Check for Windows 10 Updates

Quickly check for Windows 10 system updates with this handy how-to…

Sometimes, checking for updates on your Windows 10 PC can be a pain. You either have to swipe open the Action Center and then open Settings, or get to Settings through the Start Menu. Then, you have to scroll down to Updates and Security and click it. While this isn’t a huge deal, it can be sort of a pain, as it involves a few steps.

There’s actually a much easier way of taking care of manually checking for updates. This cool tip, however, is going to require you to make some modifications to your Windows 10 computer’s Registry.

If you’re not comfortable making Registry modifications, then you might want to skip this one. However, if you’re undaunted by the challenge, and you’d like to put the ability to check for Windows 10 updates on a right click context menu off the Desktop, then you should follow the steps outlined below.

Step 1
1. Open Regedit
2. Navigate to Computer\HKEY_CLASSES_ROOT\DesktopBackground\Shell
3. Select the “Shell” folder in the left pane
4. Right Click the “Shell” folder in the left pane
5. Click New – Key from the context menu that appears
6. Name the new Key (folder) “Check for Updates” without the quotes and press enter
7. Select the “Check for Updates” folder in the left pane
8. Right Click the “Check for Updates” folder in the left pane
9. Click New – Key from the context menu that appears
10. Name the new Key (folder), “command” (all lower case) without the quotes and press enter. You’re going to create two (2) string values, one in each of the folders (Keys) that you’ve created.
11. Right click the “Check for Updates” Key (folder).
12. Select New – String from the context menu that appears.
13. Name the String, “SettingsURI” without the quotes.
14. Double click the new string you just created and enter the following value into the “Value data” field: ms-settings:windowsupdate-action

Step 2
15. Right click the “command” Key (folder).
16. Select New – String from the context menu that appears.
17. Name the String, “DelegateExecute” without the quotes.
18. Double click the new string you just created and enter the following value into the “Value data” field: {556FF0D6-A1EE-49E5-9FA4-90AE116AD744}

If you’ve done everything correctly, then once you right click on the Windows 10 Desktop, you should see an entry in the context menu called Check for Updates. Clicking it, will launch Settings – Updates and Security – Windows Update – Check for Updates, and will automatically… check for updates.

This added shortcut will DRASTICALLY cut down on the amount of time it takes to manually check for updates to your Windows 10 computer. However, you should know that your Windows 10 PC will automatically check for updates on its own. It will also download them in the background and likely install most of them, without you ever knowing that you needed to do… anything. However, if you want to stay on top of things, as I do, then this is the quickest and easiest way I’ve found to check for updates as often as you want or need.

Related Posts:

The Day the Internet Died

In an expected 3-2 party line vote, the FCC has voted to end Net Neutrality…

Well, this was disappointing; but not unexpected…

Today, the United States Federal Communications Commission voted 3-2 along party lines to repeal the Obama-era internet regulations aimed at insuring that the internet didn’t have pay to access lanes for consumer oriented content. FCC Chairman Ajit Pai cast the landmark tying breaking vote, providing ISP’s like AT&T, Comcast and Verizon the power to control what content consumers can access.

Many different groups, including Democrats, many movie studios and companies like Google owner Alphabet and Facebook had urged the FCC to keep the content neutral rules barring service providers from blocking or slowing access to content. Pai is a Republican, appointed by President Donald Trump.

Consumer advocates and trade groups representing content providers have planned to launch a legal challenge, aimed at preserving those rules. New York Attorney General Eric Schneiderman, a Democrat, said in a statement he will lead a multi-state lawsuit to challenge the reversal. He called the vote “a blow to New York consumers, and to everyone who cares about a free and open internet.” ‘

FCC Commissioner Mignon Clyburn, also a Democrat, said prior to the vote that Republicans were “handing the keys to the Internet” to a “handful of multi-billion dollar corporations.”

FCC Chairman Ajit Pai has argued that the 2015 rules were heavy handed, stifled competition and [limited] innovation among service providers, “The internet wasn’t broken in 2015. We weren’t living in a digital dystopia. To the contrary, the internet is perhaps the one thing in American society we can all agree has been a stunning success,” he said on Thursday.

The problem that he is refusing to lend credibility to, however, is that service providers like AT&T, Comcast (Xfinity) and Verizon have CLEARLY indicated, that they want consumers to use THEIR content networks and will institute pay for performance (speed) premiums against competing services like Netflix and Hulu (as well as others). Those premiums will ultimately be passed down to individual consumers and users.

Internet access with speeds suitable for streaming and general computing and browsing at the same time for many is already very expensive. With the focus shifting to streaming services like Netflix, Hulu and to streaming boxes like AppleTV and Roku, or an Amazon Fire TV or Fire TV Stick, having affordable, non-taxed, high speed bandwidth available is probably one of the more important services you have coming into your home today.

That service is going to provide all of your TV service in the near future, if not now (if you’ve cut the cord). Its very clear to me that having an ISP free of neutrality restrictions is going to lead to additional charges and fees being passed on to the consumer.
At the end of the day – and this is very frustrating – no one has any idea yet of just what and how the removal of the Obama-era Net Neutrality rules will mean to consumer delivered ISP and consumer content services. However, its at least understood that there are likely fees and surcharges coming in a play to “play” scenario that is expected to be passed on to the end user.

Its this anticipated pay to “play” tax that most are concerned with, especially end users. Its clear that ISP’s like Comcast, who owns NBC and its related assets may give preferential bandwidth to their own content and make competitors like Netflix and Applet pay a surcharge or tax to insure that their services stream with the same bandwidth priority over Comcast’s backbone. This is where most of the consumer concern comes from.

What do you think is going to happen with Net Neutrality? Is the removal of the 2015 Obama-era rules a problem? Did they restrict competition or protect consumer interests? Is the internet freer now than it was before, or is the internet just more expensive to use now? Do you believe that the larger regional or national ISP’s will take advantage of this new development and begin charging clients surcharges or fees for accessing competing or different streaming services other than the ones they already partner with or are different from their own offerings?

Why don’t you meet me in the Discussion area below and give me your thoughts?

Related Posts:

With Apple Watch Series 3, $10 Ain’t $10

If you have an Apple Watch Series 3 with active LTE service, you’re likely in for a nasty surprise.

apple watch

Back when the Apple Watch Series 3 first launched earlier in the Fall of 2017, carriers promised that LTE service for your new Series 3 Apple Watch, would cost only $10 USD per month; and it does.

Sorta.

In the beginning, carriers offered three months of free service and waived the activation fees. At this point, everyone that got their Series 3 Watch on the day it was first made available at the Store, is likely being charged for service. However, as I mentioned earlier, $10 bucks isn’t always JUST $10 bucks. Both AT&T and Verizon are charging additional fees. So, your $10 bucks is likely closer to $12 to $14 bucks per month.

In California, Verizon Wireless users also have an additional $1.55 fee on top of their $10 per month, service charge. In North Carolina, AT&T users are being charged an additional $4.39 per month, bringing their bill near $15 for LET service on their Series 3 Apple Watch. These fees can be higher in other states.

If you thought you might try to avoid all of the fees by deactivating your service and then reactivating it when you need or want it, you’re also in for a nasty surprise. There are activation fees that come with this activity. You’re going to get hit with the standard $25 activation fee every time you go to bring your watch back on line.

For example, when you cancel and re-add a line, on Verizon, you’re going to get hit with that $25 activation fee I mentioned. Suspending your service will hit you with a $10 per month fee (what the normal service will cost – so you’re paying for it anyway).

Because Apple Watch Series 3 uses NumberShare on Verizon, it’s not considered a prepaid device, so you can’t skip a month of service. Per Verizon, you really have only two options:
1. Suspend your service for up to 3 months at a time; but this is going to cost you $10 a month. This is the normal service fee, so you’re not saving anything here. You’re actually giving them $10 a month to NOT use the LTE service on the Watch, which doesn’t make sense.
2. Deactivate the Watch completely. That’s going to wipe it from the account, but you’re need to restart everything over again if you want to bring it back; and that’s going to cost you at least the (previously waived) $25 activation fee. There’s also a recurring charge. This means that Vs. will basically charge you for two and a half months of service every time you turn the Watch off and on again.

There’s also a possibility that you’ll run into activation issues when you start and stop service. The Watch has its own number; but shadows your phone’s number when placing and receiving calls. Sometimes this whole process can create issues, as reported by some; but why that happened to those that bumped into that problem, isn’t clear.

If you have a Series 3 Apple Watch and have bumped into issues like this, reach out to me and help me understand what happened to you.

Related Posts:

FEATURE REVIEW – Unihertz Jelly Pro

The Jelly Pro takes on the Goliath’s of the Android World with the smallest form factor since 2006 (or so)…

Introduction
I remember back in the day – and I’m really targeting the 2006 – 2009 time frame, just before, and right after the face of the smartphone industry changed with the impact of the release of the original iPhone in 2007, small one-handed devices were all the rage. At this point, the world was used to small, one hand operable candy bar styled phones. Phones just like the Jelly Pro.

I’ve got one for review; and I’ve already done an of this phone and have posted it for everyone to see. I’ve been using it on and off – the intended use of the device – over the past few weeks or so and I think I finally have enough information to pass along to everyone. The Jelly Pro is NOT intended to be used as a daily driver. It’s meant to be a go-to phone when you want or need something small and still want or need to stay connected. Let’s take a look at the device and see if the Jelly Pro is something that might help you.

Design
The Unihertz Jelly Pro is 3.7 inches tall, 1.75 inches wide and 0.6 inches thick. It weighs just 2.1 ounces and is so small, it can fit in the coin pocket of your jeans without any issues, problems or forcing. It slides right in. The device is so small that it really reminds me of the Zoolander Phone – The Veer.

Zoolander Phone - The Veer

The Jelly Pro supports full 4G LTE speeds and VoLTE; and should work on just about any GSM network. It also has dual SIM slots, allowing the device to support two phone numbers at the same time. This is totally amazing in a device that’s really this small. However, the device has a bit more going for it than its size. Let’s dig in…

Display
When you’ve got a device this small, there has to be a few draw backs. If there’s one spot that’s going to suffer the most, it’s the display. The Unihertz Jelly Pro’s display is 2.45 inches in size and has a resolution of 240×432 pixels. This is NOT a display that you’re going to want to watch any kind of video on, though the device is clearly capable of playing and streaming video, the screen is so small, it’s not something you’d want to use to watch video on unless it was all that you had.

In fact, if you’re a bit older, or have poor or aging eyesight, this display is going to be a challenge. Its small. It’s very small… Especially by today’s standards where displays for phones like the iPhone 8 or iPhone 8 Plus are 4.7 and 5.5 inches, respectively. The Jelly Pro’s display is approximately 1/2 of the size of the smaller, iPhone 8. It has 201 PPI (pixels per inch) and supports 16M colors. It’s also covered with scratch resistant glass, though I can’t find any information on whether its Gorilla Glass or something else. (So, assume something else, at this point, as Gorilla Glass would be a huge marketing point for a device of this size.)

The interesting thing here is that the phone’s biggest strength is also its biggest weakness – The phone’s size. It’s too small to do anything except make calls. Trust me, I’ve really tried…

The on screen keyboard is so small, it’s amazing that you can type any words… in English (or your language of choice). You’re going to rely on autocorrect a lot on this device. You’re also going to use speech to text a lot with this device, too. It’s going to be very difficult to use, especially if you’ve got big hands. I have had a lot of trouble with the on screen keyboard, even with my slender fingers.

Don’t get me wrong. The Jelly Pro has a decent screen. It’s just too small to do any texting with. It’s also too small to reply to any email with or to do any real typing with. If you’re a heavy texter, even if this is just an occasional device, it’s not going to be one that you’re going to want to send any messages with.

Hardware
The rest of the device actually has some decent specs… with one small exception – the battery. The device has 2GB of RAM and 16GB of storage. As long as you have a decent data plan, this device should be able to handle audio (and honestly, video) streaming without an issue. It should also be able to handle local storage of some media and entertainment content as well. At 1.1GHz, the processor should be able to handle streaming audio without any concerns with lag or other processing issues.

As I mentioned earlier, the only other issue that the device has is the battery. Its only 950mAh. This means that you’re going to be charging the device at least twice during the day, especially if you try use the device all day.

The device will NOT last a whole day on a single charge. It simply won’t. The battery is just too small. You’re also going to want to make certain you have a microUSB cable handy. The device charges via microUSB, and since the battery is so small, being without one, especially if this is the only device you carry when you’re using it, is going to be a huge mistake. Charge as often as you can with this one…

The Full 360

The front of the Jelly Pro and the HTC One.  Boy this thing is small!
02 Jelly Bottom Edge
The bottom edge of both devices
03 Jelly Right Edge
The right edge of both devices. You can see the Jelly Pro’s microUSB port and power button here.
04 Jelly Top Edge
The top edge of both devices. The Jelly Pro’s 3.5mm headphone jack is located here.
Jelly Left Edge
The left edge of both devices. You can see the volume buttons on the Jelly Pro, here.

Android
The device comes with Android 7 Nougat. I haven’t heard any news related to the Jelly Pro running Android 8 Oreo. The one good thing that is going on, however, is that Unihertz is actively updating the device. When I turned the device on last month, I immediately got an update. I got another one recently as well. This kind of active support by the OEM really makes a huge difference. I’m very pleased that Unihertz is providing this much support on this device. It means a lot when the OEM takes an active role in a device’s life cycle.

Conclusion
The Unihertz Jelly Pro started through a successfully funded Kickstarter campaign. The device only retails for $129 USD and is available directly from their their website. For the price, this is a huge deal. The device has enough power to handle most of what you would want to do with a mid to low level device; and does it affordably.

This device is cheap enough, and it’s got decent performance. Unfortunately, the Jelly Pro has got some serious issues with its battery life and the feature that’s supposed to be its biggest draw – its size. The screen is too small to type on. It’s too small to really watch any video content on. The battery is also too small to last you through a day with a single charge, ESPECIALLY if you use it to play any kind of game or watch any video. You’re going to need to charge it at least 2-3 times during the day.

The biggest premise of the phone – its cheap enough to use as a situational phone, is seriously hampered by its size, which is one of its biggest selling points.

Size in a device like this is important. That and price are the reasons why you buy it. However, its display size make it very difficult to use and the size of its battery makes it something that you’re going to have to charge often (at least once every 4-5 hours) under normal use, more frequently if you use it for any kind of streaming content, especially games and video.

While the cost of the phone isn’t all that high, buying something like this to use in place of say, an iPhone 8 or iPhone X or even a Note 8 when you don’t want to take the big device, is high enough that you probably won’t want to lay down an extra $130 bucks when you just spent $1000 or more dollars on the big dog, which is very disappointing…

Related Posts:

Disable Fast Startup in Windows 10

This new feature in the Fall Creators Update is taking many by surprise…

If you’ve got the Fall Creators Update on your Windows 10 PC, then you’ve probably noticed a new feature that Microsoft is calling “Fast Startup.” The feature claims to improve the speed of your boot times, so you spend less time waiting on your PC to boot and more time working, being productive. Windows has this feature enabled by default, so if you’re using the Windows 10 Fall Creators Update, then, you’re likely booting faster than you were before, and have likely noticed it.

Most users will like the faster booting times, but there are a few things about it that you should know so you can decide if you want to disable it or not. Understanding how it works, is going to go a long way to getting you to this decision.

Normally, when you shut your PC down, you do what many call a “cold shutdown.” Here, you save everything to your hard drive or SSD, close all the programs and kill the power. RAM is cleared. When you turn the PC back on, it loads everything back on the drive BACK into RAM in order for it to function as intended. That’s the way everyone is used to having “shut down” work on their PC.

When users have Fast Startup enabled, the computer doesn’t shut down, per se. It really hibernates instead.

Fast Startup saves all of your active data to a hibernation file before turning off. When you turn it back on, it reads in the hibernation file, putting you back to where you were before it shut down. Interestingly enough, Fast Startup can only be enabled if your PC has the ability to hibernate, AND then only if hibernation is enabled.

So, this brings you up and down quicker. That’s good right? Right?

Well… not always. There are some times when you really might want it disabled.

Drivers…

Drivers are a GREAT reason why disabling features like Fast Startup are a good idea. Windows system drivers are historically known for being picky about how they are accessed. Windows has always had issues with power and power management, and some system level drives simply don’t like being accessed after being in a hibernated state. They may not flush out of RAM correctly. They may not initialize into RAM correctly from hibernation. They may really want to be loaded and/ or reloaded upon hardware startup in order to function correctly. When they don’t get initialized right, depending on how they access RAM or what portions of RAM they live in and access, they can either make the PC unstable, OR they can crash the entire PC.

Boot loaders are another GREAT reason why you may want to disable Fast Startup. Some boot loaders don’t get accessed correctly from a hibernated state, as the Fast Startup and hibernation in general has a tendency to want to lock the hard drive. When you want to boot into a different operating system, you may find that they only way you can reliably do this is to reboot the PC after “resuming” via Fast Startup, as you can’t access the boot loader choice for additional operating systems upon startup.

That extra restart WILL do a cold restart, by the way; so if you’re ever updating the operating system, or doing some kind of activity that really requires you to go “all the way down,” having Fast Startup enabled doesn’t prevent you from swapping out locked system files (or files that are in use) after Windows Update updates your PC.

So should you ALWAYS disable Fast Startup? Signs point to, “no.”

If things work ok for you… if you don’t have driver issues, problems or errors, you should be ok. You can keep it enabled and enjoy the faster booting times. You have to keep in mind, though, that if you want access to your hard drive from outside windows, you likely won’t be able to get that access with the feature enabled.

If you’re noticing that you get BSoD’s or you start having issues with devices not working or spinning up correctly; or if things don’t work without an extra restart, then yeah. You may want to consider disabling Fast Startup. Doing this is really pretty easy.

Ok… so how do I enable or disable Fast Startup on Windows 10’s Fall Creators Update?
If you wish to disable Fast Startup, follow these simple steps:

1. On the Desktop, press Win-X.

2. Choose Power Options from the context menu that appears.

3. Choose Power & sleep on the left side menu.

4. Under Related Settings, click the Additional power settings link.
Power and Sleep

5. On the left side of the Power Options window that appears, click the, “Choose what the power button does” link.
Power Options

6. On the Power Options – System Settings window that appears, if you see an Admin Link for Change settings that are currently unavailable, click it.
System Settings
7. The three check boxes under Shutdown Settings should enable. Uncheck the Turn on fast startup (recommended) check box.
Shutdown Settings

If you don’t see a check box for fast startup, it’s because hibernation has somehow become disable on your PC. Renabling this is actually a lot easier than turning Fast Startup on or off.

To enable hibernation on your PC, follow these steps:

1. On the Desktop, press Win-X.

2. Choose Command Prompt (Administrator) from the context menu that appears.

3. In the Command Prompt window, type the following:

powercfg –h /on

and press enter

If you need to need to disable Fast Startup, you can follow the steps in the above section, now.

At this point, you will notice that it takes your PC a bit longer to start up. This may be an issue for you in the long run; but as they say, slow and steady wins the race. Any driver issues you have, should be gone. Any update issues you have, should certainly be gone.

Was Fast Startup an issue for you? Did you have a need or desire to disable it? If so, I’d love to hear from you. Why don’t you meet me in the Discussion area, below and let me know what you did.

Related Posts:

Apple Watch can Save your Life

New studies suggest that owning an Apple Watch can identify potentially lethal health trends

I saw this, and I thought this was pretty cool.

I have an Apple Watch and have enjoyed using it for just over two years. I use it mostly for notifications and responding to text messages. I also use it to keep track of my physical activity, as well, such as it is. As a tech and software development geek, having something remind you to move and to move more during your day is important, especially when your job has you sitting on your tush all day long testing software. Some folks, me included, forget to move without being reminded. Having a subtle reminder to stand every hour makes it easy for me to take a break, move, and to refocus my thoughts, if needed. Apple Watch has made me more productive, as a result, believe it or not. It’s not been an interruption.

In a new development, it’s been found that Wearables can be used to accurately detect conditions like hypertension and sleep apnea in users that wear them. The research, conducted by health startup Cardiogram and UCSF, cited claims that data from heart sensors when combined with machine learning algorithms can identify patterns that predict if a person is at risk of certain health issues. The study followed more than 6000 subjects, some of whom were known to have been diagnosed with both hypertension and sleep apnea.

Cardiogram cofounder, Brandon Ballinger wants to “transform wearables that people already own – Apple Watches, Android Wears, Garmins, and Fitbits – into inexpensive, everyday screening tools using artificial intelligence” into tools that can not only help keep people well, but drive the growth of the market. The study is headed for peer review, according to Ballinger. This will hopefully lead to wearables being validated as a screening method for this and other major health care conditions, like pre-diabetes and diabetes, which, appears to be next on Cardiogram’s hit list

Cardiogram’s study lines up very well with the direction that Apple has been taking Apple Watch and the apps that are available for it in the App Store. Patents have been developed that involve both health related wearable technology by Cardiogram. Apple is also involved in a heart rate study partnership with Stanford University.

Related Posts:

Apple to Buy Shazam

There’s an interesting rumor going around that Apple is going to buy Shazam for about $400M…

shazam

Apple announced the acquisition of Shazam in a statement to Buzzfeed News, on 2017-12-11. In their statement, Apple acknowledged that Shazam was one of the most popular apps available for download in the iOS and Mac App Stores; and has hundreds of millions of users, on multiple platforms, worldwide.

“Apple Music and Shazam are a natural fit, sharing a passion for music discovery and delivering great music experiences to our users,” Apple’s Tom Neumayr said. “We have exciting plans in store, and we look forward to combining with Shazam upon approval of today’s agreement.”

Apple is reportedly in late stage talks to acquire Shazam, a popular content recognition and identification app that is currently rounding up investments as it moves toward an initial public offering. This would be an interesting development, as the popular music recognition app is currently cross platform.

Shazam has been integrated into Apple’s iOS since June of 2014 when it released iOS 8. While the deal between the two organizations is NOT finalized, its anticipated that the deal, worth approximately $400M USD could be announced as early as Monday, 2017-12-11.

Originally called 2580, named after the number users had to dial to reach the service via text, the UK company came into existence in 1999. The app is now in both the iOS and Mac App Stores and has turned into a comprehensive audio discovery and identification service helping users identify songs, movies and TV shows by capturing audio. The app has been downloaded over 1 billion times.

Apple partnered with Shazam’s marketing team in 2015 to help power their Apple Music app. This is likely where they will permanently put the app, should they in fact come to an agreement to purchase the technology.

According to Shazam’s CEO, Rich Riley, the company reported revenues of £40.3M pounds for their 2016 fiscal year. Riley indicated that their marketing shift to advertising is what helped make them profitable and helped them become an acquisition target.

Shazam is integrated into iTunes and Apple Music, and has hooks into the iTunes Store. On the Android side, it also has hooks into Google Play. iTunes users can quickly purchase recognized songs. Apple Music users can quickly add identified songs to a customized playlist.

If purchased, Shazam would be Apple’s second largest acquisition in recent years. Apple purchased Beats for $3B USD in 2014. The Shazam purchase, however, at $400M, is likely to be a 60% discount over the organization’s most recent funding round, which valued the company and service at approximately $1B USD. Shazam has raised over $143M in funding since 2002, including monies obtained through Sony Music and Universal.

Related Posts:

Apple Issues Security Update for High Sierra Root User Bug

Apple on Wednesday released a special security update for macOS High Sierra, solving a recently uncovered flaw which would let people gain root access without entering a password.

You can file this one under the ol’ “face palm – how the h3ll did this make it out to production?” category.

As a software development professional with over 25 years of experience, it really makes me wonder sometimes… It’s a question, that as a Quality Assurance professional, you never want to ask, or have someone ask YOU; but when the item in question is this blatant, you really can’t help it.

Recently, a bug in macOS 10.13 High Sierra was discovered that allowed anyone – literally, anyone – with physical access to your Mac to log in with root permissions, whether they had an account on the computer or not.

Root is a super user level of access. Someone with root or super user access can do anything and EVERYTHING to your Mac, despite any and ALL security settings you’ve made or apps you’ve installed. They can burn down your entire world with root access… and there isn’t anything on the computer that can stop them.

Now, there are a few things you should know about this.

1. As of this writing, this should no longer be an issue. Apple has released a security update, Security Update 2017-001, and it will update your High Sierra build number to 17B1002 after it installs.
2. As of this writing, the update will come down and install automatically. You won’t see an update notification or red bubble on the App Store indicating an update is available. It’s going to install automatically when you restart your Mac. Period. You don’t get a choice.

I wanted to get that in front of everyone before I relay the following comment – I’ve seen this defect in action, and it was totally devastating.

root_authorizing

In fact, it was a bit more than that. I’ve never seen such an easily exploitable, completely revealing security vulnerability like this… ever.

I have access to Mac with a standard (non-admin) account. I don’t know the admin password on this box, so I couldn’t cheat on it at all. With the above vulnerability active on that Mac, I was able to bypass the administrator’s credentials and make changes to my standard account as if I were an admin, and I didn’t even need a password.

As I understand it, there wasn’t a secret account or other access point on your computer. When users tried to log in as root, without a password, High Sierra wouldn’t let you in. The bug, however, occurred when you retried logging in as root without a password. It somehow burned the account in, without a password, after multiple tries. At that point, you had access to absolutely everything on the computer. When macOS again prompted you for any kind of admin permissions, simply entering in, “root” as the user name without a password again, got you authenticated.

As I mentioned, this was probably the easiest “hack” I’ve ever done. You didn’t need any coding or any kind of technical knowledge. All you needed was physical access to the computer and the ability to spell the word, “root.”

Thankfully, the hole has been patched; and it was patched, as I mentioned, via a silent, forced update, that, to my understanding, Apple has only used one time before. You didn’t get the opportunity to decline this update, and Apple applied it to your system without asking for permission or requesting a restart of your machine, or your knowledge, really. It simply got installed and then silently applied when you either rebooted or turned your Mac on.

The only evidence that something had happened was a notification bubble that showed up a day or so later letting you know that the update had been installed.

root_security_updated

To be honest, I wasn’t happy with the news that this vulnerability was published, and I wasn’t happy with the way it was resolved, either. I wouldn’t have been upset with a “required” update that would have been installed without me getting a say in its installation IF Apple had told me that it was installing it. I don’t like the fact that Apple can just push an update to my PC and I can’t prevent it from installing, or even know that it was installed until AFTER it was installed.

That’s just as bad as the vulnerability existing in the first place.

In the future, I really wish Apple would be a bit more sensitive in situations like this. I *DO* understand why they did what they did. This was a serious bug that had to be resolved for everyone running High Sierra. However, I don’t like it when vendors force me to take an update and don’t tell me that it’s going to install or give me an option to postpone the update. People have been screaming about situations like that on the Windows side of the world since Windows 10 was released a few years ago. Just because Microsoft does it, doesn’t make it ok.

Did you happen to see this bug in action? Did you happen to play with it at all prior to Apple plugging the hole? Did the update reveal itself to you via the App Store, or did you get the silent version of the update shoved at you like most of the world did?

Why don’t you meet me in the Discussion Area below, and give me your thoughts on the whole thing?

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook