Windows 11

[California]

More on the Western Digital internet-accessible drives vulnerability.
'Krebs on Security' is a first rate investigator. His writeup goes deeper than the Ars Technica article.

He says the vulnerability exists in some My Cloud models as well as My Book.

MyBook Users Urged to Unplug Devices from Internet – Krebs on Security

 

[PuffyC]

Apparently Win11 needs TPM engaged to turn on your Win11 license and to get any downloads or updates from MS. But the concern is that MS can then control everything about the PC. like is done now in a corporate environment. Not much different than using your PC as a remote terminal.

That’s not what TPM is/does. It’s complicated but really it’s just firmware security. It’s been standard in corporate environments for a while, not because of control but because they tend to take their security seriously.

If you have a system made in the last 10 years or so you should probably be fine, and if the compatibility checker says you don’t have one likely you do but it’s not enabled in the BIOS. For Intel systems it might show up as PPT and for AMD it might be PSP. Also, many of their docs say TPM 2.0 is required but TPM 1.2 will work just fine.

IMO if you care about security then requiring TPM is a good thing. Most people with infected machines don’t know they’re infected (because if they did they’d do something about it) and if your neighbor gets infected and has their PC turned into a zombie it can very much impact you and me and everyone else as well.

 

[rekees4300]

More on the Western Digital internet-accessible drives vulnerability.
'Krebs on Security' is a first rate investigator. His writeup goes deeper than the Ars Technica article.

He says the vulnerability exists in some My Cloud models as well as My Book.

MyBook Users Urged to Unplug Devices from Internet – Krebs on Security

From the article, nothing definitive. Keeping fingers crossed, can't really unplug it because its data is essential for using PC.

"Wizcase said the flaw it found in MyBook devices also may be present in certain models of WD MyCloud network attached storage (NAS) devices, although Western Digital’s advisory makes no mention of its MyCloud line being affected."

 

[rontaki]

I always keep my backup devices disconnected from power or data sources except when I'm actually using them. It's not just being hacked that I'm concerned about, but also power surges and malfunction of the host computers that might destroy the data or device. Rather unlikely, I know, but what's the point of depending on a vulnerable backup device or cloud?

And, to borrow a saying, One is None, Two is One. That way, when one backup source fails due to physical or logical means (it will), you still have the other to copy over to your replacement device.

Most of my career was in IT and user computer support, and losing data was just about the worse thing that can happen. And it's always the IT person's fault, regardless. Boy, was I shocked when I found my predecessor's backups weren't backing much up .

As an aside, for Windows or DOS users, consider using Robocopy to back up your data. It's a native Windows / DOS application that can be scripted (batch file) to update your files on a backup device, in regular file format rather than relying on any particular application, and it costs no extra. If you want to encrypt the backup, set the backup uf for encryption before copying data to it. Makes it easy to access your data on the backup device. The downside is you need to parse all the different command switches to get it to do what you want it to do. The help files for it are detailed and easily available. Once you get it to do what you want, script it and it's easy street after that. Just be real sure not to accidentally erase your original files by using the wrong switches. The likely way that would happen is using the wrong switches with the command, but always test using expendable sources first, no matter what way you back things up. If you have only one copy, be very careful until you have a tested backup of it!

 

[MikeFarm]

Hi all

I have been reading the technical literature on this. Windows 11 will require a chip that is later than about 2017 which will means 10's of millions of PC will not be able to run it. The older chips have the required speed and even if a motherboard has the required memory it will not run. This is the first time that MS has made such a "hard" requirement. Already the MS supplied utility which checks if your PC can run Windows 11 is showing that most home users, and many businesses that don't run on a 3 year hardware lease, will need a new PC.
That is unacceptable.

All countries have a major problem with electronic waste and for MS to be doing this is completely irresponsible. It will be interesting to see what the EU decides to do with this latest announcement. Responsibility starts locally. Think globally - act locally. The best you can do here is to NOT upgrade. And tell your friends why they should not be upgrading. Windows 10 is still supported up to 2025. Windows 11 does not provides anything that you do not already have. I'm sure most of you have better things to spend your money on anyways. A tooth bar or quick hitch etc

Mike

 

[BravoXray]

All those requirements make it an easy decision for me not to upgrade to Win11.
Does MS have any clue to what real people want in an OS? It appears not.

 

[LD48750]

Thanks for the link. Hopefully that app will be available in the Fall when Windows 11 becomes available. If Microsoft thinks many folks are going to buy a new PC for Windows 11 then they are delusional.

People buy the over priced i phones as soon as they come out......

A new computer to get Win 11 will be no problem.

 

[MikeFarm]

And now MS have pulled their PC Health Check app as it was showing lots of users that they would need to get a new PC to upgrade to Win 11. Ref here: Microsoft releases Windows 11 Insider Preview, attempts to defend labyrinth of hardware requirements
Also reading the requirements to have 4 GB RAM is a complete joke. You need 8 GB to have it run at any acceptable speed as its is such a memory hog.

 

[PuffyC]

People buy the over priced i phones as soon as they come out......

A new computer to get Win 11 will be no problem.

True, and what's crazy is you can get a new PC for a lot less than the cost of a new iPhone 12 or Samsung Galaxy Sxx. Apple has been pretty good about supporting older handsets but on Android that can be as little as two years. With Win11 support going back to gen7 CPUs that will roughly split the difference between the two.

As to what people want in an OS, security is at the top of the list and that's what all of the Win11 requirements are about. There's a pretty good article about that here: OK Microsoft, you win: I’m buying a Windows 11 PC | ZDNet

Microsoft did a pretty poor job at messaging but all this reminds me of my BIL. He always b1tches about the poor condition of roads with potholes and all that, then if they decide to fix the roads he just b1tches because the roads are under construction. You can't win with some people.

 

[jjp8182]

More security theater and progression in the cybersecurity arms race it is then?

Personally I'd rather not keep anything of personal/irreplaceable value connected to the internet full time as there always flaws (even in the "new enhanced"/"patched" versions). If it's important it (or a backup) should probably be air gapped in my opinion - and preferably with with tightly controlled access to the physical air gapped system/backup.

Seen/heard of too many breaches (to include the OPM breach a several years ago) to have any faith in new software or patches..... particularly given the poor system/software engineering practices I've seen at many companies (of all sizes).

No matter how good a defense, unless it's paired with an effective offense the defense will be overcome sooner or later..... unfortunately it doesn't seem there's much interest/capability in prosecuting cyber-crimes/attacks unless it reaches a "newsworthy" level.....