Replies

Yes, printing has been a problem. I had bad luck with Google cloud print on two Canon printers. Worked at first, then stopped working and each company blamed the other. But, I had good luck with HP printers over the LAN using  HP  native ChromeOS software. Have not tried Android based printing, another whole avenue of attack. There are some (not many) printers that ChromeOS natively supports.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

EP wrote:

I was also having that problem in all my Win7 (and Win8.1) computers with WU offering KB3185319 for IE11 for several months in 2018. 

I did not mean to imply this was a problem. I noted it here as an FYI, in case others ran across it they should know they are not alone. I did install the old IE11 patch without incident.

And, another FYI: after this I was offered the Windows Update bug fix that Woody has discussed before and that needs to be applied by itself years after it was released. After that, a patch from 2015 showed up.

[sarcasm]The big takeaway is the impressive coding skill that went into Windows Update [/sarcasm]

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

There are two mistakes in the previously written comments and by Susan.

The first is that you need the Pro edition of Windows 10 to defer bug fixes. Here is an article showing registry updates to the Home Edition that switch branch channels and defer service packs/feature updates for 365 days

https://www.ghacks.net/2018/09/27/how-to-delay-feature-updates-in-windows-10/

In addition, there is the option of Metered network connections, but I would not count on it as I have seen it set as OFF when running as a standard user well after an Admin user on the same PC set the metering to ON. No idea what to make of that.

The other mistake is that Windows 10 costs money. If you are willing to do a clean install, you can install Windows 10 from an ISO and not activate it. You get 99% of the functionality when it is not activated. I first read about this at How-To Geek, but I don’t have the link. It was not a recent article. Even the Pro version of Windows 10 can be had for free.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

anonymous wrote:

Using SOAP Secure Message for end-to-end encryption of the payload ensures that things are secure, even over HTTP. That’s what Microsoft is using for data transfers over port 80.

Where did you read this? Verifying it requires packet sniffing the traffic and trying to decrypt the data (if it is encrypted). And, even if they are sending encrypted data over HTTP, the fact remains that there is no reason not to use HTTPS. And, HTTP traffic can be modified in flight, so they need to detect and fix that too, something HTTPS already do.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

anonymous wrote:

Just because data is transmitted via port 80, it does not mean the data is not encrypted.

Technically this is true, but very very unlikely. And HTTPS is not hype. It is not perfect but it does make things more secure. And, the flip side is that there is no excuse to still use HTTP when updating the operating system. I suspect the reason is that MS does not care.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Similar topic, but not exactly the same. Still, it does show the mindset at Microsoft – secure transmission of data is not important. I hope to test Susan’s claim that you can block outgoing port 80 connections and Windows Update will still work… Even if true though, the bigger issue is about Microsoft themselves and whether the company deserves to be trusted.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Susan Bradley wrote:

Don’t beat up Microsoft over something that should have been installed a long time ago

Beating up seems fair. A 2 year old patch showed up after installing the usual August 2018 patches and rebooting. That looks like an error. Why was it not listed along with the other Aug patches? Why does it first show up 2 years late? If that’s not a bug, what is? Nothing said to an end user that it was critical, in fact there were no documentations updates to it for 2 years.

And, the heavy use of port 80 (at least 6 connections for a Windows Update session) is the main point. Seems fair to beat up MS for that too, whether HTTP is used for transmitting patches or for another purpose.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

Elly