Although its probably bad timing to discuss this during the weekend that the Wannacry ransomware attack was unleashed, taking advantage of systems that had not applied the Microsoft patch in March, unplanned MS updates can play havoc with our SmartSDR operating environment. Often this can result in driver confusion with DAX and lack of functioning CAT ports.
Given the opportunity to plan these upgrades, its easy to prevent this by uninstalling SSDR/DAX/CAT prior to the upgrade then reinstalling it after the environment has stabilized (allowing MS time to fix whatever problems they introduce in the upgrade).
Attached is a link to an article that offers a couple of ideas on how to prevent the upgrades from happening.
http://www.computerworld.com/article/3182846/microsoft-windows/how-to-fix-five-windows-10-headaches....
73
Neal
Given the opportunity to plan these upgrades, its easy to prevent this by uninstalling SSDR/DAX/CAT prior to the upgrade then reinstalling it after the environment has stabilized (allowing MS time to fix whatever problems they introduce in the upgrade).
Attached is a link to an article that offers a couple of ideas on how to prevent the upgrades from happening.
http://www.computerworld.com/article/3182846/microsoft-windows/how-to-fix-five-windows-10-headaches....
73
Neal
Neal - K3NC, Elmer
Posted 3 years ago
Time to have developed a MacOs (not iOS) or Linux compilation of SSDR
Don, 73 de PE3DON
Don, 73 de PE3DON
I would like that very much. I have DogPark, and will still use it, but I'd happily pay for a Mac Version. We always blame the victims, yet so many have no problem with Microsoft putting out such a brittle and vulnerable product.
Anyhow, the WannaCry decryptor works via phishing, with the EternalBlue and DoublePulsar exploits. It attacks SMB, and the most vulnerable systems are those still running XP and Windows 8 and Windows Server 2003. Even though these systems are no longer supported, Microsoft pushed out a patch for these systems as well.
Why on earth SMB is turned on if not needed remains a question for the ages. It is outdated, and by it's very nature, an exceptionally attractive and easy to access attack surface, once you accidentally hand the phishermen the keys to the kindom. This is as far as I am concerned, criminal.
Basically folks, don't click on any file you get in an email, the macro attacks have returned. Don't click on any links you get in an email, either.
Back up, with multiple copies, and not in the cloud.
And remember the thing about these patches? They come out after a whole lot of damage is done.
Anyhow, the WannaCry decryptor works via phishing, with the EternalBlue and DoublePulsar exploits. It attacks SMB, and the most vulnerable systems are those still running XP and Windows 8 and Windows Server 2003. Even though these systems are no longer supported, Microsoft pushed out a patch for these systems as well.
Why on earth SMB is turned on if not needed remains a question for the ages. It is outdated, and by it's very nature, an exceptionally attractive and easy to access attack surface, once you accidentally hand the phishermen the keys to the kindom. This is as far as I am concerned, criminal.
Basically folks, don't click on any file you get in an email, the macro attacks have returned. Don't click on any links you get in an email, either.
Back up, with multiple copies, and not in the cloud.
And remember the thing about these patches? They come out after a whole lot of damage is done.
Peter K1PGV, Elmer
"Why on earth SMB is turned on if not needed remains a question for the ages. It is outdated, and by it's very nature, an exceptionally attractive and easy to access attack surface, once you accidentally hand the phishermen the keys to the kindom. This is as far as I am concerned, criminal. "
Seriously? What are you TALKING about?
SMB is the file sharing protocol on any Windows network. It's used among Windows machines, and between Windows and lots of file servers... from little Synology boxes to big boy NetApp systems. Its also super common for interacting with Linux-based servers (Samba or CIFS anyone?)
It's far from outdated, it's regularly revised. The SMB protocol itself is in... what... it's third major revision in Windows 8 and later? It's high performance and provides some very complex features such as opportunistic locking (to facilitate client-side write-back caching).
I don't understand what issue you claim to know about with SMB.
"And remember the thing about these patches? They come out after a whole lot of damage is done. "
Again, not accurate. The vulnerability used by WannaCry was patched in March, before it was exploited.
Whine if you must about the constant updates or the technical inferiority of Windows. But please let's keep the comments technically accurate.
Peter
K1PGV
Seriously? What are you TALKING about?
SMB is the file sharing protocol on any Windows network. It's used among Windows machines, and between Windows and lots of file servers... from little Synology boxes to big boy NetApp systems. Its also super common for interacting with Linux-based servers (Samba or CIFS anyone?)
It's far from outdated, it's regularly revised. The SMB protocol itself is in... what... it's third major revision in Windows 8 and later? It's high performance and provides some very complex features such as opportunistic locking (to facilitate client-side write-back caching).
I don't understand what issue you claim to know about with SMB.
"And remember the thing about these patches? They come out after a whole lot of damage is done. "
Again, not accurate. The vulnerability used by WannaCry was patched in March, before it was exploited.
Whine if you must about the constant updates or the technical inferiority of Windows. But please let's keep the comments technically accurate.
Peter
K1PGV
Ria - N2RJ, Elmer
I would be happy running SSDR under wine but it uses .NET. DPSDR is ok for basic use but not how I would primarily run my 6700.
Hey Peter, why so rude? Did I insult you in the past or something? If so, I apologize for the infraction.
Anyhow, what I am talking about might better be illustrated if you look up what the components of the of the WannaCry ransomware are. Specifically EthernetBlue and DoublePulsar, they have been used long before before Friday 12 May, 2017. If they were patched previously, Wannacry wouldn't work.
As well. I agree with what the people who wrote on Wikipedia that:
"Over the years, there have been many security vulnerabilities in Microsoft's implementation of the (smb) protocol or components on which it directly relies. Other vendors' security vulnerabilities lie primarily in a lack of support for newer like NTLMv2 and Kerberos in favor of protocols like NTLMv1, LanMan, or plaintext passwords. Real-time attack tracking shows that SMB is one of the primary attack vectors for intrusion attempts, for example the 2014 Sony Pictures attack and the Wannacry ransomware attack of 2017."
You can take it up with them, or you can edit the Wikipedia page if you are certain it is as innacurate as you believe. https://en.wikipedia.org/wiki/Server_Message_Block
All apologies for upsetting you, but seriously, I am not making this stuff up, and it is not anything new.
I won't make another posting about PC security matters.
Anyhow, what I am talking about might better be illustrated if you look up what the components of the of the WannaCry ransomware are. Specifically EthernetBlue and DoublePulsar, they have been used long before before Friday 12 May, 2017. If they were patched previously, Wannacry wouldn't work.
As well. I agree with what the people who wrote on Wikipedia that:
"Over the years, there have been many security vulnerabilities in Microsoft's implementation of the (smb) protocol or components on which it directly relies. Other vendors' security vulnerabilities lie primarily in a lack of support for newer like NTLMv2 and Kerberos in favor of protocols like NTLMv1, LanMan, or plaintext passwords. Real-time attack tracking shows that SMB is one of the primary attack vectors for intrusion attempts, for example the 2014 Sony Pictures attack and the Wannacry ransomware attack of 2017."
You can take it up with them, or you can edit the Wikipedia page if you are certain it is as innacurate as you believe. https://en.wikipedia.org/wiki/Server_Message_Block
All apologies for upsetting you, but seriously, I am not making this stuff up, and it is not anything new.
I won't make another posting about PC security matters.
Ria - N2RJ, Elmer
Both of your are correct. The vulnerability on Win 10, 8 and 7 was indeed not a 0 day and patched in March, but XP was not patched until a couple of days ago.
That brings us back to people who disabled Windows 10 updates or stayed on XP because they found Windows 10 updates annoying or "it just works and I don't wanna touch it."
That brings us back to people who disabled Windows 10 updates or stayed on XP because they found Windows 10 updates annoying or "it just works and I don't wanna touch it."
KY6LA - Howard, Elmer
There are a heck of a lot of Contest stations still on XP. In fact the Southern Cal Contest Club and the San Diego DX Club just published extensive detailed instructions on the latest XP patches yesterday.
Why because XP and W7 work reliably and need no hand holding.
W10 causes too many issues and needs far too much support especially after updates.
Why because XP and W7 work reliably and need no hand holding.
W10 causes too many issues and needs far too much support especially after updates.
Peter K1PGV, Elmer
I apologize if my reply sounded overly strident, Mr. Coslo. My intention was not to offend you, but only to point out technically inaccurate information.
If you have concrete information about the NSA toolkits being widely deployed in the wild prior to Windows being patched, as you seem to indicate, please contact me off list. I know people who will want this information.
Peter
K1PGV
If you have concrete information about the NSA toolkits being widely deployed in the wild prior to Windows being patched, as you seem to indicate, please contact me off list. I know people who will want this information.
Peter
K1PGV
Ria - N2RJ, Elmer
There are many fewer than there were, but there are also hams using DOS because windows causes too many issues.
As for the issues, I really haven't had a problem, except for one time when my DAX drivers had to be reinstalled.
As for the issues, I really haven't had a problem, except for one time when my DAX drivers had to be reinstalled.
Hi Ria-
Please tell us you PC H/W config. Seems some H/W runs Win10 without issues and others have major problems running Win10 and SSDR.
Please tell us you PC H/W config. Seems some H/W runs Win10 without issues and others have major problems running Win10 and SSDR.
Ria - N2RJ, Elmer
I have an old HP e9280t with a pegatron (Asus) motherboard, Core i7-930, AMD Radeon HD 4850 video card, 32GB RAM and 128GB Sandisk SSD.
(Edited)
Thought you would say some brandy-new thing that had Win10 from the factory!
Ria - N2RJ, Elmer
LOL! No sir. I use 100% old junk at home, except for my 6700. :)
I also typically keep PCs for 10 years. In fact this PC was a gift. I wasn't even thinking of replacing my old Dell Dimension which used RDRAM, but my SO took pity on me...
However to be totally fair the SSD and RAM are not stock (thank you micro center!) It also came with Vista from the factory and a free upgrade to Win 7.
I also typically keep PCs for 10 years. In fact this PC was a gift. I wasn't even thinking of replacing my old Dell Dimension which used RDRAM, but my SO took pity on me...
However to be totally fair the SSD and RAM are not stock (thank you micro center!) It also came with Vista from the factory and a free upgrade to Win 7.
(Edited)
Paul Christensen, W9AC, Elmer
Ria - N2RJ, Elmer
Unless you know what you're doing, turning off updates is irresponsible. Don't do it. Herd immunity matters.
If you lived through slammer and code red you know how much of a pain in the neck these worms can be.
If you lived through slammer and code red you know how much of a pain in the neck these worms can be.
Paul Christensen, W9AC, Elmer
Ria,
For most installations, it probably is irresponsible to disable updates. But where I have a PC installed in a communications shelter at the edge of the Okefenokee Swamp that runs on a 4G/LTE network, I would rather take my chances. The risk isn't eliminated but it's certainly reduced with no user-induced outbound web traffic there.
On the issue of hacking, if I've left the network vulnerable to an attack in front of the firewall then a Windows update isn't going to help mitigate a lot of potential damage created by someone who just accessed the LAN side of the network.
If the worst attack occurs at my remote site, I would rather have a back-up PC and router pre-provisioned and ready to roll in on a moment's notice.
Paul, W9AC
For most installations, it probably is irresponsible to disable updates. But where I have a PC installed in a communications shelter at the edge of the Okefenokee Swamp that runs on a 4G/LTE network, I would rather take my chances. The risk isn't eliminated but it's certainly reduced with no user-induced outbound web traffic there.
On the issue of hacking, if I've left the network vulnerable to an attack in front of the firewall then a Windows update isn't going to help mitigate a lot of potential damage created by someone who just accessed the LAN side of the network.
If the worst attack occurs at my remote site, I would rather have a back-up PC and router pre-provisioned and ready to roll in on a moment's notice.
Paul, W9AC
(Edited)
Ria - N2RJ, Elmer
This falls into the category of "you know what you're doing." For most other people, turning off updates endangers everyone.
Peter K1PGV, Elmer
I know other people are probably running the latest 'Creator Update' of Win10 (aka 1703) with no problems (cuz otherwise the forum would probably be FULL of messages), but after this latest Win10 update, I'm getting the Win10 equivalent of the Blue Screen of Death -- complaining about an IRLQ with a value of less than ... (something -- the message doesn't go far enough) and saying that the error shows up in a module sysnet04 (or something like that). I'm suspecting it's a problem with DAX or CAT, so I've shut off installing them for the time being to see if things stabilize.
As I say, I'm just providing this for info. I need to do more investigation, but it just happened on a completely 'clean' install of Win10 and nothing else installed on the computer except for SmartSDR 10.16.1. I wasn't even actually running the 6500 at that point -- Just reinstalling software.
FYI...
Don VE7ATJ
As I say, I'm just providing this for info. I need to do more investigation, but it just happened on a completely 'clean' install of Win10 and nothing else installed on the computer except for SmartSDR 10.16.1. I wasn't even actually running the 6500 at that point -- Just reinstalling software.
FYI...
Don VE7ATJ
OK, I've got some more info on this, and a possible fix, which I'm testing now. The BSOD comes up with, as Peter says an IRLQ less than or equal error, relating to the Netwtw04.sys module/driver. I checked on the Windows Insider forum, and others have mentioned the same problem -- especially when accessing the internet over a wireless connection. One contributor said he got rid of the problem by upgrading the Intel Wireless Drivers. That makes sense to me, as all my 'crashes' occurred when I opened up MS Edge browser.
Unfortunately, Windows Update doesn't know anything about updated drivers, so you have to go directly to Intel's support website, download their driver update application, then let it decide the new driver package for you and install it. I just completed that now, so we'll see if it stabilizes the situation. I'm not quite wiling to put this baby back into 'Production' mode just yet, but at least the problem and solution make sense.
Unfortunately, Windows Update doesn't know anything about updated drivers, so you have to go directly to Intel's support website, download their driver update application, then let it decide the new driver package for you and install it. I just completed that now, so we'll see if it stabilizes the situation. I'm not quite wiling to put this baby back into 'Production' mode just yet, but at least the problem and solution make sense.
Peter K1PGV, Elmer
" I'm getting the Win10 equivalent of the Blue Screen of Death -- complaining about an IRLQ with a value of less than ..."
Sorry to hear that, Don. The crash would be "IRQL not less than or equal" (believe it or not, that's the entire message). This usually indicates a fatal flaw in a driver.
If you have the crash dump file (memory.dmp) feel free to email it to me at my call sign at ARRL dot net and I'll take a look and at least let you know what happened and which driver is at fault.
Peter
K1PGV
Sorry to hear that, Don. The crash would be "IRQL not less than or equal" (believe it or not, that's the entire message). This usually indicates a fatal flaw in a driver.
If you have the crash dump file (memory.dmp) feel free to email it to me at my call sign at ARRL dot net and I'll take a look and at least let you know what happened and which driver is at fault.
Peter
K1PGV
(Edited)
OK thanks Peter. I may take you up on that. For now, I've 'not' installed CAT or DAX, but I may try installing them one-by-one and see which one causes the fault. It seems to be directly 1703 related, tho, cuz I have another laptop running Win10 1609 running the full SmartSDR/CAT/DAX with no problems.
I'll be playing a bit more tonight tomorrow and will let you know what I find. Thanks for the offer of help.
I'll be playing a bit more tonight tomorrow and will let you know what I find. Thanks for the offer of help.
Latest update (for those interested)... After updating the WiFi drivers, now the laptop won't recognize, nor install printer drivers! I tried working on it for a week, gave up and sent it off to the geek squad. They saw the same problems, and after another week of trying different scenarios finally decided on a clean re-install of the entire Win10 1703 O/S. Voila -- no more problems with crashes, and the printers work fine. Don't ask me how/why THAT worked, but I'm grateful to have my laptop back with everything working.
Ria - N2RJ, Elmer
http://www.wearethemighty.com/article...
Pentagon has us all beat.
When I did *ahem* government work I remember dealing with 8 inch disks and 9 track tape.
Pentagon has us all beat.
When I did *ahem* government work I remember dealing with 8 inch disks and 9 track tape.
We had a mini warehouse of old data storage technology so we could retrieve data. I recall being impressed by an early writable laser disk - about 18 inches in diameter. But we had tape drives, Zip drives, floppies of every size, some sort of thing called a removeable hard drive that looked a little like a zip drive, even ancient machinery like 286 computers.
Before that, it was punch cards.
I was lucky enough in school to see some old core memory drums that were donated to the school. Fortunately we didn't have to save any of the drums.
Before that, it was punch cards.
I was lucky enough in school to see some old core memory drums that were donated to the school. Fortunately we didn't have to save any of the drums.
Don't want one of those forced Win 10 updates? A bunch of us have had great results using "Never 10." https://www.grc.com/never10.htm
That's the upgrade, not the updates. If you bought a computer with W10, you are stuck, unless you have the Enterprise version. You can always buy the enterprise version, and encourge Microsoft to keep borking the computer, since they get money for two OS'. The one you paid for when you bought the computer, and the one you bought so the darn thing would work right.
Neal - K3NC, Elmer
85% of affected computers were running WIn7. I am not sure how many WIn10 systems were actually affected.
73
73
Ria - N2RJ, Elmer
I know quite a few hams running Windows 7 because they don't trust the Windows 10 updates.
There are many reasons to not like the W10 OS and updates, as well as the telemetry that you send them. The updates often turn on the telemetry that you thought you turned off. And even if you turn off all of the software switches, it sends telemetry any way. This is why I use my W10 laptop witout anything of importance on it.
Also folks, remember that Wannacry is a social engineering malware. So don't go clicking on links that you aren't certain about that you get in your email.
Also folks, remember that Wannacry is a social engineering malware. So don't go clicking on links that you aren't certain about that you get in your email.
Ria - N2RJ, Elmer
It's not strictly social engineering. It looks for nearby machines to infect and infects them due to a vulnerability. Just like code red, just like slammer.
Peter K1PGV, Elmer
Bill Turner
For what it's worth: I've been running Windows 10 since it came out, allowing all updates and never a minute's trouble with my 6300.
73, Bill W6WRT
Ria - N2RJ, Elmer