Oh look, another broken Windows update! KB4493472 and KB4493446 causing issues
Reports are coming in left and right that the recent security updates for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2 are causing issues on machines they are installed on under certain circumstances.
I added a note to the Tuesday's Patch Overview for this month's Windows updates but the issue appears even more widespread than thought initially.
Update: Microsoft added the issue to the known issues on support pages that highlights the incompatibility issue with Sophos products. Microsoft blocked devices with affected Sophos software from receiving the update.
What we know so far
The issue affects pre-Windows 10 operating systems only, at least that is what is been reported at the time. In other words: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
The updates that may cause issues are:
- KB4493448 Security-only update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- KB4493472 Monthly rollup update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- KB4493467 Security-only update for Windows 8.1 and Windows Server 2012 R2
- KB4493446 Monthly rollup update for Windows 8.1 and Windows Server 2012 R2
- KB4493450 Security-only update for Windows Server 2012
- KB4493451 Monthly rollup update for Windows Server 2012
The issue
Sophos reports that machines with the update may fail to boot. The computer mentions systems with Sophos Central Endpoint and SEC installed specifically and recommends not to install the new update at this point in time.
If the update is installed already, Sophos recommends booting into Safe Mode, disabling Sophos Antivirus, booting into the regular system, uninstalling the Windows update there, and enabling the Sophos Anti-Virus service afterward.
Avast published a support article on the company's KB site that describes a similar issue. The company reports that PCs running Avast for Business and Avast Cloud Care on Windows machines may become locked or frozen on start after installing the new Windows updates.
Windows machines (particularly those running Windows 7) are becoming locked or frozen on startup after Microsoft updates KB4493472, KB4493448, and KB4493435.
Some of these machines are completely unable to log in, and some log in after a very extended period of time.
Avast suggests that users roll back the update as well and has published instructions on how to do so on the linked support page.
Microsoft has yet to acknowledge the issue; no support article lists the problem as a known issue yet.
It is still recommended to create a system backup before you install any new update for Windows on your machines.
Now You: are you affected by issues after installing these updates? (via Ask Woody)
Microsoft will breake Windows 7 and leave people at they broken product to force them to upgrade on they spyware Windows 10.
Don’t worry, your Windows 7 install contains far more than enough backdoors that law enforcement can, and do, use against you.
Read all about COFEE, which leaked onto the Internet back when Windows 7 was still the latest version.
https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor
While it is a valid point, today most law enforcements are using Belkasoft evidence center with Passware integration plugin and back-end servers configured for network distributed password recovery with gpus for hardware acceleration
@ Anonee
M$-COFEE is used by the LEA or Police against criminal suspects by plugging a M$-COFEE USB Flashdrive into the suspect’s computer, in order to retrieve data evidence against the suspect, eg for child porn, terrorism, etc = physical access to the computer is needed. I believe they need a Search warrant from a US judge to do so. So, M$-COFEE is probably a good thing.
OTOH, M$ colluding with the NSA in the Prism project in 2012 as revealed by Edward Snowden is quite nefarious. M$-Win 10’s deep Telemetry & Data collection is probably being shared with the NSA, in order to filter out criminal suspects who may harm national security. This is not good because every Win 10 user is being spied on. ….
@AnorKnee Merce, the point is that Windows 7 already contains a shitload of its own spying built-in; and this is long before Windows 10 was released.
This is how tools like COFEE work in the first place. It simply gathers all this data in 1 fell swoop – data that is always being collected by Windows 7 in the background. Hence, Windows 7 is spyware too.
Furthermore, the telemetry shit was backported to Windows 7 in updates a couple years ago, so if you’re on Windows 7 and fully up to date, then you’re dealing with the same telemetry shit as a Windows 10 user.
For people like the OP to say/suggest that Windows 10 is spyware and that they are safe because at least they have stuck with the decade-old Windows 7, which isn’t being updated anymore (except extended support which ends mid-next year), has always contained its own built-in spying, and has received the same telemetry shit in later updates, is not just deceitful but dangerous too.
The only way to get away from MS spying on you is to either switch to macOS or install a unix-like OS on your computer, preferably Arch Linux.
… https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
@anonee – that’s not very relevant. A broken Win7 is the issue, not 3 letter agencies. Why did you link the two?
If you’ve been accepting all of the Windows 7 patches, then the spying has already been retrofitted into your installation.
@ John Fenderson & Anonee
M$ started issuing (Win 10-style) Telemetry updates to Win 7/8.1 computers from around Nov 2015, eg KB2952664. In Oct 2016, the Telemetry updates were probably sneaked into the monthly Patch Rollups by M$.
……. Win 7/8.1 home-users who avoided those Telemetry updates and/or stopped updating at around that time will not have the (Win 10-style) spying retrofitted into their installation.
Win 7 Ent users cannot afford to stop updating because they are high-value targets to hackers and ransomwarers. The enterprises will just have to accept being spied on by the NSA and M$, eg M$ may abuse it to steal relevant trade secrets from other enterprises.
So John, my Win7 (running in VM only) has not a single patch. It is literally my DVD install from back around 2010. Not even SP1 or anything.
My guess is that this time of innocence….there is very little to worry about spy and telemetry wise.
Windows 10 is broken also. RDP Edge no longer functions unless you disable Sophos services. I can’t even figure out how to remove the update as “Uninstall” is unavailable and “recovery” options are also unavailable.
Dont blame them , they are doing the best they can to ruin you and upgrade to Win 10 Telemetry Edtion.
They don’t need you to upgrade to Windows 10 because with Windows 7 no longer receiving anymore updates soon, it will leave it extremely vulnerable as the exploits that people find/use start piling up since they know they will never be patched.
Furthermore, Windows 7 already contains far more than enough backdoors that MS inserted that law enforcement can, and do, use against you.
For example, read all about COFEE, which leaked onto the Internet back when Windows 7 was still the latest version.
https://en.wikipedia.org/wiki/Computer_Online_Forensic_Evidence_Extractor
No not really because Enterprise and Volume Licensing customers that are using windows 7 are going to be able to purchase Extended Windows 7 security patches until 2023.
So to Microsoft’s Enterprise and Volume Licensing customers that’s going to be 2023 before they will no longer be able to recieve(For A Price) extended Windows 7 security updates.
Do you even care to guess how much more it costs any Enterprise to Vett/Certify their Mission Critical Software for any new OS, windows 10 or otherwise, and that’s a bit more than any licensing fees on any OS. Windows 7 is the new XP, for the very same reasons!
Windows 10 with is update cadence is really going to be a moving target to get vetted/certified what with its eternal BETA state and continous feature creep and things that are not broken made broken more often than with past MS OSs.
@notgoingthere, you’re just rambling on about updates and the costs associated to enterprises, which has nothing to do with the original post by OP. The point is that OP thinks he is being cute by saying things like “Win 10 Telemetry Edition” while ignoring that Windows 7 already contains a shitload of its own spying built-in; and this is long before Windows 10 was released.
This is how tools like COFEE work in the first place. It simply gathers all this data in 1 fell swoop – data that is always being collected by Windows 7 in the background. Hence, Windows 7 is spyware too.
Furthermore, the telemetry shit was backported to Windows 7 in updates a couple years ago, so if you’re on Windows 7 and fully up to date, then you’re dealing with the same telemetry shit as a Windows 10 user.
For people like the OP to say/suggest that Windows 10 is spyware and that they are safe because at least they have stuck with the decade-old Windows 7, which isn’t being updated anymore (except extended support which ends mid-next year), has always contained its own built-in spying, and has received the same telemetry shit in later updates, is not just deceitful but dangerous too.
The only way to get away from MS spying on you is to either switch to macOS or install a unix-like OS on your computer, preferably Arch Linux.
I think you’ve made your point.
I would still be using Linux Mint if versions 17.3/18.x knew how to handle my graphic adapters past a certain kernel, I made a tiny partition and Ubuntu MATE is working fine, but the headache of installing and recovering and having everything neat just as I like, like in my Mint 17.3 install that is still there, it can run, but extremely badly since the AMD proprietary driver no longer works with kernels past 3.19.0-32.
I’ve been using win7 as a safety buoy of sorts while I decide what to do about it, of course I miss the much faster and safer OS, especially Mint when it was running perfectly for me since version 14 to 17.3. We have to assume anyone is aware of their own sec while using win7 or even worse (OSX, cough, iOS, cough).We just want the damn thing to update correctly, I’ve been able to install the march security rollup, but not the KB4474419 one that makes it impossible to update any further, I thought hiding the SHA-1 enabling update would make it so that I could update until August (for win7 it’s up to August) without KB4474419, yet that update that screwed everything up for a lot of us who may not be using win7 because they want to is leaving a hell lot of us in the cold. Screw updates I guess and Linux distros basically yell at me to get new graphic adapters (I guess 2 HD7850 Radeons is too weak/old for me to use AMDGPU-PRO, even the windows drivers are unclear as to if the HD7850 is supported, the first 19.x update said so, the one I’m running now, 19.2.3 or such doesn’t list it.
This windows update fudgery is giving many people one hell of a headache, especially my situation, I just disabled windows update and be done with it until I get the energy to spend 5 hours making backups and making sure grub works and also never again install win7 on the third partition of a drive, apparently that + grub is causing the KB4474419 fail and this one…I got ESET Nod32 for antivirus, nothing Sophos, yet the april rollup won’t install. That’s why we’ve come here, not for a lecture about cofeefee, we’re all aware of that, I wouldn’t do much privacy sensitive things while in windows 7, I cover my bases with updated frequently list based firewall + ssh tunnels, other than that, we’re aware….
I do not use Avast it has a troubled history even before they acquired Piriform. (although CCleaner was attacked, four months before Avast acquired the company). https://www.consumeraffairs.com/computers/avast-antivirus.html
Windows 10 are effected as well :
https://www.tenforums.com/windows-10-news/130491-cumulative-update-kb4493509-windows-10-v1809-build-17763-437-april-9-a-2.html#post1612321
@ilev – “affected” , not effected. Sorry to be the grammar police.
I don’t know, is Microsodt to blame for the nasty practices of today’s antivirus products of hooking so deeply into the OS to the point where it breaks it, rendering it unbootable? I did not update my PC, I’m still on March 2019 patches, and until 15th of April when Simplix updates its pack, I won’t update either, but I’m willing to bet if I were to update it right now, nothing would break. I don’t use any a/v products, I find them completely useless and bloatware. And annoying.
I just uninstalled a banking anti-malware with impeccable credentials : made by IBM (remember that company ?), recommended by my bank (and dozen of well-known others), etc.
A series of very serious annoyances I had with multiple software disappeared immediately (extreme slowness of search, very long time to launch, freezing of browser…).
The name is impossibly bad : IBM Trusteer Rapport.
@ Yuliya
I had applied updates for my Win 7 system for a few years(= 2012 to 2016) and they did not break my Avast AV program.
……. So, maybe this is done on purpose by M$, in order to push Win 7/8.1 users onto Win 10.
Do you use Windows Defender.?
Nope. I disabled Windows Defender. Thankfully in 7 you can do it directly from its settings page. I used to use MSE, which is also what I recommend to anyone who insists having an a/v program, but after years of it not picking up anything, I realised it did nothing but waste CPU cycles, RAM and annoy me with scanning everything I was downloading, sometimes taking quite some time if the file was large and stored on a HDD. Before removing it completely, years ago, I tried scanning my PC with multiple a/v’s, just to check MSE was not the culprit, and indeed, all of them only picked some false positives I was aware of (DAZ’s Windows Loader, heheh, that one’s something MSE always picks up, lol).
@ Yuliya – agreed entirely. My Win10 box has no Defender running. Just as you said, wasting cycles and scanning forever, and never finding anything. In my scenario, it was utterly pointless.
No, but in the past they had a proper QA department to test their patches against common AV products and other typical bits of software. Now, they just roll them out and wait for things to break…
Impressive how everyone is fast to blame Microsoft, yet we only see complains from lazy companies which are known to have issues with Windows Updates.
If we look at a company like Kaspersky, that actually read and follow Microsoft documentation, you’ll notice they have no issues whasoever with Windows Updates (even on W10).
I see where you are coming from but it is hard to sympathize with MS. We use Eset Enterprise and it has saved us and our clients from so many of the latest “We’ve encrypted all your files, pay us bitcoin” malware.
The real problem for us:
We had updates set to Manual across a fair few hundred VM’s because it’s not the first time “Patch/Hotfix Tuesday” has caused us serious grief.
Microsoft have decided that the updates are important enough to bypass our policy and install them anyway effectively rendering hundreds of businesses (that we manage alone) unable to operate.
We have been working on restoring service for the last two days and pay SPLA a butt load of money each month so in summary, yes I blame Microsoft. It was working before they forced their update on us.
I don’t normally submit on forums but this has rocked the boat
Please submit to this forum again.
@Nik Donovan,
So why don’t you sue Microsoft for $1B in damages ?
Odd and inexcusable that MS would do that; I can completely block or disable Win Update with the gpeditor on Win 10 Pro.
I installed a cumulative security patch last month, otherwise still am at 1803 current to Aug 2018.
@ Nik Donovan
In Win 7, if you manually set to “Download the updates but let me choose when to install them” and then later you clicked “Check for updates”, … on the next reboot, the updates will be automatically installed. Maybe this was what happened to your managed computers.
……. This is a weird policy from M$ which goes against the user-setting, as if M$ knows better what the users want.
To prevent this, manually set to “Let me choose when to download and install updates” or “Never update”.
I think they’re all to blame, Microsoft, Sophos, Avast and others; what is special and so problematic is that these wolves don’t understand each other anymore. The effort of convergence deployed by companies such as Kaspersky indeed at least don’t add confusion to chaos, because chaos is my word to define Windows Update ever since the arrival of Windows 10, and if that wasn’t enough, updates stain previous Windows versions as well, which is why we observe such a great deal of updating defection among users of Windows 7 & 8.1.
I agree with @Tom Hawack.
In terms of Antivirus being to blame I say not as much as MS.
Analogy: Microsoft run the ticket office to a large music festival but they don’t bother putting up any gates or fences to stop anyone without a ticket getting in.
They built defender but that is like having no gates, no fences but a lonely security guard in a hut down the back corner of the festival grounds.
Antivirus companies have to exist to put up gates, fences and security guards at every post to keep us all safe.
Basically what has happened here is Microsoft have moved the festival venue last minute and have not given enough notice for anyone to do anything about it.
In our case, our windows updates were set to Manual but they came in anyway.. They are now set to disabled but I’m picking that won’t stop them either for long.
Right, I kept using MSE and Spybot Tech Edition 2.4 to use only as the browser defender it is as it patches vulns with the Vaccination function. MSE didn’t see (nor do I know how) the malware I suddenly got in between a lot of reboots trying to install KB4474419, I had an old school firefox highjacker going on. I had to run Malwarebytes, Zemana AntiMalware, then Malwarebytes Adware to get rid of it. MSE never said anything, of course. I’ll likely build a VM, use my windows 7 x64 ultimate sp1 iso and then install it there, it’s a solid shot from a brand new install from january 2016, and let the updates go, if they all install cleanly, I’ll resign myself to reinstall for real, I don’t really like to run a windows VM while in windows, some find it secure, but I rather have everything in a sandbox (sandboxie for example) because you can’t use real drivers in a VM.
That whole thing since march updates is blending my balls, excuse my french.
Maybe Sophos and Avast are crap? Windows Defender offers enough protection for everyone. If you’re extra paranoid or you frequently visit shady porn sites, you can run monthly/weekly Malwarebytes and SuperAntiSpyware on-demand scans.
BTW who’s even still using Sophos? I remember it being sub-par crap already in Win9x/ME days. I guess its users are the same dinosaurs that love Norton and McAfee…
Windows Defender is the worst ever written software since Babbage’s computer in 1822.
Don’t you have homework to finish Son?
AV’s change frequently, once bad ones can easily become good ones and vice versa. Avast is a prime example of that.
If going to porn sites wrecks your machine, it sure isn’t because of your AV, assuming it’s not some junk you wrote, it’s because you’re wide open (Ha! Ha! Yeah, that’s so stupid, so what?) otherwise.
The big problem with Win Defender is it’s soooo slow. It works sort of OK now. If you want to be absolutely sure all your browsing goes to MS, use it.
@Harro – Windows Defender is utter utter garbage. It was a devil to truly stop it on my Win10 install, and I was very thankful when I could ascertain that I had got rid of it. If it works for you, you’re welcome to it.
Oh, its not just defender. I won’t use ANY AV these days. Those innocent days of AV being in any way useful are gone.
We lost hundreds of virtual servers to this update over the last two days. Both Server 2008 and 2012/R2. We use Eset Enterprise AV. Lots and lots of unhappy clients. Thanks Microsoft!
Hi,
Just a quickinfo, windows 10 home is also effected by this, I have avast installed and the latest april updates from windows made the computer almost unuseable due while avast loads everything hungs up.
The solution is to uninstall any windowsupdates that start with “KB449xxxx”.
I uninstalled those windowsupdates in safemode, booted normally and everything is working again.
Cheers
I have the updates with Kaspersky running. No problems at all. I can confirm. I would suspect it may be the devs at Sophos or Avast were not diligent enough on their testing..
I have had enough of the Microsoft bashing. I actually enjoy working with Windows. :)
@Ray – I really enjoy working with Windows too. Have done since 1991 or so.
But do they deserve a bashing? They absolutely do, that’s for sure.
@Sophie You play rough with the ones you love :) Fair enough
I’ve run through the “fix” but it doesn’t work. Going into Safe mode it goes through the Configure stage but ends in a failure, this takes a couple of mins. As its a failure it automatically restarts. I’ve about a dozen shops who cannot print bar codes labels at the moment, aarrgh.
april 2019
second time that avast free blocks windows 10 update.
switch to kapersky
It also breaks DFS on Windows 7 and Windows Server 2008 R2 – confirmed
There appears to be a problem when KB4493509 (for Windows 10, 1809) is installed on my system, running Avira Antivirus.
Before installing KB4493509, Restart took seconds.
After installing, Restart took more than 2 minutes.
When “Avira Real-Time Protection” service was disabled (using Safe mode), Restart times returned to normal.
Avira appears to be aware of the problem
https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976
This is exactly why I always wait at least two weeks before manually installing the monthly updates on my Windows 7 machine.
I typically install the Security-Only update – however, once you’ve traveled down that dark road to “Update Hell” – you never want to do it again.
Although I do not use any of those programs causing the conflict – I will have no problem simply skipping this month’s update – which I have done in the past.
Your Internet Provider will provide Free Antivirus software, which Comcast gives me Symantec which I have never had problems with, if you are stupid enough to go pay for Inferior Anti Virus software, there lies your problem. ATT gives you Mcafee. All internet providers provide free Anti Virus software.
Funny you should say that because Norton AV has possibly the worst reputation of all. Windows 10 comes with competent anti virus software, why not just use that?
If you don’t want to come away with egg on your face, I would proofread your posts before calling other people stupid.
IMO there is literally nothing worse than Norton and Mcafee.
Wow, what piles of rubbish those AV are. I remember years and years ago, Norton made genuinely useful tools for DOS. They were gems of coding, and each served a brilliant purpose and were part of my early days as it were.
But today? Norton AV? Seriously…………………………
Is Inferior Anti Virus a brand? Not aware of them.
Not being a fan of Avast or any other bloated AV’s it appears to me as if MS hitting machines with “not Windows Defender” activated hard. It is not the first time people with these AV’s are reporting massive problems after a MS update. Make up your own mind about these ”’coincidents””.
I am happy that i don’t update my Windows 7 Ultimate x64. Last update is from May 2017 and this has made that Windows 7 far more stable than any Windows 7 with later updates.
I seriously don’t understand the problem. Again and again and again users report problems with MS updates–updates that don’t need to be installed immediately; updates that are rollups or even beta; updates that are sure to cause problems for some.
Again and again and again responsible tech writers warn against any and all MS updates and explain/show users how to mitigate the problem by deferring updates for all Windows versions.
Yet, the same old story appears again. It’s what keeps tech bloggers in business.
Turn off updates. Disable updates. Pause updates. The vulnerability score is more scare than necessity.
Or if users are that brainwashed into thinking the latest is the safest at least have a backup plan for rollbacks.
Rather simple problem and solution.
@ VioletMoon
No, it’s not a simple problem and solution. Every Windows users deferring updates will only defer the problem to a later date, not solve the problem, ie buggy updates will just go undetected for weeks, instead of being detected soon after release by M$.
All of the remote access settings I disabled were restored after the first update. Pretty much everything I had disabled as security risks were undone. Registry settings as well. WTF…
Like I said before, since the launch of Win 10 in 2015, M$ has weaponized Windows Update to become like malware against certain users, eg GWX KB3035583 and Telemetry KB2952664. M$ is probably issuing buggy KB updates for Win 7/8.1 on purpose or with intentional sloppiness, in order to push the users onto Win 10 asap.
From 2015 until Feb 2017, M$ purposely borked Windows Update for those who had to do a clean reinstall of Win 7/8.1(eg after a hard-drive failure), in order to push the users to upgrade to Win 10. To solve the problem, affected users were forced to manually install 100+ security updates one-by-one from M$ Update Catalog. Later, in mid-2016, a tech-geek who goes by the name “Canadian Tech” came out with a workaround to unbork Windows Update.
That was why from 2016, I have stopped updating my Win 7 laptop = have peace of mind. Of course, I also have real-time AV protection and practice safe-browsing. But my main OS is a dual-booted Linux installed on an external USB hard-drive because M$’s Windows Update can sometimes bork a dual-boot system that is on the same hard-drive.
In short, since Win 10 and Nadella, M$ is not your friend, … more like Shylock who is after your $$$$ or pound of flesh.
to block windows updates and other nonsense;
http://www.blackviper.com/service-configurations/
you may use these in your Ublock-original
https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hosts​​​​​
​​​
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
you can also block microsoft ip ranges in yer
firewall or pi-hole
Not in Home, only temporarily. Be careful with that black viper list, be sure it’s current. If he can’t clearly explain what a service does, be sure to keep a log of what you disabled in case your device begins to flake.
MS can change or add/delete IP’s whenever, so whoever is keeping the lists will always be at least a little behind.
Windows runs tasks that are not clearly linked to services, that also affect Win Update; they may reset your mods.
Pay the small amount to upgrade to Pro, Win Update can be disabled and stay disabled in the gpedit. Home doesn’t have gpedit.
Microsoft’s patching quality has really been going downhill last year.
Now the Windows updates have recently become so bad that I ended up switching to Linux after 20 years of being a Windows user.
I’ve probably had a Linux partition for as long as you’ve used Windows and the amount of time I have to spend fixing things in that OS that should work is ridiculous. Funny how nobody ever does a video diary about that on Youtube.
@Anonymous:
What distros with what desktop environments have you had in that Linux partition? In my own admittedly limited experience, some “just work” out of the box better than others.
I can’t point you to a video diary of Linux frustrations, but I *can* point you to this article:
Main Linux problems on the desktop, 2019 edition, or why Linux sucks
https://itvision.altervista.org/why.linux.is.not.ready.for.the.desktop.current.html
I recall spotting a fair number of duplicate (triplicate, quadruplicate, etc.) grievances when I read it, but otherwise, it seems to be a fairly comprehensive bill of particulars. On the other hand, the same guy authored *this* article as well:
Why Windows 10 sucks or Everything Wrong with Microsoft Windows
http://itvision.altervista.org/why-windows-10-sucks.html
Read *both* articles and you’ll be panicking like Private Hudson in Aliens in no time:
https://youtu.be/5vstBC4N_tA?t=2m59s
(And then you’ll get an overpriced Macbook Pro whose logic board will buckle, crack, and fail from overheating three days after your warranty expires. And if you haven’t been diligent about backing up, you’ll keep your fingers crossed that an official Apple repair shop will be able to retrieve your data from the soldered-in SSD. And then maybe you’ll go back to channeling Private Hudson… ;-)
to be fair, kaspersky had its share of problems with win10 and other software like firefox before.
does anyone know how much communication the various sec companies have with ms regarding monthly fixes & compatibility?
for that matter, we all heard about how battleye is borking win10 1903, (whatever the numbers are now) especially older versions of battleye in older games that are not updated. makes you wonder why ms doesn’t force uninstall battleye related software when people try to install 1903 (insider/preview) or give a massive warning that battleye has been detected.
obviously they can’t do forced uninstalls with security software. does anyone know if all versions of the affected security softwares are borking the update or if it’s just some older versions?
@Clairvaux –
“impeccable credentials” ?!?! I take it you’re being ironic, lol.
Trusteer Rapport is a hideous piece of corporate approved spyware/malware, has forever been causing all sorts of serious problems and for the life of me I can’t understand why IBM chose to purchase it… avoid it like the plague
Banks are pushing it on their customers because it relieves them of their obligation to do anything serious about securing their online services, like introducing MFA (hello Santander) and I strongly suspect because they’re getting kickbacks for pushing out because of the huge amount of data Rapport hoovers up.
It’s horrendous, truly horrendous
No, Samantha, I’m not being ironic. I’m a bit tired with all that irony business. Sometimes, usually in fact, people tell things straight.
IBM Trusteer Rapport does have impeccable credentials. First, it comes from IBM. Know IBM ? Then, it is a part of a larger eco-system of security software designed by IBM for the enterprise. Then, many large banks have modified their websites to make them intimately compatible with IBM Trusteer Rapport (or at least have worked with IBM, so that the software specifically protects their own website). At last, it’s being officially recommended by those large banks to their customers. Meaning, possibly, just possibly, if your account is hacked and you can’t prove you had IBM Trusteer Rapport installed, your bank might hold you responsible for the losses.
If those aren’t impeccable credentials, I don’t know what would be. Being designed by a middle-aged leftist holed up in a foreign embassy, and smearing his excrements on the wall ? Now that’s irony for you.
It might help me if you answered a few questions. Do you know for a fact that Trusteer Rapport was acquired by IBM ? From whom ?
Do you have personal experience with it ? Can you tell us about it ? Did your bank recommend it to you ? What was the nature of that “recommendation ” ? Was it just a piece of advice, or were there consequences for not doing so ? How do you know IBM Trusteer Rapport gathers personal information ? And last, what personal trouble did you experience with that program, if any ?
I’ll let you do your own detailed research Clairvaux, because if you’re not being ironic one can’t help wondering you’re a shill either for Rapport or a bank pushing it’s poisonous code.
Trusteer was founded in Israel in 2006 and acquired by IBM in 2013. Just because IBM have a (mostly) good rep, it doesn’t mean anything and everything they do is wonderful.
Rapport hooks all manner of system processes, exactly like malware would. It acts as a keylogger, and also reports on running processes and network activity, without being clear to end-users about what it’s doing, what data it’s harvesting, where it’s sending all that data and who has access to it.
I have personally seen several clients machines broken completely by Rapport – do a web search on problems with it and you will find I am far from alone in hating this execrable product, and the banks abdication of responsibility for securing their systems properly.
my business bank Barclays has had MFA for well over a decade.
my personal bank Santander keeps pushing Rapport on me, an shows no signs of being bothered about implementing MFA, despite making money hand over fist.
if they can afford to throw millions at sport sponsorship they can find the money for MFA
@ Samantha
Sure. I’m “a shill” for IBM and banks. That’s why I volunteered information about how I uninstalled IBM Trusteer Rapport, because is was giving me unending trouble. They are paying me big bucks to hang at Ghacks and write such things.
Why do you bother to provide information to me on the subject, anyway ? You know I’m on IBM’s payroll. I won’t be swayed by anything you say.
@ Samantha & Clairvaux
Whatever it is, people should do their online banking with a Live Linux DVD/USB or a dedicated Linux computer(= better option) because nearly all online banking malware target Windows computers.
……. Once a Windows computer has been infected by such a malware, there is nearly no way to stop your online banking account/money from being drained by the hackers, even by using MFA and verification codes. Most banks do not assume liability for such frauds. Some SMBs have lost US$ thousands to such online banking frauds.
Of course, the best prevention is not to do any online banking. Online shopping with your credit card is OK because banks are legally required to assume liability for online credit card frauds as long as the victim has reported the fraud within a reasonable time period.
@ Clairvaux
AFAIK, IBM Trusteer Rapport is an effective security program for online banking but it oftens interfere with the operations of AV and browser programs.
…….. When not in use for online banking, the Trusteer Rapport program or extension should be easily disabled by the computer user.
Seems, IBM had acquired Trusteer Rapport some time ago because it was still privately owned in 2010, as per a Brian Kreb article on Trusteer Rapport. ….
… https://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/
@ AnorKnee Merce
Thanks for the useful info. Why is a dedicated Linux computer better for that than a Live CD ?
Trusteer Rapport is not that easy to turn on or off. It has its own embedded captcha system, and it’s very picky rights-wise. Of course you need admin rights to turn it off (or on !), but it’s not enough to clear UAC for that. You need to use the shortcut and run it as admin.
@ Clairvaux
The Live Linux DVD/USB does not have persistent storage wrt installed security updates and the latest browser while a Linux computer that is dedicated for online banking only has persistent storage. IOW, the dedicated Linux computer should not be used for other online activities.
A Live Linux USB with persistent storage will degrade in performance after storing too many progressive changes made to the system, eg installed security updates and the latest browser or other programs, ie each time the user go online banking.
@ AnorKnee Merce
OK, so I take this to mean that a Live CD should mostly be used for Linux testing purposes, and not for regular use.
A dedicated banking computer is of course a theoretically good solution, indeed the best (as it would be for any high-security activity), but isn’t that overkill by a long stretch ?
After all, millions of individuals and businesses do online banking on Windows computers and even on Android smartphones (I just stopped short of the latter). If it were that risky (technically and legally), we wouldn’t have this situation, right ?
So what about a dual-boot machine ?
I might envision dedicating a computer to a single activity if I were handling state secrets, or similar. Bruce Schneier handled Edward Snowden material, if memory serves right, and he had an air-gapped computer for that. But let’s get real for a minute…
@ Clairvaux
A dual-boot machine should also work, ie the Linux partition should only be used for online banking and not other online activities; and the Windows partition should not be used for online banking but can be used for other online activities.
……. Bear in mind that Windows Update will often bork the Grub bootloader rendering the Linux system unbootable(= require boot repair), esp the 6 monthly forced auto-upgrades in Win 10 Home.
A better solution is to run the dedicated Linux system on its own external USB hard-drive from a Windows machine.
To do the above, a bit of tech savviness is required.
“The Linux partition should only be used for online banking and not other online activities”
Why ? If the rationale for using Linux in the first place is that there is very little malware for it, then what could could be the problem ?
@ Clairvaux
I had said, “NEARLY all online banking malware target Windows computers.” = a few online banking malware may also target Linux computers. Similarly, nearly all top 10 AAA-rated online games and specialized business software are only available for Windows or MacOS computers.
……. So, the above recommendation is to completely eliminate the chance of the Linux partition being also infected by online banking malware via doing other online activities. A vulnerable computer usually gets infected by malware when online.
If a business has a few million US$ dollars in its online banking account, it is a very high-value target to hackers who may even resort to targeting Linux computers that are used by such businesses. Of course, for hackers, their success rate in stealing from online bank accounts is much higher with Windows computers. But never say never.
“It takes a thief to catch a thief” = put yourself in the position of a professional hacker.
@ AnorKnee Merce
That’s what I thought. Dedicating a Linux computer / partition to online banking is an extreme measure, that provides theoretical protection but sounds like serious overkill. I don’t run a multinational corporation.
Reality check : what is the percentage of people using a dedicated Linux computer for online banking, and what is the real impact of online banking damage ?
And while we’re at it, what is the number of people using a Linux computer for online banking and other activities, who have suffered irrecoverable losses due to bank hacking ? I mean number, not percentage.
At some point, you need to take real risks into account. In my country, you’re far more likely to die by accident if you stay at home than if you drive your car. Let that sink in for a minute.
Clairvaux said: … “At some point, you need to take real risks into account. In my country, you’re far more likely to die by accident if you stay at home than if you drive your car. Let that sink in for a minute.”
That is no comfort for a business owner who just lost US$X00,000 or a person who just lost all his/her retirement savings through online banking fraud via malware planted by hackers.
.
.
Statistics say that only 1 person out of a million die from lightning strikes every year. Does that mean all of us should feel safe and go out walking in a thunderstorm.? That 1 person statistics is actually because nearly all people did not go out walking in a thunderstorm.
……. So, your logic about “Dedicating a Linux computer / partition to online banking is an extreme measure, that provides theoretical protection but sounds like serious overkill.” is incorrect. ….
“Statistics say that only 1 person out of a million die from lightning strikes every year. Does that mean all of us should feel safe and go out walking in a thunderstorm?”
Yes. It’s actually safe to walk under a thunderstorm. What’s not safe is to take cover under a tree. And we all have to die some day.
“That is no comfort for a business owner who just lost US$X00,000 or a person who just lost all his/her retirement savings through online banking fraud via malware planted by hackers.”
My aim is not to provide comfort to them. I haven’t seen any reports of such things happening, and then we’d need to know if there was any mistake involved, whether the bank had to re-credit the funds, what the law says about that, etc.
You kindly provided information saying that in the US, a bank user liability was quite limited in that respect. There are probably similar laws elsewhere.
If you run a business, and you’re not prepared to lose any money at all, or run any risk at all, then it’s better than you fold your business. On the other hand, when running one, you can, and indeed should, make due diligence about computing safety, spend the appropriate amount to mitigate such useless risks, etc.
@ Clairvaux
AFAIK, only the US and UK have strong consumer protection law with regards to Electronic Fund Transfer or Digital Financial Transaction because they are at the forefront of the digital age and promoters of it, ie the governments want to encourage the mass consumers to do online banking and online shopping. OTOH businesses are not protected because they should be smart and rich enough to protect themselves.
……. Most other countries allow their banks to push the liability for online banking fraud onto the consumers unless the consumers can prove in court that the banks were wholly negligent. So, consumers in such countries should be very careful, eg if they want to do online banking, they should use desktop Linux or MacOS. Personally, I avoid online banking and shopping.
Businesses losing money due to the vagaries in the world of trade/economy/politics and due to online banking fraud are very different. The former is usually unforeseen or unforeknown and not preventable, eg crude oil price doubling, 9/11, foreign currency value doubling, trade war, etc, but the latter is common knowledge and preventable, ie the existence of online banking malware, ransomware or destructive viruses is common knowledge.
……. A long established business rarely loses money doing business, eg M$, Google, Intel, Bank of America, Citibank, Visa, MacDonald, etc. This applies to long established SMBs also.
If you are careful and have the ingrained habit of staying indoors during every thunderstorm, you will very likely(= 99.999999999%) never die of a lightning strike. Similarly for not being a victim of online banking fraud if you are careful to use desktop Linux to do your online banking.
… https://krebsonsecurity.com/2015/08/cyberheist-victim-trades-smokes-for-cash/
https://krebsonsecurity.com/banking-on-a-live-cd/
“If loss is not reported within 60 business days customer risks unlimited loss on transfers made after the 60-day period – could lose all money in account plus maximum over draft if any.”
https://en.wikipedia.org/wiki/Electronic_Fund_Transfer_Act
.
https://financialit.net/blog/fraud-management/customer-liability-age-digital-banking
Sorry, correction ……. US Law protects consumers doing online banking and they are limited to a liability of US$500 for fraudulent loss if they did not give 48 hours notice to the bank. Only businesses doing online banking are fully liable for any fraudulent loss.
Nevertheless, if a consumer running Windows really does lose all his/her retirement savings amounting to tens of thousands of US$ dollars though online banking fraud, it may take quite some time for the bank to reimburse the lost money and the consumer may need to chase after the bank for his/her money.
……. This is similar to having your Win 10 computer unluckily borked by M$’s 6-monthly or yearly forced auto-upgrades or malware = eg requiring you to waste time and energy doing a clean reinstall.
@ Clairvaux
For security when doing online banking, …….
Windows < MacOS < Live Linux DVD/USB < dedicated Linux system.
For most ordinary consumers, a Live Linux DVD/USB should be enough, ie it should not be enough for extraordinary millionaires.
@ Clairvaux
https://www.theregister.co.uk/2013/08/08/linux_banking_trojan/
A family member that has windows 10 home has blocked it completely by disabling windows update, windows orchestrator service, windows perfect remediation service, telemetry service, nvidia telemetry, windows update medical service , with windows update blocker 1.1
I have completely uninstalled windows defender mirense esto https://github.com/adolfintel/Windows10-Privacy, and put in place clamwin with the module in real time sentinel both freeware.
I did before this process an entire disk copy with acronis, in case one day Microsoft will release a stable version of w10 home, which today I doubt very much.
It also has as an extra security measure a Linux linux on ext disk, in case you have any problem with windows, I have taught you to use your linux and the daily tasks there, windows only for your programs you need.
In my company, they lost hundreds of machines and two days of productivity due to this inexcusable, preventable disaster. The responsibility for this rest squarely and 100% on the shoulders of Microsoft and zero other companies. It is the responsibility of the company issuing the patch to test it before distribution. Given the size and scope of this update, Microsoft knew ahead of time there would be issues but ignored prudence and destroyed global productivity anyway. Those who attempt to cast blame on A/V companies know little about software Dev, testing, QA, and TQM. Devs and testers look for these sorts of disasters while looking miles into the future; they are not stupid people. However, this inexcusable, preventable disaster is the result of a profoundly greedy company, where firing the testers & QA teams seems like good business while MS lets the users find the bugs. This latest fiasco has soured my already bad attitude about MS and has deeply ruined any residual, remaining love I had for this company that began in the 90s.
Now, in my companies, after this disaster where the CEOs, CFOs, et al were directly effected and our bottom line will take a hard hit, others are starting to notice that MS is not the MS it was when Bill was around. I mean, monkey boy was really aweful but this new clown? He is only suited for assembly line work for picking fly shit out of pepper. Anything else with higher responsibilities and imho, he is far outside his abilities.
@Steve#99
What company let its PCs auto update on day 1 of updates and doesn’t test the updates for at least 2 weeks on test PCs ?
Is your company intent to sue Microsoft for $M for damages ?
@ ilev
It’s possible that the latest monthly Patch Rollup from M$ has a hidden update that bypasses the manual Windows Update setting in Win 7/8.1 computers = updates are auto-installed by M$.
……. Eg KB4023057 in Win 10 reenables Windows Update that has been manually disabled by the users, in order for M$ to force auto-upgrade all Win 10 computers to the latest Version as per M$’s schedule or wishes.
@ ilev
You might have noticed, many of these updates were marked as critical and others important. I’m not involved in support but I can appreciate the IT directors’ predicaments. They are damned if they do, damned if they don’t. It was such a fiasco at the company I was last week, even the low level, non-tech clerical staff were cursing MS. I doubt our companies will sue and besides, MS is probably well protected in the EULA.
Thank you @AnorKnee Merce, I’m sure there was some of that going on too.
As Microsoft’s updates are continuing to be disastrous on all Windows machines with no end in sight, I found a permanent solution to ending all of the crying burnups. While I have a few Windows audio editing programs I just cannot let go of, I installed Linux Mint 19.1 as the regular OS and Windows 10 version 1803 (with the March 2019 cumulative updates) in VirtualBox. I turned off Windows updates (via Winaero Tweaker) and terminated the network connection in order to avoid installing any more updates. I installed my Windows programs in the virtual machine and enabled file sharing between the host and guest machines using a USB drive. Additionally, I have a dedicated machine with the same Windows install as the virtual machine with updates and network permanently disabled, but used for running games since my work PC cannot run Windows games in VirtualBox due to low video memory provided in the guest OS.
I feel like I kind of dodged a bullet. I no longer remember what AV I started out with in Windows 7 (Microsoft Security Essentials?), but I *do* remember that I went from Avast to Avira to Sophos, *all* of which seem to be having serious problems with one of this month’s security patches, and thence (currently) to Kaspersky, which *doesn’t*. I left my previous AVs because they started sucking in one or more intolerable ways, but serendipitously avoiding update-induced borkage is an unexpected bonus!
KB4474419 and KB4493472 does kill the Boot sector in some instances.
I am unfortunately 1 of those instances.
I’m an IT pro at a facility with about 150 computers.
We have 4 Dell Latitude E6530 laptops running Windows 7 Pro.
These models are affected.
As soon as you install those updates the system will reboot and you will get that “BootMGR missing” error. And the only way to fix is to reimage them.
I call Microsoft last month when this 1st happened – spent 2 hours on the phone and they basically brushed me off saying it had to be my fault.
Thanks MS.
@ Codata, Nik Donovan
It’s a tribute to Martin Brinkmann’s work that IT professionals, responsible for the smooth operations of companies which (hopefully) pay them good money for that , come and share their experience here.
It’s damning for Microsoft that the above gentlemen, akin to many, many others within their trade, have definitely lost trust in them, while there was a time where the consensus among their profession was that Microsoft might be pushy, they might be expensive, they might throw their weight around and leverage their oligopoly position, but if they gave you a piece of code, if they said : patch this or patch that, you could trust them without a further thought. Because they were Microsoft.
Now, it has come to being the opposite. Any mom-and-pop software house can be trusted more, on average, than mighty Microsoft.
Avoiding all the political arguing, I seem to have hit a different problem: updates just simply stopped working about a month ago. Other than a whole pile of things that appear to have been installed to Excel on the 25th of April (I suspect a single small patch touched a whole load of other existing updates and modified their effective install date), nothing has installed successfully since… funnily enough… April 9th.
But, I don’t have any of the mentioned updates on the list. In fact, I don’t have anything starting KB4493 at all – the highest numbered (applied to Windows itself, rather than e.g. Office, Silverlight…) is KB4490628, and the last one to install was KB4489892. Since then it’s basically like the BITS code or some other crucial bit of the actual download routines has been dummied out… you tell it to update (I have it set to Check And Ask, and typically double check what’s offered/selected seeing as I’ve had rogue driver updates knock out my soundcard before), and it just sits and spins for a few minutes, transferring no data at all (at least, nothing shows up in Task Manager), before giving up and entering, seemingly at random, either a “Failed” or “Cancelled” in the update log. Sometimes the actual available-updates check fails as well.
And right now I can’t even see which ones I’m missing to hunt them down off the Microsoft website, because not only is the check broken, but so is the log itself. I’ve actually had to look in the “installed updates” list to get those KB numbers. This is thanks to following some other allegedly guaranteed-to-work guide that ran me through issuing SFC and DISM commands in an admin-rights cmd prompt (the third of which was completely “unrecognised in this context” by DISM… yay), which found no errors and did nothing of obvious value, instead seemingly breaking everything still further.
On an otherwise pretty much fault free (discounting some stupid nonfunctional biometric login stuff preinstalled by HP that I haven’t ever been able to fully remove) Win 7 install that’s been running nearly 6 years now with only, to my memory, one other update hiccup of any kind other than the rogue driver. The installation log shows 714 MS updates across both Windows and software going back to my purchase of the machine in July 2013 (plus one from a year earlier that must have been the company’s last mass-image update before actually building it), so this is a fairly rare failure, if an annoying and somewhat catastrophic one.
FWIW I am using Avast Free, but that hasn’t given me any issues in all the years I’ve had it, maybe it’s down to serially updating rather than fresh installing, IDK. The worst trouble it ever gives is sometimes the browser guard can crash if I have a lot of tabs open (like, maybe 100+, on a lowly 32bit/4GB laptop), and the 2~4 times daily update popup (I set it to inform-and-wait some time ago because the auto updating could sometimes cause a bit of slowdown for a minute or so if doing something else heavy, and I prefer having the option to defer it if needed). I tried turning off its protection entirely, as suggested elsewhere, and that made no difference whatsoever to the updates. So unless it’s permanently broken something fundamental at a system level, it wouldn’t seem to be anything to do with AAV interfering with/firewalling out the download or whatever.
I suppose the one last thing to check (maybe after uninstalling the last couple of successful updates?) would be the hardware firewall on my router, but Windows Update would be a very odd thing for it to block, unless Microsoft has suddenly gone over to using UDP or an unusual port range instead of the customary TCP & port 80 / 8080… Maybe it’ll start working if I connect it to mobile data using my phone as a hotspot… as unpleasant as having to blow the better part of 300MB of my monthly allowance would be.
Oh, and… it was the case that I didn’t have a great deal of HDD (well, SSD) space at the point of actual failure, but it was still low-mid single digits GB, which would would think is entirely ample for updates of a couple hundred megs total, and individually nothing more than about 60 (even the really small ones at 2-3 MB didn’t work). I’ve since done a serious spring clean and freed up something like 80GB (on a 500GB partition), but, no change… Been no power failures, unexpected shutdowns (a couple times it’s gone to hibernation because the power cord was yanked out just far enough to break connection but not fall out, which happened fairly quickly because the battery is shot, but I have the emergency-shutdown SOC % set high enough that it’s always succeeded), absolute BSODs etc that would be the usual risk factors for file corruption… Even done a scandisk and run a third party SSD defragger to make sure everything’s shipshape and optimised…