A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Windows 7 users: You need SHA-2 support or no Windows updates after July 2019



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old February 19th 19, 05:45 AM posted to alt.windows7.general
Ant[_3_]
external usenet poster
 
Posts: 873
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

https://www.zdnet.com/article/window...ter-july-2019/ from
https://tech.slashdot.org/story/19/0...fter-july-2019

W7 4ever.
--
Quote of the Week: "As a thinker and planner, the ant is the equal of
any savage race of men; as a self-educated specialist in several arts
she is the superior of any savage race of men; and in one or two high
mental qualities she is above the reach of any man..." --Mark Twain
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org /
/ /\ /\ \ http://antfarm.ma.cx. Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )
Ads
  #2  
Old February 19th 19, 11:33 AM posted to alt.windows7.general
John Hall
external usenet poster
 
Posts: 18
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

In message , Ant
writes
https://www.zdnet.com/article/window...-2-support-or-
no-windows-updates-after-july-2019/ from
https://tech.slashdot.org/story/19/0...-users-you-nee
d-sha-2-support-or-no-windows-updates-after-july-2019

W7 4ever.


I see the article says: "On March 12, Microsoft is planning a standalone
update with SHA-2 code sign support for Windows 7 SP1 and Windows Server
2008 R2 SP1." So as long as one has Windows updates enabled, presumably
it should happen automatically.
--
John Hall
"Hegel was right when he said that we learn from history
that man can never learn anything from history."
George Bernard Shaw (1856-1950)
  #3  
Old February 19th 19, 02:39 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

In message , John Hall
writes:
In message , Ant
writes
https://www.zdnet.com/article/window...-2-support-or-
no-windows-updates-after-july-2019/ from
https://tech.slashdot.org/story/19/0...-users-you-nee
d-sha-2-support-or-no-windows-updates-after-july-2019

W7 4ever.


I see the article says: "On March 12, Microsoft is planning a
standalone update with SHA-2 code sign support for Windows 7 SP1 and
Windows Server 2008 R2 SP1." So as long as one has Windows updates
enabled, presumably it should happen automatically.


For those of us who manually choose when (or if) to implement updates,
do we think the relevant update will be easily identifiable? If it's
"standalone", it _ought_ to be, but I won't be surprised if it isn't.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Imagine a world with no hypothetical situations...
  #4  
Old February 19th 19, 03:46 PM posted to alt.windows7.general
mathedman
external usenet poster
 
Posts: 144
Default Windows 7 users: You need SHA-2 support or no Windows updatesafter July 2019

On 2/18/2019 10:45 PM, Ant wrote:
https://www.zdnet.com/article/window...ter-july-2019/ from
https://tech.slashdot.org/story/19/0...fter-july-2019

W7 4ever.


So, how is that acquied ?
  #5  
Old February 19th 19, 06:02 PM posted to alt.windows7.general
John Hall
external usenet poster
 
Posts: 18
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

In message , "J. P. Gilliver (John)"
writes
In message , John Hall
writes:
In message , Ant
writes
https://www.zdnet.com/article/window...-2-support-or-
no-windows-updates-after-july-2019/ from
https://tech.slashdot.org/story/19/0...-users-you-nee
d-sha-2-support-or-no-windows-updates-after-july-2019

W7 4ever.


I see the article says: "On March 12, Microsoft is planning a
standalone update with SHA-2 code sign support for Windows 7 SP1 and
Windows Server 2008 R2 SP1." So as long as one has Windows updates
enabled, presumably it should happen automatically.


For those of us who manually choose when (or if) to implement updates,
do we think the relevant update will be easily identifiable? If it's
"standalone", it _ought_ to be, but I won't be surprised if it isn't.


I have it set to automatically download security updates only, which I
assume that one will be categorised as.
--
John Hall
"Hegel was right when he said that we learn from history
that man can never learn anything from history."
George Bernard Shaw (1856-1950)
  #6  
Old February 19th 19, 09:22 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Windows 7 users: You need SHA-2 support or no Windows updatesafter July 2019

Mathedman wrote:
On 2/18/2019 10:45 PM, Ant wrote:
https://www.zdnet.com/article/window...ter-july-2019/
from
https://tech.slashdot.org/story/19/0...fter-july-2019


W7 4ever.


So, how is that acquied ?


It looks like, according to this, a couple of patch
Tuesday patches will have the support in it.

https://support.microsoft.com/en-ca/...ndows-and-wsus

"March 12, 2019 Stand Alone updates that introduce SHA-2 code
sign support will be released as security updates.

April 9, 2019 Stand Alone updates that introduce SHA-2 code
sign support will be released as security updates."

Looks like they plan to screw up the first one, and
fix it on the second one :-/

Almost suggesting that Win7 hasn't been using SHA-2 at all.

SHA-2 by the way, is SHA256, the same algorithm as is used
in proof-of-work Bitcoins.

And while the above suggests the patch will be in a
"security only" update, you just know the temptation to
pack it in a "feature update" will be overpowering, forcing
customers to "swallow some crap". We'll have to wait and
see whether they "play ethically" or not.

Paul
  #7  
Old February 19th 19, 09:32 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

J. P. Gilliver (John) wrote:

John Hall WROTE:

Ant WROTE:

https://www.zdnet.com/article/window...ter-july-2019/ from
https://tech.slashdot.org/story/19/0...fter-july-2019


I see the article says: "On March 12, Microsoft is planning a
standalone update with SHA-2 code sign support for Windows 7 SP1 and
Windows Server 2008 R2 SP1." So as long as one has Windows updates
enabled, presumably it should happen automatically.


For those of us who manually choose when (or if) to implement
updates, do we think the relevant update will be easily identifiable?
If it's "standalone", it _ought_ to be, but I won't be surprised if
it isn't.


When you do the updates manually, you still don't run the WU client to
list the available updates? If not, how do you get them? Use the
update catalog?

I disable the BITS and WU services until I am prepped for updates by
first saving an image backup. I enable those services and run the WU
client. It lists the available updates. For each, there is a link to
the KB article about the update. I look there first. If there is
insufficient information for me to decide, I research what others have
experienced with the update, like look over at AskWoody. My reminder to
do the manual update check is scheduled for 3 weeks after Patch Tuesday.
That way, I can see what others have encountered before downloading and
applying an update. After the manual update, if I choose any, I disable
the BITS and WU services again.

I expect the standalone update to still be listed by the WU client.
After all, it should be in the WU catalog and the WSUS server that the
WU client will check their manifests.
  #8  
Old February 19th 19, 09:39 PM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

John Hall wrote:

J. P. Gilliver (John) WROTE:

John Hall WROTE:

Ant WROTE:

https://www.zdnet.com/article/window...ter-july-2019/ from
https://tech.slashdot.org/story/19/0...fter-july-2019

I see the article says: "On March 12, Microsoft is planning a
standalone update with SHA-2 code sign support for Windows 7 SP1
and Windows Server 2008 R2 SP1." So as long as one has Windows
updates enabled, presumably it should happen automatically.


For those of us who manually choose when (or if) to implement
updates, do we think the relevant update will be easily
identifiable? If it's "standalone", it _ought_ to be, but I won't be
surprised if it isn't.


I have it set to automatically download security updates only, which I
assume that one will be categorised as.


Microsoft doesn't obey that user choice. Users have long reported
getting updates even when the WU client was configured to notify only,
like for the WU client itself. Users have the WU client configured to
notify only but one day when they shutdown Windows there is a long delay
waiting to apply some unknown update(s) and on the next boot there is
another delay waiting to apply some update(s). With notify only, no
updates should have ever been downloaded and installed -- but they do.

The only way to guarantee Microsoft does not foist updates to change the
state of the OS is to disable the BITS and WU services. I have a
WU-enable.bat batch file to enable those services, then I run the WU
client to check for updates. A WU-disable.bat batch file disables those
services to ensure Microsoft cannot push any updates.

How you configure the WU client (notify only, download only, automatic)
has proven untrustworthy. Only by disabling the services can you ensure
Microsoft won't change the state of your OS whenever they choose. Also,
some security updates have proven catastrophic. It is still YOUR
responsibility to admin your OS since that is your choice (you don't
hire someone else to do that job).
  #9  
Old February 19th 19, 10:30 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

In message , VanguardLH
writes:
[]
I expect the standalone update to still be listed by the WU client.


Yes, but _I_ don't expect the one-line description of the update to
include "SHA".

After all, it should be in the WU catalog and the WSUS server that the
WU client will check their manifests.


And, like Paul, I doubt they'll resist the temptation to not keep it
"standalone".
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

If mankind minus one were of one opinion, then mankind is no more justified in
silencing the one than the one - if he had the power - would be justified in
silencing mankind. -John Stuart Mill, philosopher and economist (1806-1873)
  #10  
Old February 20th 19, 06:30 PM posted to alt.windows7.general
Mandy Liefbowitz
external usenet poster
 
Posts: 132
Default Windows 7 users: You need SHA-2 support or no Windows updates after July 2019

On Tue, 19 Feb 2019 15:22:06 -0500, Paul
wrote:

Mathedman wrote:
On 2/18/2019 10:45 PM, Ant wrote:
https://www.zdnet.com/article/window...ter-july-2019/
from
https://tech.slashdot.org/story/19/0...fter-july-2019


W7 4ever.


So, how is that acquied ?


It looks like, according to this, a couple of patch
Tuesday patches will have the support in it.

https://support.microsoft.com/en-ca/...ndows-and-wsus

"March 12, 2019 Stand Alone updates that introduce SHA-2 code
sign support will be released as security updates.

April 9, 2019 Stand Alone updates that introduce SHA-2 code
sign support will be released as security updates."

Looks like they plan to screw up the first one, and
fix it on the second one :-/

Almost suggesting that Win7 hasn't been using SHA-2 at all.

SHA-2 by the way, is SHA256, the same algorithm as is used
in proof-of-work Bitcoins.

And while the above suggests the patch will be in a
"security only" update, you just know the temptation to
pack it in a "feature update" will be overpowering, forcing
customers to "swallow some crap". We'll have to wait and
see whether they "play ethically" or not.


One does not ever need to swallow anything additional in the grand
traditional of "riders" added to legislation and other duplicitous and
annoying habits, should one utterly disable "updates", ignore this one
and not give a general toss about Microsoft's hysterical rantings on
the subject of an aging Operating Ssytem.

As I did a couple of years back. I won't be updating my "security" to
use only SHA-2 as I won't be updating *anything* so I don't *care* how
Microsoft signs things. The issue is moot.

I may have a peek at the SHA-2 update for Win7 in March to mutter
angrily about the riders and sneak-ware Microsoft attach to it but I
doubt if it will ever be relevant to me.

But thank you to you and everyone else for the very good information
on this and other stuff, it is very, very much appreciated.

{Hugs}

Mand.



Paul

 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 08:53 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.