1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ASLR worthless in Win 8 & above

Discussion in 'Security and Privacy' started by rsinfo, 2017/11/21.

  1. 2017/11/21
    rsinfo

    rsinfo SuperGeek Alumni Thread Starter

    Joined:
    2005/12/25
    Messages:
    3,813
    Likes Received:
    147
    Trophy Points:
    843
    Location:
    New Delhi, India
    Computer Experience:
    Experienced but ! en
  2. 2017/11/21
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Of course not! W7 certainly is less secure than W10.

    That article is yet another example of poor and biased journalism by ZDNet attempting to seek attention with sensationalized headlines and exaggerated reported. If this was such a flagrant vulnerability, it surely would have been discovered and exploited by the badguys years ago, since it first appeared with W8.

    The fact is, this is a minor issue blown out of proportion by [unscrupulous] members of the IT press. :mad:

    Yes, the bug is real.

    BUT, with a little reading, the real problem is simply that an additional security measure does not work correctly "IF" certain conditions are met. The bug does NOT open up a vulnerability to make W10 less secure. It just does not provide the additional benefit as intended.

    Also note ZDNet's source for this article is the US Department of Homeland Security CERT and note that Microsoft is credited with assisting CERT in reporting this issue. It would be silly to move back to a 9 year old, less secure version of Windows. Microsoft is clearly aware of the issue and will surely release a fix for this soon.
     
    Bill,
    #2

  3. to hide this advert.

  4. 2017/11/21
    rsinfo

    rsinfo SuperGeek Alumni Thread Starter

    Joined:
    2005/12/25
    Messages:
    3,813
    Likes Received:
    147
    Trophy Points:
    843
    Location:
    New Delhi, India
    Computer Experience:
    Experienced but ! en
    I am not returning to Win 7 any time soon. It was just a pun at MS with MS touting Win 10 as most secured Windows and screwing up an important security measure.
     
  5. 2017/11/22
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    Well, I have a strong feeling that some users should never have left Windows 7. The "upgrade from W7/W8 campaign" was forced upon systems that really weren't compatible with Windows 10. I have checked a few of those having problems and have found that the hardware, according to the manufacturer, is not compatible with Windows 10. Maybe drivers for W7 and W8 were to hand but the manufacturer had no plans for further development for W10.

    My system is not compatible but I went ahead and did the upgrade from W7 to W10. Several problems became obvious but it was activated and the next step was to create an image of the system on W10, just in case but I immediately restored an image of the system on W7. When W7 runs out of extended support, maybe I'll try a installation of W10 from square one but my bet is that I'll retire my then 10 years old hardware and build a new one.
     
  6. 2017/11/22
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    "Some users" being the key phrase there.

    The fact is, those systems that really were incompatible, when looking at the big picture, really were few and far between - and typically it was older hardware with the problems - W7 systems on hardware that was really designed for Vista or even XP.

    And of course, those users have a right to be upset about it. Two things should have happened. (1) The compatibility checker, while good, should have been perfect 100% of the time. And (2), the roll-back option, while good, should also have been perfect 100% of the time. Now is 100% perfection a reasonable expectation. NO! But sadly, that is what many do expect and many of those still hold Microsoft and W10 in contempt because they are not perfect.

    But what I see so often now (too often, IMO) is a biased bitterness towards Microsoft and Windows 10 because (1) "some" users had problems upgrading and (2) the misperception W10 was unavoidably "forced" upon them without any choice in the manner. And that biased bitterness is often passed along to others. :(

    I totally agree Microsoft's "upgrade from W7/W8 campaign" was overly aggressive, and way to hard to opt out. But contrary to what many reported, there were always ways to opt out it of upgrading to W10.

    Frankly, I think the free upgrade went amazingly well, considering virtually every single one of the 1.5 billion Windows systems (and nearly 500 million W10 systems) became unique systems within the first few minutes after the very first boot. This as computers are configured with many components from dozens of different manufactures, unique networking, personalizations, security setups, installed apps and more. I find it amazing millions and millions of upgraded systems didn't fail. But the fact is, most upgraded to W10 without issues. Including all six W7 and W8 systems here.
     
    Bill,
    #5
  7. 2017/11/22
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    I was choosing between "some users" and "a lot of users" but settled for "some".

    My system was built in January 2011 which made it four years old in 2015 when the "upgrade from W7/W8 campaign" was launched. I don't know when the motherboard was released to the market and when it was withdrawn but the revision of mine is somewhere in the middle. I hang on to my system for 5-10 years, depending on development and performance in relation to price (not wanting to pay a lot for a small improvement and always choose "one step below" the latest and hottest).

    Now, SSDs are getting cheaper by the day and an upgrade from HDD to SSD is coming nearer but I'm still happy with the processor, motherboard and graphics card. If the average user hang on to their hardware for as long as I do, then maybe 50% were running hardware that had no drivers for W10, not even now, two years later but drivers for W8 had to suffice or possibly "generic drivers" from Microsoft. Maybe scrapping the old system that failed the upgrade and buying a new system with W10 was the solution for many and we really don't know if "some users" actually were quite "a lot of users". Not all of them became members of the Windows BBS but they used their legs and went shopping.

    What's the source of those statistics? It indicates that 75% of all W10 systems are upgrades from W7/W8.
     
  8. 2017/11/22
    rsinfo

    rsinfo SuperGeek Alumni Thread Starter

    Joined:
    2005/12/25
    Messages:
    3,813
    Likes Received:
    147
    Trophy Points:
    843
    Location:
    New Delhi, India
    Computer Experience:
    Experienced but ! en
    My system is also 5+ years old but I was able to proceed smoothly from Win7 to 8 & then 10. My guess is that no company in world, however big, can forsee all the problems on all the varied hardware/software out there - except Apple.
     
    Bill likes this.
  9. 2017/11/23
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    Had I dug into the problems, I would probably have come up with solutions but I didn't feel like starting the research at the time. W7 worked well and still does.
     
  10. 2017/11/23
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Google.

    W7 still dominates at nearly 50%.

    When talking about 100s of millions in total, even a mere 1% is still talking millions.

    So, I agree, it is "a lot of users" regardless. And a million upset users can make a lot of noise - especially when amplified by wannabe journalists and bloggers amplifying the woes with exaggerated, sensationalized headlines! :(:mad:

    But in any industry (except terrorist attack prevention) a 99% success rate is considered outstanding - but Microsoft never gets any credit when something goes right and the fact remains, the vast majority, by a very large margin, updated to W10 without any problems. I don't know if 99% is an accurate assessment, but if not accurate, it is not far off.

    Not the point. XP worked well, and still does too. But it is obsolete and insecure. W7 is on the same path. It has been superseded (twice over). It soon will not support the latest hardware and will not be able to protect users from the latest threats.

    ****

    50% may be high. But it also may be low. It does not matter because the key point here is that it is the manufacturer's responsibility, not Microsoft's, to develop compatible drivers. And I note manufacturers had the necessary specs from Microsoft for over a year before W10 was released. Yet who gets blamed? Microsoft.

    In defense of the manufacturers, from a business perspective, what incentive do they have to expend a lot of resources developing drivers for superseded operating systems for products that have been out of production for years? None whatsoever. They get $0.00 return on those investments. A total loss.

    As an IT consultant, I have several clients with a few dozen computers I am responsible for. IIRC, only 3 or 4 had problems upgrading to W10 and in each case, rebooting a couple times cleared those. Of my own personal systems, 2 of the 6 were over 5 years old, including my Toshiba A505 notebook purchased in February 2010. And they all updated fine even though Toshiba still has not created W10 specific drivers for it.

    To be sure, I do sympathize with those users who had problems upgrading to W10 after the compatibility checker suggested their system was capable. But again, when looking at the big picture, even if millions, it really is a relatively few.
     
    Bill,
    #9
  11. 2017/11/23
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    Okey, I misread the numbers that you "quoted". I read them as 1.5 billion systems upgraded from W7/W8 to W10 and 500 million computers sold with W10. I thought that was a hell of a lot of systems ... :p ... !

    I'm aware that the hardware manufacturers are responsible for supplying drivers that are compatible with W10 and also that they have to draw the line somewhere.

    That indicates the versatility of the generic drivers supplied by Microsoft and I guess that if I restore the image of my system on W10 (upgraded from W7), I probably would get it running just fine but it would require some work.
     
    Bill likes this.
  12. 2017/11/23
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Excellent point. Operating system developers and hardware manufacturers have agreed upon "generic" protocols, drivers and standards. This is necessary for the hardware to operate right from the start with basic functionality before and during OS installations. In many cases, that basic functionality is good enough and perhaps the old adage, "if it ain't broke, don't *&^% with it " applies and special drivers should not be installed.
     
  13. 2017/11/23
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    My system is a dual boot with WXP and W7, WXP was installed first and W7 setup the dual boot during its installation. The upgraded system became a dual boot with WXP and W10. I don't think that the dual boot is complicating things but I'm inclined to get one of those SSDs and install W10 (most recent version) as the single OS and see if "generic drivers" do the trick and also if the installation on the SSD will be recognised and activated like the "initial upgrade" of my system (on a HDD).

    We have truly hijacked this thread ... :oops: ... and maybe you should regard this post as rhetorical.
     
  14. 2017/11/23
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    If you have not spent time with a system using all SSDs (at least for your OS and apps), be ready to become spoiled. I will never go back to hard drives again. ;)
    I agree. My apologies to rsinfo for my part in that. We now return to our regularly scheduled program! ;)
     
  15. 2017/11/23
    rsinfo

    rsinfo SuperGeek Alumni Thread Starter

    Joined:
    2005/12/25
    Messages:
    3,813
    Likes Received:
    147
    Trophy Points:
    843
    Location:
    New Delhi, India
    Computer Experience:
    Experienced but ! en
    No problems Bill. :)
     
  16. 2017/11/28
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,580
    Likes Received:
    247
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Back to the thread topic. Note in my first post above where I said,
    Turns out I was wrong (in part).

    I was 100% right about ZDNet and poor journalism. I was wrong, however about agreeing that it was a bug. Turns out it was by design.

    Microsoft says ASLR behavior in Windows 10 is a feature, not a bug
     

Share This Page