Blocking the latest Microsoft .net Framework in Windows

There is the occasional time where you want to disable Windows from upgrading to the latest .net Framework from Microsoft. As of this time, the latest version is version 4.7. The following can disable the installation:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\WU]

“BlockNetFramework47″=dword:00000001

.net Framework 4.7 incorporates all the updates and updates backwards to 4.0 [i.e. 4.0., 4.5, 4.5.1, 4.6, 4.6.1 and 4.6.2]. From the above, you can replace the version in the registry settings with the version number without the decimal [for example, BlockNetFramework462 for version 4.6.2.] .net Framework 4.x series does not replace .net framework 3.5 series.

Microsoft Exchange, for example, is at this time not compatible with .net framework 4.7.

To enable the installing, replace the “1” above in the registry settings by a “0”. Note that you can still manually install .net Framework.

Now what is .net Framework? Unless you’re a developer, you really don’t need a lot of knowledge to make use of .net Framework. You just need to know it is working. The .net Framework contains thousands of pieces of shared code which helps developers as it is much easier because they don’t have to repeat the need to perform some common function. They can instead re-use the shared code in other applications. In earlier days when high speed internet wasn’t as common, it was easier for developers to include their application only as the shared code is already installed.

Note: As usual, when modifying the registry, back it up first. And use at your own risk.

 

WannaCrypt may have been a dud for most

While the WannaCrypt/WannaCry ransomware caused some havoc, primarily in Europe and mostly of them in eastern Europe, with the infection hitting in the 6 figures, it turned out to be a big dud.

First, many did not pay the ransom. I am guessing many of those in eastern Europe cannot afford $300+.

Second, while it heavily affected those with Windows 7 computers, I suspect many of those are unprotected or not patched as they could be pirated copies of Windows 7. Eastern Europe and Asia [also hit hard] are notorious for high piracy rates. Many with pirated copies do not want to possible compromise their system with an update that could botch their copies.

Third, even though somewhere around an estimated 10 percent of computers are still using Windows XP, an operating system that has had no support for about 3 years, those who programmed botched things up because when WannaCrypt got onto those computers they wouldn’t spread to other computers and many of them would crash.

Kaspersky claims almost 98% of machines infected were Windows 7 based. Servers were just over 1% and most of those were Server 2008 R2.  Windows 10 accounted for 0.03% [I guess some turned off Windows Updates]. Servers account for 1.4% with most of them on Windows Server 2008 R2 – the server version of Windows 7.

WannaCry/WannaCrypt Microsoft Windows patches

If you are up to date on Windows patching, you should be covered. If not, you can still get the patch at http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4012598.

It is important to know that Microsoft also release patches for unsupported Windows XP SP3 and Windows Server 2003.

Privacy in technology

Even as we close in on 2 years of Windows 10, we still see so-called “journalists” [or bloggers] who continue to fan the flames when it comes to privacy/telemetry settings in Windows. zdnet.com had one this week.

Microsoft has tweaked the way the settings are over the 2 upgrades in Windows 10 plus they tweaked it again earlier this year [if you bought a new laptop and it had the update].

Even with the tweaking, there has been many third-party tools [such as Safer Networking] that can be used to disable some of this – aside from what Microsoft provides. Some inventive people even wrote scripts to remove some of it.

Note: Some tweaks can actually cause problems as well if you modify them.

And yet, these so-called “journalists” continue to write what is considered mostly a dead issue.

If you are still whining about this privacy/telemetry issue, then I’m not sure if you belong in IT [if you are in that field]. Whining does nothing.

Everything you touch has some privacy/telemetry issues. Your ISP tracks your Internet access. Your carrier tracks your cell usage. If you use a search engine, it’s tracked. You are using an operating system? No matter which one, they are all tracking you.

Question is that do you know how much tracking Google, Apple or others are doing?

Remember when Siri from Apple first came out? Apple stored what you asked [voice recording] plus all your metadata [Apple ID, date, time, IP, etc.] for at least 6 months. After 6 months, they still kept your voice sample [and probably a subset of the metadata] for another 2 years. Apple claimed it was because they needed sample voices to improve Siri’s understanding. You are still being tracked with Siri.

When you visit a web site [that you are registered on], ever get an Email following a visit asking you if you are still interest in what you were looking at or something similar?  Staples and Best Buy are among the numerous sites that do that.

So the first thing you do when buying something with an OS is to go into the setting thoroughly – every section – and disabled or modify what you don’t want. You then research to see what else can be disabled or modified.

The same goes for web sites that you visit. Go in and turn off or modify what you don’t need.

The other alternative is to dump anything that connects yourself to the internet, the Cloud, etc. [Not even a dumb cell phone.]

 

Shutdown a computer [and restart] options

Little used by most is the hybrid utility called Shutdown.exe. And yes, it shuts down your computer or remote computers [some options only work with the local computer].

Just running it alone does nothing. It has both a GUI version [with the /i option] or command line parameters. The command line version includes many more options that you can’t do with the GUI.

First and foremost, you must have local admin rights on the computer you are shutting down – whether the one you are on the local one or remotely.

The command line has quite a few other options. To get all the options, go to a command prompt [run it elevated if you intend on using it right away] and run with the /? option to see them all. There will be the equivalent of a few screens.

The following are the more useful options:

  • shutdown /i – Show a graphical interface (note that this does not include all options available via command-line switches)
  • shutdown /s – Full shutdown
  • shutdown /r – Full shutdown and restart
  • shutdown /h – Hibernate the local computer
  • shutdown /l – To log off the current user
  • shutdown /?  – Command line options

For UEFI-based Windows 10 PCs, you have two extra options that can be invaluable:

  • shutdown /s /fw – After a full shutdown, the firmware user interface opens on next start
  • shutdown /r /o – After a restarts, it displays the advanced boot options menu

Note: As usual test before using [or a computer you can reboot anytime].

 

Apple kills QuickTime for Windows support

If you have Apple’s iTunes for Windows, it generally also installs QuickTime for Windows which is a multimedia player from Apple.

The US Department of Homeland Security’s (DHS) US-CERT is urging Windows users to uninstall Apple’s QuickTime video player because Apple will cease supporting the product. The alert comes after the discovery of two critical flaws in QuickTime that could be exploited to allow arbitrary code execution.

Notice something missing in Patch Tuesday?

If you go through the Microsoft bulletins for Patch Tuesday [April 12th] you will notice that a bulletin is missing.
In this caser it is MS16-043.
I guess this means that there was a showstopper and at least one of the bulletin’s patches has an issue.
Well, at least it was detected before it was released.
This is why for my own computers [and virtual machines] unless there is something critical, I will wait a few days [to hopefully make sure there are no recalls] before applying the patches.

[Updated 2016/04/13:] There could be an issue with MS16-039 where you may get the message “The Windows installer service could not be accessed.” If this happens, you should make sure KB3072630 is install [it should be as it is MS15-074].