Windows 11 problems

@britechguy Even in an enterprise environment... stuff on this front is less important. Unless you're going to disable the USB Mass Storage device driver (which a few places I know actually do), there's not a lot you can do about users attaching a USB device that's infected or otherwise.

That's why we have things like Huntress, that watch the systems for defined behaviors and report. There comes a point where you cannot stop the behavior while leaving the machine functional, but you still have to manage it. Because once you have enough money to make it worth bribing an employee to attach a random USB device to a machine in the office... ANY machine in the office becomes a vector for a bad day.

But yeah, we're ALL in that boat right now, have always been in that boat, and while we've reinforced the boat, it's still very much a boat. A guy with a large enough drill and the will to use it is going to be a problem.
 
@Sky-Knight

It's also a foundational principle of security (and not just for computers) that if you do not have physical security you have nothing.

Something that requires this level of concerted effort, in a very tightly constrained set of circumstances, is not something I'd be losing sleep over, and for the reasons you mention.

I have never been under the delusion that we can prevent all attacks, and it's particularly difficult to impossible to prevent those that are "inside jobs" that require physical access or access to very high level credentials for system access. If someone can be bought off, or has become disgruntled enough to do something like this without anyone having a hint regarding their being disgruntled, you're not going to stop them.

In all things, it's about taking reasonable precautions that are in line with the actual threat itself. There is no way to armor oneself against absolutely every possible attack surface, and you'd better be putting your effort into armoring against the quick and easy ones that allow smash-and-grabbers to do their damage and run first. The sort of threat described in that article is not "job one" on the list of things to try to prevent because those who could even exploit it are very, very unlikely to do so.
 
One of the things TPM and bitlocker tries to address is should a laptop be stolen the thief can't go dumpster diving and get useful data. Unless you are being very highly targeted by sophisticated thieves or 3 letter government agencies (or their foreign equivalents) Bitlocker is enough.
 
Yeah TPM enables easy encryption via Bitlocker, so a lost / stolen device can't have its drive ripped out and accessed. That's a substantial gain all on its own. It's hard enough to get through the insurance mess to get all the equipment replaced, but then to worry about what the thieves might be able to access forever and more? It's nice to simply not have that worry.

But the real thing that TPM / Secure boot enables is TLS enforcement of the boot sector. The above attacks succeed by disabling secure boot. Windows 11 forcibly requiring secure boot side steps the problem as the OS simply will not start if the signatures aren't checked.

So TPM + Secure Boot + OS that won't boot without the prior two things enabled = Mathematically impossible to corrupt the boot loader and subvert the boot process. That's a big deal, as it slams the door on the persistent threats on the market today... threats that SURVIVE the NUKE AND PAVE. Which is something I've had to deal with, and I pray no one else here has to... This junk is next to impossible to detect, so you're never really sure it's gone.
 
It's been a month since the full release and still can't un-group taskbar icons or drag/drop to a folder in the task bar. 2 features I've been taking for granted not realising how much I rely on them!
 
nlinecomputers said:
Might be worth looking at

www.stardock.com

Start11: The ultimate Start menu replacement for Windows 10 and 11. Restore the classic look and add new functionality.

Start11: The ultimate Start menu replacement for Windows 10 and 11. Restore the classic look and add new functionality.
www.stardock.com
Click to expand...
Seen this, there's also a registry edit to get it "working" but it's really something that should have been there day 1. It's also currently the 3rd most upvoted bug/feature request on their feedback hub!
 
Anyone who believes that Microsoft is ever going to bring back the Win7 and earlier style start menu is pretty clearly mistaken.

The company noted had Start10 (and likely still does) prior to Start11.

Microsoft has chosen its design idiom and, even after plenty of feedback, has chosen to stick with it.
 
nlinecomputers said:
I think Start11 has replaced Start10. It can run on both as I understand it.
Click to expand...

This would not surprise me. I stopped paying attention to both Classic Shell (and its successor) and Start10 (now Start11) years ago.

I'm now, after experience with Classic Shell in particular, convinced that these packages act as crutches, and if/when they break and/or go out of support, the individuals using them are in even worse shape than they would have been if they had gone through the same UI change learning curve as pretty much everyone else does when the Windows UI changes.

Not knowing how to use the native UI of any OS you choose to use is a mistake, plain and simple. I've seen more instances than I care to think about of people who had to use a computer other than their own that were like the proverbial "deer in the headlights" when they had to deal with a native UI they never learned because of these crutches. It's not pretty, and it's not necessary, either.
 
Garthur said:
It's been a month since the full release and still can't un-group taskbar icons or drag/drop to a folder in the task bar. 2 features I've been taking for granted not realising how much I rely on them!
Click to expand...
Oh noes... not a whole month!

But also, not quite long enough to get the first scheduled update. Patch Tuesday is next week, come back and whine about it again on Wednesday.

Not that I expect MS to change that behavior on the first patch after production rollout. Though I do expect in Q4 sometime for some reason... that and the ability to put the taskbar in places other than the bottom of the screen are high on the fixit list according to their announcements.

My testing of Win11 hasn't revealed much in the way of issues other than relatively minor or cosmetic UI issues, all of which I assume will be sorted within 6 months. So far I see no reason to change my usual wait six months before trying the new feature release mantra I've been using with Windows 10.

I won't be putting Win11 into production until at least May of 22 for that reason.
 
Garthur said:
2 features I've been taking for granted not realising how much I rely on them!
Click to expand...

No criticism is meant here, but who among us has not been in this situation, multiple times, over the years? I've simply learned that as soon as this occurs I need to learn another method of doing what I'm used to. It's usually much faster, and after getting used to "the new way" I seldom return to the old even if it does become an option again.

And not just under Windows, either. Android has been an adventure in this way, too.
 
@britechguy You mean like this abomination of a lock screen foisted upon us by Android 12?

Or the fact that everything feels fat and bubbly now in all the animations? Even my wife, who generally just uses stuff is off the rails irrationally angry at this sort of thing.

Yeah, it's "normal", but it doesn't make it any easier to deal with.

For those that haven't seen Android 12 yet... brace yourselves.
 

Attachments

  • Screenshot_20211104-085733.png
    Screenshot_20211104-085733.png
    505.3 KB · Views: 5
britechguy said:
This would not surprise me. I stopped paying attention to both Classic Shell (and its successor) and Start10 (now Start11) years ago.

I'm now, after experience with Classic Shell in particular, convinced that these packages act as crutches, and if/when they break and/or go out of support, the individuals using them are in even worse shape than they would have been if they had gone through the same UI change learning curve as pretty much everyone else does when the Windows UI changes.

Not knowing how to use the native UI of any OS you choose to use is a mistake, plain and simple. I've seen more instances than I care to think about of people who had to use a computer other than their own that were like the proverbial "deer in the headlights" when they had to deal with a native UI they never learned because of these crutches. It's not pretty, and it's not necessary, either.
Click to expand...
Yes and no. Some things Windows 11 has removed are a hamper to my productivity. Change for the sake of change isn't always a good thing. Neither is the argument of removing things to streamline a complicated OS. Removing a function that does exactly the same thing via a different set of commands is one thing. Removing productivity features is another.
 
Sky-Knight said:
@britechguy You mean like this abomination of a lock screen foisted upon us by Android 12?

Or the fact that everything feels fat and bubbly now in all the animations? Even my wife, who generally just uses stuff is off the rails irrationally angry at this sort of thing.

Yeah, it's "normal", but it doesn't make it any easier to deal with.

For those that haven't seen Android 12 yet... brace yourselves.
Click to expand...
Yes, that is annoying, especially as Android prides itself on having multiple options. Unlike iPhones which are "do our way or GTFO."
 
nlinecomputers said:
Change for the sake of change isn't always a good thing.
Click to expand...

To be very clear, I was not saying or implying this. The phrase itself is used to directly imply "stupid" changes that really accomplish nothing or damage something.

But, my central point was that we, the end users, often have no choice. I strongly encourage people to use, in the case of Windows, the Feedback Hub to report things, including their displeasure about what's been changed. But when what's desired is not there, and may or may not come back, the best use of mental energy is to figure out how we do the same thing now.
 
nlinecomputers said:
Yes, that is annoying, especially as Android prides itself on having multiple options. Unlike iPhones which are "do our way or GTFO."
Click to expand...
Well, on my Pixel I can use a 3rd party launcher to customize the lock screen, and use a number of other tools to do the same for everything else. But, that's more work... more time... more effort overall than simply getting used to the new normal. Because I'm a Pixel owner I have many choices not available to non-Pixel Android users. That doesn't mean it's time efficient to make that choice, but I can make it.
 
Sky-Knight said:
And if you work for us, you must be a cheerleader for us on social media, any criticism at all and you're fired.
Click to expand...

Ok, let me change that from "their users" to "their users, employees, or anyone in any way - however tenuously - connected to the company."

To say that I do not believe in The One, True Way of Apple is an understatement of the highest sort. I only touch Apple products when compelled to do so and never recommend them.
 
You must log in or register to reply here.

Similar threads

HCHTech
Gear View Basic and Windows 11
Replies
2
Views
312
HCHTech
HCHTech
xrobwx71
Microsoft tests new Windows 11 tool to remotely fix boot crashes
Replies
7
Views
1K
Sky-Knight
Sky-Knight
ThatPlace928
Workarounds for Windows 11 on Incompatible Hardware
6 7 8
Replies
142
Views
10K
Sky-Knight
Sky-Knight
Appletax
[REQUEST] Free Version of Outlook Keeps Reinstalling
2
Replies
20
Views
2K
britechguy
britechguy
DonS
Surface Pro 7 stuck at Windows Logo after Windows updates
Replies
0
Views
249
DonS
DonS
Back
Top