Thursday, April 18, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld Independent 

Thanks, Microsoft, but I’m still saying no to Windows 10

admin ,

Credit to Author: Steven J. Vaughan-Nichols| Date: Tue, 05 Dec 2017 05:26:00 -0800

I’ve been hearing a lot from friends recently about how Windows 10 is the best Windows ever and people would be stupid not to switch. These being friends, I don’t want to be rude, but — cough, ahem — I don’t buy it.

Is security your No. 1 concern? Well, Windows 10 is no more secure than Windows 7 — which is to say it is a profoundly insecure operating system. There have been a lot of serious Windows security patches in the last year, and Windows 10 had all the same problems as Windows 7.

True, Windows didn’t have anything as bad as macOS’s unbelievably stupid “Let anyone log in as the administrator” security hole, but just because Microsoft didn’t botch things as badly as Apple did doesn’t get it off the hook. I mean, what do you call it when Microsoft fixes security holes in Windows 10 that it doesn’t patch in Windows 7? I call it really, really stupid.

Yeah, I know, not patching Win7 is consistent with Microsoft’s desire to shove everyone into Windows 10 ASAP, but come on! The last I checked, Windows 7 was supposed to keep getting security patches until Jan. 14, 2020.

I also wouldn’t care to be “upgraded” against my will, as happened to Windows 10 users who had toggled what they needed to toggle to tell Microsoft, “Please don’t move me from Windows 10 1703, Windows 10 Fall Update, to 1709, Fall Creators Update.” As my colleague Woody Leonhard points out, this happened via Windows Update with the November patches, when there were “so many issues with this month’s security patches that it’s hard to decide where to begin.”

By the way, I want it on record that I don’t want Windows 10’s rapid release cadence, with its short-lived support timelines. Two major upgrades — or service patches, as I still think of them — a year is one too many. I can’t make sure everything works with a significant update every six months. I don’t know anyone who can.

As for the November patches, the sheer number of problems that Microsoft admitted to fixing was imposing — almost two dozen of them. I guess Microsoft can’t keep up this twice-a-year pace either. The problems ranged from the minor (“Attempting to clean temporary files on the Windows Phone results in the error code “E_FAIL”) to the thoroughly annoying (“Modern applications built using JavaScript may fail to initialize”) to the “pull out your hair and scream, ‘No! No!! NO!!!’” bad (a black screen appears with only a cursor, and you must reboot in order to log in successfully).

Then there were such fun, fun, fun things as the patches that broke Epson dot matrix printers. Now, you may think dot matrix printers vanished with the arrival of laser printers. Nope. They’re still used in businesses that need multiple copies of a printed document — point-of-sale terminals, for example. Believe it or not, Epson is still selling an entire line of new dot matrix printers. Someone should fax Microsoft the news!

As for Windows 10’s security features, some of those don’t look so good. Recently, Will Dormann of Carnegie Mellon University’s CERT Coordination Center (CERT/CC) tweeted that Windows 10’s implementation of address space layout randomization (ASLR) as a security measure is “essentially worthless.” Dormann followed this up with a CERT security advisory. That’s the equivalent of a four-alarm fire in security circles.

Microsoft responded by claiming that what Dormann had spotted wasn’t really a security problem at all. “The configuration issue is not a vulnerability, does not create additional risk, and does not weaken the existing security posture of applications.” But, later in the document, the Windows programming team admitted, “CERT/CC did identify an issue with the configuration interface of Windows Defender Exploit Guard (WDEG) that currently prevents system-wide enablement of bottom-up randomization.” Eventually, Microsoft will patch this. In the meantime, it gave us some workarounds.

What it all adds up to is that, while Windows 10 is certainly a good operating system, it’s far from great. For the time being, I’m sticking with Windows 7 on my Windows machines, and I recommend you do too. I know what to expect from Windows 7, but with Windows 10, every new forced update is a roll of the dice.

http://www.computerworld.com/category/security/index.rss