Frank Slootweg wrote:
> John C. <r9jmg0@yahoo.com> wrote:
> [...]
>
>> What if M$ was able to come up with a proprietary HASH code to assign to
>> programs a person runs on a regular basis, then before pestering enc
>> users every time they try to run a third party program, check to see if
>> that HASH is on a list of safe programs to run?
>
> Don't know about Windows 10, but Windows 11 sort of have such (a)
> feature(s): Smart App Control [1] and Reputation-based protection [2]
> (multiple categories).
>
> [1] 'What is Smart App Control?'
> <https://support.microsoft.com/en-us/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003>
>
> [2] There's no 'Learn more' link for this, but it shouldn't be too hard
> to find more information if you're interested.

W10 has Reputation-based protection, but (AFAICT) not Smart App Control.

--
John C.

Newyana2 wrote:
> John C. wrote
>
>> What if M$ was able to come up with a proprietary HASH code to assign to
>> programs a person runs on a regular basis, then before pestering enc
>> users every time they try to run a third party program, check to see if
>> that HASH is on a list of safe programs to run?
>
> In some ways that's what UWP/RT/Metro is intended to be.
> They're safe because they're crippled by design, unable to
> access much of the WinAPI. That's always been the idea
> with Java, as well. And ActiveX/COM. Of course, it's not
> easy to make something safe. And now Microsoft are using
> UWP applets for system settings. Go figure.

Heh. I still remember Java and Red Sheriff spyware:

https://cexx.org/sheriff.htm
https://lwn.net/Articles/25267/

That led to me removing both it and the JRE from my computer at that
time. I've refused to install the JRE on any of my computers since then.

--
John C.

"Paul" <nospam@needed.invalid> wrote

| Regarding Johns suggestion of a hash, signing
| an application has some similar properties, but
| the signing keys have been stolen before.

And there are also other issues. Like, for instance,
Windows being designed to not see perfectly good drivers
if the company didn't go in for MS signing. Or using
signing as a entrance gate to writing software, allowing
greater control and/or fees for writing software.

| application, the signing computer is normally
| air gapped, and that's not how the signing key
| escaped (possibly lost at a partner facility).
| As an example of ceremonies, Linux distro signing,
| representatives actually fly by plane, to
| carry out a signing. That's for the shim used
| for secure boot. They're not allowed to email
| the info to one another :-)
| | There is already a problem with Secure Boot on
| Windows, which will take a year to fix. That's
| one of the reasons the Linux shim was invalidated,
| and representatives had to fly to (a non-Microsoft location)
| to fix theirs.

I had trouble with that installing OpenSuse 15. It screwed
up the shim. I ended up with an odd message in a black
screen. Only the BIOS was accessible. It turned out the
bug was fairly old and hadn't been fixed! I had to disable
secure boot:

https://forums.opensuse.org/t/after-a-shim-update-yesterday-no-longer-able-to-boot-with-secure-boot-enabled/165382

Every few boots now I see a message about 4 options.
Somehow Suse seems to pick up that it's screwed up the
boot and offers options to fix it, but I haven't been able to
understand what it's talking about. One of these times I'll
have to copy the message and look it up. But I'm not very
patient with unexpected messages mid-boot. So I tend to
click it on impulse: "Shut up. Get outta here. I'm booting."

| It's a good thing my toaster doesn't have a CPU in it.
| I can still make toast. Even if the Cloud is unreachable.
| Somewhere an advertiser weeps, that they don't
| know my toasting preferences. Top secret stuff.
| I read recently that appliance makers are getting disillusioned
with computerized appliances because no one is using the
functions. We recently got a new washer. The instructions
say we should download "the app". Why? So we can check
on progress while we're upstairs!

"Hello? Washer? How ya doing? Almost finished?"

"Getting there."

"OK, great. Thanks so much. Carry on."

I wouldn't mind, but I suspect this machie will die long
before the actual mechanical parts die. It takes several
minutes to survey the load in order to set size, rather than
just letting me spec the poad size. I can imagine a time,
perhaps not far off, when the camera or laser used to check
the height of the dirty clothes pile malfunctions, and then
the whole thing refuses to work.

John C. wrote:
> Ed Cryer wrote:
>> John C. wrote:
>>>
>>> What if M$ was able to come up with a proprietary HASH code to assign to
>>> programs a person runs on a regular basis, then before pestering enc
>>> users every time they try to run a third party program, check to see if
>>> that HASH is on a list of safe programs to run?
>>>
>>
>> How would you police those HASH codes? How would you distinguish genuine
>> from fake?
>> They'd attract scammers, and be fairly open and vulnerable.
>
> Well then, let's give up and keep having to put up with continual
> interruptions from that god-damned UAC.
>
> I tried turning it all the way off yesterday and it STILL pestered me to
> death when I was simply trying to move shortcuts around on my Start Menu.
>

Mine's been OFF for years; and I get NO mention nor sign from it.

Ed

On 3/31/2024 1:46 PM, Newyana2 wrote:

> I read recently that appliance makers are getting disillusioned
> with computerized appliances because no one is using the
> functions. We recently got a new washer. The instructions
> say we should download "the app". Why? So we can check
> on progress while we're upstairs!
>
> "Hello? Washer? How ya doing? Almost finished?"
>
> "Getting there."
>
> "OK, great. Thanks so much. Carry on."
>
> I wouldn't mind, but I suspect this machie will die long
> before the actual mechanical parts die. It takes several
> minutes to survey the load in order to set size, rather than
> just letting me spec the poad size. I can imagine a time,
> perhaps not far off, when the camera or laser used to check
> the height of the dirty clothes pile malfunctions, and then
> the whole thing refuses to work.
>
>

https://www.tomshardware.com/networking/your-washing-machine-could-be-sending-37-gb-of-data-a-day

"Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner
disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic"

Never turn your back on a washer :-)

Toasters are OK.

Paul

Ed Cryer wrote:
> John C. wrote:
>> Ed Cryer wrote:
>>> John C. wrote:
>>>>
>>>> What if M$ was able to come up with a proprietary HASH code to
>>>> assign to
>>>> programs a person runs on a regular basis, then before pestering enc
>>>> users every time they try to run a third party program, check to see if
>>>> that HASH is on a list of safe programs to run?
>>>>
>>>
>>> How would you police those HASH codes? How would you distinguish genuine
>>> from fake?
>>> They'd attract scammers, and be fairly open and vulnerable.
>>
>> Well then, let's give up and keep having to put up with continual
>> interruptions from that god-damned UAC.
>>
>> I tried turning it all the way off yesterday and it STILL pestered me to
>> death when I was simply trying to move shortcuts around on my Start Menu.
>>
>
> Mine's been OFF for years; and I get NO mention nor sign from it.
>
> Ed

I confused needing "Administrator permission" with the UAC nonsense. And
I don't get that, because my user account is an administrator one.
--
John C.

On Thu, 28 Mar 2024 23:30:02 -0400, "Newyana2"
<Newyana2@invalid.nospam> wrote:

> It's my computer and I understand the risks. I'm also much more
>careful in general than the average person, restricting script online
>and avoiding having data like credit card numbers on my computer.
>I've never had a virus or malware. I've never accidentally deleted
>System32. I also haven't used AV since about 2000. I
>use firewalls and I disable all remote functionality. I don't allow
>any local network functionality. Those are all precautions that most
>people wouldn't even consider taking.

In my case I have 3 computers and a printer (connected to one of the 3
computers) networked together (me, wife, daughter) I don't allow
access to anything else except our router. I know that means a
performance hit but then I've got more horsepower than I really need
on my machine.