Should I install KB4056894

On 07/02/2018 15:23, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 03:40, Maurice Helwig wrote:
On 7/02/2018 11:28 AM, Brian Gregory wrote:
On 05/02/2018 23:17, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What is
everyone doing other than waiting.

If I hide the update will it be presented again or included in the
February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Why are you expecting problems??

Distinct possibility -- read
https://www.askwoody.com/category/mi...ches-security/
I do mot Trust MS updates anymore.


I do not trust Woody.


You don't have to trust Woody.

What you do have to trust, is the evidence trail.

When "Cameo" here got bricked on an update to his
AMD system, what words of condolence would you
offer "Cameo" ? "MS is always right" ? Well, obviously not.

Â*Â* Paul

But the OP never mentioned AMD.
If he was expecting trouble because he had an ancient AMD processor he
should have said so. Woody isn't going to tell me what processor the OP
has and a lot of what he writes doesn't really read to me like he's
really that knowledgable.

--

Brian Gregory (in England).

Brian Gregory wrote:
On 07/02/2018 15:23, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 03:40, Maurice Helwig wrote:
On 7/02/2018 11:28 AM, Brian Gregory wrote:
On 05/02/2018 23:17, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What is
everyone doing other than waiting.

If I hide the update will it be presented again or included in the
February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Why are you expecting problems??

Distinct possibility -- read
https://www.askwoody.com/category/mi...ches-security/
I do mot Trust MS updates anymore.


I do not trust Woody.


You don't have to trust Woody.

What you do have to trust, is the evidence trail.

When "Cameo" here got bricked on an update to his
AMD system, what words of condolence would you
offer "Cameo" ? "MS is always right" ? Well, obviously not.

Paul

But the OP never mentioned AMD.
If he was expecting trouble because he had an ancient AMD processor he
should have said so. Woody isn't going to tell me what processor the OP
has and a lot of what he writes doesn't really read to me like he's
really that knowledgable.


At the time that the update bricked that system, the
"word" was not out yet. There weren't enough systems
bricked at that point, to shout a warning. I only
caught wind of the issue, later in the day, when
I could see a thread on the web full of tales
of woe.

This is why *you can't be in a rush to get updates*.
Let them cool off. Wait a few half-lives until the
radioactivity level drops. Then eat one :-)

Paul

On 08/02/2018 01:34, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 15:23, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 03:40, Maurice Helwig wrote:
On 7/02/2018 11:28 AM, Brian Gregory wrote:
On 05/02/2018 23:17, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What is
everyone doing other than waiting.

If I hide the update will it be presented again or included in
the February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Why are you expecting problems??

Distinct possibility -- read
https://www.askwoody.com/category/mi...ches-security/
I do mot Trust MS updates anymore.


I do not trust Woody.


You don't have to trust Woody.

What you do have to trust, is the evidence trail.

When "Cameo" here got bricked on an update to his
AMD system, what words of condolence would you
offer "Cameo" ? "MS is always right" ? Well, obviously not.

Â*Â*Â* Paul

But the OP never mentioned AMD.
If he was expecting trouble because he had an ancient AMD processor he
should have said so. Woody isn't going to tell me what processor the
OP has and a lot of what he writes doesn't really read to me like he's
really that knowledgable.


At the time that the update bricked that system, the
"word" was not out yet. There weren't enough systems
bricked at that point, to shout a warning. I only
caught wind of the issue, later in the day, when
I could see a thread on the web full of tales
of woe.

This is why *you can't be in a rush to get updates*.
Let them cool off. Wait a few half-lives until the
radioactivity level drops. Then eat one :-)

Â*Â* Paul

But KB4056894 was issued around 4 weeks ago.

--

Brian Gregory (in England).

Brian Gregory wrote:
On 08/02/2018 01:34, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 15:23, Paul wrote:
Brian Gregory wrote:
On 07/02/2018 03:40, Maurice Helwig wrote:
On 7/02/2018 11:28 AM, Brian Gregory wrote:
On 05/02/2018 23:17, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What
is everyone doing other than waiting.

If I hide the update will it be presented again or included in
the February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Why are you expecting problems??

Distinct possibility -- read
https://www.askwoody.com/category/mi...ches-security/
I do mot Trust MS updates anymore.


I do not trust Woody.


You don't have to trust Woody.

What you do have to trust, is the evidence trail.

When "Cameo" here got bricked on an update to his
AMD system, what words of condolence would you
offer "Cameo" ? "MS is always right" ? Well, obviously not.

Paul

But the OP never mentioned AMD.
If he was expecting trouble because he had an ancient AMD processor
he should have said so. Woody isn't going to tell me what processor
the OP has and a lot of what he writes doesn't really read to me like
he's really that knowledgable.


At the time that the update bricked that system, the
"word" was not out yet. There weren't enough systems
bricked at that point, to shout a warning. I only
caught wind of the issue, later in the day, when
I could see a thread on the web full of tales
of woe.

This is why *you can't be in a rush to get updates*.
Let them cool off. Wait a few half-lives until the
radioactivity level drops. Then eat one :-)

Paul

But KB4056894 was issued around 4 weeks ago.


Well sure.

And additional updates have been issued to counteract
the bad one. Rather than just pulling the bad one
and renumbering it. Why did they do it that way ?

And at the moment, it appears that at least some
of the Meltdown/Spectre patching has been switched
off. I think the browser mitigations (removal of
Javascript timing attack), those are safe to leave
in place. But it's not at all clear, what other
ones are still present. I supposed I could
run the Powershell script that reports which
ones are active and see. That's if I cared...

I've wasted enough time trying to keep up
with this issue, and it's just not worth it.

The only people who really need to watch this
one, are cloud providers who rent computer
time (Amazon EC2). As they have to be ready for
anything, and they get sued if there is trouble.
There's no reason to panic (yet) on the home front.

And I agree with the "issued around 4 weeks ago"
comment - that's sufficient time for the suckers
to test a patch, brick a machine, Microsoft
responds, pulls patches or issues new patches.
And then it's OK for others to partake. Until the
next Cumulative comes in, and the shell game
starts all over again.

As long as the QA is being done on the backs of
actual users, we have to *watch watch watch what we're doing*.

For a Windows 7 user (the topic of this group),
I do not recommend leaving Windows Update in Auto
mode. It should be switched off, and you click the
"Check for Updates" button when the coast is clear.
And you've taken whatever precautions are deemed
prudent for that month. (If you see "brickage",
do a backup!)

Paul

"Brian Gregory" wrote

| This is why *you can't be in a rush to get updates*.
| Let them cool off. Wait a few half-lives until the
| radioactivity level drops. Then eat one :-)
|
| But KB4056894 was issued around 4 weeks ago.
|

You keep making it sound like the OP is somehow
daffy for being cautious. If you want to trust Microsoft's
dripfeed that's your choice, but you have no rational
basis for doing so. Buggy patches are common. People
have been trained to think that they're about to be
attacked if they go one day without the dripfeed.
That's a gross distortion. In fact, the dripfeed is a
destabilizing, high-risk way to manage software.
(I don't enable Windows Update on any of my
computers. I installed the "SP2" rollup only long
after it came out. I also haven't had any malware
problems.)

Vulnerabilities are constant. Yet most people enable
javascript in the browser and shop online with credit
cards. They think Microsoft and/or Dr. Norton are
protecting them. They're not.

And what's the rush? Exploits of
Meltdown and Spectre are just now being developed.
As they do, even on Intel they'll still require the
running of local software in order to read data
from other running software. So we're really talking
about script exploits in browsers, trying to steal
credit card input or passwords from other pages
you have open. A very longshot risk that's easily
avoided. There are easier ways to hack your
computer, starting with Flash, Java, Acrobat Reader,
Silverlight, and any other programming code that can
run through the browser. (Hopefully you don't have
those installed.)

But people tend to not look at the actual facts.
Instantly, Meltdown and Spectre become looming
monsters and Microsoft's next patch is the white
knight.... A handy way to view things, allowing us
to pretend that we don't *really* have to think about
security. We just have to follow official guidance
and we'll be safe.

So we keep allowing script and shopping online. We
can't imagine accepting the hassle of curtailing those
risks. But in that scenario the Windows patches are
like penicillin boosters allowing us to return to the
whorehouse with abandon: It's not the right
prophylactic for the problem.

I have a favorite example of that issue of false security.
In a 2005 interview Bill Gates was asked about IE
security problems. He talked like a kindly grandfather....
You should just trust us....

https://www.cnet.com/news/gates-taki...t-in-your-den/

"Well, no one invests more in security of their browser than what we do on
IE. The key message we have for people is they should turn on auto update
because if you turn on auto update....you can know that there are hundreds
of very smart people who are constantly improving your browser and making
sure that you're safe. And so with auto update and IE, you're getting the
top security team and the quickest response team that there is anywhere."

At that very moment there was a crisis of people being attacked
through IE via bugs in XP SP2:

https://www.techworld.com/news/secur...ploit-3577152/

Where were Gates's hundreds of "super quick responding,
super smart" people? The sad fact is that people listen
to the likes of Gates. They dutifully do things like
continuing to use IE while allowing the dripfeed, because
Gandpa Billy told them to.

On 6/02/2018 9:17 AM, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What is
everyone doing other than waiting.

If I hide the update will it be presented again or included in the
February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Thank you all for your replies and suggestions.

Today (Saturday 2018-02-10) I decided to bite the bullet and install
KB4056894 on my main computer -- image backups all in place first.

All went well and the computer is behaving itself normally. No slowdown
is detectable with ordinary usage.

Next I tried my wife's Dell Inspiron 15R with the AMD HD7670M video
card. I installed KB4073578 (Downloaded from the MS catalogue) first,
and rebooted. KB4056894 was offered so I installed it and rebooted it a
couple of times. All appears ok.

This gives me some confidence to update the other six computers I look
after where I do voluntary work twice a week. I will let you all know
how they updated as well.

I think as Paul said, it is prudent to wait and be careful -- and make
image backups before you start. the days of automatic updates are over
as far as I am concerned.

--
~~~~~~~~~~~~
Maurice Helwig
~~~~~~~~~~~~

On 6/02/2018 9:17 AM, Maurice Helwig wrote:
Well it is now February 6 th. Should I install KB4056894. What is
everyone doing other than waiting.

If I hide the update will it be presented again or included in the
February update rollup.

I look after 6 computers besides my own and I do not need problems.

Any suggestions would be appreciated.

Just an update on the install of MS update KB 4056894 --

Following the apparently successful install on my two home computers I
proceeded to install it on the six computers where I do voluntary work.

After installing it on the third computer I discovered that "Start" --
"Shutdown" -- "Restart" would not work. the computer appeared to shut
down but would not restart as it was supposed to do. A forced shutdown /
restart was necessary. On checking the other two computers that I had
updated I found the same thing happening.

So I uninstalled the update on the three computers and hid the update on
all six computers. When I got home I uninstalled the update on my two
computers as well. Once hidden the update is not re-presented for update
when a new search for updates is done.

I will live with Meltdown / Spectre until MS and intel fix the problem
properly.

Hope this helps someone else. Thank you all for your input.