Windows 10 will power to its third anniversary this summer, but one branch, identified by the initials L-T-S-B, remains an enigma to most corporate users.
LTSB, which stands for "Long-term Servicing Branch," was among the pillars of Windows 10 in the months leading up to, and for months after, the mid-2015 roll-out of the operating system. For a time, it seemed that it had a shot at becoming the Windows 10 for enterprise because it was seen as a calm port in a storm of radical change.
That hasn't happened, in part because Microsoft has steered customers away from LTSB.
Just what is LTSB? And what has Microsoft done to make it an afterthought?
On the heels of the Jan. 17 release of 14 Windows and .NET patches, we now have a huge crop of new patches, revised older patches, warnings about bugs, and a bewildered ecosystem of Microsoft customers who can’t figure out what in the blue blazes is going on.
Let’s step through the, uh, offerings on Jan. 18.Windows 10 patches
Win10 Fall Creators Update version 1709 — Cumulative update KB 4073291 brings the Meltdown/Spectre patches to 32-bit machines. What, you thought 32-bit machines already had Meltdown/Spectre patches? Silly mortal. Microsoft’s Security Advisory ADV180002 has the dirty details in the fine print, point 7:
Mozilla this week decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted.
"Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," wrote Mozilla engineer Anne van Kesteren in a post to a company blog. "A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR."[ More info: 14 must-have Firefox add-ons of 2017 ]
Secure contexts, dubbed a "minimum security level," is a pending standard of the W3 (World Wide Web Consortium), the primary standards body for the web. Secure contexts' main purpose, according to its documentation: "Application code with access to sensitive or private data be delivered confidentially over authenticated channels that guarantee data integrity."
Never give a sucker an even break. Yesterday, on a very out-of-band Wednesday, Microsoft released preview patches for Windows 8.1 (but not 7!), Server 2012, and Windows 10 1709 (for bricked AMD machines only), with preview cumulative updates for Win10 1703 and 1607. There are also nine different .NET preview patches.
What should you do? Nothing. More accurately, make sure you DON’T install any of them. Fortunately, all of these patches require that you download and install them — and you’d have to be crazy (or an admin trying to shore up some critical servers) to dive into the cesspool.
It’s the same advice I’ve been giving all month. There’s nothing here that you need right now — there are no known exploits for Meltdown or Spectre in the wild, in particular — and machines are dropping like flies.
Internet filter is installed at this site, and in the beginning, there are complaints from users who can't get to their favorite non-business sites, says an IT pilot fish working there.
But after six months and lots of explanations to users, the complaints have stopped. "Then one Saturday evening, a user called me," fish says.
"He called to report that something must be wrong, because he could get to his lottery numbers tonight.
"I told him thanks, and that I would inform the individual in charge of the filter on Monday morning, as it wasn't stopping anything production-critical during the weekend hours.
"I still can't decide which is funnier: the fact that apparently every day for nearly six months this user tried to get to his lottery numbers even though the page should have never loaded again -- or that, when he actually was able to, he reported it as a problem."
If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. Or you can try Steve Gibson’s new InSpectre and – with suitable caveats – see some meaningful results and a few hints about catching up.
Microsoft has a complex PowerShell script that details your machine’s exposure to the Meltdown and Spectre security flaws. Running that script on all but the simplest and most up-to-date systems turns into a hair-pulling exercise, and the results are coated in 10 layers of technical gobbledygook.
I’ve seen a lot of bizarre Microsoft patches-of-patches, but the new patches for AMD processors are in a world of their own. The security-only, manually downloadable patches appear to be Meltdown/Spectre patches for machines that were bricked by other bad patches, earlier this month, but they’ve arrived with no instructions — and a strange circular logic.
Last week, Microsoft released two patches, with these official titles:
- KB 4073578: Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1
- KB 4073576: Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2
The Win7 KB article says:
The Windows emergency security updates issued by Microsoft earlier this month came with an unprecedented prerequisite - a new key stored in the operating system's registry - that antivirus vendors were told to generate after they'd guaranteed their code wouldn't trigger dreaded Blue Screens of Death (BSoD) when users apply the patches.
The demands confused customers, and fueled a flood of support documents and an avalanche of web content. Those who heard about the Meltdown and Spectre vulnerabilities struggled to figure out whether their PCs were protected, and if not, why not. Millions more, not having gotten wind of the potential threat, carried on without realizing that their PCs might be barred from receiving several months' worth of security updates.
Image by HP
At CES 2018 everyone was talking about – or talking to – Amazon.com’s Alexa digital assistant. It’s omnipresent – around the home and in phones, cars and, increasingly, offices. You’ll probably even find it in your next Windows 10 PC. It’s already in the new HP Pavilion Wave small form-factor PC (pictured); the Aspire, Spin, Switch and Swift notebooks from Acer; the 2018 ZenBook and VivoBook from Asus, and the Thinkpad X1 Carbon and Yoga devices from Lenovo.
The headlong race to cover the Meltdown/Spectre debacle has claimed another victim. In a surprising move, Intel has raised a red flag about some of its firmware patches. What should you do? Wait.
Yesterday, Intel executive VP Navin Shenoy posted on the company blog:
We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels.
As we rappel down the Patch Tuesday rabbit hole this month, Microsoft just announced it’s going to start pushing its January Windows security patches onto AMD processors again. But it neglects to mention which ones. Per a late-night change to KB 4073707:
Microsoft has resumed updating the majority of AMD devices with the Windows operating system security update to help protect against the chipset vulnerabilities known as Spectre and Meltdown.
Microsoft said Tuesday that Windows 7 PCs would run slower after receiving and installing the crash updates designed to stymie attacks that leverage the recently-disclosed vulnerabilities in virtually every in-use microprocessor.
But for Windows 10, a Microsoft executive said, "We don't expect most users to notice a change because these [slowdown] percentages are reflected in milliseconds."
The contrast, general though it was, came from Terry Myerson, who leads the company's Windows group.
"With Windows 10 on newer silicon (2016-era PCs with Skylake, Kaby Lake or newer CPU), benchmarks show single-digit slowdowns," Myerson wrote in a Tuesday post to a Microsoft blog. Skylake and Kaby Lake were the codenames for the Intel processors launched in 2015 and 2016, respectively. The bulk of new personal computers sold in 2016 and 2017 were equipped with Skylake or Kaby Lake CPUs (central processor units).
Welcome to another banner Patch Tuesday. Microsoft yesterday released 56 separately identified security patches for every supported version of Windows, Office, .Net, Internet Explorer and Edge. Out of that monstrous pile, only one patch cures a currently exploited problem — a flaw in Word’s Equation Editor that should have been fixed in November.
If you’re a “normal” user, your first priority shouldn’t be Microsoft’s patches, notwithstanding the fabulous PR job performed on Meltdown and Spectre’s behalf. Assuming you don’t open random Word docs with dicey embedded equations, your main concern right now should be getting your antivirus house in order.
Microsoft last week took the unprecedented step of requiring customers to have up-to-date antivirus software on their personal computers before it would hand over a critical security update.
"This was unique," said Chris Goettl, product manager with client security and management vendor Ivanti. "But there was a danger here."
Goettl was talking about the emergency updates Microsoft issued last week to bolster Windows' defenses against potential attacks leveraging the vulnerabilities labeled Meltdown and Spectre by researchers. Operating system and browser makers have shipped updates designed to harden systems against the vulnerabilities, which stemmed from design flaws in modern processors from companies such as Intel, AMD and ARM.
One of the curious constructions of the Internet is the term identity provider. You don’t need anyone to provide you with an identity, of course. You have an innate one by virtue of being human. Rather, so-called identity providers, or IDPs, provide you with an identifier, a means of recording attributes important to that provider, and some method of proving it’s you – usually a password.
This is not surprising since online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs. Identity systems are created to administer identifiers and attributes within a specific domain. The result: people end up with hundreds of online personas at hundreds of organizations. Each of these administrative identity systems is proprietary and owned by the organization that provides it; you really don’t have an online identity that’s independent of these many systems. Got a new address, or an updated credit card number? You’ll have to deal with each of these systems one at a time in whatever manner they require.
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.
Even while we accept that coding skills are key to some future employment, Apple is under some pressure to improve parental controls to help prevent children from becoming hooked on their phones. Apple already provides some protection parents can use to limit their children’s smartphone use. Here’s what you need to know:What are Apple's parental controls?
Apple has similar controls for iPads, iPhones, Macs and the Apple TV. Apple calls these Restrictions, and you can use them to block or limit apps and features that children can access on their device. Among other things, these tools can restrict use of Safari, the camera, Siri, FaceTime, AirDrop, CarPlay and individual apps.
Microsoft’s hasty Meltdown/Spectre patches, released late on Jan. 4, have started baring their fangs. Complaints about Win10 Fall Creators Update cumulative update KB 4056892 and Win7 Monthly Rollup KB 4056894 resulting in blue screens — particularly on AMD Athlon, Sempron, Opteron and Turion processors — started appearing shortly after the patches were released.