Cimpanu: An older (pre-April 23) version of Dell SupportAssist is vulnerable to a remote attack

Let’s hear it for the bloatware. From Catalin Cimpanu at ZDNet:

A vulnerability in the Dell SupportAssist utility exposes Dell laptops and personal computers to a remote attack that can allow hackers to execute code with admin privileges on devices using an older version of this tool and take over users’ systems. Dell has released a patch for this security flaw on April 23; however, many users are likely to remain vulnerable unless they’ve already updated the tool

It’s the old bad-JavaScript-on-a-web-page can take over your system problem.

I wonder how long until somebody figures out how to inject malware via Candy Crush?

Thx @Kirsty

Avira says it has fixed the slowdown problem associated with the April Win7/8.1 patches; Microsoft still hasn’t acknowledged it

Avira has updated its very short response to the six dirty patches/five broken AVs problem. Their KB 1976 now says:

We have looked into the issue that you described, where the system slows down after a Windows update, and have found a way to fix it.

We have recently released an update that should fix this issue. Your Avira Product will be automatically updated, and you don’t have to do anything else in the product.

Oddly, the Avira article goes on to list three conflicting patches:

• Windows 10: KB4493509
• Windows 7: KB4493472, KB4493448

whereas Microsoft lists Avira conflicts as part of the known issues for nine different patches — all of the Win7 and Server 2008 R2 / Win8.1 and Server 2012 R2 / Server 2012 Monthly Rollup and Security-only patches (those are the original six), along with the Monthly Rollup Previews, now, for each of those versions.

Microsoft still says:

Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed. We are presently investigating this issue with Avira and will provide an update when available.

Also remarkably, Avira singled out the original March Win10 1809 cumulative update KB 4493509, where Microsoft has never acknowledged that bug. Even the fancy new Windows 10 Release Information Status page is mum.

Not sure whom to believe? Yeah, me neither.

Thx Bogdan Popa, Softpedia.

You know that Windows 7 End-of-Life nag screen?

The scare isn’t working.

Details in Computerworld Woody on Windows.

Seven Semper Fi.

UPDATE: I’m looking for the “patch” that activates that nag screen – KB 4493132. Can’t find it. It isn’t in the Microsoft Update Catalog. But the KB article is still around. It says:

This update is available through Windows Update. If automatic updates are enabled, this update will be downloaded and installed automatically.

But it isn’t showing up on any of my Win7 machines, most notably not on the super-clean Seven Semper Fi test machine I’m maintaining. Apparently the patch was released “for real” about April 18, but it may have been pulled.

Günter Born notes that it was re-released on April 26. But I don’t see it now.

ANOTHER UPDATE: As @zero2dash notes (and I forgot!), the nag screen patch is only intended for Win7 Home and Ultimate. I’m using Pro, and so missed all the fun.

Microsoft makes it easier to see acknowledged, outstanding problems with Win10

Another step in the right direction.

I’ve just added a site to my list of Windows problem tracking sites. This time, it looks like the Windows team has borrowed a page from the Office team, and come up with a list of known (which is to say, acknowledged) outstanding bugs in Win10.

If you’re concerned about updating Windows (and who isn’t these days?), you should add the Windows 10 Release Information site to your go-to list. Lousy name, good content.

The site’s something of an enigma, with statements like this:

Windows 10, version 1809 is designated for broad deployment and available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.

which is a breath of fresh air for those of us who have read, time and again, that Microsoft no longer officially distinguishes between Semi-Annual Channel-Targeted and Semi-Annual Channel (or Current Branch/Current Branch for Business, or whatever bafflegab may be au courant).

My hat’s off to whomever put that page together – and I hope it lives long and prospers!

Thx, @PhotM.

Facebook Messenger is coming to Windows

For most of you this isn’t a big deal, but for those who have friends who incessantly use Facebook Messenger (harump!) it’s another app to stick on your PC.

Facebook has just announced that it’s going to have a version of Facebook Messenger that works on Windows:

We’re also launching a desktop app for Messenger that’s available for both Windows and MacOS. People want to seamlessly message from any device, and sometimes they just want a little more space to share and connect with the people they care about most. You can download Messenger Desktop — and enjoy the same features as the app on your phone — like group video calls, collaborate on projects or multi-task while chatting in Messenger. We are testing this now and will roll it out globally later this year.

That’s kind of ho-hum. But this part’s worth noting:

we are committed to making Messenger end to end encrypted by default.

Sounds like it’ll be a usable desktop (not UWP) app. Unlike, say, Skype. Put down that brickbat.

Bing Ads rebrands as Microsoft Advertising

Be still my beating heart.

It’s official. MS Corporate VP Rik van der Kooi, posting on the Microsoft Advertising blog, notes:

In the next year, we’re introducing more advertising products with built-in AI, more connected to your data and your business.

Ginny Marvin has a good take on SearchEngineLand:

The AI backbone that powers Bing has given the company the “right to innovate,” David Pann, general manager of global search business at Microsoft said during a keynote discussion at SMX East last year. He cited MSAN (MS Audience Network) and LinkedIn integrations as one example… Microsoft started integrating the audience data graphs of LinkedIn and Microsoft in 2017 and made LinkedIn data available for targeting in Microsoft Audience Network and then search ads last year.

Lemme fire up that LinkedIn entry…

Thx, @PKCano

Patch Lady – who actually plays Candy Crush

Random stupid thought of the day…. who actually plays Candy Crush on their Windows 10 machines?  I mean seriously.  We have phones and tablets for games.  People use computers for work.  And if you want a game, around my office, solitaire is the one people play, not Candy Crush.  It seems to me that Microsoft cannot be making enough revenue stream from Candy Crush’s authors, nor can Candy Crush’s authors be having such a great financial deal with Microsoft given that so much time and energy is spent by Microsoft admins and users world wide to GET RID OF IT.

The number of resources to de-crapify Windows 10 is staggering.

Think of how much more we’d all embrace 10 if you just got rid of the stuff that shouldn’t be there in the first place, Redmond?

So here’s my unofficial survey for the final day of April:

Have you EVER played Candy Crush on your Windows 10 computer?  

Reprise: How to put a picture “avatar” on your account

It’s easy. WordPress picks up your picture from a site called Gravatar.com.

Gravatar is owned by WordPress, the company that makes the software that drives this site.

We don’t support the full Gravatar shtick – you can’t click on an avatar on AskWoody and get all of the background info stored on Gravatar (sorry, it’s my privacy tin foil hat shining through) — but in spite of several legitimate privacy concerns, it works well for most people. I use it.

Full discussion – including pro’s and con’s – here.

vpnMentor reports a data breach identifying 80 million US households

I can’t verify this independently, but if it’s confirmed, we have one whale of a breach on our hands.

vpnMentor’s blog says:

The 24 GB database includes the number of people living in each household with their full names, their marital status, income bracket, age, and more…

Full addresses, too, including zip codes, longitude, latitude.

Apparently the list is indexed by households, not by individuals.

vpnMentor says it’s looking for the owner of the database.

Let’s see how this pans out.

Thx Günter Born.

AskWoody is slow, but it’ll get better

Real Soon Now (TM).

We’re still processing those 1,000,000-plus replies from Windows Secrets – and the devs have identified an additional slowdown source that should be fixed shortly. I hope.

Hang in there. Rest assured that those of us plunking away behind the scenes are even more frustrated than you….

How much junk will you get on a clean install of Win10 1903?

Short answer: It’s a crap shoot.

I posted a couple of weeks ago about the fine array of crapapps that appeared when I clean installed Win10 1903.

Ends up that my install wasn’t exactly clean — I clean installed 1809 to a local account, went into the Release Preview Ring using an Insider account, installed the update (using a local account), then did one round of cumulative updates —  although at the time it was the best I could do.

Since then, MS has released clean ISO versions to MSDN (which is now called MSDN Visual Studio Professional). They also released a test Enterprise version, which expires in 30 days, but I see the download links no longer work. Both of those clean copies are, uh, cleaner than the one I tested.

Tero Alhonen installed a clean MSDN copy of Win10 Home and didn’t see the junk. Others have had different experiences. This from Martin Geuss:

Which ISO did you use? I have downloaded the "Consumer Edition" ISO from MSDN and the Windows 10 Home Start Menu looks like this: pic.twitter.com/kANeMO9SVC

— Martin Geuss (@MartinGeuss) April 20, 2019

Paul Thurrott just went through the paces with Win10 Pro and got this:

So I finally did a clean install of Windows 10 version 1903 (Pro) and I do see all that Candy Crush crap, just like before. pic.twitter.com/QLZ17OdcUS

— Paul Thurrott (@thurrott) April 29, 2019

‘Softie Michael Neihaus notes, quite correctly, that “Targeted apps can vary by region.”

UPDATE: Michael clarifies, in reference to his post from a year ago:

Not significantly. Enterprise/Education or Pro domain joined = only productivity apps (with Enterprise/Education able to turn them off altogether). Pro local/MSA account = games and productivity.

— Michael Niehaus (@mniehaus) April 29, 2019

But you have to wonder… What will you see on your Start menu? If you sign in with a Microsoft Account, or upgrade from an older version of Windows, of course you’ll see vestiges of your old Start entries. With a Local account, if you install from Timbuktu I guess you’ll get Candy Crush Timbuk. My favorite is still “Seekers Notes: Hidden Mystery” in the Productivity section.

I wonder if anybody at Microsoft has a more-or-less definitive answer? This is getting ridiculous. And 1903 isn’t that far away.

Where we stand with the April 2019 patches

With the six dirty Windows patches knocking out five different companies’ antivirus packages, things have been a bit rocky. There’s an update, but it’s not a simple one.

We still don’t have an “optional non-security” patch for Win10 1809, but that’s OK, you wouldn’t want it anyway.

Details in Computerworld Woody on Windows.