Addsum web site and general info

Postings here will focus mainly on Advanced Accounting software updates, tips, and related topics. They will also include general comments relating to troubleshooting PC/Windows/network problems and may also include reference to our other software products and projects including any of our various utilities, or to the TAS Premier programming language. We considered setting up separate blogs for different topics so that users/others could subscribe to topics mostly aligned with their interests, but decided that it would be better to keep things simple since some topics cross over into others. We would nonetheless welcome your feedback/input in this regard. Our web site URL is www.addsuminc.com. Call us at 800-648-6258 or 801-277-9240. We also maintain www.advancedaccounting.us so that older Business Tools users in particular have a greater chance to find us.

Follow

We highly recommend that accounting software users "follow" this blog via e-mail (enter your address and click on Submit below) or subscribe to a feed (see also below) as a way to keep current on the latest updates and accounting software news and information. You may also want to whitelist this e-mail address: noreply@blogger.com.

Thursday, April 27, 2017

Keyhelp.ocx vulnerability relating to Actian PSQL 12 install

A TAS Premier 7i runtime user relating to a third party vertical market software system (for which we provide support assistance as well as programming) has reported receiving a notice from their security vulnerability analysis software relating to a file installed by Actian/Pervasive version 12 as follows:

Description: The remote host has KeyWorks KeyHelp ActiveX control installed, which is affected by multiple vulnerabilities 

- Multiple stack-based buffer overflows exist that could allow an
attacker to execute arbitrary code. (CVE-2012-2515)

- An unspecified command injection vulnerability. (CVE-2012-2516)


KEYHELP.OCX is a part of the PSQL 12 install and is not harmful.  It is also, however, a non-essential control with respect to the Pervasive engine.

See:

https://supportactian.secure.force.com/help/articles/Technical_Document/Keyhelp-ocx-reported-as-a-security-vulnerability-by-security-analyzer-utilities

https://supportactian.secure.force.com/help/articles/Bug_Document/Actian-Security-Vulnerabilities-NoticePSQL/




Note that Actian recommends the removal of this control (which is only used when running the Pervasive System Analyzer aka PSA tool).   It will not be shipping with future updates to the v12 engine starting with service pack 1,  i.e. 12.10.  

For users with older installations of version 12 (i.e prior to 12.10), the instructions in the second link above is repeated below:


You can prevent the installation of this file by using the 'Custom' Setup Type option, and changing the installation option for the optional utility to 'This feature will not be available' during the installation.  Alternatively, it can be removed from an existing PSQL installations by modifying the installation to remove the optional utility by selecting 'Uninstall/Change' from Programs and Features, selecting the default 'Modify' option and removing the utility from the installation. 











Forced Windows 10 updates causing damage to external drives

Based on now numerous reports, many Windows 10 users have experienced total data loss and even hardware damage with USB-connected devices that are being accessed when a Windows 10 "forced update" occurs.

This discussion relating to damage caused by a Windows 10 forced update is just the tip of the iceberg of reported problems.  We have had other reports of the same issue experienced recently by IT professionals.

Automatic updates that slow computers used for business purposes down to a crawl and that can only be marginally controlled are simply an unacceptable approach and must change or else business PC users will ultimately either start to migrate to something else and/or stay far, far away from Windows 10 to the greatest extent possible.  The current level of control with respect to these updates remains dismal at best making Windows 10 the least stable operating system that Microsoft has released perhaps in its history.

While our software runs on everything released by Microsoft to date, we cannot recommend the use of Windows 10 (Professional) because of its overall poor performance in multiple respects and because of the lost time and potential havoc its forced updates create.   Your maintenance and supports costs will be higher with Windows 10 and for marginal benefit.



See also:

http://addsuminc.blogspot.com/2017/04/windows-10-update-kb4015217-creates.html







Monday, April 17, 2017

Windows 10 update KB4015217 creates havoc

The Tuesday April 11, 2017 Windows 10 update started to create numerous problems for users trying to install it and then has had other unfortunate impacts.

Our first call was from a user who experienced a loss of network connectivity after the update.  Both PC's were Windows 10 Home (the Home version works with our software, but is generally discouraged).  The update also caused at least one of the PC's to be significantly slower.   This update does require a reboot and apparently in the case of this user, the update brought about a weakness in the way the two PC's had previously been configured (but which was otherwise working prior to the update).  In this case it may have been a Homegroup versus Workgroup setup issue.

Problems simply in installing the update have been somewhat widely reported including being stuck and/or taking several hours to complete.  Another example.   Problems with respect to PC's "freezing" after installing the update have also been experienced.  Prior cumulative updates have sometimes simply failed to install.    An example would be the prior KB4015438 cumulative update (which was intended to fix problems with yet another prior cumulative update; see more below).  This has also been the case with 4015217 update.

Example of issues with the KB4015438 update:


KB4015438 failing to install repeatedly



After installation, there have been reports of slowness and black screens.

As of April 14, 2017 there are reports of more esoteric issues such as with the VB ADODB.Recordset filter  property (which a related Windows 7 update has also apparently caused).   This problem does not impact our software in any way, but is nonetheless alarming.  Users have had to uninstall the update to solve the recordset filter problem (however depending on your settings and particularly if you have Windows 10 Home, users will have difficulty preventing the update from trying to install itself again in the future).

Security updates that came out last week for other versions of the Windows operating systems, including server versions, have caused widespread issues, particularly slowness.

While it may be too late for most, our recommendation would be, at least for now, to avoid this update if possible.  Windows 10 Home users, unless they are solely connected via Wi-Fi and can set that connection to 'metered' may not be able to avoid or defer it (other than to not connect those devices to the Internet at all!).

Windows 10 Professional users may be able to prevent updates through the group policy editor (but there are indications that after this cumulative "anniversary" install, this may no longer be possible).

Some pertinent links in terms of turning off and/or managing Windows 10 updates:

http://www.pcworld.com/article/3085136/windows/two-ways-to-control-or-stop-windows-10-updates.html

http://www.thewindowsclub.com/turn-off-windows-update-in-windows-10

http://www.howto-connect.com/stop-windows-10-update-in-progress/