FYI, I have just learned that the Windows Firewall service has "secret, hidden" rules that don't show up in the UI, and that the firewall service continues to run and function even if one disables the Windows Firewall via the UI.
The bottom line is that, even with a 3rd party firewall in place, the Windows Firewall service still runs, and conceivably could facilitate connections that have not been explicitly allowed or denied.
-Noel
Ok, need to clarify . in regards to win10 only ? Older windows OS ? With the outbound choked off i haven't seen the traffic.
As far as tuesday a.m troubles- After 2weeks of relatively stable trouble free use every day online and off with MY outbound rules in effect, UNchecking the defer upgrades box & giving WU an outbound rule and running the check for updates 10Enterprise becomes FUBAR. It could easily be hardware related but, since i'm dualbooting the problems did'nt show up the other os (win7) The only explanation is that the updates caused the issues. HAha Heard it before,Yeah .
My understanding was that it's true of all versions of Windows, but that was implied, not explicitly stated.
I haven't had a Win 10 go FUBAR yet as a result of clamping off its umbilical to the mothership.
I HAVE, however, disabled the Windows Firewall service on all my systems on which I'm using the Sphinx Windows xx Firewall Control product, and it's working just fine. I'm no longer seeing the occasional message flash on screen that something was blocked or allowed that doesn't have a corresponding application association or zone in the Sphinx software. So I can confirm that even with the Windows Firewall "disabled" from the UI, it's still on.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Bayer A.User on Nov 14, 2015 7:21:37 GMT -6
Still no sign of the "November,Fall,Threshold2,version1511,build10586 cant live without it upgrade " to my 10Enterprise 10240. Maybe thats a good thing.
Microsoft website says if i have been running win10 less than 31days than i wont see the build,yet. 90day eval - 40days remaining = 50days of use. Time passes quickly when yer not having fun.? Haha
Hey Locutus, Whats the situation with your 10Enterprise LTS ??
For anyone who'd like to give it a try, here's a custom theme atlas that brings just a bit more style to the caption buttons. I haven't yet worked up rounded-corners on the window frames themselves, as I have with theme atlases in the past. That's still work in progress.
Features: Glass caption buttons that live inside the frame with light glyphs and slightly unsharp corners, and are subtle when not in use, good for dark or light backgrounds. Blue tint for active windows, works IMO best with white title bar text and a black or dark color for inactive windows. Significant drop shadows.
Please let me know what you think.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
There's already a decent way to swap atlas files - it's the Aero Glass author's own GUI configuration tool.
I imagine it might be possible to make a (non-translucent) XP-like graphics atlas, but there will be a lot of things that won't resemble the old system. What that would take to do really right would be a full theme implementation, then some minor hacking to be able to use it.
I don't think theming is dead, though it's no longer possible to completely re-theme the system. An example is the Taskbar, where I guess Microsoft re-implemented it using XAML or something, but it just sits there and stays lifeless no matter what theme you put in. The only good thing they did was facilitate blurred translucency, so with a tool like Aero Glass on the job it tends to look more integrated.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
yeah i was just thinking a basic windows elements thing. The taskbar is indeed winrt xaml however theres no blur on it its just translucent. Theres also no blend color either.
yeah i was just thinking a basic windows elements thing. The taskbar is indeed winrt xaml however theres no blur on it its just translucent. Theres also no blend color either.
Perhaps this is facilitated by ClassicShell settings you haven't investigated, but things seem decently integrated, blur-wise, to me... I could tweak the shades of blue to be better matched I suppose.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Bayer A.User on Dec 6, 2015 15:24:05 GMT -6
Well, went from 10586.11 to .14 without trouble via WU. Kb 312 2947 would dwnld but not extract from the .CAB and the cumulative upgradeKb 311 6908 fails to complete install north of 30%. "We could'nt complete the updates, undoing changes" Wu or Microsoft update catalog, i can get it no problem. It just fails install. Windows firewall on/off, AV on/off, online or off makes no difference.
When I want aero, i just fire up vista or 7. Winduz10 - The last OS they'll ever make. thank gawd.
edit-as of 12-8, used dism command to install KB 312 2947 from dwnld .cab The result ? Cortana & searchUI were reinstalled on my 10586.14 Remember 312 2947 was not even the "cumulative" update. Taking ownership and deleting it all has become second nature to me,now.
Last Edit: Dec 8, 2015 6:17:27 GMT -6 by Bayer A.User
Mike tells me that Microsoft's own ZachD is espousing that Aero Glass simply has too many performance issues for it to be offered as a mainstream option in Windows.
I did a double-take at that.
Does Zach REALLY think an argument that "we can't do that any more" could possibly hold any water, in light of the fact that today's computers are far and away more powerful than those that supported Aero Glass before?
The facts: I have measured zero additional power consumption with Aero Glass enabled. Variations in other factors, such as idle disk spin-down time, far outweighed any miniscule additional power spent on rendering blur. The fact is that the CPU or GPU time spent blurring the background through to the relatively small borders around windows is absolutely negligible on any modern system, even a tablet.
How could it be that desktop benchmarks clearly say that the Windows 7 (with Aero Glass) desktop is MORE efficient than all others (including Windows 10 without Aero Glass). And if you use Windows 7, you can see it yourself: With Aero Glass enabled, precisely because of the GPU acceleration, Windows 7 is actually noticeably MORE responsive than with Windows 7 Basic mode.
What is the GPU for, if not for making the desktop experience more pleasant? Gaming? The desktop and gaming don't run at the same time.
Speaking of which... We have had GPUs that could do blurs in an eyeblink since about 2006. Today's GPUs are some 50 times faster than those that were the norm when Aero Glass first came out.
Anecdote: When I first got Vista x64 I had an expensive workstation graphics card, a nVidia Quadro FX 3500. It never ran Vista very well, so in about 2007 I bought a reasonably priced ATI Radeon HD 4670. What a difference! It animated Vista's Aero Glass beautifully without breaking a sweat. That card benchmarked a whopping 547 on Passmark's PerformanceTest scale (compared to 209 by the much more expensive - but outdated - Quadro card), and instantly made my dual monitor workstation a pleasure to use. The ATI Radeon 7850 I use now with Win 8.1 dwarfs that old GPU's score though - earning a respectable 3,757. Everything on my desktop is instantaneous, all animations are glass (heh heh) smooth, and translucency with blur is everywhere on my Win 8.1 system owing to Aero Glass for Win 8+. But even this card is now woefully outdated... A top of the line nVidia GeForce GTX 980 Ti scores a whopping 11,511 on the PassMark scale!
So, based on ZachD's assessment, Aero Glass was somehow acceptable in 2006 on a graphics card with 2% of today's power, gave enviable performance even by today's standards with Win 7 in 2009, yet somehow is now too resource intensive to consider making it a mainstream option in Windows.
Zach can't possibly be that stupid, so... His deception isn't masked very well, is it?
Post by Bayer A.User on Dec 7, 2015 16:24:47 GMT -6
Making the best of it.... I did two win7 clean installs on SSD's in the past week. 64bit from 2011media, and 32bit from 2009media. Both went well,activated & updated. MS update servers were initially slow to provide the 200+ KB's, Yeah i guess they're preoccupied with the latest upDowngrade version of 10586.xx!? hp website provided the drivers & utilities. The win7sp1 systems work and look great. Stable n Fast even with modest CPU's and graphics. Aero in all its glory.Not bad for "old school"
Thanx to the "KB's never to install" list from the insider forum these two laptops will never see 10.
Post by Bayer A.User on Feb 14, 2016 12:59:42 GMT -6
Now, runnin' the latest 10pro with a custom Windows Firewall. My rules. No outbound svc.host allowed. Defender updates fine. Core networking,Browsers,Security software only outbound. WU, cant connect. Seems to work fine day to day. 2 clicks and i'm back to default for upgrade to next version.
I'll let it idle overnight, check the log monday a.m. 10586.104
edit 2-15-2016-This latest version of 10 is without a doubt the most autonomously active online(chatty as Noel would say) version yet. Successful outgoing connections to countless IP's between midnight and 4am. Most port 443,the rest port 80. All this with Cortana,Onedrive,CloudExprHost,and DoSvc Disabled
Last Edit: Feb 15, 2016 10:01:20 GMT -6 by Bayer A.User
I believe the lists of certification authorities contacted will ultimately depend on your installed software and what certificates are on your system (not to mention https: sites you browse to), so these addresses may not be all of or even close to what you need.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Bayer A.User on Feb 15, 2016 10:17:17 GMT -6
10 absolutely must have very strict firewall rules applied. Default windows firewall setup benefits MSFT,not you or I. Change windows firewall or install 3rd party software. Remember, If you Block outgoing except for the "rules",you will need to create new rules yourself for any process' you want/need. Example:C:\ProgramFiles(x86)\MalwarebytesAnti-Malware\mbam.exe C:\ProgramFiles\WindowsDefender\MSASCui.exe \MpUXSrv.exe C:\ProgramFiles\InternetExplorer\iexplorer.exe C:\ProgramFiles\MozillaFirefox\firefox.exe *Firefox creates its own outbound rule at install* *Edge may or may not create its own outbound rule*
Last Edit: Feb 15, 2016 10:45:57 GMT -6 by Bayer A.User
That Microsoft has been rumored to create "secret" unseen rules in its own firewall is a reason why I've opted to throw it out altogether and use a 3rd party product (Sphinx Windows 10 Firewall Control).
Not to be argumentative, but the default "allow outgoing connections by default" setting in the Windows Advanced Firewall DOES benefit the user by reducing the ongoing firewall management effort virtually to zero - at the expense of allowing everything and having the user just not know about things that are happening.
I do agree that keeping users in the dark benefits Microsoft's current strategies.
Beyond the problem of Microsoft hiding Windows Advanced Firewall rules that benefit themselves, Microsoft's provided tools aren't really good enough to facilitate ongoing deny-by-default firewall setup management in the long-term by even a savvy user. The effort of trying to access the reporting of what's attempted and allowed or blocked via the Event Log using the Event Viewer gets to be overwhelming in seconds.
Being able to easily see at a glance what was attempted, what was allowed, and what was blocked facilitates ongoing refinement of the rules. It's a complex - and frankly nearly impossible - task to get everything just right, then adding the fact that server addresses are mutable (not to mention that DNS servers often return multiple addresses for the same server name) means you have to not only keep adding whitelist entries (e.g., for new software) but you have to deprecate old rules that are no longer meaningful, or the whole set of rules will ultimately just grow too large and be impossible to manage.
I'm managing Win 7, 8.1, and 10 systems with the Sphinx Windows 10 Firewall Control product, and I've been working with their architect quite closely. He's been very receptive to my input and has made the current beta quite functional and manageable by incorporating changes I've suggested. I believe they have some licensing work to finish before their next release, then the product promises to be quite good.
All that said, a firewall issue for which I have no really good current answer is that the Cryptography Service (CryptSvc) regularly accesses ctldl.windowsupdate.com to manage its lists of certification authorities. This wouldn't be a problem, I'd just allow the 8 addresses that are resolved by DNS for that name, BUT... It's also a server bank accessed by other services (e.g., wuauserv) to update your system!
The question to "bake our noodles", then, is this: Did Microsoft intentionally set up this ambiguity so that those of us who would prefer to disallow Windows Updates wouldn't be able to develop rules to separate them completely from normal operations? It's a pretty deeply geeky thing, and possibly the concept is beyond most of Microsoft's current engineers, but I wouldn't put it past them.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Bayer A.User on Feb 15, 2016 16:31:01 GMT -6
Allow outgoing connections by default was also the case with win7. Yet win7 didn't have 45 redundant inbound/outbound rules did it ? Besides core network,maybe antivirus,maybe your printer,maybe browser other than iex. Every normal PC i've ever seen had less than 4 or 5 visible on the list.
Do you really want/need/use Unicast ? The outbound rules are about process' = .exe No way in hell a normal everyday pc user could keep up with all the damn IP addresses. Simply put, everyone needs to take a look for themselves at the firewall rules and put some thought into what they really need/ want to be allowed.
One last thing, all the internet connection "issues" insiders bitch about will go away if they just use the outbound rule strategy to prioritize what exactly connects online.
Last Edit: Feb 17, 2016 10:04:18 GMT -6 by Bayer A.User
Post by Bayer A.User on Feb 16, 2016 6:31:17 GMT -6
10586.104- sat idle overnight with my firewall rules. What did it do ? Not much.
after midnight 10 sent to 65.55.44.108 via port 443. MSFT,Redmond later on sent to 239.255.255.250-InternetAssignedNumbersAuthority. once more to 64.4.54.254-Microsoft Corp...lonesome i guess. a couple times to mbam updates.com 205.185.208.98 last stop was 52.72.210.211- amazon.com via port 443 That last one seems to be connected to malwarebytes. Maybe thats how they make a buck with the "free" version.
Very little traffic compared to default firewall setup.
Manual Defender update,184.29.106.121- Akamai, definitionupdates.microsoft.com Yawn...time for coffee
10586.104- sat idle overnight with my firewall rules. What did it do ? Not much.
after midnight 10 sent to 65.55.44.108 via port 443. MSFT,Redmond later on sent to 239.255.255.250-InternetAssignedNumbersAuthority. once more to 64.4.54.254-Microsoft Corp...lonesome i guess. a couple times to mbam updates.com 205.185.208.98 last stop was 52.72.210.211- amazon.com via port 443 That last one seems to be connected to malwarebytes. Maybe thats how they make a buck with the "free" version.
Very little traffic compared to default firewall setup.
Manual Defender update,184.29.106.121- Akamai, definitionupdates.microsoft.com Yawn...time for coffee
Another quiet overnight for 10586.104 A couple successful outbound connections to MSFT,Redmond A few pings to my router Otherwise a snoozfest, 10 works by day and rests at night. Firewall strategy works.
IP 107.22.249.7 has me curious, MBAM updates & amazonaws.com ?!?
There is a constant normal process by which Windows maintains certification authority chains, including updating from a whole bunch of servers. I've been working on refining that list lately myself.
And of course you know some things normally check online for updates - both to things like malware databases and for software updates. Windows does a lot of this sort of checking as well, unless it's deconfigured.
Amazon Web Services is a cloud storage / content delivery network, so it makes sense it could be contacted as part of a normal activity by any number of applications.
I checked my logs and don't see any access of 107.22.249.anything in recent months, so either it's not normally part of Windows or it's done as part of something I've deconfigured that you haven't.
The things I look to if I see an address contacted and don't know why are these:
1. I look at my firewall Events page, which gives info about when it was attempted, who attempted it, and what a DNS cache lookup shows. You might be able to derive the "who" from the Windows security log.
3. I look in my DNS server logs to see what URL (if any) was resolved to that address, when, by what systems, etc. You will not have DNS server logs if you're not running your own DNS server of course.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Unzip both files into the AeroGlass folder and choose the .png file in the Aero Glass GUI tool to have rounded corners and good resizing borders on desktop windows...
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Here are the known issues in Windows 10 desktop build 14291:
◾We continue to investigate an issue in which some Surface Pro 3, Surface Pro 4, and Surface Book devices experience a freeze or hang and all input such as keyboard/trackpad and touch do not work. The workaround is to hold down the power button to force the device to hard-reboot.
Post by Locutus deBorg on Apr 1, 2016 10:42:34 GMT -6
"Additional requirements ..."
> anyone wanna guess it's gonna be hardware !?
oh, they said it will be supported for the lifetime of the device but who dictates the "Lifetime of devices" if it's MS they can stick it if it's the end user then MS can suck it
would be interesting to install tentanic on some late 2008 hardware and then shut it down for 15 years boot it up one day and watch the updates hose it for an extended period of time only to be told half way through the process um, > your hardware no longer meets the minimum requirements, shutting down !
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
<Rick> Good video. It's almost hard to believe that at one time Windows 98 was the resource hog, but even then, it still ran circles around what Windows 10 can do on today's modern hardware and look a heck of alot better doing it.
May 25, 2021 22:55:12 GMT -6
<Rick> As stated elsewhere, So much for the launch of Windows 11, "The Great Crash." Myself, I had a hard time getting into the site listed above, when I did get in, the video was partly done and then it crashed. There has been many other reports of crashing.
Jun 24, 2021 9:52:33 GMT -6
*
<Rick> I see Microsoft has been very quick to pull down reports of site crashing regarding the Launch of Windows 11 on the Microsoft Insiders forum.
Jun 24, 2021 9:57:31 GMT -6
*
<Rick> The rebroadcast is working okay.
Jun 24, 2021 11:00:25 GMT -6
<Rick> With reports of people being able to install the dev-edition of Windows 11 on machines not meeting spec, I thought I would give it a what-the-heck try. Lucky me, I'm caught in the downloading, doesn't meet spec, clearing, re-downloading loop on my machine!
Jul 2, 2021 7:08:46 GMT -6
<Rick> I've recently purchased a license for ArcaOS from www.arcanoae.com/ to play with. First impressions, it's still OS/2, but it now has a Linux twist to it.
Jul 2, 2021 7:32:53 GMT -6
*
<dozrguy> laptop shit out and am stuck buying a new one. os win11 as fucked as win10 was?
Oct 2, 2021 12:56:10 GMT -6
<Rick> Let's see ..., my impression of Windows 11 is that it is a spruced up version of Windows 10 requiring a 64-bit processor plus a piece of security hardware that is less than 4 years old in order for it to run.
Oct 4, 2021 18:25:49 GMT -6
*
<Rick> On the plus side, Microsoft is supposed to be supporting Windows 10 for some time to come for those of us still using systems with I7 or older processors.
Oct 4, 2021 18:44:35 GMT -6
*
<dozrguy> i tried installing win10 om the 'shitout' pc this morning usung media creation. EPIC FAIL! went into an endless bootloop. win7 reinstalled just fine
Oct 21, 2021 11:23:38 GMT -6
<dozrguy> STILL so much bullshit and so little time for the kiddie ideas from the hill. My new laptop (MSI GE 11-UH461) would be an awesome "10" machine but because of Winblows I can only give it a "2"......wasted $3500
Oct 27, 2021 9:36:47 GMT -6
<Rick> Hello. Just checking in.
Mar 17, 2022 10:46:54 GMT -6
<isidroco> Each new w10 update adds >100000 useless files to \Windows\Servicing\LCU\Package_for_RollupFix... folders. Even in a SSD takes time to delete that stuff. In each version they manage to worsen stuff.
Mar 27, 2022 16:14:51 GMT -6
*
<dozerguy> still traffic here?
Oct 9, 2022 17:32:44 GMT -6
<Rick> No, there does not seem to be very much traffic these days. I still check in from time to time.
Oct 9, 2022 20:08:58 GMT -6