Archive for Microsoft

Microsoft Details Performance Impact of Spectre & Meltdown Mitigations On Windows Systems…. And You Won’t Like Them

Posted in Commentary with tags , , , on January 9, 2018 by itnerd

In case you were wondering how fixes for Spectre and Meltdown will affect you from a speed perspective, Microsoft has done the work for you to find out. Delivering the news is Microsoft’s Windows chief Terry Myerson via this blog post:

With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance. With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.

Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel.

Take home message, if you’re PC is recent, it’s a non-issue. If it’s older, it sucks to be you. And if you’re running Windows Server, well…. You’re taking a hit no matter what CPU you have and it truly sucks to be you. This is one of the reasons why this CPU bug from Intel, AMD, and ARM is a big bloody deal. Because while the security implications are extremely problematic, the cure for them may be worse than the disease.

Advertisements

Microsoft Stops AMD Meltdown Patches After Reports Of Bricked PCs Come In

Posted in Commentary with tags , on January 9, 2018 by itnerd

PC owners with AMD-powered machines running Windows are finding out that when they apply the patches for the now infamous Meltdown CPU bug, it is leaving their PCs unable to boot. This has led to a flood of complaints on Microsoft’s support forum which forced Microsoft to stop issuing the patches for Meltdown on the AMD platform. Followed by posting this statement on its support page:

Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.

That kind of sounds like they’re blaming AMD. Not that AMD users who have bricked PCs care as all they want is a fix. I assume AMD and the folks in Redmond are working on this and hopefully a fix will come sooner rather than later.

There’s Good News & Bad News When It Comes To Microsoft’s Response To The Epic Intel CPU Bug

Posted in Commentary with tags on January 5, 2018 by itnerd

Good news #1: If you’re running the latest version of Windows 10 which is build 1709, Microsoft is rolling out a fix that addresses the Meltdown vulnerability as I type this. There’s a support document related to this fix that strangely does not speak to this specifically. But the fix has to be in there as Microsoft is rolling out this fix outside their normal “Patch Tuesday” schedule which is something that they only do in emergency situations.

Good news #2: If you use Microsoft’s cloud based services, Microsoft is also updating them with the latest firmware and software patches, and these updates are rolling out now as well.

Bad news #1:  There’s another support document from Microsoft that says that unless a registry key is updated by the antivirus package that you’re using, installing the security patch can result in a blue screen of death. For that reason, Microsoft said it has set the update to only apply when the registry key has been changed. In other words, antivirus tools must set the key when they are confirmed to be compatible with operating system update. The patch introduces a significant change to the design of Windows’ internal memory management, and this is probably tripping up anti-malware tools, which dig into and rely on low levels of the system. Some AV vendors have already issued updates to change the key, and allow the fix to be applied without causing any issues.  While others have an update in the works to be released this week or early next week. In other words, you might want to check with your antivirus vendor to see if you’re good before installing the patch. Failing that, you can check this list to see if you’re good.

Bad news #2: If you’re running an older version of Windows, say Window 7 or 8.1, then you won’t get this fix until next week when “Patch Tuesday” rolls around. I guess that’s a hint from the folks in Redmond that you should really be running Windows 10.

Bad news #3: If you have anything older than a Skylake processor in your PC, it could run slower with the patches installed. Intel has said that any performance hit would be “workload dependent” without saying what exactly that means in real terms.

Bottom line: Install the patches after you sanity check to see if they won’t blue screen your PC. But don’t be surprised if the PC runs a touch slower. But at least you can sleep week knowing that you’re protected if it does.

UPDATE: A reader pointed me towards another Microsoft support document that speaks to how to install these patches on Windows Server. Just reading through it suggests that I am going to be busy for the next little while because the person running the server has to follow what’s in this document to the letter to mitigate this issue.

 

Canadians Can Now Save On Holiday Gifts Via Microsoft Rewards

Posted in Commentary with tags on November 21, 2017 by itnerd

According to a recent 2017 Holiday Shopping Survey by Accenture, savvy shoppers are keen on getting discounts when online shopping as the rise of deal websites have  attracted more than half of Canadians who are now purchasing holiday gifts year-round.

In time for the holiday season, Microsoft Rewards  is now available in Canada and enables users to earn rewards for doing what they already do online – searching the web with Bing, buying games, apps and music through the Microsoft store. 

How it works:

  • Points are accrued when users search with Bing and shop at the Microsoft online and retail stores, and can be exchanged for many items including movie downloads, devices, software and apps, games and entertainment, PC accessories and more.
  • Anyone with a Microsoft account including Outlook, Hotmail Live, Skype or Xbox Live, can easily sign up for the program through the Microsoft Rewards Dashboard. Those without an account can visit the dashboard page and create one in just a few simple steps.
  • Once registered and signed in, users will start earning points at the Level 1 status.  Full details of the Microsoft Rewards Program are available on the dashboard.

Cover the cost of a holiday-themed movie night by redeeming your points for film downloads and enjoy checking off your gift giving list from the comfort of your home this holiday season!

Check this out for more info on Microsoft Rewards.

 

#PSA: Windows 10 Users Now Have A Means To Protect Themselves From Ransomware

Posted in Commentary with tags on October 24, 2017 by itnerd

If you’ve updated your Windows 10 install to the Fall Creators Update, you have a new feature that protects you from ransomware. It’s called controlled folder access. What it does is it prevents suspicious applications from changing the contents of selected protected folders. So if you extrapolate that to a ransomware attack, it should stop ransomware from encrypting your files and holding them hostage.

Here’s how you turn it on:

  • Go to the Windows Defender Security Center App
  • Open the virus & threat protection screen within Defender
  • Click on Virus & threat protection settings
  • Turn on the controlled folder access option

The document that I linked to above also has a way to turn this on in a corporate environment with dozens or perhaps hundreds of computers. There’s no performance penalty by turning this on and you will be better off by doing so. Thus I would recommend that you turn it on today.

UPDATE: In further testing I found that Parallels Desktop does not seem to like this feature if you have turned on sharing of your Mac’s home folders with a Windows 10 virtual machine. It also stops updates to Parallels Tools from taking place. Thus Parallels Desktop users should turn this feature off until Parallels comes out with a fix for this.

 

Windows 10 Fall Creators Update… Here’s What To Expect

Posted in Commentary with tags on October 18, 2017 by itnerd

Microsoft started rolling out the Windows 10 Fall Creators Update yesterday. This is the latest major update to its current desktop operating system. Here’s what you can expect from the Fall Creators Update:

  • Microsoft now has “OneDrive Files on Demand”, which allows some files to be stored in the cloud and available to you without being synced on your local device.
  • Microsoft has a new design language named “Fluent Design“. It uses more light, depth, motion, and transparency. It’s more related to “material” objects and incorporates “scale” more, according to Microsoft. This sounds like the final name of Project Neon, a new visual design language Microsoft has been working on, but it’s more than that. It’s a new interaction model, according to Microsoft.
  • Better inking and handwriting features for tablet users.
  • The task bar shows GPU usage. That will be handy for gamers.
  • A new touch keyboard which is based on Swiftkey and WordFlow
  • Music apps Spotify and iTunes Will Be Available in the Microsoft Store which used to be called the Windows Store.
  • Microsoft Edge gets a bunch of enhancements and features.
  • Cortana gets smarter.
  • VR support appears along with mixed reality support
  • Better battery life is on tap
  • Protection from ransomware is on tap.
  • Microsoft is making a ton of privacy related changes.

There’s a lot here on tap and I’ve only scratched the surface of what is on offer. Thus I’ll direct you to this blog and this video:

To get your hands on the Fall Creators Update, here’s a link that will walk you through how to get it.

#PSA: Microsoft Drops Support For Office 2011 For Mac TODAY

Posted in Commentary with tags on October 11, 2017 by itnerd

If you’re still using Microsoft Office For Mac 2011 you may want to note that as of today, support for Office For Mac 2011 has been dropped by Microsoft. That means on software updates or security updates for you. The latter should be a concern as it opens the door for you being pwned by something. Also, if you run macOS High Sierra, the company won’t guarantee that it will work on that OS as they didn’t bother testing it on that OS. Though, from my tests it works just fine on that OS.

Now, Microsoft would like you to update to Office For Mac 2016. But your other option is to use the iWork suite of apps from Apple. The fact that they’re free and for the most part will work fine for most people is a huge incentive to go that route.