# Windows 7 & older -- update patch (warning)



## JohnG (May 15, 2019)

https://www.wsj.com/articles/micros...n-a-week-of-them-11557900716?mod=hp_lead_pos4

Microsoft warns of a major bug vulnerability, especially for Windows 7 and other older OS. The linked article says Windows 8 and 10 not affected but whatever.


----------



## richardt4520 (May 15, 2019)

That's exactly why I keep my production PCs offline most of the time. I administer patches as one of my duties at my day job. My co-worker just IMed me to tell me that he just read up on it and the solution for this one is to disable hyperthreading...which will cut your performance in half, basically. lol I haven't read up on it to verify.


----------



## Thomas Kallweit (May 15, 2019)

There was big update today, but so I guess this is something completely different then. 
Could not read the whole article, as I'm no subscriber, but I guess there will be lots to be find about this elsewhere too.


----------



## dzilizzi (May 15, 2019)

I guess I need to check for updates. Thanks!


----------



## bcarwell (May 15, 2019)

How does one acquire this bug ? What are the most likely sources and things to do, if any, to minimize ? Does this come through an automatic update that can be turned off ? What if I only access email with known safe respondents, and only use a few limited music-related sites like this one, and known vendors like Spitfire, Sonovox, etc. and do not surf.

Bob


----------



## JohnG (May 15, 2019)

https://www.barrons.com/articles/microsoft-computer-bug-warning-51557935667?siteid=yhoof2&yptr=yahoo

what @dzilizzi said -- update your software


----------



## I like music (May 15, 2019)

Ah shit, I can't read those articles. Technically, I'm a peasant. And I have Windows 7.

What can I do to avoid a catastrophe here? I hope the solution doesn't involve moving off Windows 7!!!


----------



## AlexRuger (May 15, 2019)

I like music said:


> What can I do to avoid a catastrophe here? I hope the solution doesn't involve moving off Windows 7!!!



You've got, what, a year of support left? Might as well switch to Windows 10, as it's inevitable.


----------



## I like music (May 15, 2019)

AlexRuger said:


> You've got, what, a year of support left? Might as well switch to Windows 10, as it's inevitable.



Going to make it last as long as I can, then! No, it is more the fact that some of the hardware on my machine won't work with anything higher than Win7. And that shit is going to be costly to upgrade. Makes me sad.

Just so that I can understand, there's an update for now which takes care of it?


----------



## dzilizzi (May 15, 2019)

I like music said:


> Going to make it last as long as I can, then! No, it is more the fact that some of the hardware on my machine won't work with anything higher than Win7. And that shit is going to be costly to upgrade. Makes me sad.
> 
> Just so that I can understand, there's an update for now which takes care of it?


I find MS doesn't usually announce issues until they have a fix for them. 

I'm with you on not wanting to update to 10 on my music computer. The other ones? Sure, not a problem.


----------



## I like music (May 15, 2019)

dzilizzi said:


> I find MS doesn't usually announce issues until they have a fix for them.
> 
> I'm with you on not wanting to update to 10 on my music computer. The other ones? Sure, not a problem.



I think I had disabled updates. A few years ago people recommended this, as I'm fairly sure they were trying to shove a Win10 upgrade down my throad. But I guess I should check it now. My computer is probably ripe for plundering.


----------



## dzilizzi (May 15, 2019)

I like music said:


> I think I had disabled updates. A few years ago people recommended this, as I'm fairly sure they were trying to shove a Win10 upgrade down my throad. But I guess I should check it now. My computer is probably ripe for plundering.


The I always set it to ask me. Then I go through them and check to see what they are for. I haven't seen a Win10 update in a year or two. Though if you google it, you can still get the free upgrade. However, it is to the normal Win10 and not the Pro version. I keep turning off the automatic updates on my Win10 laptop and it still continues to run updates. So I'm not sure if I trust it yet with my music machine that has picky software on it.


----------



## I like music (May 15, 2019)

dzilizzi said:


> The I always set it to ask me. Then I go through them and check to see what they are for. I haven't seen a Win10 update in a year or two. Though if you google it, you can still get the free upgrade. However, it is to the normal Win10 and not the Pro version. I keep turning off the automatic updates on my Win10 laptop and it still continues to run updates. So I'm not sure if I trust it yet with my music machine that has picky software on it.



Ah crap. So if I upgrade from a Win7 Pro version, it wouldn't bump me to Win10 Pro? Another cost.

Tomorrow's job is to make sure my computer is updated enough to survive another year!

BTW what are general impressions of Win10 vs Win7 when it comes to music? I had this feeling it would have more bloatware, but I don't really know why I was thinking this.


----------



## whiskers (May 15, 2019)

richardt4520 said:


> That's exactly why I keep my production PCs offline most of the time. I administer patches as one of my duties at my day job. My co-worker just IMed me to tell me that he just read up on it and the solution for this one is to disable hyperthreading...which will cut your performance in half, basically. lol I haven't read up on it to verify.


Essentially, yes. The POCs for the zombieLoad exploit are very academic currently would be very hard to pull off in the wild / real world. I'm not aware of any currently known exploits that uses it in the real world yet, but I might be wrong. The simplified version is that basically you have to be on the same core as a hyperthreaded process sharing that core, and to use the exploit to cause a slow leak of contents of the process you are monitoring on the other thread. So it's not very practical yet, but I clearly need to do more reading. Disabling hyper threading would definitely mitigate the issue, at the cost of a heavy loss of performance


----------



## richardt4520 (May 15, 2019)

whiskers said:


> Essentially, yes. The POCs for the zombieLoad exploit academic currently would be very hard to pull off in the wild / real world. I'm not aware of any currently known exports that uses in the real world yet, but I might be wrong. The simplified version is that basically you have to be on the same core as a hyperthreaded process sharing that core, and to use the exploit to cause a slow leak of contents of the process you are monitoring on the other thread. So it's not very practical yet, but I clearly need to do more reading. Disabling hyper threading would definitely mitigate the issue, at the cost of a heavy loss of performance


Thanks for the info, Whiskers!


----------



## Quasar (May 15, 2019)

AlexRuger said:


> You've got, what, a year of support left? Might as well switch to Windows 10, as it's inevitable.


It's no small benefit keeping one's DAW workstation offline. I haven't had an update since on my W7 PC since 2017 and never worry about any of the security issues. I'll switch to 10 if and when I _want_ a product or feature that requires it. Not before. Offline, security risks, MS "end of life" timetables or whatever simply don't matter.


----------



## DavidY (May 15, 2019)

I like music said:


> Ah crap. So if I upgrade from a Win7 Pro version, it wouldn't bump me to Win10 Pro? Another cost.


I think you could probably upgrade for free from Pro to Pro, and I certainly did this for free after the official free upgrade finished, although it's a while ago now.


----------



## DavidY (May 15, 2019)

There's some more "mitigations" in this article by the way.
https://nakedsecurity.sophos.com/20...itical-remote-wormable-windows-vulnerability/

The fact that they've issued a patch for XP says something though.


----------



## whiskers (May 15, 2019)

richardt4520 said:


> Thanks for the info, Whiskers!


My bad was thinking of the Intel bug, not the MS RDP one. Would help if I read lol!


----------



## richardt4520 (May 15, 2019)

whiskers said:


> My bad was thinking of the Intel bug, not the MS RDP one. Would help if I read lol!


Oh! I can't read the WSJ article so I was thinking of the same one. Carry on!


----------



## whiskers (May 15, 2019)

richardt4520 said:


> Oh! I can't read the WSJ article so I was thinking of the same one. Carry on!


Neither could I, in the little I saw it mentioned both RDP bug and the Intel bug. your mention of turning off hyper threading is what made me think of the zombie load. Also the Intel flaw covers more than just Windows 7 and 8 

Either way always patch your systems


----------



## chimuelo (May 15, 2019)

What happens, my compositions are finally seen by more people because of data collection?
Please ....hack me.


----------



## bill5 (May 15, 2019)

JohnG said:


> https://www.barrons.com/articles/microsoft-computer-bug-warning-51557935667?siteid=yhoof2&yptr=yahoo
> 
> what @dzilizzi said -- update your software


"Microsoft (ticker: MSFT) said that it hasn’t seen anyone take advantage of the flaw, which affects older versions of its Windows operating system, but that it believes it is “highly likely” the flaw will wind up being exploited by malicious software, now that it has been publicly disclosed."

Then hey MS maybe you shouldn't have disclosed it, ya think? Gee I wonder why they did...it couldn't be a thinly-veiled incentive for people to buy Win 10 could it? 

I think Win 7 is far superior, 10 sucks, and will take my chances. The odds of this ever being an issue is minute. In short: bite me, MS. If I buy a new laptop it will either come with 7 or I will buy 7 and eliminate 10.


----------



## whiskers (May 15, 2019)

bill5 said:


> "Microsoft (ticker: MSFT) said that it hasn’t seen anyone take advantage of the flaw, which affects older versions of its Windows operating system, but that it believes it is “highly likely” the flaw will wind up being exploited by malicious software, now that it has been publicly disclosed."
> 
> Then hey MS maybe you shouldn't have disclosed it, ya think? Gee I wonder why they did...it couldn't be a thinly-veiled incentive for people to buy Win 10 could it?


That's a pretty simple take to a more complex issue. Just because genpop wasn't aware of the flaw doesn't mean malicious actors didn't already know or weren't already trying to exploit it.

Check out the idea of responsible disclosure


----------



## bill5 (May 15, 2019)

? Sorry lost me. What is "genpop?"

My point is MS is "broadcasting" this as an incentive to get people not on 10 yet to go there.


----------



## whiskers (May 15, 2019)

bill5 said:


> ? Sorry lost me. What is "genpop?"


Sorry general population aka "the public"


----------



## dzilizzi (May 15, 2019)

I like music said:


> Ah crap. So if I upgrade from a Win7 Pro version, it wouldn't bump me to Win10 Pro? Another cost.
> 
> Tomorrow's job is to make sure my computer is updated enough to survive another year!
> 
> BTW what are general impressions of Win10 vs Win7 when it comes to music? I had this feeling it would have more bloatware, but I don't really know why I was thinking this.


Everything I've read is that it is fine for music. The only problem has been updates messing things up. So if you stop auto updates and only run after verifying there were no issues, you shouldn't have any problems. As far as I know, if a program runs on 7 it should run on 10. Except maybe an old version of ProTools..


----------



## dzilizzi (May 15, 2019)

bill5 said:


> ? Sorry lost me. What is "genpop?"
> 
> My point is MS is "broadcasting" this as an incentive to get people not on 10 yet to go there.


I don't necessarily think so. The fact they are sending out fixes for XP shows they realize some people won't upgrade until they are forced to - as in their computer dies.


----------



## bill5 (May 15, 2019)

I should have said "I suspect" vs "this is how it is." My bad. Either way, they can keep 10.


----------



## Quasar (May 15, 2019)

DavidY said:


> I think you could probably upgrade for free from Pro to Pro, and I certainly did this for free after the official free upgrade finished, although it's a while ago now.


As of about a week ago, you still can. Microsoft doesn't publicize it, but if you have a valid license key for 7, 8, or 8.1 the upgrade is still free using W10 installation media.

As January 14, 2020 approaches, they may pull the plug on this workaround at any time. Who knows? But up to now at least, MS appears to want everyone on 10 more than they care about collecting OS upgrade revenue.


----------



## dzilizzi (May 15, 2019)

I picked up the free upgrade for all my computers and saved the file. But I haven't installed it yet. But I probably won't ever update my desktop. It's too old, and I'm afraid there will be driver issues. My music computer could easily be upgraded, I just prefer 7.


----------



## whiskers (May 15, 2019)

dzilizzi said:


> I picked up the free upgrade for all my computers and saved the file. But I haven't installed it yet. But I probably won't ever update my desktop. It's too old, and I'm afraid there will be driver issues. My music computer could easily be upgraded, I just prefer 7.


10 isn't bad


----------



## dzilizzi (May 15, 2019)

whiskers said:


> 10 isn't bad


I have 10 on my non-music laptop. I like some things about it, but I hate I can't change colors for things like the windows. I had gotten very good at creating a nice parchment on sage green for Word and Excel. I can't do that in 10. It's all ugly white and grey. I hate white and grey. So depressing, hard to read and hard on my eyes.


----------



## DavidY (May 16, 2019)

dzilizzi said:


> I picked up the free upgrade for all my computers and saved the file. But I haven't installed it yet.


I'm not sure which file you saved? But if Microsoft ever pull the free upgrade, there's some risk that "saving the file" approach won't work.

The way I believe W10 activation works is that it once a computer has valid activation for W10, it saves a hardware signature of the computer on its servers. When you install W10 in future, it checks the computer's hardware signature against the list on its servers - and if it's on the list as having previously activated with the same W10 edition, it reactivates.

You can of course buy a W10 licence, and also if the computer was bought with W10, it will have a key on the motherboard somewhere.

But for computers upgraded from W7/8/8.1, if you wanted to "save" an activation, I think the way to do it is 

Fully Backup your setup with W7 (or 8.1, no-one should be running W8.0 now)
Upgrade to W10
Make sure it activates, 

Ideally login with an Admin-level Microsoft Account which saves some details in your account and gives more options if hardware changes

Restore to W7 (or whatever)
Then if you did want to migrate to W10 in future, the hardware signature should be on the servers and activate.


----------



## dzilizzi (May 16, 2019)

DavidY said:


> I'm not sure which file you saved? But if Microsoft ever pull the free upgrade, there's some risk that "saving the file" approach won't work.
> 
> The way I believe W10 activation works is that it once a computer has valid activation for W10, it saves a hardware signature of the computer on its servers. When you install W10 in future, it checks the computer's hardware signature against the list on its servers - and if it's on the list as having previously activated with the same W10 edition, it reactivates.
> 
> ...


I did that on all but my music computer. Actually, the easiest way would be to take an old unused HDD, unplug all the other HDD/SSDs from the computer, plug in the old one, install W10 to the old drive, activate it for the computer, remove it and replug in the current drives, and done! No mess. I have a couple old 250 GB drives that are just too small to use for much. I should probably do this.


----------



## Quasar (May 16, 2019)

DavidY said:


> I'm not sure which file you saved?...
> ...Then if you did want to migrate to W10 in future, the hardware signature should be on the servers and activate.



Yeah, I don't know what this file thing means either. But my understanding is that the hardware sig is the key. A while back I unplugged all my drives, put in a clean HD and installed/activated W10 on my DAW machine, then removed it and returned to the W7 universe. So in theory it should just upgrade if/when I choose to do so.


----------



## bill5 (May 16, 2019)

whiskers said:


> 10 isn't bad


We'll agree to disagree.  It's not WindowsME bad, but 7 IMO is far better


----------



## mscp (May 27, 2019)

Why do people still hold on to Win7? I don’t understand. Is it THAT superior to W10? I haven’t had the opportunity to use W7 because I have recently switched from a Mac (after using it for two decades) straight to a W10 rig. Still haven’t found any issues with it.


----------



## whiskers (May 27, 2019)

Phil81 said:


> Why do people still hold on to Win7? I don’t understand. Is it THAT superior to W10? I haven’t had the opportunity to use W7 because I have recently switched from a Mac (after using it for two decades) straight to a W10 rig. Still haven’t found any issues with it.


Many people dislike change - for a variety of reasons, some valid, some not so much. I do think people definitely make some issues on 10 much bigger issues than they should be


----------



## mscp (May 27, 2019)

whiskers said:


> Many people dislike change - for a variety of reasons, some valid, some not so much. I do think people definitely make some issues on 10 much bigger issues than they should be



Makes sense. I’ve been called “brave” for moving from Apple to PCs (for no logical reason) but honestly I think it was the smartest and easiest decision I’ve made in regards to computer hardware/software in a long time. I love the freedom.


----------



## heisenberg (May 27, 2019)

Microsoft announced early in 2019 that it will offer extended support for Windows 7 Pro for 3 years beyond the January 2020 EOL date announced previously. It will cost $50 for the first year and then doubles thereafter. $100 for year two and $200 for year 3. So for those of you who who don't see the cost/benefit of moving to Windows 10 yet, you can extend your use of Windows 7 and continue to get updates for another 3 years. But it will cost you a bit.

The article below sez Microsoft won't be extending this program to "home users" but I have seen conflicting information on this point.

https://www.theinquirer.net/inquirer/news/3070532/windows-7-extended-support-cost


----------



## bill5 (May 27, 2019)

whiskers said:


> Many people dislike change - for a variety of reasons, some valid, some not so much. I do think people definitely make some issues on 10 much bigger issues than they should be


While there are others who think change is inherently good, which makes as much sense as saying change is inherently bad.......i.e. none whatsoever. To say nothing of the me-too sheeple of the world who buy the newest thing because everyone else is. It's all the rage. Sad.

There should actually be logical reasons to make, or not make, a change. I see none in going from Win 7 to Win 10. It certainly isn't any more stable or reliable, while offering obnoxious snoopiness/invasiveness, forced updates, an inferior UI, a plethora of apps people often don't even want...the list goes on. 

My next laptop will Win 7 because it's clear to me it's better, but to each their own.


----------



## dzilizzi (May 27, 2019)

Phil81 said:


> Why do people still hold on to Win7? I don’t understand. Is it THAT superior to W10? I haven’t had the opportunity to use W7 because I have recently switched from a Mac (after using it for two decades) straight to a W10 rig. Still haven’t found any issues with it.


I like that I have a lot more control over Windows 7 than 10. Mostly for me it is a visual thing. I hate all the grey and white that Windows seems to love. I can't change the colors on 10, but I can on 7. Plus when 10 first came out there were a lot of issues. Especially with the automatic updates. You know how Apple keeps breaking stuff with their updates? 7 never had that issue. Vista did, but 7 was very stable. It is easy to use and works well. 8 was aimed towards tablets and was annoying. But I didn't have too many issues with it. 10 just sucked at first - broke everything with each update and you couldn't turn them off. They would just turn it back on. But then they fixed it so you had a start bar again and it opened to the desktop. I don't like the fact it feels like it calls in to Microsoft all the time also. It's bad enough I have a work computer that is watched constantly. I don't need to feel like my home computer is being spied upon. 

Sorry, didn't mean to get into a rant. I just ordered a new computer because my old desktop, that still works great, can't be updated to Windows 10, as the drivers won't support it. It is about 8 years old, so I've gotten my money's worth out of it. Costco had a great sale on a Dell with 64 GB RAM and 10 Pro, so I may update the music computer and make my 32 GB RAM music computer into a desktop with the free Windows 10.


----------



## mscp (May 28, 2019)

dzilizzi said:


> It's bad enough I have a work computer that is watched constantly.



Privacy was replaced by the internet. If you really want it back, you must go offline. 

I hear you. It doesn’t seem like a rant.


----------

