Meltdown and Spectre: Good news for AMD users, (more) bad news for Intel

The good news: Shortly after its initial release, Microsoft suspended shipping its Spectre and Meltdown Windows patches to owners of AMD systems after some users found that it left their systems unbootable. Microsoft partially lifted the restriction last week, sending the update to newer AMD systems but still leaving the oldest machines unpatched.

Now the company has an update that works on those systems too. If you’re unfortunate enough to have installed the previous, bad update and now have a system that crashes on startup, you’ll still have to roll back the bad update before you can install the new one. We’ve read reports that this is indeed possible, but unfortunately, Microsoft only offers generic guidance on troubleshooting blue screen of death crashes, not any specific steps to fix this specific issue.

The bad news: Intel has previously warned that the microcode update it issued to provide some processor-based mitigation for some kinds of Spectre attack was causing machines with Haswell and Broadwell processors to reboot. It turns out that the problems are more widespread than previously reported: the chip company is now saying that Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake systems are affected too.

Read 2 remaining paragraphs | Comments

The Windows 10 control panel modernization continues: Fonts get some love

The Windows user interface has a certain archaeological quality to it. While the upper layers tend to be new—using the styling and conventions of the day—dig a little deeper and you can find elements that are decades old. With each Windows release, Microsoft has heaped new stuff onto the pile, but it hasn’t spent much time going back and revamping the old bits. Very occasionally, the relics of yesteryear are identified and excised, but more often than not, they’re left alone.

One area where this is particularly plain is Control Panel. Control Panel spans many eras of Windows development, and so Windows’ settings are spread across three different styles of interface. The very oldest are the individual Control Panel applets in their tabbed dialog boxes; more recent are the Explorer-based Control Panels. The very newest is the Settings app.

With Windows 10, the company has, for the first time ever, taken serious strides toward modernizing even old parts of the operating system. With each new update, more and more settings are being moved from Control Panel into the Settings app. This creates the possibility that perhaps one day Windows will have a single application that is used for all its major settings and configurations.

Read 4 remaining paragraphs | Comments

Spectre and Meltdown patches causing trouble as realistic attacks get closer

Applications, operating systems, and firmware all need to be updated to defeat Meltdown and protect against Spectre, two attacks that exploit features of high-performance processors to leak information and undermine system security. The computing industry has been scrambling to respond after news of the problem broke early a few days into the new year.

But that patching is proving problematic. The Meltdown protection is revealing bugs or otherwise undesirable behavior in various drivers, and Intel is currently recommending that people cease installing a microcode update it issued to help tackle the Spectre problem. This comes as researchers are digging into the papers describing the issues and getting closer to weaponizing the research to turn it into a practical attack. With the bad guys sure to be doing the same, real-world attacks using this research are sure to follow soon.

Back when initially releasing its Windows patch, Microsoft acknowledged incompatibilities with some anti-virus software. To receive the Meltdown and Spectre fixes, anti-virus software on Windows is required to create a special registry entry indicating that it’s compatible. Without this entry, not only are these patches blocked, but so too are all future Windows patches. Most anti-virus vendors should now have compatible versions of their products, but users with stale anti-virus software—expired trials or end-of-lifed products—are at this point much better off removing the third-party software entirely and using the built-in protection in Windows 8.1 and Windows 10.

Read 8 remaining paragraphs | Comments

The state of Israel’s cybersecurity market

 The Equifax breach, WannaCry, NotPetya, the NSA leak, and many more cyber incidents – 2017 was certainly a busy year for hackers, illustrating yet again just how vital innovative cybersecurity solutions are in the fight against cyber threats.
Second only to the U.S., in terms of cybersecurity investment 2017 was another excellent year for Israeli cybersecurity startups, with dozens of… Read More

Cortana had a crappy CES

 Cortana gets no respect. Microsoft’s smart assistant is actually pretty solid, all things told, but it rarely gets mentioned in the same breath as Alexa, Siri or Google Assistant. Maybe it’s a problem of marketing —the company was quick to point at Build in May that its smart assistant now has 141 million monthly users. More likely though, it’s a problem with… Read More

Microsoft opens the Windows 10 Fall Creators Update floodgates

After being out for a little under three months, Microsoft has moved the Fall Creators Update to full availability, signaling that the company believes it to be ready for corporate deployments.

Microsoft rolls out the big Windows semi-annual updates on a staggered basis, making the update available to an ever larger range of users as the company builds a clearer picture of any hardware and software incompatibilities. Once it’s satisfied that any of these wrinkles have been ironed out, Microsoft offers the update to every machine that’s compatible. With the Fall Creators Update on 100 million machines, Microsoft has decided that the update is ready for its full deployment.

This development process has been refined over the last few years; the 2016 Anniversary Update raised a number of problems, causing Microsoft to be more conservative subsequently. The previous update, the Creators Update, took about four months to reach this same stage. The decision to make the Fall Creators Update, version 1709, widely available in less than three months shows that the company is more confident in this release and its wider deployment.

Read 1 remaining paragraphs | Comments

End-to-End Encryption Comes to Skype Through Signal Partnership

Microsoft is testing a new “Private Conversations” feature in Skype, which is being introduced through a partnership with Signal.

Skype is using the Signal Protocol for the feature, allowing users to take advantage of strong end-to-end encryption for more secure communications.



Private Conversations are available for one-on-one conversations on Skype, with users able to initiate a private conversation by tapping on the “+” icon and then selecting “New Private Conversation.” Once a conversation is initiated, it will be available only on the specific device where it was started.

Microsoft says Private Conversations offer several unique features:

  • A Private Conversation will have a lock icon next to your contact’s name.
  • Preview messages from Private Conversations will not show in Chats or notifications.
  • Private Conversation capabilities are limited. You cannot edit a message or forward a file. From the chat window, only emoticons, files and audio messages are available to send.
  • Private Conversations are specific to a device. A new invitation must be sent and accepted, to change to another device.

Private Conversations are available today in a preview capacity for Skype Insiders, Microsoft’s beta testing program for Skype.

Discuss this article in our forums

Skype finally getting end-to-end encryption

Since its inception, Skype has been notable for its secretive, proprietary algorithm. It’s also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers.

That changes today in a big way. The newest Skype preview now supports the Signal protocol: the end-to-end encrypted protocol already used by WhatsApp, Facebook Messenger, Google Allo, and, of course, Signal. Skype Private Conversations will support text, audio calls, and file transfers, with end-to-end encryption that Microsoft, Signal, and, it’s believed, law enforcement agencies cannot eavesdrop on.

Presently, Private Conversations are only available in the Insider builds of Skype. Naturally, the Universal Windows Platform version of the app—the preferred version on Windows 10—isn’t yet supported. In contrast, the desktop version of the app, along with the iOS, Android, Linux, and macOS clients, all have compatible Insider builds. Private Conversations aren’t the default and don’t appear to yet support video calling. The latter limitation shouldn’t be insurmountable (Signal’s own app offers secure video calling). We hope to see the former change once updated clients are stable and widely deployed.

Read 2 remaining paragraphs | Comments