Microsoft Criticized For VPN-Breaking Windows 10 Update (forbes.com) 135
"Windows 10 continues to be a danger zone," writes Forbes senior contributor Gordon Kelly:
Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptive about the operation of key services. And now the company has warned millions about another problem. Spotted by the always excellent Windows Latest, Microsoft has told tens of millions of Windows 10 users that the latest KB4501375 update may break the platform's Remote Access Connection Manager (RASMAN). And this can have serious repercussions.
The big one is VPNs. RASMAN handles how Windows 10 connects to the internet and it is a core background task for VPN services to function normally. Given the astonishing growth in VPN usage for everything from online privacy and important work tasks to unlocking Netflix and YouTube libraries, this has the potential to impact heavily on how you use your computer. Interestingly, in detailing the issue Microsoft states that it only affects Windows 10 1903 - the latest version of the platform.
The problem is Windows 10 1903 accounts for a conservative total of at least 50M users.
Microsoft estimates they'll have a solution available "in late July," adding that the issue only occurs "when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections." That support page also offers a work-around which involves configuring the default telemetry settings in either the group policy settings or with a registry value.
UPDATE (7/7/2019): ZDNet is strongly criticizing Forbes' article, arguing that the issue affects only a small number of Windows users, "when the diagnostic data level setting is manually configured to the non-default setting of 0." For those who don't understand how unusual that configuration is, note that it applies only to Windows 10 Enterprise and that it can be set only using Group Policy on corporate networks or by manually editing the registry. You can't accidentally enable this setting. And you can't deliberately set it on a system running Windows 10 Home or Pro, because it is for Enterprise edition only.
The big one is VPNs. RASMAN handles how Windows 10 connects to the internet and it is a core background task for VPN services to function normally. Given the astonishing growth in VPN usage for everything from online privacy and important work tasks to unlocking Netflix and YouTube libraries, this has the potential to impact heavily on how you use your computer. Interestingly, in detailing the issue Microsoft states that it only affects Windows 10 1903 - the latest version of the platform.
The problem is Windows 10 1903 accounts for a conservative total of at least 50M users.
Microsoft estimates they'll have a solution available "in late July," adding that the issue only occurs "when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections." That support page also offers a work-around which involves configuring the default telemetry settings in either the group policy settings or with a registry value.
UPDATE (7/7/2019): ZDNet is strongly criticizing Forbes' article, arguing that the issue affects only a small number of Windows users, "when the diagnostic data level setting is manually configured to the non-default setting of 0." For those who don't understand how unusual that configuration is, note that it applies only to Windows 10 Enterprise and that it can be set only using Group Policy on corporate networks or by manually editing the registry. You can't accidentally enable this setting. And you can't deliberately set it on a system running Windows 10 Home or Pro, because it is for Enterprise edition only.
It's trite but... (Score:1)
...Linux is better.
For real, Windows 10 is what motivated me to make the switch to Linux (Fedora, in my case) for my home PC. I have never looked back.
I *did* have some technical problems. I do have to troubleshoot more than I did on Win 7, and I do have to learn more and know more about the OS to use it and keep it running. I understand why these problems would scare people away from Linux. But I prefer these problems to the ones that Windows 10 brings.
Re: (Score:3)
...Linux is better.
For real, Windows 10 is what motivated me to make the switch to Linux (Fedora, in my case) for my home PC.
Same here. I switched to Mint in January this year and it's been great.
The only annoying part is when I have to edit Word docs, and for that I run Win7 in a VirtualBox VM. So far it's been almost flawless, but occasionally Word will hang when saving a doc under a different name (and then I just kill the VM and restart it). Other than that it's been smooth sailing.
One of the very very best things about using Linux is not having to reboot whenever you install or uninstall stuff. I love that and now I'm spoile
Re: (Score:2)
Re: (Score:2)
fwiw Wine works pretty well with Word.
I tried to get Wine working with Word but was never able to do it (I'm 99% sure it was something I was screwing up).
After spending a day or so messing with it I finally gave up and installed Virtualbox. That was a bit of a slog what with the Guest Additions add-ins and whatnot, but I did get it going.
I know Wine is supposed to be a lot leaner and faster, but for whatever reason I just couldn't make it work.
Re: (Score:2)
still better than osx if you want to play games and stuff and run software you've ran for two decades.
and look, this affects a really, really small portion of people. it doesn't for example affect _anyone_ using a vpn service with an app. it doesn't affect anyone using openvpn.
What microsoft did do though was drop the ball totally in regards of group policy etc support in windows 10 and not even telling anyone what worked and what didn't and what would stop working. making it a big mess for all the offices
just wonderful (Score:4, Interesting)
for work have to use win 7 for some things and I've been putting off win 10 as long as possible. But the 9 year old PC I use at home gets bogged with some win software so am getting "new" 3 year old PC with win 10 I'll run for years....
I don't worry about malware since when running windows I'll only be using business software and hitting vendor sites, but kind of disheartening to be reading about Microsofts updates ruining things often.
Glad my personal desktop stuff is on Linux and my servers are BSD. Will soon have to replace my home laptop that boots into win 7 for work stuff too, same sad story.
Re: (Score:3)
Since unsupported the company VPN will cut those off Jan 2020.
Already have the win 7 PC and laptops! That's not the issue here, major vulnerabilities found next year will be unpatched by Microsoft.
Re: (Score:2)
yes, besides the VPN issue for companies that have to comply to audit standards and certification Windows 7 will be forbidden.
Re:Windows 7 (Score:4, Interesting)
Ah, yes, certification by box-ticking, possibly the most annoying management practice yet invented. Apparently it's safer to have software that forces updates that might compromise data and/or break functionality, that might reboot your system as part of that even if you have long-running tasks still going, and that doesn't give you an option to completely turn off phoning home, even if there have been repeated and widely documented cases of problems arising directly as a result of some of these things.
I sometimes work with clients in industries where security and privacy are particularly important, and we did our risk assessments, and we're still on Windows 7 despite the various technical improvements to security in Windows 10. Go figure. We've been making plans to migrate off Windows altogether, except for things like testing, before 7 goes EOL next year. The sort of screw-up we're talking about today is exactly why we're not seriously considering moving to 10.
Re: (Score:2)
Serious audits such as for PCI level one compliance will do more than box tick, they will come to site for weeks, capture traffic and do pen tests, have sys admins log into machines and network appliances and check traffic.
There is no hiding win 7 from them, and failing that will mean not being able to do millions and or billions of dollars in transactions.
Re: (Score:2)
I've worked with PCI-DSS. It's one of the worst examples yet invented of exactly the kind of box-ticking I'm talking about. At high levels with serious audits it might have some value. However, for the basic stuff that applies to merchants who are farming out the actual card processing to services like PayPal or Stripe, it's pretty much a joke.
Meanwhile, it's all very well banning 7 if it's no longer supported, but I'm still waiting for someone to explain to me how you can secure a Windows 10 deployment for
Re: (Score:3)
In my case, I’ve found that any Windows-centric “work stuff” I need to do runs just fine virtualized, e.g. using Parallels or even VirtualBox. The initial launch of the VM is slow, but Windows is annoyingly slow to boot anyway.
I don’t bother with keeping an actual Windows machine around anymore.
Re: (Score:2)
The main problem I have with VMs is the USB support. It's about 80% there in VMWare and complete crap in VirtualBox. Some stuff is okay, but a lot of development and debug tools just don't work properly or at all.
Firmware updates are a pain too as they often require the device to disconnect and reconnect as a DFU device (the USB standard for firmware updates), which then needs to be separately attached to the VM.
This could probably be sorted by using IOMMU pass-through to assign an entire USB controller to
Re: just wonderful (Score:4, Informative)
You’re wrong - I’m specifically thinking about my experiences with Windows 10 on various Microsoft-branded devices. Technically speaking, it does get to the login screen fairly quickly (although still slower than, say, macOS or vanilla CentOS). But the time between typing in your login credentials and being able to actually run anything can be ludicrously slow.
Re: (Score:2)
Like most Linux zealots, you haven't used a modern version.
Modern linux boots really really fast, thanks to systemd.
Windows 10 testing seems to be nonexistant (Score:5, Interesting)
This is not the right way to develop something as critical as an OS
Re: (Score:2)
No, Microsoft should properly vet their software before releasing it into a KNOWN hostile environment, full of hackers and nefarious governments.
Re: (Score:3)
But Microsoft wants to push new ideas, FAST!
Testing and quality controls means slower "To Market" times! /s
For what it's worth, I agree with you. I have a computer running win7 for this very reason (and because Win10 seems hell bent on NOT letting me actually own and administer my own god damned hardware, because I might make the "wrong" choices about installing updates or drivers) and another running Linux.
I am patiently waiting for one of two things to happen--
1) Microsoft wakes the fuck up from its fever
Re: (Score:2)
Re: (Score:2)
Windows 7 isn't that much better. The quality of patches has gone far down hill since 10 came out. Some have serious performance issues or introduce new bugs. They are only interested in fixing security issues, not in performance or quality.
If you have to run Windows the best option currently seems to be to get Enterprise and stick to the Slow Ring, where you only get most patches after they have been beta tested by everyone else for a few months.
Re: (Score:2)
They have used this half-assed approach for decades. It is just getting more obvious now with the forced updates and their spying. And look how much money it brought them, when they never even demonstrated acceptable average engineering skills, let alone the excellence you reasonably expect from a group that creates operating systems. The problem is all those that made them big, despite their obvious incompetence. And now they are big and still incompetent.
Re: (Score:3)
I know Windows 10 is supposed to be the version number of all future Windows releases and as such is a constantly evolving animal but I still say it should be better tested
Re:Windows 10 testing seems to be nonexistant (Score:4, Interesting)
very early in its development, win7 had quite a few issues with hardware drivers, and software packages not working properly on it (which had previously worked fine in windows XP. I don't count Vista; it had much lower market penetration because it was shit on a disk.)
However, subsequent patches and bugfixes turned that around, and provided various compatibility frameworks to allow older software to run on it quite nicely. Instead of focusing on eternal feature creep, they focused on stability and performance enhancements that made the platform much nicer to use.
Compare to Win10, which wants to change all your file associations every monthly update, because "NEW AMAZING FEATURES YOU JUST *HAVE* TO TRY! WE INSIST!", and which forces driver updates that break everything because not all devices with the same PCI/VEN numbers are really the same, and not all drivers provide necessary functionality for specific deployments, and of course, the shitpill of the forced expanded telemetry and the general "No no, users shoudn't touch the inside of the OS, that's naughty!" mentality it vigorously enforces. (Seriously, you have to boot the OS, and fiddle with a system control applet, TO START SAFE MODE? Really? Because, you know-- SAFE MODE exists to FIX the computer WHEN IT DOES NOT BOOT. Likewise with "We need to BURY enabling of unsigned driver installation under as many layers of headache and mis-matched configuration applets as possible!" because GOD FORBID that you use a newer driver that totally works on your hardware, but does not have OFFICIAL support, or force installation of a newer driver for older hardware that was retired, but still totally freaking works with a newer driver (like several scanners out there) that the manufacturer released, because the new hardware is basically the old hardware with a new ID, and a face lift.)
No, win10 breaks shit hard, and actively distrusts its users. I wont switch to it unless Microsoft seriously changes its MO. I would switch to freaking OSX first, and that is about as likely as my getting pregnant as a man.
Re: (Score:2)
The only bad taste I had from Windows 7 was during the open beta (or pre-release testing.)
During an update, it tried to update my video card drivers for a EVGA Geforce 460 GTX. Anyway within two reboots, it fried the card. Guessing they pulled the wrong clock settings for it, or the card gave up the magic smoke.
This is super isolated, but I noticed the updates to video card drivers got a bit more specific afterward.
Anyway I ran Win 7 on retail launch, and up until the past year. Still have my old hard drive
Articles about Microsoft's VERY poor management. (Score:2)
One link shows that Bill Gates still manages Microsoft. (March 25, 2019)
Re: (Score:2)
Microsoft used to have a voluntary beta program to properly outsource those QA functions, without jeopardizing their business clients with buggy and improperly tested software.
They still have one, of a sort-- of course--
https://support.microsoft.com/... [microsoft.com]
but there are more hoops to jump through, and they overall dont evangelize like they used to. It used to be than simply having MSDN status meant you could get all the beta you wanted.
These days, they want to kill actual beta testing, and just dump untested pa
Re: (Score:2)
Microsoft are in a position where the vast majority of their customers don't have a choice, or aren't aware that a choice is available. They're not concerned with pricing themselves out of the market, they are solely concerned with maximising profit.
Re: (Score:2)
Hate to break this to you, but ... (Score:1)
Linux won the O/S wars in all categories well over a decade ago.
Re: (Score:2)
Worse? Oh, right, define worse?
Re: (Score:1)
Worse at being buggy.
Worse at being closed and proprietary.
Worse at being poorly designed.
Yep, Linux is worse . . . at sucking.
Re: (Score:2)
They've already released three cumulative updates this past month. This despite publicly stating that they will only release updates on the second Tuesday of each month.
So, with this story, we now know that we will see the regularly scheduled update on July 9 AND at least one more in the month of July.
Break fast break often. Is this the reason for their success? I thought it was the mantra of failing startups.
Maybe their calendaring program told them there was more than one second Tuesday?
"Danger Zone" seems a little strong (Score:1, Flamebait)
Not as dangerous as letting bloggers post drivel online and pretend it's journalism.
Re: (Score:2)
Re: No one uses the windows VPN client (Score:1)
If you are using a vpn client they coded and can't pick your own, somethings wrong.
Before you grab your pitchforks... (Score:1)
This bug only happens if data collection has been set to 0, which can't be done with the user interface and requires modifying the registry or setting a local group policy.
With the GUI you can only set it to 1 (Basic) or 3 (Full)
Re:Before you grab your pitchforks... (Score:4, Insightful)
And people fucking with the registry to turn off spying are very likely also going to be using a VPN at some point.
This seems deliberate. Just like how they've removed the control panel from right clicking the Start menu in 1803 and other bullshit trying to force you to use YOUR computer the way THEY want.
I'm a hardcore gamer, the majority of my library still does not run in Linux. I'm currently a Windows 7 refugee waiting for something to save me because I work with 10 all day at work and it's fucking awful.
Re: (Score:2)
Re:Before you grab your pitchforks... (Score:4, Informative)
Check Linux again, because Steam uses Proton (just their internal version of Wine/Windows emulator) to play Windows games now and it does it for you silently and quickly. https://www.protondb.com/ [protondb.com] https://store.steampowered.com... [steampowered.com] You'll want to browse both of these lists. They're quickly expanding as people, Steam team and devs test it out.
Re: (Score:1)
https://steam.fandom.com/wiki/List_of_DRM-free_games
Re: (Score:1)
Re: (Score:2)
Oh I didn't notice that one doesn't update anymore until just now, whoops. ProtonDB seems to be exactly like WineDB though, and gets updated by users.
Re: (Score:2)
And people fucking with the registry to turn off spying are very likely also going to be using a VPN at some point.
Even before the update to the article indicating that it was a GPO for Enterprise versions of Win10, I'm still not quite sure exactly how many people this would really affect.
Literally every VPN config I've implemented over the past five years has involved a third party client. Whether it's OpenVPN, Sonicwall SSLVPN, Cisco, Juniper, Fortinet, or even QNAP, they all utilize their own client applications that hook into the system via a pseudo device driver that integrates into the network stack, rather than u
Re: (Score:2)
Might I suggest Windows 9?
Yes, it's a thing. All the goodness from 7,8,8.1 and parts of 10, with none of (that I can tell, so far) badness from those OSes.
I first tested it about a year ago when the writing was on the wall for Win7, found it to work fantastically. It didn't seem to have any spyware/telemetery in it, and I tested that with WireShark to see what it did/where it went.
https://www.eastcoast.hosting/... [www.eastcoast.hosting]
Supported until (IIRC) 2024, by which time Linux will either make the compatibility inroads to
Re: (Score:2)
Well, that was my guess, and several people have more-or-less assumed that the change was to facilitate MS spying on people. E.g. the bug only appears if you manually edit the registry to set the level of spying lower than the GUI interface will allow you to.
I've got to admit this is surprising. I didn't believe that they would allow the user to have any effect on how much spying they did.
Re: (Score:3)
Not in and of itself. But if you can't tell what data is transmitted, then spying is the reasonable default assumption, especially if you can't turn it off.
sure it wasn't on purpose (Score:2)
guess that is one way to make sure the real ip address comes with data they are collecting whenever win10 calls home.
Figures! fast ring 18917 was great! (Score:2)
I hear... (Score:2)
...the Chinese are particularly upset about this. [slashdot.org]
This is not Forbes Magazine. It is a blog site (Score:2)
Please don't say this is journalism from Forbes Magazine.
This article is written by someone on a glorified blog site run by Forbes called "Forbes Contributors."