Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019 (zdnet.com) 146
Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article. From a report: Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. But going forward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said.
Microsoft : You must update to have updates (Score:4, Funny)
Update coming to update you so you can get updates. Dawg.
Re: Microsoft : You must update to have updates (Score:1)
Bug going foward,
Important to get new bugs from Microsoft
Re: (Score:2)
Re: (Score:3)
That has been the story of windows update several times now, where you had to update windows update to get updates.
Re: (Score:2)
Re: Microsoft : You must update to have updates (Score:2)
And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.
Re: (Score:1)
And meanwhile folks here playing victim will be foaming at the mouth when July hits blaming Microsoft instead of themselves for refusing to turn Windows update on.
To be fair, a lot of folks didn't upgrade to Win10 because of telemetry. When Microsoft decided to add it into a Win7 update, that was when a lot of people turned off automatic updates.
Re: (Score:2)
It's more of a fast rewind to 2015, when the initial patch for this was released iirc.
Re: (Score:2)
On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.
Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019.
Re: (Score:2)
This seems to be the standalone update for those who didn't install the original sha-2 support one from 2015. That one had problems, and MS did originally have a bulletin stating that if you have problems with it, you should uninstall it.
Fact check me on this:
https://support.microsoft.com/... [microsoft.com]
I could be reading it wrong. But it seems that sha-2 support has been in win7 ever since that patch.
Re: (Score:2)
Re:Microsoft : You must update to have updates (Score:5, Informative)
As much as I like Linux, Windows is still where all the games are.
Re: Linux actually does have games now. (Score:1)
My next gaming rig will be a linux based system
Re:Linux actually does have games now. (Score:4, Insightful)
Re: (Score:2)
Not to mention "anti-cheat" software that disables your game access because they don't like programs you have on your disk. You can't even report or diagnose problems, as that is part of what it bans -- any debugger or system monitor even anti-virus and anti-malware suites may be on their banned list.
You can't even run some programs like Microsoft's ProcessMonitor any time before playing the game because those programs load drivers to inspect and monitor your system. Thus anti-cheat engines like XIGNCODE
Re: (Score:3)
https://store.steampowered.com... [steampowered.com]
Steam has Wine built in nowadays, but it's called Proton as part of its internal usage. This is the list that's compatible, and officially they have Proton enabled by default for these titles: https://steamcommunity.com/gam... [steamcommunity.com]
They've also been doing a lot of work and upstreaming features to Wine, like DirectX12 to Vulkan API.
Re: (Score:3)
You obviously haven't even tried to play any games in the last 6 months on linux. Steam is kicking ass with Steam Play, And games that use unity 2 where they removed linux support, still work just as well as windows. Maybe instead of just bashing it you should try it occasionally. So you even have a Linux bootable os? I would doubt it from your rant.
Re: (Score:2)
Re: (Score:2)
Honestly the only issue with Linux nowadays are Nvidia cards and ease of use with desktop environments, specifically switching between different ones like XFCE to KDE and handling errors. Everything else is fine. Nvidia drivers are really hit and miss depending on the card, but AMD open sourced their drivers so people or if you want to even you could make them better. Steam Proton is making huge strides nowadays, so the argument that Linux has no games is somewhat true but to a much lesser extent with St
Re: (Score:2)
As much as I like Linux, Windows is still where all the games are.
I thought Steam fixed all that.
Re:Microsoft : You must update to have updates (Score:4, Interesting)
They are chipping away at it. They have done leaps and bounds with Steam Play. Their dev team isn't half bad it seems.
Re: (Score:2)
Half Life 3 confirmed!!
Re: (Score:2)
There is also a surprising lack of decent file managers for Linux. Certainly nothing on the level of Directory Opus.
It's very strange. You would think that Linux would be the best at all the nerdy stuff like advanced file management and software development, but actually it lags quite a bit in those areas. Games I don't really care about, but productivity tools...
Re: (Score:3)
serious development is done on the command line, and not through some gui
Mere command line snobbery. Serious cargo hauling is done with a horse and buggy and not these newfangled horseless carriages... You also seem to be equating development with testing. That's like equating eating with defecating. While one certainly depends on the other, they are hardly interchangeable and synonymous.
Re: (Score:2)
Command line is never going to cut it for serious development on large projects. If you get a compilation error who wants to dick around manually going to the right file and line to fix it, when a GUI lets them go there in a single click? Who is going to muck about with grep and clever regexs to find all references to a particular function, or worse try to refactor it over the entire project with sed?
Re: (Score:2)
Re: (Score:2)
I took a look at some Directory Opus screenshots, and what is so wonderful about it that Dolphin doesn't have?
Re: (Score:2)
Screenshots don't really do it justice... Basically it's like one of the classic two-pane file managers, but each pane is a window and you can have an unlimited number of them. File operations are advanced, such as queued copying, rename with two types of regex, even file selection based on regex, directory structure flattening, multiple scripting languages, rename from metadata, all kinds of stuff.
Dolphin is more of a basic Explorer/two-pane hybrid. Say you had a folder structure where you wanted to extrac
Re: (Score:2)
Don't use wine, use steams version it's miles ahead and keeps getting better with every client update.
Re: (Score:2)
Your the one crying about how Microsoft hurts your feelings. Not us. We're just trying to help but like most battered women you keep saying "But I love him" and then we see you the next week with another black eye.
Re: (Score:2)
lol are people still using Micro$oft Win-Doze?
Unfortunately, Yes. I have a cable card tuner and I run Windows Media Center to DVR protected content. WMC only runs with protected content on Windows 7. There are no other options for this, except for TiVo, which involves buying a whole new set of hardware and paying subscription fees (or paying the cable company entirely too much for the service).
Where I don't like running Windows 7 and I'd replace it in a heartbeat, it's the cheapest solution I could find at the time for the cable card DVR and prote
BUg gOing fOward (Score:1)
Does no one even care to proofread anymore? Not expecting amazing journalism or anything bug this is ridiculous.
Great Clickbait (Score:5, Informative)
Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:
"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.
Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "
tldr; nothing will change for these users
Re:Great Clickbait (Score:5, Funny)
On May 14th they'll roll out the patches again, this time signed with SHA1 so they can actually install. June 11th they'll roll back the accidentally included patch that causes all printers to add a faint watermark of Satya Nadella's butt. In July they'll roll out a patch that makes the sha2 actually verify when it should. Then in August, a patch that makes it NOT verify when it shouldn't. In September they'll re-roll back the Satya Nadella's butt watermark that somehow crept back in in August. In October they'll re-issue the re-rollback patch, this time signed with SHA2 since they removed the SHA1 code in July. In November they'll deny all knowledge of a patch replacing the start-up sound with a braying donkey.
Re:Great Clickbait (Score:4, Insightful)
On the bright side, this story is about win7, so reasonable people already defer patching by a week or two to see what crap MS sneaked into the update this time.
Re: (Score:2)
Why don't we read the next blurbs of the article that come immediately after the part cited in the summary:
"Microsoft has published a timeline for migrating these operating systems to SHA-2, with support for the algorithm coming in standalone updates. On March 12, Microsoft is planning a standalone update with SHA-2 code sign support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also will deliver to WSUS 3.0 SP2 the required support for delivering SHA-2 updates.
Microsoft will make available a standalone update with SHA-2 code sign support for Windows Server 2008 SP2 on April 9, 2019. "
tldr; nothing will change for these users
What will change is the pile of 2nd hand computers that will not be able to (automatically) receive updates because they were powered off during this critical period between March and July.
To me this sounds like a well-thought scheme to increase PC sales. I'd not be surprised if OEM's handed MS some money if they can fix the 2nd hand problem, because people can buy a perfectly functional PC for less than $50.
Re: (Score:2)
Or the bigger period of any Windows reinstall after July. Unless older updates will remain signed with SHA1, which only makes sense.
Re: (Score:2)
tldr; nothing will change for these users
Nothing will change for users who have windows update automatically enabled? You don't say. Just because some users aren't affected doesn't make the article clickbait.
Re: (Score:1)
Re: (Score:2)
I just air-gap my Windows boxes: double-ought works okay but nothing leaves nice gaps like slugs.
Re: (Score:2)
A bit slimy, though.
Re: (Score:2)
Found the anti-vaxxer.
Re: (Score:2)
That's actually pretty safe, as long as you have a semi-saneish firewall with a deny-incoming rule (such as most IPv4-only connections (for "deny-incoming", not "sane")). There's no Microsoft _client_ program that's reasonable to run, so all you care about are vulnerabilities in Firefox or such. Barring a hole in low level TCP/IP, network attacks are limited to the local network. Even a hole in eg. Microsoft's implementation of DNS stub resolver can be avoided by running a local cache (no idea what's Win
Too late Microsoft -- you already f**ked me (Score:3, Interesting)
Re: (Score:2)
You also have employees that would be beaten by a rock mentally? Man I thought I was the only one that had to deal with that issue. Sadly this is not sarcasm :(
Old patch already addressed this (Score:2, Informative)
There is an old patch for windows7 that already added SHA2 code signing: KB3033929. It can still be downloaded directly from microsoft.com without having to enable updates.
I am a Windows 7 user - stopped automatic updates (Score:5, Interesting)
I stopped automatic updates a couple of years ago. Microsofto was pushing Windows 10 hard. I realized that, once they stop pushing the Windows 10 installation, they will try to get Windows 7 user give up by pushing shit updates - stuff that will break Windows 7. Don't even try to tell me this is beyond Microsoft, we all know it is right up their alley.
So, after two years without automatic updates, all my computers (laptops and my desktop) are working without any security issues, including Meltdown that has been contained with patches that make sense vs. the crap that Microsoft pushed the first two times (surely by "mistake").
Re: (Score:2)
Re: (Score:2)
I read those comments. Might have gotten one myself. Along the lines "as soon as you boot your box will be owned."
Well, I rather not be owned by Microsoft.
Re: (Score:2)
What about the patch servers? (Score:2)
Will Microsoft be fixing the situation where their Windows Update servers are carrying fucked up Win7 Manifests?
The whole reason I got off Win7 was because Windows Updates would run for 12+ hours, then fail out. And you'd have to keep running it until you hit a server with an undamaged manifest.
All those evil Programmers making patches (Score:1)
We've got to plug this hole to stop all those evil doers from corrupting our patches and computing correctly signed patches with SHA-1!!!
Said no-one, ever.