The final build of the Windows 10 Anniversary Update is build 14393. The update, which provides a range of new features and improvements, represents Microsoft’s last big push to get Windows 7 and 8.1 users to upgrade to Windows 10.
The update is available right now to those who have opted in to the Windows Insider program, and it will be pushed out to Windows 10 users on the current branch on August 2. The free upgrade offer from Windows 7 and 8.1 to Windows 10, however, ends on July 29, leaving Microsoft hoping that the promise of the new update will be enough to get people to make the switch.
Correct me if I’m wrong, but I doubt many Windows 7/8 users here who haven’t upgraded yet will be wooed by this new update.
If you’re still running Windows XP, you’re irresponsible and you should update to 7/8/10 or Linux immediately.
Or run XP in a virtual machine with an immutable image. Or without network access. Or both.
…or one of each.
(I use Linux and modern.ie VMs for work and a quarantined subnet with genuine Win311/98 PCs and WinXP for authentic nostalgia gaming.)
Edited 2016-07-26 00:38 UTC
Still using XP and even 2000 to test my coding compatibility and because, quite frankly, it just does works like expected from day 1, without the bloat and telemetry thing. I’ve installed so many software that would break upgrading I don’t want loose what’s work for FUD.
Humanity worldwide evolved using 95, 98, 2000 and so without much problem. I can still edit files, browse the net, play games and such. It’s just the planned obsolescence that most force people to upgrade software like it is hardware.
“It’s just the planned obsolescence that most force people to upgrade software like it is hardware.”
That and the incredible stupidity of running an O/S that stopped receiving security updates. I really hope you don’t use it connected to the Internet, if so you’re potentially infecting not just yourself, but pose a risk to contacts too.
Do you thing you’ll catch HIV just walking down the street ? I have firewall and AV, just like before, never caught anything even when it was still supported.
I know how to use the internet, I’m even more prudent knowing XP ain’t supported anymore. Just keep in mind 7 support ends end of 2018, then turns commercial until end of 2020.
If people have to change car when the manufacturer released a new model, safer and shinier, we’re not going to see the end of the tunnel.
That old car still needs to pass an MOT because an unsafe car is unsafe for you and other people also.
The conditions in MOT do not change. The car has to pass the MOT conditions valid for the year when the car was certified by the manufacturer; not the latest-and-greatest ones. For example, the new emission limits are not retroactive to older cars.
Lol. No it doesn’t.
Vintage cars aren’t even required to have seatbelts.
> Do you thing you’ll catch HIV just walking down the street ?
With Windows XP it’s more like Ebola. You can and will get absolutely pwned putting an unpatched XP machine on the network, and all XP machines are unpatched against 0 days at this time.
I’m still getting Malicious Software Removal Tool updates.
Hi,
I’m not sure what’s worse – using an OS that’s had 13 years of security updates, or switching to an OS that’s only had 1 year of security updates.
Myself; I’d prefer to switch to an OS that doesn’t need security updates in the first place. Unfortunately there are none – it’s all “beta until obsolescence” with no mature products to choose.
– Brendan
Many are still using Windows XP.
Depending on which source of statistics is used, between 2.5% and 7.5% of all Windows based web surfers are still using Windows XP.
This translates to around 5.0% (+/- 2.5%) of all desktop web surfers and could represent up to 50,000,000 desktop users (assuming a total of one billion desktops world wide).
This would be quite a number of “irresponsible” computer users!
…or secured trough external means and careful use of the computer.
Seriously, of one runs Windows XP that’s usually because either the hardware does not support a newer OS or(and?) the software does not work with a newer OS, in both cases an “upgrade” is not a solution.
* Windows XP users are not eligible for Windows 10 upgrades.
* There was NEVER a no-cost upgrade offered to XP users.
* Most computers running XP can not satisfactorily run newer OSes. Not Windows, and not Linux.
Thats definitively wrong atleast. Most XP computers can run Linux just fine ..
…asking for uneasy speech.
[me thinks MS is actually working in making this step not such an issue].
Windows 7 users are not gonna move until maybe support ends for 7. (Maybe)
Hope they can do better in the cloud.
Many of us have a copy of Win 8.1 with classic shell waiting in the wings for the end of Win 7 and by the time 8.1 is EOL hopefully either Linux or Google will have come out with an OS that can give us a viable exit strategy.
But when you flip every switch, use group policy AND use reg hacks and STILL can’t get Win 10 to stop leaking data? Yeah I don’t care how many bells and whistles they add to it, as far as I and many others are concerned its malware.
bassbeast,
And MS doesn’t seem to care what it’s users think, at least not until they start suing.
If France is actually successful in forcing MS to deliver an unbugged version of windows, then I suspect many users around the world will be seeking this French-en version.
I still run XP on this machine and will continue to do so till the machine’s or the universe’s fiery death, whichever comes first.
Yes, this is a company PC.
Yes, it still receives updates due to the POSReady “hack”. Yes, we do have a firewall. No, I don’t use IE for browsing.
The cost of upgrade is not justifiable here (including my time and the bother to set it up right again) as it still does what’s needed well enough.
Thom, please quit the vitriol.
Which does not make it less irresponsible, unless you put the said machine on a dedicated network, with at least a physical external firewall isolating it from the remaining of the network, with precise inbound and outbound filtering rules. Even better would be no network access. And a clear policy of “do not plug/insert anything into the damn thing!”.
So, while it can be done responsibly, it is usually done badly, irresponsibly. I really hope that you also have available replacement hardware if anything on this machine crashes or burn.
Actually, we don’t except one P4 machine destined for cannibalisation. But there is always an unoccupied machine to get through the day before a replacement PC arrives – yup, that’s the “corporate policy” (and luckily not *my* responsibility).
Anyway, to get this back on topic: The rest of the PCs was upgraded to W10 with mixed success (some boxen worked fine, some had to be reinstalled) and there are next to no complaints from the users.
On having XP [I keep one system because ‘compatibility’ mode didn’t work for that specific, very important application] using CD-R single-session, for exchange.
XP has XP age security. That is my main liability. Nothing should go in. Products going out of it has to pass trough today’s security.
Is this my XP clean? No. It simply works. Resolve my specific problem.
And I am not relaxed about this setting.
What I do with my XP machine is as follows:
1. It’s on its own subnet, hanging off a separate interface on the router.
2. The firewall is configured for default deny
3. Rules are added to allow the router’s LAN DNS and DHCP services to be accessible from the XP subnet.
4. Rules are added to allow outbound SSH and NTP connections from the XP subnet to chrooted NTP and SSH servers on my up-to-date Linux workstation.
5. Whenever I want to transfer files, it’s the XP machine’s responsibility to pull/push them from/to the chrooted drop box on the workstation.
I think irresponsible is a bad choice of words here, Thom.
People running XP are making a risk-based decision which weighs in cost, time and security vs utility and if they *do* run it, it means they see something you don’t.
It’s better to gain some insight and ask why than to bash with a splendid smear-word: irresponsible!11
On top of that though, it’s not always trivial to upgrade. We’ve still got a server where I work running Win2k which I’ve been working on a replacement for for the past three months, and it’s just now approaching the point of being ready for proper testing, because it was never properly quantified exactly what this Win2k system would do or what it’s purpose would be. I’ve had to sort through about 50 different services to figure out what we are actually using, and then figure out how to sanely implement a drop in replacement using Linux (because thankfully, it’s not doing anything we actually need Windows for). And this is all while dealing with hardware failures, fixing poorly thought out ACL’s, and software issues on the Linux replacement system.
Upgrades are not trivial when you’re dealing with Windows, and I’m tired of people (especially Microsoft) acting like they are.
Upgrades are trivial when you document systems, and don’t overload them with functionality– One of the biggest benefits of virtualization to me, is the idea of “one app, one server”.
Each application on a server makes the server exponentially more difficult to upgrade (and manage in general).
In your case, move one application at a time to a new environment– something you (or someone) should have been working on 5 years ago (let’s be honest– you should have migrated to server 2003, or 2008 at the worst case).
Upgrades *are* trivial if you manage your servers well, and use consistent policies for documenting and implementing them. I have a spreadsheet documenting 160+ servers– who owns the applications, which department is “responsible”, what basic services are implemented, and then a bunch of puppet code that I can look at quickly to see what packages and configuration is in place.
Is this *EASY* to do? No. There’s a huge difference between “I haz install disk!” and “I R Admin!”, and most of it is down to managing the details– something Windows admins, as a rule, are terrible about.
We typically start demanding sunset plans for servers 12 months before their end-of-support, and post EOS, place physical, hardware firewalls configured in “default deny” mode on unsupported OS’s.
Such a policy is easier said than done when it hasn’t been implemented from the start, especially in a company where the IT department consists of one person. I’ve only been here for about 3 years now, and have barely made a dent on the issues left over by the previous IT person, who had no idea what he was doing. Situations like what I’m dealing with now are not unusual in companies which can’t afford to buy a new system or even re-provision existing hardware properly every time they need some new network service running.
Even aside from that, moving to a new version of Windows is not as trivial as so many people make it out to be. Old software does not always work (AutoDesk still doesn’t officially support Windows 10 for example, and there’sw a hug amount of industrial software that doesn’t even support 8), old hardware may or may not work, and many interfaces end up changing drastically (especially going from 7 to 8 and 8 to 10). People act like all you have to do is get a new system and copy your personal files over, and that is very much not the case.
I understand– I’ve been there. You need to find at least one higher up who understands the risk (because ultimately, the question is, “how much are we screwed if our systems are hacked?”– the other question I’ve gotten a lot of mileage out of is “how much is your data worth?”) who can back you up.
I would also argue that there’s a huge distinction to be made between “Servers” and “workstations”, when it comes to upgrades, and while Microsoft has repeatedly blurred the line over the years, it’s worthwhile from a sanity perspective to make that line as hard and absolute as you can.
A desktop getting hacked is an annoyance. A server getting hacked can be catastrophic.
Not to mention the fact you can of course successfully run XP safely (or more safely) fully offline
this is particularly applicable to situtions using it to operate machinery (e.g. non-current/non-state of the art). In my case scientific instrumentation where sometimes drivers or operational software simply aren’t updated to run on more modern OS versions.
Excellent! If your computer ever connects to the internet, your machine is a superb beachhead for hackers to gain complete control of your network.
Years ago (about 7-8 of them), at the university of *redacted*, in the department of *redacted*, a researcher had an instrument that absolutely had to run Windows 2000. This machine had a browser (not IE).
A web site was reached, and a backdoor was inserted. This backdoor starting poisoning local DNS caches and routing tables, and became a gateway for its local network. Passwords were obtained for various logins, databases, and other servers on other networks– which were then back-doored (using legit passwords), and started handling all the traffic on THEIR networks. All anyone noticed was that the servers were running a little slowly.
By the time 2 weeks had passed, the attackers (all from IP addresses resolving to China) had owned roughly 90% of the department’s servers, and knew most of their passwords, and probably downloaded the majority of their databases– even though they were all “behind a firewall”.
The department had to burn their entire network of servers and workstations to the ground, and restore from backups– and THEN they had to notify the Feds about the breach, and then they had to notify several hundred *thousand* users that their data had potentially been compromised. I believe the total cost to the department ran into the 3-5 million dollar range– because of one irresponsible user.
So yeah– keep thinking you’re secure. But for a moment, consider the implications to you and your company if you’re wrong.
So I understand that all of the computers and servers were infected despite having the latest OS version with every security update?
Was that Sony Pictures’ problem too during the 2014 hack, their servers were running Windows 2000?
Well, no– One computer (the Win2k box) was infected. The rest were “upgraded” using legitimate usernames and passwords.
See, the Win2k box, because it was routing all the traffic on the local network through it, was also able to authenticate AD login requests– after all, they’re all part of AD. And if you’ve compromised a machine, DLL injection attacks will allow you to scarf up every single username/password combination processed by Windows.
So admin user “bob” logs into a machine on the same subnet– well, he thinks he is. In reality he’s actually authenticating against the hacked box, which then does a perfectly legitimate AD connection to the real DC to verify the password), and of course, sends that set of domain credentials off to the command/control mothership in China. Probably over an SSL connection to port 443 that no one can decipher.
Details are a bit sketchy, because the security team never released the full set of tools that the hackers used, but that’s the general idea.
Now the attackers have Bob’s admin credentials, and start logging into other systems via remote admin tools, and installing the same sort of malware.
It was very much a “Contagion” style scenario, starting with “server zero”, and then infecting supposedly healthy and secure systems, from within, using the usual Windows management tools.
Unless you’re doing much, much better monitoring than most Windows shops, you’ll never even notice until it’s really, really too late.
I once logged into a SuperMicro chassis at the department I’d taken over admin for, and thought it peculiar that there would be a C:\Dell directory with the file “OEM.TXT” in it (being not a Dell chassis).
I nearly fell over when I looked in the file, and discovered the username/password pairs for every person who’d logged into the box in the last month (including me).
That particular batch of infections was tracked down to an unused (but still enabled, and with “Enterprise Admin” rights) backupExec account, and took a week or two of steady extermination and password resets. It helped that I could use a sacrificial AD account to search for “C:\Dell\OEM.TXT”– their password file became my red flag for a hacked system.
It didn’t help that all of our desktops were on public IP at the time, because the powers-that-be didn’t trust NAT.
I eventually implemented three GPO’s– one that made our admin accounts members of “local administrators” on all the domain machines, and a second that scrambled the local Administrator password (26-32 characters, from all 4 character sets) every time any machine booted (including servers). Then finally, I added a GPO that set the remote administration firewall ports to only accept connections from our admin boxes.
Between that, and stringent patching across the board, with daily scans to find unpatched systems, we went from “wide open” (multiple exploits a week) to an 18 month run of zero exploits. Took a couple months of hard work by our team, though. Also helped that it convinced them to let us be the pilot project for moving our workstations to private IP.
We never faced the kind of pain that other department suffered, though– the group of hackers that targeted us was looking for disk space for their warez group. We’d locked down our systems pretty well by the time the department I mentioned earlier got hammered.
Thanks for sharing the details of the attack and the approach taken for the counter-attack.
Again, the story tells of detective work aided by luck.
I had once, long ago, encountered on the family Windows XP system a virus which appeared un-removable as it kept coming back even when for user accounts without any admin privileges. It took me a while but I eventually figured out that it was hiding in plain sight in the Windows prefetch folder. Deleting the contents of the prefetch and rebooting was got rid of this virus.
Years later, at work, there was a rapidly propagating contagion of all machines (a mix of XP and 7 all with top-of-the-line antivirus software) even if they were locked-down with the user accounts devoid of any admin privileges. Despites all of best efforts, the IT person could not keep up. At a chance meeting in the coffee area, I mentioned my earlier story and asked if the contents of the prefetch folder were checked. Within hours of this chance meeting, the contagion was finally contained.
Well, given the number of configuration settings (including registry hacks) one has to go through to minimize the amount of private data going back to Microsoft and advertisement coming to the system, updating to Windows 10 for free does not appear attractive at all.
I also am irresponsible in Thom’s eyes. I really have to watch out for the “millions” of hackers and black hats that are out targeting my Windows 98 and XP machines, I must be dodging multiple bullets every day!
Get real! These old OS’s hold no value to the black hats of the world, only us retro computer nerds.
Apart from that, the last time I had Win98 infected was about 2002, and that was with adware, not a virus/trojan. Windows XP, I have never had infected!
Windows XP today, even without “support”, is no more likely to get malware or a virus than a Windows 7/8 machine that received security updates yesterday.
I cleaned more browser hijackers, advertising popups, and other viruses off of friends’ 7/8/8.1 computers this week than my XP machines have ever gotten in the last 10+ years, combined!
The idea that upgrade/update = security is a fallacy.
Thom,
By adding your remarks about Windows 7 and XP you effectively made sure this thread would have nothing to do with the anniversary update of Windows 10.
If that was your intent, fine, but I think its a shame if Windows 10 stuff cannot be discussed without the boring spyware thing being brought up. There’s nothing new there – people either made their choice and upgraded or they did not.
Why? It’s the primary reason I won’t upgrade.
Because your reason for not upgrading to Windows 10 has nothing to do with the anniversary update (aka service pack 1) for Windows 10.
It is roughly the same as commenting on every macOS release thread that you won’t buy a Mac because it is expensive.
True ‘dat. But since I’m not alone, I rarely mention it. I would still consider it a valid complaint when a new version of MacOS is released, however. My Sony Vaio laptop had Windows 7, openSuSE 13 and OSX 10.6(?). But I never used it, aside from proving that OSX works just fine on a regular PC.
Windows 10 has a fundamental flaw, in which I am not a customer, I am a source of data and continual revenue. Until Microsoft decides to change that approach, I have no interest in the Beta, the RC, the RTM, or the Anniversary Super Spectacular Gee-Whiz edition.
If I wanted that sort of closed-loop walled garden, I’d have a freakin’ Mac running OSX, or at least an iPhone.
…about two PCs, which ‘garbaged’ the BIOS during the critical upgrade process.
At this point -knowing that MS mess with the BIOS- don’t feel like crashing and restarting, but telling is that their BIOS Admin passwords where changed at some moment.
Both. Any sparks? ;D
[please correct me if wrong] The Performance Assistant should guide me about moving things in between my SSD and my HD.
Many years ago -“The Byte Magazine” years- There was an application called something like “Infinite Disk”.
Infinite Disk allowed to discharge the less used|consulted files to optical backup, leaving referring links and indexes on the file system. All my trash at my finger tips. That application also allowed the completion of a full optical backup.
Seriously? Lol. Such hysteria.
Yeah, good luck with your OS upgrades that are nothing more than Windows 10 upgrade spam. Has your unwanted 4GB download finished yet? Enjoying the popups and upgrade-or-die warnings? Not much better than advertising virus popups for fake viagra.
I am getting so sick of cleaning advertising viruses, anti-virus scams, and trojans from Windows 7, 8, and 8.1 machines. Guess what, Windows 10 gets all of the same stuff too.
Meanwhile this XP computer chugs along just fine for internet use. It remains compatible with the latest version of Firefox (with AdBlock and Ghostery of course), and with a firewall and anti-virus software it’s more safe than a stock Windows 7 or 8 machine. And with a dual-core processor, sufficient RAM, and a dedicated graphic card it has no performance issues for everyday internet or office-type work.
P.S. I’ll stop using Office 2000 when they pry it from my cold dead hands.
Haven’t seen any of those since I set 2 or 3 registry keys.
Such hysteria ;P
Do you seriously expect most users to manually edit their registry? And why should they have to? Just to keep their computers free of Microsoft’s advertising?
Of they several laptops and computers I’ve inspected recently, the Windows 10 popup spam was active on nearly all of them. And yes, some of them did have the 4GB $Windows folder.
Edit registry keys? No. Remove, and block, a specific update? Yes.
Granted, once or twice, Microsoft re-re-re-released that specific KB update so I had to remove and block it again, but I haven’t had to do that for the last 3 months.
Lucky you. I’ve had it come back twice on two separate systems even after it was blocked within the past two weeks. It absolutely refuses to stay hidden. Luckily the reg keys still work… for now. Can’t wait until this “free” upgrade is finally over!
I have investigated this offer for free upgrade to Windows 10 for a while.
We have one Windows 7 Pro notebook. The upgrade is not supported by the manufacturer although courageous souls have successfully done it. This is however the main system at home and it cannot be put in jeopardy.
We have Windows 7 Home Premium netbooks. Their specifications just made the minimum requirements for running Windows 10. This means it would barely be useable. So, another pass.
Also, in the fine print on Microsoft web site, it is mentioned that any recovery partition would be removed when upgrading to Windows 10. That I believe as having been interested in a demonstration system in a store – but only it if could be restored to the original Windows 7 Pro. It could not so I did not purchased it.
Oh, one more thing. most reviews about Windows 10 do not distinguish features of the Home and the Professional editions. For example, one needs the Professional edition to be able to switch language…..
So, I’ll stick with Windows 7 for now – which will receive critical/security updates until January 2020. Furthermore, if I wish to purchase another system with Windows 7 Professional pre-installed, I’ll have to do it before Halloween 2016.
In the meantime, I’ll investigate further turning the netbooks into “Chromebooks” since they are essentially used for web related tasks. With Chrome currently being the dominant browser (about 50% worldwide), most web pages would by now reflect this in their coding. And for the few requiring Internet Explorer, there would still be the shared family system to do so.
I had a spare hard drive and performed a “just-in-case” upgrade for the Windows 7 Pro notebook. Free is better than the CDN$140 (Home), or CDN$260 (Pro), for a Windows 10 license (retail) where I live.
I may never use it yet I would forever regret it if ever I had to be able to use a Windows 10 only gadget or program.
Other than that, I am hoping my favorite alternative OS reaches R1.0 sooner than later.
For a company that forced Windows 10 on people so it could be the universal run everywhere OS, Microsoft sure have split the OS world apart.
Great job Microsoft, what’s next, a Microsoft branded Linux to split the community apart even more?
Universal, Phfft!
Reminds me of the old mslinux gag page. A lot of people actually believed it, too!