Windows 11 2022H2.
The Good, The Bad, and The Aw
Jeez
Well, you can't always get what you want
But if you try sometimes
You just might find
You get
what you need
You Can't Always Get What You Want, The Glimmer Twins
(the real ones), The Rolling Stones
The Good The Bad & The Aw Jeez
October
06, 2022:
Reflections after doing several installations.
Windows 11 2022h2 can be a simple update of Windows 11, downloaded
through Windows Update when it becomes available for your computer. Or a
clean install can be done right now by downloading the installation
files from Microsoft.com. Of course, a clean installation that
deletes the existing drive partitions, and thus all applications and
data, requires a certain degree of technical expertise. Also, it
may require changing some UEFI motherboard settings to get your PC to
boot from a USB drive. And it goes without saying that whichever
method of installation you chose,
backup your files before handhand.
There are
several advantages to the clean method of installation. First of
all, you will begin your Windows 11 2022h2 experience knowing your
system is virus free. Moreover, to take full advantage of the new
security features Windows 2022h2 offers, these new security features
must be present and operational at first startup. Also, by doing a
clean installation any bad drivers or misconfigurations from the
original installation will be corrected.
It is unlikely, but I do
not know for certain, that any PC you brought right now would not have
Windows 11 2022h2 preinstalled. At least, that was the case with a
brand new HP All IN One today: Windows 11 2021h2 installed. If
that is the case, a clean installation would be easier to perform than
on a PC already in service. Nothing to back up. No apps to
get to install. Just all the tasks one would need to do whenever
getting a new PC.
Windows 11 2022h2 is available for all Windows
users with an existing license for Windows 10 or Windows 11. But
only if your PC is up to the task.
To download Windows 11 2022h2 installation file click here.
The Good
With each new iteration of
the Windows operating System, I am impressed with the improvement in
performance — that is if your hardware is up to the task. Upon
installation of the Windows 11 2022h2 Grade, the improvement in performance was immediate and quite
noticeable. Any and all types of files, whether from the local
disk drive or a networked drive loaded considerably faster. This
held true with loading web pages from the Internet. This is not because
this geek has the newest most powerful PC around. I am a former
(self-employed) working stiff who is now collecting Social Security.
Windows 11 was originally installed on a Gateway branded Walmart
notebook with an i5 processor that just meets the hardware
qualifications for Windows 11, and, 2 years ago, was at an unbelievable
price of $429.00. The notebook did come with 16gb of RAM, which,
although Microsoft states 8gb is the minimum amount of system memory, and
that is true, to get the real performance boost the new OS can offer,
16gb is strongly recommended.
I chose to perform what is now
called "a clean install." Back in the day, we simply used the
phrase "wipe and reload." This, of course, deletes the partitions
on the drive, and thus removes all data files and apps on the drive.
Windows 11 2022H2 has improved security features; many, however, require
a clean install.
One example of how the clean install enabled
security features that were not available on my Gateway branded notebook
is the
Core Isolation feature of Windows 11. As
Microsoft simply explains Core Isolation: .
Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device.
The next evolution of computer security is protecting motherboard
resources from compromise. If and when your motherboard gets
hosed, it's next to check the balance on the AMEX card because you will
need it. NO, I don't
take credit cards.
Prior to the
CLEAN INSTALL of Windows 11
2022h2, the Core Isolation feature was turned off and unavailable on the
Gateway Branded notebook with no way to enable the feature. I
attributed that to the feature not available on my motherboard
configuration. That turned out to not be correct. At least one
client experienced the same event on a well configured HP All In One
that was upgraded from Windows 10 to Windows 11. Once a client
mentions a problem, it's time for me to further investigate. What
was well reported after a deep search was that many people had also
experienced the problem. Consensus opinion was that it is a Windows
8 era driver software for solid state drives. And yes, that driver
was on the Gateway. I assume many other users experience the
problem. There was no driver update; and simply deleting the
driver will only cause it to be reinstalled. The clean install
replaced the incompatible driver, and now Core Isolation is on. I
have not it tested it yet, but I assume only a clean install will make
Core Isolation available on all machines.
I suppose what follows may best be put
in the BAD column; but with the secure everyday computing that Windows 11 2022h2
portends,
this Windows upgrade hails as the future for all of us. Similar
to every other
significant improvement in computer technology that I have witnessed
since the mid-1980s, Win11 2022h2 requires a new and greater investment in current
technology. As you will see, not all of the enhanced security
features are able to be enabled on the lower middle line Gateway
notebook.
Nonetheless, when we take a deeper look at the Core Isolation topic, again using the Gateway notebook that has been our test machine here, we see things are not all copacetic. Nevertheless, a deeper dive into the Core Isolation features reveals that the Gateway motherboard, as are many different systems, is not capable in implementing the most bleeding edge security features of Win11 2022h2.
On the other hand, Memory Access Protection is turned on.
There is one NEW security feature of Windows 11 2022h2. And here is where the decision to simply UPDATE the original installation of Windows 11; or UPGRADE to the new OS under the same name becomes critical. At least, that is how I am framing the decision. The new feature is called Smart App Control. Like how certain 3rd party security products or some web browsers will warn if you wish to navigate to a website known to infect visitors computers.. Smart App Control does the same for executables: i.e. malware that installs itself. Below is Microsoft's summary description of the technology.
We’ve added features that give people the flexibility to choose their own applications, while still maintaining tight security. Smart App Control is a new feature for individuals or small businesses designed to help prevent scripting attacks and protect users from running untrusted or unsigned applications often associated with malware or attack tools. This feature creates an AI model using intelligence, based on the 43 trillion security signals gathered daily, to predict if an app is safe. App control is known to be one of the most effective approaches to protecting against malware but can be complex to deploy. Windows 11 uses the power of AI to generate a continually updated app control policy that allows common and known safe apps to run while blocking unknown apps often associated with new malware. Our customers have asked us to make this simpler and we have responded.
Microsoft is one of the Leviathans of the Deep web that monitors worldwide network traffic. If you are a threat actor operating in a region outside of US jurisdiction, Microsoft will find you and shut you down. If you are a US based threat actor, the Gnomes of Redmond, along with law enforcement, usually the FBI, will sue you to obtain a judge's order to shutdown you down. In a nutshell, Microsoft has exported and incorporated their information aggregation technology to all Windows 11 2022h2 users. The ability to aggregate worldwide threat information across the Internet into one system of information distribution has been available for some time through various security vendors. This technology heretofore came to consumers and businesses at a very high price. Now, as MS says, "The Smart App Control approach achieves the goal of making advanced app control protection widely available." (ibid.) There is one caveat, however.
Smart App Control is provided on all Windows client editions with clean installations of Windows 11 2022 Update. (ibid.) Emphasis is mine.
Even if, however, a clean installation is performed, MS may decide that how you use your computer makes you currently not a candidate for Smart App Control, as I was so judged. As you will see below, my Smart App Control is currently "evaluating" whether MS should turn Smart App Control on.
When Smart App Control settings is clicked, the following screen appears where I am informed about my "evaluation."
Suddenly, I feel so inadequate. But you know, I'm good enough.
I'm smart enough. I'm good looking enough. And gosh darn it, people like
me. So what is about me that needs to be evaluated?.
Mea culpa, I run one legacy application. Even though the
application is from Microsoft (1998), it is not
digitally signed. Oh, the ignominy.
Below is what you see when go to install an app that is not digitally
signed, and therefore of unknown origin.
.
The installation of unsigned, and thus suspicious, applications is what Smart App Control is designed to prevent. Will Microsoft at some unknown time just turn the feature on? I guess I will find out.
There are certainly a few annoyances with Windows 11 2022h2. On
November 28, 2021, I made a post about a little
registry hack I picked up that restored the Ribbon Toolbar to File
Explorer. That little trick no longer works, and in fact caused
File Explorer to hang on opening. Undoing the registry hack
restored File Explorer's performance.
Often when restarting after
an update sometimes the opening screen hangs. A full power down
and startup brought Windows 11 back up without a hitch. And the
rotating circle of dots signifying Windows is starting up is now a
rotating broken circle. The spinning icon looks like ringworm.
At
first were there issues with certain printer configurations.
This seems to have been fixed in the latest update released September
30, 2022. I never experienced any problems with a printer
installaton.
Since Windows 10, a folder depicting your OneDrive files appeared in
File Explorer. The folder is more like a "virtual folder" in that
it doesn't really contain actual files. It displays the files that
would be synched with OneDrive. On all my systems, OneDrive is
disabled. But the folder remains in case I change my mind, I
guess.
Now, after the installation of Windows 11 2022h2, when I
use my File Transfer Protocol (FTP) to upload files to a web server,
which is an implementation of the same synching technology that OneDrive
employs, to see the files on my computer that I want to upload, I now
must access these files in the OneDrive folder.
To see which files are available to transfer, I now must get the files through the OneDrive folder. Again, OneDrive is disabled on the Gateway test machine.
This is not the end of the world. But it is one extra step along the
way. Furthermore, I do not use OneDrive. And I kind of resent
having to deal with OneDrive when it is turned off and does even
startup.
In other words,
Aw Jeez...
There is another verse of our opening number that I think fits the times as well as when the song was first written in the 1960s.
And I went down to the demonstration
To get my fair
share of abuse
Singing, "We're gonna vent our frustration
If we
don't we're gonna blow a fifty-amp fuse"
Sing it to me, honey
You can't always get what you want