productivity tools...

Re: Microsoft : You must update to have updates

[nightcats]

Ah, yes, the techno-Freudian slip that the editor blithely lets through. Makes a man's cigar glow.

Re:Microsoft : You must update to have updates

Ye linux only has more games than all 3 game consoles added together. Clearly not a game platform!

Re:Microsoft : You must update to have updates

Probably, because serious development is done on the command line, and not through some gui
like eclipse or whatever. I tend to use a gui for the debugging phase, but the fact of the matter is,
the most complex part of any modern development is writing the test suite, and no gui is ever going
to simplify that task.

This is why there's so much regression in Linux's desktop, because the developers / maintainers
don't have a sense for how to write automated tests for code that presents visually. So they'll do
happy testing using manual efforts and miss many, many edge cases because there's only a practical
number of hours that can be devoted to testing.

CAP === 'contact'

Re:Microsoft : You must update to have updates

[arglebargle_xiv]

Fast-forward to July 17, 2019, where Slashdot will run a story about Windows 7 systems breaking because they can't download the SHA-2 code signing update to allow them to download SHA-2 signed updates.

Re:Microsoft : You must update to have updates

Yup. The sole reason why I still dual-boot. My Civilization 4 runs perfectly in Wine, but most other games don't.

Re: Microsoft : You must update to have updates

[Billly+Gates]

And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.

Re:Microsoft : You must update to have updates

[Highdude702]

You obviously haven't even tried to play any games in the last 6 months on linux. Steam is kicking ass with Steam Play, And games that use unity 2 where they removed linux support, still work just as well as windows. Maybe instead of just bashing it you should try it occasionally. So you even have a Linux bootable os? I would doubt it from your rant.

Re:Microsoft : You must update to have updates

[Highdude702]

They are chipping away at it. They have done leaps and bounds with Steam Play. Their dev team isn't half bad it seems.

Re:Microsoft : You must update to have updates

[Luckyo]

It's more of a fast rewind to 2015, when the initial patch for this was released iirc.

Re:Microsoft : You must update to have updates

Ya right after Linux people stop being the biggest problem with Linux right after no driver support. so fucking thick you don't now what embedded means.
You people are as fucking annoying as vegans, you have to tell everyone you use Linux and act like Linux has 0 draw backs.
The best selling feature for Linux for me would be people like you STFU.

Re:Microsoft : You must update to have updates

[pezezin]

I took a look at some Directory Opus screenshots, and what is so wonderful about it that Dolphin doesn't have?

Re:Microsoft : You must update to have updates

[Dunbal]

serious development is done on the command line, and not through some gui

Mere command line snobbery. Serious cargo hauling is done with a horse and buggy and not these newfangled horseless carriages... You also seem to be equating development with testing. That's like equating eating with defecating. While one certainly depends on the other, they are hardly interchangeable and synonymous.

Re:Microsoft : You must update to have updates

[AmiMoJo]

Screenshots don't really do it justice... Basically it's like one of the classic two-pane file managers, but each pane is a window and you can have an unlimited number of them. File operations are advanced, such as queued copying, rename with two types of regex, even file selection based on regex, directory structure flattening, multiple scripting languages, rename from metadata, all kinds of stuff.

Dolphin is more of a basic Explorer/two-pane hybrid. Say you had a folder structure where you wanted to extract all the .html files that are 3 levels deep and move them to an identical structure somewhere else, could Dolphin do it? How about if you needed edit the metadata on a bunch of MP3 files, then rename and sort them into a folder structure along with associated album artwork? Or even something simple like wanting to queue up several large file copies so that your mechanical drives don't end up thrashing like crazy.

Re:Microsoft : You must update to have updates

[EvilSS]

On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019.

Re:Microsoft : You must update to have updates

Indeed, I've bought a number of Linux games using Steam. I'm not a hardcore gamer, but I found plenty of selection for my tastes.

Re:Microsoft : You must update to have updates

[AmiMoJo]

Command line is never going to cut it for serious development on large projects. If you get a compilation error who wants to dick around manually going to the right file and line to fix it, when a GUI lets them go there in a single click? Who is going to muck about with grep and clever regexs to find all references to a particular function, or worse try to refactor it over the entire project with sed?

Re: Microsoft : You must update to have updates

Can you get the SHA-2 update without the SHA-2 update?

Re: Microsoft : You must update to have updates

Bullshit. Linux zealots are living in their own dreamworld. While you could rattle of a small list of 50 Linux games, I could list EVERY OTHER FUCKING GAME that runs on Windows, and not just games but a whole universe of other software. Even FOSS superstar horseshit like GIMP and Libre (totally gay sounding name, by the way) Office have Windows ports. Really, if your sales pitch is "we got cool software too", you aren't even close. Nevermind the fact each Linux desktop environment sucks a different portion of ass in their own way. Only FOSS zealots who have a subhuman hatred for proprietary software and Microsoft could tolerate the slum-style experience of using GNU slash Linux on the desktop.

Re:Microsoft : You must update to have updates

You must be playing some weaksauce games

Re: Microsoft : You must update to have updates

[The+Grim+Reefer]

And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.

To be fair, a lot of folks didn't upgrade to Win10 because of telemetry. When Microsoft decided to add it into a Win7 update, that was when a lot of people turned off automatic updates.

Re:Microsoft : You must update to have updates

[bobbied]

lol are people still using Micro$oft Win-Doze?

Unfortunately, Yes. I have a cable card tuner and I run Windows Media Center to DVR protected content. WMC only runs with protected content on Windows 7. There are no other options for this, except for TiVo, which involves buying a whole new set of hardware and paying subscription fees (or paying the cable company entirely too much for the service).

Where I don't like running Windows 7 and I'd replace it in a heartbeat, it's the cheapest solution I could find at the time for the cable card DVR and protected content. I've saved a boat load of money over paying the cable company for the service, or paying TiVo. Although, this is coming to an end pretty soon by the looks of things.

Re:Microsoft : You must update to have updates

That is why they took them all off of Half Life 3.

Re: Microsoft : You must update to have updates

[F.Ultra]

50? I have 275 games in my Steam right now and thanks to Proton I've just finished both Dead Space games (too bad they never made a 3:d) and Doom 2016. At https://www.protondb.com/ there is a comprehensible list of the games that work with Proton/Steam Play and it's currently at 3867 working titles.

Re:Microsoft : You must update to have updates

I guess you've never used Qt Creator. I've got all those GUI clickety click tricks you talkin' bout and more. Linux has come a long, long way from the days of sed/grep/bash.

Re:Microsoft : You must update to have updates

I dad switch to "nemo" and he's been pretty happy. He says Linux is better than Windows nowadays.

Re: Microsoft : You must update to have updates

Thank you for that link.

Re:Microsoft : You must update to have updates

[F.Ultra]

Hate the command line all that you want but the AC is right in so far as that I think that since the terminal in Linux is so good that it is the need for a GUI file manager never really emerged. Since the command prompt in Windows is so handicapped the need was so much larger and thus you got several different projects trying to solve it.

Re:Microsoft : You must update to have updates

[Highdude702]

Half Life 3 confirmed!!

Re:Microsoft : You must update to have updates

[Highdude702]

Don't use wine, use steams version it's miles ahead and keeps getting better with every client update.

Re:Microsoft : You must update to have updates

[Highdude702]

Your the one crying about how Microsoft hurts your feelings. Not us. We're just trying to help but like most battered women you keep saying "But I love him" and then we see you the next week with another black eye.

Re: Microsoft : You must update to have updates

[Shikaku]

Honestly the only issue with Linux nowadays are Nvidia cards and ease of use with desktop environments, specifically switching between different ones like XFCE to KDE and handling errors. Everything else is fine. Nvidia drivers are really hit and miss depending on the card, but AMD open sourced their drivers so people or if you want to even you could make them better. Steam Proton is making huge strides nowadays, so the argument that Linux has no games is somewhat true but to a much lesser extent with Steamplay.

Re:Microsoft : You must update to have updates

Windows is still where all the games are.

1. That's technically incorrect (the best kind of incorrect)
There's tons and tons of titles on phones, Nintendos, Playstations, Gameboys, PSPs, etc. that don't run on Windows.
Windows only runs a sub-set of all games-- a popular sub-set but nevertheless, not all of them.
And there's a LOT of extremely good games in the not-windows category.

2. Once you accept that W10 is NOT the final word for gaming you are now ready to accept the next truth: Linux DOES have games. Lot of them. Lots of very good ones.
I know this for a fact because I play for several hours at least every single night-- and I've been on Linux exclusively for almost a decade now and there's more games (AAA and indie) coming out for Linux than I have time to play--- you literally cannot ask for more than that. And I don't just mean tux racer crap either. I mean serious honest-to-goodness AAA titles that are genuinely awesome.

3. Let's say you really really really "need" this or that game which only runs on Windows. The odds are good that it will run just fine under WINE.

Sure, you may have those few titles that just absolutely will not run on Linux. It may hurt to leave them behind.
But you know what? WINE may yet support it as WINE continues to improve. And even if it never does, you may find yourself glad that you left the abusive kennels of M$ and freed yourself of your gamer stockholm syndrome.

Re: Microsoft : You must update to have updates

Linux is simply not an up to par desktop experience.

Re:Microsoft : You must update to have updates

No, my PlayStation is where the games are.

Re:Microsoft : You must update to have updates

[Luckyo]

This seems to be the standalone update for those who didn't install the original sha-2 support one from 2015. That one had problems, and MS did originally have a bulletin stating that if you have problems with it, you should uninstall it.

Fact check me on this:

https://support.microsoft.com/...

I could be reading it wrong. But it seems that sha-2 support has been in win7 ever since that patch.

Jesus Loves You SHA-1

We send our thoughts and prayers to help you through this difficult time.

BUg gOing fOward

Does no one even care to proofread anymore? Not expecting amazing journalism or anything bug this is ridiculous.

Re:BUg gOing fOward

Heh.

Re:BUg gOing fOward

or else... nice touche.

Great Clickbait

Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

tldr; nothing will change for these users

Re:Great Clickbait

[sjames]

On May 14th they'll roll out the patches again, this time signed with SHA1 so they can actually install. June 11th they'll roll back the accidentally included patch that causes all printers to add a faint watermark of Satya Nadella's butt. In July they'll roll out a patch that makes the sha2 actually verify when it should. Then in August, a patch that makes it NOT verify when it shouldn't. In September they'll re-roll back the Satya Nadella's butt watermark that somehow crept back in in August. In October they'll re-issue the re-rollback patch, this time signed with SHA2 since they removed the SHA1 code in July. In November they'll deny all knowledge of a patch replacing the start-up sound with a braying donkey.

Re:Great Clickbait

[Luckyo]

On the bright side, this story is about win7, so reasonable people already defer patching by a week or two to see what crap MS sneaked into the update this time.

Re:Great Clickbait

[xonen]

Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

tldr; nothing will change for these users

What will change is the pile of 2nd hand computers that will not be able to (automatically) receive updates because they were powered off during this critical period between March and July.

To me this sounds like a well-thought scheme to increase PC sales. I'd not be surprised if OEM's handed MS some money if they can fix the 2nd hand problem, because people can buy a perfectly functional PC for less than $50.

Re:Great Clickbait

[thegarbz]

tldr; nothing will change for these users

Nothing will change for users who have windows update automatically enabled? You don't say. Just because some users aren't affected doesn't make the article clickbait.

Re:Great Clickbait

[sumitsin]

Some of the most highly promoted features of Windows 7 include new shortcuts designed for managing windows.

Re:Great Clickbait

On the bright side, this story is about win7, so reasonable people already defer patching by a week or two to see what crap MS sneaked into the update this time.

It's amazing, really, the special treatment given to computing. In any other context this kind of repeated behavior would be considered an abusive relationship.

Re:Great Clickbait

Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:

"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.

Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "

tldr; nothing will change for these users

What will change is the pile of 2nd hand computers that will not be able to (automatically) receive updates because they were powered off during this critical period between March and July.

To me this sounds like a well-thought scheme to increase PC sales. I'd not be surprised if OEM's handed MS some money if they can fix the 2nd hand problem, because people can buy a perfectly functional PC for less than $50.

Maybe Microsoft just wants to do their part to usher in the Year of the Linux Desktop.

That's very nice of them, you know.

Re:Great Clickbait

[omnichad]

Or the bigger period of any Windows reinstall after July. Unless older updates will remain signed with SHA1, which only makes sense.

Yet again: So much for 'code signing' bs... apk

Yet again: So much for 'code signing' bs in THIS example today + this from the past (nothing's changed - signing = weak bs) https://apple.slashdot.org/sto... + THIS https://it.slashdot.org/story/... & this https://www.bleepingcomputer.c... + this https://www.bleepingcomputer.c... & THIS too https://www.helpnetsecurity.co... & why not - THIS TOO https://blog.minerva-labs.com/... + THIS from MS https://tech.slashdot.org/stor... (due to SHA1 'weakness')

* WANT MORE EXAMPLES OF THE PURE "FAIL" CODE SIGNING IS?

APK

P.S.=> Ask & "ye SHALL receive"... apk

Re:Yet again: So much for 'code signing' bs... apk

It's as though good security is done with multiple overlapping layers, any single layer is merely better than nothing, and if you want to secure a system you use as many available layers as your particular threat model warrants.

This is why I use browser add-ons, additional browser sandboxing (firejail), a hardened kernel, a browser compiled with SSP/ and other measures, either apparmor or selinux, and a few other things. Yes I also use a blacklist that blocks certain hostnames. No it's not your hosts engine, it's on my router. That way the entire network gets the blacklist in one central place. No, I wouldn't use yours in any case because you're the best anti-advocate imaginable and because I can inspect the source code of everything I am using.

To summarize, you are pointing out that one isolated security measure (code signing) can't stop all threats. I want to know if anyone was claiming that it could. It can't, this is well known, and that's why security is done in layers. I don't know what point you thought you were making. Yes, you just got humiliated. No, I'm not $SOMEBODY you think you're feuding with, seek mental help.

You call that a threat?

Next you gonna tell me you gonna send all you nymph 18yo beauty-queen daughters to my party. BRING IT ON!

Translates to: no updates for new Windows 7 instal

Translates to:
No updates for new Windows 7 installations

Microsoft is dead.

In totalitarian Microsoft, computer updates you.

In totalitarian Microsoft, computer updates you.

Who uses Windows Update?

[buck-yar]

I haven't used Windows Update since they started that rollup telemetry bs. I'd rather be owned by a hacker than MS sadly.

Re:Who uses Windows Update?

You are, my friend, you are. Now stop jerking off, Jamica.

Re:Who uses Windows Update?

[Type44Q]

I just air-gap my Windows boxes: double-ought works okay but nothing leaves nice gaps like slugs.

Re:Who uses Windows Update?

[thegarbz]

Found the anti-vaxxer.

Re:Who uses Windows Update?

[KiloByte]

That's actually pretty safe, as long as you have a semi-saneish firewall with a deny-incoming rule (such as most IPv4-only connections (for "deny-incoming", not "sane")). There's no Microsoft _client_ program that's reasonable to run, so all you care about are vulnerabilities in Firefox or such. Barring a hole in low level TCP/IP, network attacks are limited to the local network. Even a hole in eg. Microsoft's implementation of DNS stub resolver can be avoided by running a local cache (no idea what's Windows' equivalent to unbound) then letting the system use that.

Re:Who uses Windows Update?

When you can't come up with a reasonable response.

Re:Who uses Windows Update?

[omnichad]

A bit slimy, though.

hahah Discontinued

What a bunch of buffoons. I have a few Win7 still at work (will be moving to 10 (ughhh) I went download this update (hotfix) and mircosoft has this message when you try and download it: This hotfix is no longer available and says to upgrade to Windows 10

Linux actually does have games now.

All the games? That's a bit of a stretch. If you want to play Fortnite or anything by Electronic Arts, then yeah.

But there are quite a few nice triple-A titles on Linux and new ones all the time. Feral Interactive in particular has been doing phenomenal work:

        Alien: Isolation
        Company of Heroes 2
        Deus Ex: Mankind Divided
        Empire: Total War Collection
        Dirt Rally
        F1 2015
        F1 2017
        GRID Autosport
        Hitman
        Life Is Strange
        Life is Strange: Before the Storm
        Mad Max
        Medieval II: Total War
        Middle-earth: Shadow of Mordor
        Rise of the Tomb Raider
        Shadow of the Tomb Raider
        Saints Row 2
        Tomb Raider
        Total War Saga: Thrones of Britannia
        Total War: SHOGUN 2 - Fall of the Samurai Collection
        Total War: SHOGUN 2 Collection
        Total War: Warhammer
        Total War: WARHAMMER II
        Warhammer 40,000: Dawn of War II
        Warhammer 40,000: Dawn of War II – Chaos Rising
        Warhammer 40,000: Dawn of War II – Retribution
        Warhammer 40,000: Dawn of War III
        XCOM: Enemy Unknown - The Complete Edition
        XCOM 2
        XCOM 2: War of the Chosen

Not to mention the Civilization games, loads of games that use the Unity engine, and lots of great indie titles (Factorio, Zachtronics games, Klei games).

The only reason I boot into Windows anymore is if I want to check out the latest Star Citizen update or play Deep Rock Galactic.

Re: Linux actually does have games now.

My next gaming rig will be a linux based system

Re:Linux actually does have games now.

I thought Fortnite was available for Android? Shouldn't that make it possible to run on Linux with some effort?

Re:Linux actually does have games now.

Android apps run on ART, a not-quite-Java VM with custom libraries on top of the linux kernel, so the apps have about as much in common with the linux desktop as the thousands of other linux embedded devices.

There's ways to do it, replicating ART or making a complete VM for running android, but depending on the app complexity there can be problems. A big one is apps can be tightly integrated with google play services, which tie an app to a google account and phone profile.

Mostly though, Android having Linux as part of its stack is of no real benefit in terms of getting the games onto a GNU/Linux desktop. The attempts at getting Fortnite to work have mostly focused on using the windows version under wine.

Re:Linux actually does have games now.

[Dunbal]

Being able to load a game != play and enjoy a game without graphics issues, framerate issues, disk issues, sound issues... etc

Re:Linux actually does have games now.

He said Linux, not Windows 10!

Re:Linux actually does have games now.

Truly spoken like someone who hasn't played any of the Feral Interactive releases mentioned above.

Well done.

Re: Linux actually does have games now.

My next gaming rig will be a linux based system

You know how many versions of Windows I've heard my next system will run Linux... yet do they ever?

Re:Linux actually does have games now.

I have a core i5 2500k w/ 8GB RAM and a GTX 1060
I cannot say I've ever had performance problems that I wouldn't have encountered on Windows.
Everything from Alien Isolation, to Doom (2016), to EverQuest, to Quake 3, to Battletech, to the Total War series, to Hitman, and more has run very well for me on this system.
I have absolutely never had disk issues-- I do use Steam and I have a pair of 8 year old 128GB SSDs
I have absolutely never had sound issues-- I do use a the motherboard's audio and I have wireless headphones
I have seen graphics glitches on Windows at least as often as I've seen them on Linux (yes, I used to do a lot of windows gaming and development of games on windows too)
I have seen some small framerate drops compared to what I would expect on Windows, but this has only ever been on games which I knew were using bloated crappy translation layers on extremely good looking games (Deus Ex comes to mind) or when I was already pushing it with my older GTK 660

Re:Linux actually does have games now.

[lpq]

Not to mention "anti-cheat" software that disables your game access because they don't like programs you have on your disk. You can't even report or diagnose problems, as that is part of what it bans -- any debugger or system monitor even anti-virus and anti-malware suites may be on their banned list.

You can't even run some programs like Microsoft's ProcessMonitor any time before playing the game because those programs load drivers to inspect and monitor your system. Thus anti-cheat engines like XIGNCODE by Wellbia won't let you run the "protected games" even if you exit the program -- since the drivers can't
be unloaded without a reboot.

Turns out they and other companies have no technical support -- the game company contracts from a general PC-support company that can only help try to find what is wrong with your computer in not being able to connect. They have no ability to look at the game servers or or knowledge about the game software. Any debugging they do is general PC-health+hygiene related.

Even with all the HW in place, you find you have to disable your security and system monitoring software, to assuage their fears.

Too late Microsoft -- you already f**ked me

[mnemotronic]

The updates from April 10 update last year bluescreened my 2008 R2 servers. AFAIK, Microsoft still doesn't have a fix. I am f*ed with no possible recovery. I can't say enough bad things about Microsoft's unprofessionalism, inadequate testing, contemptuous customer support, and ignorance of how their half-baked updates negatively impact real-world situations.

Re:Too late Microsoft -- you already f**ked me

" I am f*ed with no possible recovery."

Your servers have been down since April? You didn't have backups? What was your recovery plan if your physical servers had been destroyed? You haven't replaced the OS with Linux?

Re:Too late Microsoft -- you already f**ked me

"I am f*ed with no possible recovery." - Didn't you hear him? Obviously reinstalling the OS is IMPOSSIBLE! He's blocked by a pack of angry vicious dogs, one assumes. They won't let him into recovery mode you ignorant clod!

Re:Too late Microsoft -- you already f**ked me

Recovery mode will not disable all updates.... Once installed... you are quite fucked in some cases... installing over the top will sometimes work, but you often loose lots of settings.

backups?? recovery points? what are they ?

boot on a linux live cd, roll back the registry, replace the exes from a known good sources... prey to what ever deity gets the job done, cross your fingers and reboot.

Old patch already addressed this

There is an old patch for windows7 that already added SHA2 code signing: KB3033929. It can still be downloaded directly from microsoft.com without having to enable updates.

Did they fix the network they broke for W7 in Jan?

The Win7 box at work still has broken networking. I have to uninstall the update from January every morning to fix the damn thing.

People at microsoft that release half baked broken updates and spyware will burn in special place in hell, reserved for child molesters.

Are you running unpatched, or did you migrate?

And if you migrated, can you tell us what operating system or systems you chose to migrate to, and why? Genuine interest since lots of people talk crap about Microsoft then don't take any steps to excise them from their life.

Re: Are you running unpatched, or did you migrate?

Migrated to Linux. Kubuntu (now 18.04 with latest KDE PPA). Intuitive and just works for every employee smarter than a rock.

Re: Are you running unpatched, or did you migrate?

[Highdude702]

You also have employees that would be beaten by a rock mentally? Man I thought I was the only one that had to deal with that issue. Sadly this is not sarcasm :(

I am a Windows 7 user - stopped automatic updates

[blind+biker]

I stopped automatic updates a couple of years ago. Microsofto was pushing Windows 10 hard. I realized that, once they stop pushing the Windows 10 installation, they will try to get Windows 7 user give up by pushing shit updates - stuff that will break Windows 7. Don't even try to tell me this is beyond Microsoft, we all know it is right up their alley.

So, after two years without automatic updates, all my computers (laptops and my desktop) are working without any security issues, including Meltdown that has been contained with patches that make sense vs. the crap that Microsoft pushed the first two times (surely by "mistake").

Re:Did they fix the network they broke for W7 in J

...and people that talk in theaters.

You Need No Windows Updates After July 2019

"Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019"

"You Need SHA-2 Support After July 2019"
OR
"You Need No Windows Updates After July 2019"

The latter is so true when you eventually switched to Linux.

You're guilty, too

You're putting a "tl;dr" on the bottom. If it's too long, I'm not going to get there, you doofus.

PoC on disabling DWM on NT 10.0.9926 and above

1: Remove the following registry subkeys from the key {SOFTWARE hive from target instance}\Microsoft\WindowsRuntime\ActivatableClassId: Windows.Internal.UI.Logon.Controller.LogonUX, Windows.Internal.UI.Logon.Controller.LockScreenHost, Windows.Internal.UI.Logon.Controller.FirstSignInAnimation and Windows.Internal.UI.Logon.Controller.BlockedShutdownResolverUX, since those depend on XAML-based UI library dependent on DWM.
2: From {SOFTWARE hive from target instance}\Microsoft\Windows NT\CurrentVersion\Winlogon: Set 'EnableSIHostIntegration' to 0, set 'Shell' to anything other than 'explorer.exe', e.g. 'cmd.exe'.
3: Remove dwminit.dll, since Winlogon is using that if exists as a library.
4: Disable or remove the following services that forcibly push DWM (as of build 16299): WpnService, TokenBroker, UserManager, TabletInputService, RetailDemo, CDPSvc and SharedRealitySvc. As a concept, Windows Server Core editions do not ship those services and svchost libraries affilated with them. (Note that this list may be partial)

If your target instance is HKEY_LOCAL_MACHINE (usually loaded from {System Root such as \Windows}\System32\config), you can test this PoC by restarting Windows NT instance as required for convience by step 4.

Note on dwminit.dll

It is located on System32 directory of systemroot

Re: Note on dwminit.dll

But I deleted the System32 directory to save space.

Re: Note on dwminit.dll

[reboot246]

But I deleted Windows to save my sanity.

Re:I am a Windows 7 user - stopped automatic updat

I stopped automatic updates a couple of years ago. Microsofto was pushing Windows 10 hard. I realized that, once they stop pushing the Windows 10 installation, they will try to get Windows 7 user give up by pushing shit updates - stuff that will break Windows 7. Don't even try to tell me this is beyond Microsoft, we all know it is right up their alley.

I know this is anecdotal, but I'm a Windows 7 user as well and I've been updating my machine since... ever. I've removed a couple of updates related to telemetry, although I'm pretty sure that Microsoft enabled it in some way or another with yet another update at some point. In any case, my machine is working fine.

Re:Did they fix the network they broke for W7 in J

...and people that talk in theaters.

Precisely.

What about the patch servers?

[Chas]

Will Microsoft be fixing the situation where their Windows Update servers are carrying fucked up Win7 Manifests?
The whole reason I got off Win7 was because Windows Updates would run for 12+ hours, then fail out. And you'd have to keep running it until you hit a server with an undamaged manifest.

Re:I am a Windows 7 user - stopped automatic updat

Install a good firewall instead and whitelist programs for outgoing connections. ZoneAlarm used to be the best. Is it still?

" Bug going foward, "

Did none of you notice this? Oh wait... you're Americans...

Re:" Bug going foward, "

Is it spelled "fourward" in the UK?

Re:" Bug going foward, "

That's what Microsoft does, it ships bugs.

Re:I am a Windows 7 user - stopped automatic updat

[Oligonicella]

Same. When I wrote this here at the time, there were all these "You'll get pwned". Yeah, hasn't happened yet and everything's working fine.

All those evil Programmers making patches

[codeDr]

We've got to plug this hole to stop all those evil doers from corrupting our patches and computing correctly signed patches with SHA-1!!!

Said no-one, ever.

Do we get a SHA-2 utility too?

While they are at it, are they planning to provide a utility to allow users to verify packages on the command line like we can in Linux?

Where the heck is the SP2?

Service Pack 2 please?

Re:I am a Windows 7 user - stopped automatic updat

My Win7 box is only used for a select set of apps (well, games). Nothing else, not even web-browsing. No problems now for over 2 years.

Macs & Linux boxen, on the other hand, are used for EVERYTHING!

Even so, my Win7 box is backed up with ntfsclone, and has been restored twice. (Once after being used to read a visitor's memory card, just to be absolutely safe. And once due to Malware in Advertising in a now deleted game.)

Code signing is the topic not your others

It's about protecting the veracity of a program. What APK does can't be stolen there like signatures can be (math check in 100's of procs and functions down to byte level so no alteration can occur). If you're going to do layers, do layers that can't be stolen.

Re:Code signing is the topic not your others

It's about protecting the veracity of a program. What APK does can't be stolen there like signatures can be (math check in 100's of procs and functions down to byte level so no alteration can occur). If you're going to do layers, do layers that can't be stolen.

Is reading comprehension difficult for you? Code signing complements all the other security measures mentioned. For example my Linux distro cryptographically signs the package files of their repositories. That gives me some assurance that what I download and install is what was actually intended to be on the repositoy. That helps. It does not, however, harden my browser. For that I take other additional measures. This doesn't mean that code signing didn't work as intended.

It does however seem to indicate that you and perhaps others don't really understand what it's for. If you somehow thought it was a guarantee of security and absolute protection against malware, I'd like to know where you got that idea from. Who is claiming that? And why would you believe them?

Time to shoot you down easily as always

See subject: As you STALK me HIDING behind UNIDENTIFIABLE anon 1.) My program stops portfilter errs in hosts https://news.slashdot.org/comm...

2.) CHINA did hardcodes LONG AFTER I DID "Time is on MY SIDE" (Rolling Stones) https://theregister.co.uk/2017...

3.) /. users state the value of hosts for getting users more speed/security/reliability/anonymity listed here (enumerated as "Registered /.ers reviews") https://it.slashdot.org/commen...

4.) Security pros galore + /.ers praise the layered security efficacy of hosts quoted here https://it.slashdot.org/commen...

5.) I never had to sue Thor SCHMUCK - CA rescinded their FALSE POSITIVE error, sold off their shitty antivirus & I said I'd speak to an attorney & I did who advised I go thru their removal process & I won.

* YOU LOSE (lt's all you know HOW to do vs. me).

APK

P.S.=> You can't even STAND BEHIND YOUR WORDS (lies) you UNIDENTIFIABLE anonymous STALKER of me... apk

Re:Time to shoot you down easily as always

So it's bad to post anonymous because you're not identified and it's bad to sign up for an account. In your mind it is better to post AC with an easily faked signature.... Yeah, I'm going to have to agree that you don't know a lot about security or at least provable verification (point of this article in fact).

Re:Time to shoot you down easily as always

I'm still, to this day, impressed that you aren't a bot. I thought for sure you were a bot.

Re: Time to shoot you down easily as always

APK certainly is a bot. Haven't you ever heard of AR? Artificial Retardation.

Re: Time to shoot you down easily as always

All we see is you projecting your retardation as always. Apk tramples you idiots with facts and destroys your ability to downmod away facts he uses by reposting to run you out of your downmodpoints. It is hilarious. You must be raging at him so easily defeating you.

Re: Time to shoot you down easily as always

90% of your post get properly modded to -0, yet he's defeating us? LUL

Re: Time to shoot you down easily as always

Down modding apk using fact you can't prove wrong and stalking him by anonymous like you do constantly too proves you are wrong and a punk coward.

Re: Time to shoot you down easily as always

Holy shit you're delusional! You downmod Apk and he reposts so everyone sees his posts and you're out of your limited bullets. Apk's outfoxed a /. downmod system you abuse and you with it.

Re:I am a Windows 7 user - stopped automatic updat

Get off my network with your infected computer

Zontar stalks me via sockpuppets (druggie loon)

Going to make more sockpuppets to stalk & troll me with you LITERALLY ADMITTED loon https://slashdot.org/comments.pl?sid=5038387&cid=46782891 + sending me postcards w/ threats too https://slashdot.org/comments.pl?sid=4980459&cid=46704073 you little STALKING whacko??

Zontar, take your meds you ADMITTED mentalcase https://slashdot.org/comments.pl?sid=4985017&cid=46658165

&

You're also a druggie too https://slashdot.org/comments.pl?sid=4985017&cid=46663669

* You're a butthurt loon freak, plain & simple - you did it to yourself, loser... see below for proof.

APK

P.S.=> Still trying to live down how I shot you to pieces in the art & science of computing Mr. Butthurt https://slashdot.org/comments.pl?sid=5033597&cid=46760851 ?

How about proving hosts & my program that builds them are useless too https://slashdot.org/comments.pl?sid=5053067&cid=46794235 ? ... apk

Fuck you you stalking little cunt... apk

See my subject: I'll kick YOUR FUCKING ASS for stalking & harassing me you unidentifiable little cowardly cunt - tell me your REAL name, address, & phone # so I can verify it's REALLY you & we can settle this once & for all, fucker...

APK

P.S.=> Everyone SEES you constantly stalking & harassing me bitch, so WHO ARE YOU FOOLING but yourself - & IF I ever get to you? You'll WISH you were dead cocksucker... I shit you not! apk

Clonezilla

If you haven't already, be sure to back up your Windows 7 computers with Clonezilla
this will allow you to:
- get past hardware failures
- restore to a scratch dish and virus scan the scratch disk
- move to SSD or back to non-SSD as needed

Reduced to IMPERSONATING me now, stalker?

You ADMIT you have a registered 'luser' acct & yet STALK me by UNIDENTIFIABLE anonymous too https://hardware.slashdot.org/... - YOU have ISSUES, lunatic...

* What's the MATTER? "Cat got your tongue" vs. my method that CAN'T BE STOLEN in a mathematical function in 100's of functions & procedures in my work (where code signing can be & abused) https://it.slashdot.org/commen... UPMODDED in "CODING FOR DEFON" no less for me (not you).

APK

P.S.=> Glad you posted Zontar the Mindless - he's a crackpot FAKE NAME loser who really DOES have MENTAL ISSUES having to see shrinks (that F you up more than you already are, lol) & yes, he also does drugs, admittedly... apk

Re:Reduced to IMPERSONATING me now, stalker?

You know - I've frequently seen you complain about being impersonated.

Imagine this ... if only there could be some way to be confident that a particular post actually came from you. It would have to be something very easy for you to use, but extremely difficult for any impersonator. From then on, we would know that a post really was yours, wow! We could call this thing a "username and password" or maybe just an "account" for short. Yeah, I think I'm really onto something here! Man, if only there was something like that you could use.

Of course that would present one problem. The number of posts could be limited from an account no matter what IP it comes from. And there could be a karma system. No, that wouldn't work out for you at all. Especially not the posting limits. It's as though they don't like spammers. Damn. That's a real bummer. Obviously for purely noble and self-less reasons, you could never submit to that.

I guess you'll just have to keep crying and complaining about a perceived problem while never actually doing anything about it, even though that would be simple.

Hypocrite pot calling a kettle black, lol... apk

Hypocrite pot calling a kettle black: @ least I "ID" myself, you don't & HIDE behind UNIDENTIFIABLE anon posts STALKING me like the scared little weezil you are - doubtless due to my BLOWING YOU AWAY many times under your doubtless MANY alter-ego FAKENAMES you have here too, lol!

* Am I right? Oh, I know DAMN WELL I am... lol, & you're still BUTTHURT over your SELF-DEFEATS vs. me, no questions asked!

APK

P.S.=> Code signing can be stolen & ABUSED - my method of programmatic protection CANNOT be & was UPMODDED in CODING FOR DEFCON no less almost a decade & a 1/2 ago https://it.slashdot.org/commen... has yours? NO, lol!

All YOU are is a "ne'er-do-well" DO-NOTHING nobody (perhaps that's WHY you STALK me by UNIDENTIFIABLE anonymous & IMPERSONATE me too clipping old posts of mine & reposting them - you're only being "true to yourself" - a WASTED life self, lmao)... apk

IMPERSONATING me AGAIN? apk

You ADMIT you have a registered 'luser' account & STALK me by UNIDENTIFIABLE anonymous too https://hardware.slashdot.org/... - YOU have ISSUES, lunatic!

* I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE yet again, lol!

APK

P.S.=> See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery)... apk

Why is "weaknesses" in quotes?

SHA-1 is weak because it is now (i.e. today) possible to produce hash collisions in our lifetime. Last I checked it was down to 140 GPU years to calculate a collision. So 50K GPUs would allow someone to calculate a hash collision for a binary in about 24 hours. Governments have that kind of buying power and probably already have it. They could digitally sign rogue patch binaries that look legit to the OS and deploy them. It's worth it to those governments if they can infiltrate multiple networks undetected.

Real SHA-1 collisions with consequences are in the realm of possibility today whereas a few years ago they weren't. Still not sure why someone put "weaknesses" in quotes. Microsoft is getting rid of SHA-1 support in the OS because it's the best thing to do and it's also possible that they've already seen examples of rogue binaries in the wild.

oh thank god

the scrofulous updates from MS will be reliably stopped?

Blessed day!

LOL! I never whine/complain, I just lmao @ U

LOL! I never whine/complain, I just lmao @ U: Especially when I get you to RUN DRY of your ABUSED downmodpoints, lol... everytime!

WHY WOULD I COMPLAIN ABOUT THAT? Heck, you MAY be IMPERSONATING me (I could care less, I'm always there disproving it when you do) doing it but as you see NOW? Yes, I am GLOATING & Lording it OVER you!

* You & "your kind" (WEEZILS & WHIMPS, lol) ONLY reply to me once I've run you DRY of those abused modpoints - just like you're doing now, hahaha!

APK

P.S.=> Proof enough that I know YOU better than YOU KNOW YOURSELVES & I've always DESPISED do-nothing BLOWHARD WORMS like you & I always, Always, ALWAYS do GET THE BETTER of you, by outthinking your DULL BRAIN easily, lol! apk

Re:LOL! I never whine/complain, I just lmao @ U

LOL! I never whine/complain, I just lmao @ U: Especially when I get you to RUN DRY of your ABUSED downmodpoints, lol... everytime!

WHY WOULD I COMPLAIN ABOUT THAT? Heck, you MAY be IMPERSONATING me (I could care less, I'm always there disproving it when you do) doing it but as you see NOW? Yes, I am GLOATING & Lording it OVER you!

* You & "your kind" (WEEZILS & WHIMPS, lol) ONLY reply to me once I've run you DRY of those abused modpoints - just like you're doing now, hahaha!

APK

P.S.=> Proof enough that I know YOU better than YOU KNOW YOURSELVES & I've always DESPISED do-nothing BLOWHARD WORMS like you & I always, Always, ALWAYS do GET THE BETTER of you, by outthinking your DULL BRAIN easily, lol! apk

So as many times as you mention "impersonators" you still refuse to create an account? Do you deny that karma and posting limits are reasons for this choice? See how simple of a question that really is?

Because you could easily put a swift and decisive end to the whole "impersonation" deal right now, anytime you want. Why won't you do that? Can you state a straight answer? Or will this be another "blah blah somebody else said something and I got them good, at least in my mind, even though that has nothing to do with you, take that!" If I am indeed impersonating you (I'm not, you're frankly not that important to me) you could most effectively silence me by just giving a simple yes/no answer to a direct question. This would also help reduce the perception that you are deranged/paranoid/narcissistic, for making a simple matter into a personal matter is precisely what a diseased mind does.

You really do seem to have a hard time directly answering a plainly stated question. You keep going off on tangents, bringing up other people and other events. Did you ever consider professional psychiatric diagnosis? I'm not insulting you. It's a serious suggestion. Most health-care plans provide a free diagnosis. You will receive either a clean bill of health, or necessary treatment. Either way, it will not hurt to pursue this.

Re:I am a Windows 7 user - stopped automatic updat

[blind+biker]

I read those comments. Might have gotten one myself. Along the lines "as soon as you boot your box will be owned."

Well, I rather not be owned by Microsoft.

One Factorial

Fortunately, 1 Factorial is also 1 (recursively).

I merely stated facts, that's all... apk

See subject & WHY should I do ANYTHING you UNIDENTIFIABLE anonymous trolls that STALK me (& yes IMPERSONATE me too) say?

* I don't take advisement from those trying to cause me grief - fools do that, so SAVE YOUR "ADVICE" & TAKE YOUR OWN hypocrite!

APK

P.S.=> I won't provide YOU or ANYONE ELSE (that means /. itself) a means to TRACK ME & do what I do to you fools via your post histories (let's me "HANG" a LOT of you via what I call "the Cardinal Richelieu Technique" QUITE often)... apk

No, is READING COMPREHENSION hard for you?

See subject & Re-READ this again + as the saying goes "tell us another one" https://tech.slashdot.org/comm...

* THAT CRAP IS TOO EASY TO STEAL - a method I use & designed myself CAN'T BE STOLEN THAT WAY https://it.slashdot.org/commen...

(Period).

APK

P.S.=> I don't understand what "code signing" is for? Ok "sure" (not), but I do SEE tons of examples of where it got BURNED & ABUSED (see 1st link) - so what GOOD is it?? Not much (especially vs. what I do, self-checking code - you can't STEAL or ABUSE it anywhere NEARLY as easily & good luck doing it in code that has 100's of procs/functions that inline that check - nigh IMPOSSIBLE to 'hack' into & undo (why I do DO what I do - it actually WORKS unlike "code signing" bs I provided TONS of examples of it BEING ABUSED & BROKEN))... apk

Exactly

There is nothing new here. It is commonplace to require a particular patch installation sequence. It is also commonplace to increase security implementations and expectations over time.

Frankly, this is clickbait for the Microsoft-hating crowd. And the MS haters are out in force here.

Pavlov, anyone?