You now need an Antivirus program installed to use Windows Update - Sensationalist Headlines

[url]https://doublepulsar.com/important-information-about-microsoft-meltdown-cpu-security-fixes-antivirus-vendors-and-you-a852ba0292ec?gi=b557d42e7e89[/url] [QUOTE]These updates came with many caveats, and the Microsoft knowledge base articles have had extensive edits since publishing. There’s some really important things you should know before trying to apply the patches. The main thing to know is the January patches, and currently all future security patches, [B]will not install unless antivirus vendors take action[/B] — and some don’t want to or feel they cannot. There is a problem where some anti-virus vendors are using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations — memory locations which are now changing with the Meltdown fixes. To be honest, some of the techniques are similar to ones used by rootkits — Kernel Patch Protection was introduced by Microsoft a decade ago to combat rootkits, in fact. Because some anti-virus vendors are using very questionable techniques they end up cause systems to ‘blue screen of death’ — aka get into reboot loops. This shouldn’t be possible in the latest operating systems, but some anti-virus vendors have managed it by taking themselves into the hypervisor — or “hardware assisted” as you’ll sometimes read in marketing material. Anti-Virus makers really shouldn’t be messing with systems like this. [/quote] [quote] In order to combat this Microsoft have requested Anti-Virus vendors to add a registry key every time they startup, to certify their product is working with the CPU fixes: [url]https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software[/url] [B][U]“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”[/U][/B] [/QUOTE] TL;DR: Windows Update will not function unless a specific registry key is set every single boot. It's up to the antivirus company to update the program to set the key. [B]Windows Defender does not set the key if disabled, so you're megafucked unless you enable it or get another program.[/B] [URL="https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true"]Link to check if your AV is updated for this[/URL]

Haha, jokes on you Microsoft. All my machines run on Windows 98!

[QUOTE=chipsnapper2;53038931][B]Windows Defender does not set the key if disabled, so you're megafucked unless you enable it or get another program.[/B][/QUOTE] Your link right below this says it does add the key and is "fixed".

[QUOTE=1/4 Life;53038949]Your link right below this says it does add the key and is "fixed".[/QUOTE] Fixed you you have it enabled. Windows Defender likes to disable itself by default on prebuilts so the OEMs can install the McAfee trials etc. If you uninstalled that and didn't touch Defender afterwards you're in trouble.

If you really need to, you can always [URL="https://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/"]add it yourself[/URL]: [QUOTE]Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD” Data="0x00000000”[/QUOTE] As always - that is only recommended [B][I]if you know what you're doing![/I][/B]

Finally, a way to defer Windows Update in Windows 10 Home!

Just turn on Defender, it's honestly the best AV on the market at the moment anyways. Besides that, it's critically important that AV software conform to this or everyone's going to start bluescreening the moment the Meltdown/Spectre patch goes out.

[QUOTE=Zenamez;53038971]If you really need too, you can always [URL="https://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/"]add it yourself[/URL]: As always - that is only recommended [B][I]if you know what you're doing![/I][/B][/QUOTE] I was gonna say, wouldn't it just be trivial for someone to write a program that runs on startup and adds the key?

[QUOTE=Gbps;53039016]Just turn on Defender, it's honestly the best AV on the market at the moment anyways. Besides that, it's critically important that AV software conform to this or everyone's going to start bluescreening the moment the Meltdown/Spectre patch goes out.[/QUOTE] Is defender actually that good? All I want is a reliable AV/spyware solution that doesn't give me advertisements.

[QUOTE=Maloof?;53039029]Is defender actually that good? All I want is a reliable AV/spyware solution that doesn't give me advertisements.[/QUOTE] In independent tests it rates lower than other free solutions in both performance impact and protection. [url]https://www.av-comparatives.org/[/url] [url]https://www.av-test.org/en/antivirus/home-windows/windows-10/[/url] I'm currently using Bitdefender.

I feel like most antivirus doesn't do diddly dick these days anyway, also, if I ever catch a virus on any of my computers I'll just nuke the entire thing and start over, I don't want to risk anything being left over

Windows Defender is pretty good though on Win10? I'd bargain that most people are unaffected by this, especially considering most people don't turn it off.

[QUOTE=thejjokerr;53039010]This is only to protect customers from hacky antivirus solutions causing problems on this locked down system which is getting an update with some more restrictions on it. If I wasn't born with a windows computer in my hands, and commercial software developers supported Linux more, I would have switched by now.[/QUOTE]I had been using Windows from the age of 3 till the age of 19, then I decided to switch to GNU/Linux just to try it out. It's been two years since that time and I am still using GNU/Linux. Honestly, if you use Ubuntu, the first month is the only hard part, but then you'll get the hang of it. I got most Windows programs to work properly using Wine, but I still have Windows dual-booted because I use it for gaming, and only gaming; I don't use it for anything else. It also taught me so much about how operating systems work and how computer networks work. If you want to be a power-user, you'll have to get your hands dirty a bit more than on Windows, so you will learn a lot of things about how things work. I started with Ubuntu, which makes things really simple, and if you don't plan on being a power-user, you will rarely have to get your hands dirty, except if you encounter errors, but the Linux community are very helpful, and you'll generally find that someone has already encountered that problem you're having and you'll find exact instructions on how to fix it on websites like AskUbuntu, LinuxQuestions, etc So, if you are considering Linux, I really recommend it, but be ready for a challenging, but really fun, first month. [editline] edit [/editline] If you already know how or have a general idea about how operating systems work, then you will have a much easier time. But for me, I had no idea about how operating systems work when I got into it. I was never interested in how an OS works till I started using it, so it got me interested in the topic. I bought the book Operating Systems Concepts by Abraham Silberschatz a few months ago and am currently reading it.

[QUOTE=SGTNAPALM;53039036]In independent tests it rates lower than other free solutions in both performance impact and protection. [url]https://www.av-comparatives.org/[/url] [url]https://www.av-test.org/en/antivirus/home-windows/windows-10/[/url] I'm currently using Bitdefender.[/QUOTE] Does bitdefender do anything shady? I've been horrified to no end at things avast and similar are doing now and I'd rather download free smileys than some of them at this point.

[QUOTE=thejjokerr;53039084]Thanks man I'll think about it! The reason I haven't switched is the hassle of setting up wine and dual booting rather than learning to work with it. Also I know windows in and out and can work really fast in it so it's kinda just convenient to stick with it. Whilst typing I also realized I can't switch since atm I only have my work laptop and we use windows products in our education + it'd be confusing to show stuff to students quickly.[/QUOTE]Oh, I can relate to that; it was mandatory to use Windows and Visual Studios in a class I took last semester. [QUOTE=SGTNAPALM;53039036] I'm currently using Bitdefender.[/QUOTE] I use Bitdefender on Windows, too, and it seems to set the registry key, which is good. :)

[QUOTE=froztshock;53039022]I was gonna say, wouldn't it just be trivial for someone to write a program that runs on startup and adds the key?[/QUOTE] Would be easier to just use a bat file which adds the key through the command line. That way, you don't need to have it run on startup etc. Putting this into a .bat script (or just paste it into an Admin command prompt) [I][B]should[/B][/I] add the key for you (I'm not responsible for potential broken keys!): [QUOTE]REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat /v cadca5fe-87d3-4b96-b7fb-a231484277cc /t REG_DWORD /d 0x00000000[/QUOTE] *Edit* For some reason the quote box is putting a space in "CurrentVersion". You'll need to remove that before using it.

[QUOTE=ForgottenKane;53039069]Windows Defender is pretty good though on Win10? I'd bargain that most people are unaffected by this, especially considering most people don't turn it off.[/QUOTE] I've never gotten a virus with Windows Defender. I just use common sense, AdBlock everything, and run MalwareBytes every few weeks. Doesn't leave me with a ton of attack vectors.

[QUOTE=SGTNAPALM;53039036]In independent tests it rates lower than other free solutions in both performance impact and protection. [url]https://www.av-comparatives.org/[/url] [url]https://www.av-test.org/en/antivirus/home-windows/windows-10/[/url] I'm currently using Bitdefender.[/QUOTE] Av-test rates Norton as one of the best on the market with almost a perfect score. I consider Norton a form of malware, so it's no surprise our opinions on that differ :v:

[QUOTE=Elspin;53039083]Does bitdefender do anything shady? I've been horrified to no end at things avast and similar are doing now and I'd rather download free smileys than some of them at this point.[/QUOTE] What's wrong with Avast?

I just use ClamAV to scan my downloads, since it's completely manual it has no practical performance impact, provided you're using a well secured web browser that has ad and script blocking the chance of getting infected is essentially zero. Anti-virus provides a false sense of security anyway, the most dangerous things are new infections which are unlikely to be detected and security flaws, keeping Windows up to date is far far more important than having AV software running so this move by Microsoft is utter stupidity.

[QUOTE=Chryseus;53039203]I just use ClamAV to scan my downloads, since it's completely manual it has no practical performance impact, provided you're using a well secured web browser that has ad and script blocking the chance of getting infected is essentially zero. Anti-virus provides a false sense of security anyway, the most dangerous things are new infections which are unlikely to be detected and security flaws, keeping Windows up to date is far far more important than having AV software running so this move by Microsoft is utter stupidity.[/QUOTE] It's not to be dicks, its that existing anti virus software use some cheaty hacks and it can cause problems with the Meltdown patches. Its to discourage that.

[QUOTE=Zenamez;53038971]If you really need to, you can always [URL="https://www.theregister.co.uk/2018/01/04/microsoft_windows_patch_meltdown/"]add it yourself[/URL]: As always - that is only recommended [B][I]if you know what you're doing![/I][/B][/QUOTE] Or abuse this to disable WU when MS would really rather you not do so, as the case may be.

I used to be adamant about installing some kind of anti-virus / spyware / malware on all computers, but since I updated to 10 I'm just like "naw, I think I'm good."

[QUOTE=Chryseus;53039203]this move by Microsoft is utter stupidity.[/QUOTE] I bet you many $$$ that the patch assurance team at Microsoft tested all popular AV products with the patch and learned how many broke and bluescreened from the changes. You can't release a patch that bluescreen locks the majority of AV users. They are required to patch their syscall gates to fix Spectre/Meltdown, and this breaks a ton of bad AVs. There's no other patch option but get compliance ASAP.

[QUOTE=Elspin;53039083]Does bitdefender do anything shady? I've been horrified to no end at things avast and similar are doing now and I'd rather download free smileys than some of them at this point.[/QUOTE] You need to register an account to use it, and it asked to install some "root security certificate" in my web browser that caused immense problems with accidentally blocking sites and giving me no way to whitelist them. On my next install I said no to that.

[QUOTE=Demache;53039272]It's not to be dicks, its that existing anti virus software use some cheaty hacks and it can cause problems with the Meltdown patches. Its to discourage that.[/QUOTE] cheaty hacks? try "using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations ". your AV should NEVER be intercepting syscalls, nor be bypassing KPP! holy fuck!

[QUOTE=joshuadim;53039133]What's wrong with Avast?[/QUOTE] They're good but they got caught plopping a signature onto user's emails. It was just a small logo with a tag that said the email is free of viruses and a link to their website. But since they did it without permission a lot of people considered that shady or scummy, and they since made the tag optional. Not sure if there have been any other incidents, but that one made a lot of people second-guess their trust in Avast.

[QUOTE=joshuadim;53039133]What's wrong with Avast?[/QUOTE] I find a few of the ways it handles things (like the password snooping that tells you how many "unprotected" passwords of yours it found to convince you to buy the password protection feature) kinda creepy but otherwise it's just constantly fucked with me including wrecking installs (on one occasion of important drivers) now and then with its constant false positives

As long as you're not the usual "spam next on every installer" type of person windows defender does a great job. False positives exist sure but they are extremely rare, for example demos from the demoscene that use some special type of compression is seen as a "potential risk" in defender and installers with a shitton of ads in them are marked as "unwanted software" or something similar. Just let Defender run and you'll be fine.

[QUOTE=Foda;53039349]cheaty hacks? try "using techniques to bypass Kernel Patch Protection by injecting a hypervisor which they use to intercept syscalls and make assumptions about memory locations ". your AV should NEVER be intercepting syscalls, nor be bypassing KPP! holy fuck![/QUOTE] They're given all of the shiny new kernel callbacks and they still aren't happy. :v: