Replies

Perhaps my question is premature, but here it is:

I have a Windows 7 Pro, SP1 x 64 PC, circa 2011. The the CPU is I-7 4-core, the display adapters are Intel HD Graphics Family and Radeon HD6770M. Given that the last one, in particular, is an AMD product, I would like to know: does this matter when deciding which of the two successive MS Security Only updates (so far!) out this month to install; and if not both, then which one?

I also have, originally installed in this PC by the manufacturer, the 3rd party graphics accelerator ATI Catalyst V 12.10 (the current version is 14.12).

I’ll appreciate an answer, whenever one is known. Thanks

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

But isn’t JavaScript (as opposed to Java plugins) needed for maintaining a good deal of a browser’s functionality?

Is this a “d***ed if you do, d***ed if you don’t” situation?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Question:

Is the editing  of the Registry Key by the AV software (or by hand, for the brave, the few) also required before installing the E 11 January security-only cumulative update?

Or is it only for the other security updates?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

I think this answers my own question about the removal from Office of Equation Editor:

https://support.microsoft.com/en-us/help/4057882/error-when-editing-an-equation-in-office

The patch will prevent one from editing equations in very old documents, but the functionality –if not the old software that provided it — still is and will remain in Office. I’ll probably can live with that. I hope so.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Again on the Equations Editor:

There is this statement in the Web site abbodi86 suggested: “You can insert and edit new equations using the editor built into Office version 2007 or later.”

Does this mean what I think it means, and the Equations Editor that will be removed by the update is the one in some very old version of Office, e.g. 2003 or even older? The Equations Editor has been a feature in Word, at least since I started using Windows, two decades ago. Now I have Office 2010 and 2016, so I am wondering if these will be left with Equations Editor still functioning after patching Office. I seriously hope so; this feature is a very useful one to me.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

I think the good news about Firefox must apply now also to Waterfox, as yesterday I received and installed the upgrade to WF 56.0.2 and that includes the Firefox patch.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

HiFlyer

About that Equation Editor and its issues:

Power Point also has one. Any indication there is the same problems with it?

Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

woody

Thanks, MrBrian.

My current thinking, after reading the article you have pointed out to me, and previously mulling over some other information I had already come across, is that I am not going to have the BIOS modified with a patch, because that looks to me like taking a lesser risk than the risk of applying a bad patch, which seems to be happening these days. A lot. So I’ll just take my chances and what happens, happens. Which could be nothing, or a devastating catastrophe. Obviously, I’m betting on the former being the case, not the latter.

Also, if I understand this correctly, the main threat from Spectre is through using a browser and, at the very least, I already have installed the mitigations to this problem that came with the recent updates for two of the browsers I do use: Waterfox, Safari (in the Mac) and (next week, probably) Chrome. And whenever it is deemed safe to update, E 11.

Am I missing something important here?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Two questions:

(1) Is it necessary to set that Registry key first, in order to install the January Explorer 11 Security Only update?

(2) Why, to be protected from Meltdown, and maybe also Spectre, will it be necessary to update the BIOS, whenever that becomes possible?

And how much more “protected” will that make one’s machine?

Thanks.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

I have Waterfox in both Windows 7 (SP1, Pro, x64) PC (circa 2011) and  Mac (Macbook Pro, circa 2015) and I have updated it to 50.0.2 in both, without noticing any slowdown. It has the same fix for Spectre as Firefox. Have tested this by streaming some YouTube music+video in high resolution: it has loaded, played and sounded just fine. Pages loaded as quickly as before the patching. Same story in the Mac with Apple’s Safari, after updating it, with its fix, as well. Firefox, updated in the Mac, works also same as before, that I have noticed. Firefox no longer in my Windows PC, after the Quantum version, supposedly super-fast, turned out to be super-slow in my machine, for whatever reason, and I suspected it might be causing some logout troubles that started right after the Quantum update.

I don’t know what else, besides loading pages and streaming video+audio, could one do with a browser that would show a more significant slowdown. But this does not mean that such a thing is not possible. I just don’t know.

Now, one question about the additional BIOS update needed to complete the Meltdown and Spectre issues:

I have a really bad feeling about doing that, as it is (as someone else has pointed out here already) irreversible, whether it is done right or not. And very recent experience on the software side shows clearly that patching can be done wrong.

So, how risky could it really be if I leaved my BIOS alone and installed only the software patches, once my AV provider takes care of the Registry Key issue, some time next week, as it has promised?

Assuming, of course, that I always observe Good Internet Hygiene Practices: Use a good AV, keep patches up to date, do not open suspicious emails but delete them right away (if legitimate after all, the sender is likely to try some other way to contact me, if not, I’ll probably survive), sniff out unsolicited Web links and preferably never open them; not to go looking for free porno in dark places, etc.

I’ll really appreciate some advice on this. Thanks.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

I just got Waterfox updated to 56.0.2 in the Mac; still have to start the Windows PC and find out if the update is there too:

https://www.ghacks.net/2018/01/07/waterfox-56-0-2-security-update-released/

The updated Waterfox now has the same tweak as Firefox does to prevent some rogue software at a Web site from siphoning one’s personal information through the straw of Spectre: to degrade the clock timing internally, so the attacking software cannot get sufficiently in sync with the computer clock to have a good chance at succeeding in its evil errand. This is at the price of slower response, which I have not noticed, probably for the reason that Woody pointed out: it is too small to notice during normal usage of the browser.

I have a comment on when to update Windows, now that a ton of updates is on offer (looking at “ghacks”, they do not seem to have any “critical” updates listed there, only “important” ones, which is a bit odd), and it is this:

I cannot do anything much until my anti virus, Webroot Secure Anywhere does the Register tweaking, which they are promising it will be next week.

But, considering I never update Windows for at least two weeks after patch Tuesday, as a rule, that makes no difference to me.

As to the danger of going unpatched in the face of Meltdown and Spectre: there are no reports of it being out in the wild and  being exploited by nasty people. However, how would one know that for sure? Black hats usually do not post their exploits on social media, and they are unlikely to go and hack into the computers of white hats that can figure out pretty quickly what is going on and let their black cats out of the bag. No, black hats will much rather nobody notices what they are up to for as long as possible, so they can carry on for as long as possible exploiting their nasty, but profitable, tricks.

So, either this is not being used for ill already, or the usual reasonable precautions against phishing and social engineering, or (as far as “Meltdown” goes, anyway) the precaution of never opening mysterious emails but deleting them right away, and as far as “Spectre” goes, the precaution of never go looking for free porno and the like in dark places, may be paying off quite nicely, so far: all the crying, wailing and gnashing of teeth seems to be about BSODs, from people with non-Intel CPUs in their machines, or people that did not check if their Register had been tweaked already by their AV providers… and then found, the hardest way, that it wasn’t.

So I intend to wait another two weeks or so before doing anything about this: rest easy, friends; I intend to. And best of luck to us all.

 

 

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

I think that, in this context, the repeated use of such words as “Quality” and “Compatibility” is an example of the kind of marketing-department talk best described as putting lipstick on a pig.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

5 users thanked author for this post.

BobbyB, Cascadian, Pepsiboy, HiFlyer, windows7wasthebest

Thanks, Noel Carboni, for the reassurances.

Now, to spice it up a bit again, maybe:

What about embedded systems?

In cars, airplanes, public utilities, anything with “smart” in the name …

Some are Internet connected for monitoring and control, some are not, but have ports to attach testing equipment…

Y2K is here again?

Later: Internet of Things, “connected” self-driving cars and trucks…

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

HiFlyer, Noel Carboni

As to Macs, it looks like Apple has already prepared “mitigating” patches for the latest version of its Mac Os:  Mac OS 10.13.2 “High Sierra”, and is working on some more to complete the job:

https://www.macrumors.com/2018/01/03/intel-design-flaw-fixed-macos-10-13-2/

The previous two versions still supported: 10.11.x “El Capitan” and 10.12.x “Sierra” are not mentioned, yet, anywhere I looked in.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

This has been posted elsewhere by MrToad28, but I think it is worth copying it here, as it might offer a measure of reassurance at this time:

MrToad28 wrote:

I found this plain English article useful…my notes below link:

https://www.cnet.com/news/Spectre-Meltdown-Intel-Arm-Amd-Processor-Cpu-Chip-Flaw-Vulnerability-FAQ/
major vulnerabilities, called Spectre and Meltdown, could let an attacker capture information they shouldn’t be able to access, like passwords and keys.
The good news is that hackers would first need to install malicious software on your computer in order to take advantage of these flaws..they need to select their targets and hack each one of them before running a sophisticated attack to steal a computer’s sensitive information.

So good security practices…antivirus, avoiding phish attacks and updating should mitigate threat risks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Elly, The Surfing Pensioner