Tuesday, May 31, 2016

Malware goes to war:

Potential tools, uses, and targets of cyberweapons
Researchers look at what it means when cyberweapons have the same status as traditional weapons of war.
"We are dropping cyber bombs. We have never done that before."

During a February 28, 2016 interview with NPR, Defense Secretary Ashton B. Carter confirms this statement by Deputy Secretary of Defense Robert O. Work, and states the US is using cyberweapons in the battle against ISIS. The rules by which the Department of Defense (DoD) can operate in cyberspace, create cyberweapons, and use the weapons are outlined in the DoD Law of War Manual (PDF, June 2015 revision).

What constitutes cyberwar in the DoD manual centers on the legal term Jus ad bellum (Chapter 16 Cyber Operations, page 994). Simply put, if cyberweapons are used in an operation and cause an effect similar to more traditional weapons, it is considered a use of force.

There is currently precious little known (for obvious reasons) about state-sponsored cyberweapons and their deployment. Two researchers at the University of Maryland, Baltimore County — Richard Forno, cybersecurity lecturer and internet researcher, and Anupam Joshi, professor, Department of Computer Science and Electrical Engineering — dug up what was available, and presented it in The Conversation article America is 'dropping cyberbombs' — but how do they work?

"The country's actual cyber capabilities are classified; we, as researchers, are limited by what has been made public," write Forno and Joshi. "However, we can analyze the underlying technologies and look at the global strategic considerations of those seeking to wage cyber warfare. That work allows us to offer ideas about cyberweapons and how they might be used."

What might be considered a cyberweapon?

Cyberweapons are not "bombs" as Deputy Secretary Work suggests. Cyberweapons consist of software and hardware, from off-the-shelf commercial offerings used by security consultants and penetration testers to sophisticated, proprietary systems used by law enforcement, defense, and intelligence communities.

The authors also mention that cyberweapons, to be effective, consist of multiple tools. "Cyberweapons are collections of computer hardware and software, with the knowledge of their potential use against online threats," explain Forno and Joshi. "Although frequently used against internet targets such as websites and forums, these tools can have real-world effects, too."

Stuxnet is considered a cyberweapon; one specifically created to cause real-world effects, which, in this case, means physical damage. The digital malware destroyed Iranian uranium centrifuges by overriding safety systems, causing the equipment to over-speed and demolish itself.

Why use cyberweapons?

Staying clear of political ideology, the authors offer technical reasons why an organization or nation-state would want to use a cyberweapon. "Sometimes, a government entity wants to monitor activity on a particular computer system in hopes of gaining additional intelligence," mention Forno and Joshi. "Other times, the goal is to place a hidden backdoor allowing the agency to take control of a system."

There is a third option that comes into play: destroying the target.

The DoD's cyber strategy website offers the following reasons why cyberweapons might be released:

Defend DoD networks, systems, and information
Defend the U.S. homeland and U.S. national interests against cyber attacks of significant consequence
Provide cyber support to military operational and contingency plans
SEE: US military launches cyberattacks against ISIS targets (ZDNet)

Examples of potential targets

Voice and digital communications, vital in any battle, quickly become targets of opportunity. Forno and Joshi write, "Although not strictly a 'cyber' attack, 'cyberbombing' also might entail the use of decades-old electronic warfare techniques that broadcast electromagnetic energy to (among other things) disrupt an adversary's wireless communications capabilities or computer controls."

Some may not consider old-fashioned jamming "cyber" enough. As an example of an advanced cyberweapon system, the authors refer to how the Israeli military compromised Syrian air defense systems in 2007 by modifying or creating false images on Syrian radar screens.

Final thoughts

With nation states justifying their need (DoD's Law of War Manual) to protect cyberspace or use it to advance a certain agenda, Forno and Joshi offer this conclusion:

"Cyberweapons and the policies governing their use likely will remain shrouded in secrecy. However, the recent public mentions of cyber warfare by national leaders suggest that these capabilities are, and will remain, prominent and evolving ways to support intelligence and military operations when needed."

Whether cyberweapons are bombs or not, it appears the world's nation states now have one more way to make war.

Friday, May 27, 2016

OK, Now Your Phone Is Looking at You

Hello World hits Jerusalem’s tech scene, where eye-tracking software can test your sobriety and lets you play video games hands-free.

It’s Tel Aviv that has fueled Israel’s rise as "the startup nation," but these days other pockets of the country are fighting for tech hub status as well, including the ancient city of Jerusalem. Above, Hello World’s Ashlee Vance visits Umoove, a young company that’s trying to imbue tablets and smartphones with new powers.

With Umoove’s software, the mobile device you're looking at looks right back at you and detects your eye and head movements. You can fly through a video game just by moving your head from side to side or issue a command to your computer with a blink. 

The technology’s applications stretch into the medical field, too. Just by following eye movements, Umoove can perform concussion and sobriety checks and potentially detect Alzheimer’s disease and strokes as well.

Check out full episodes and more clips from the Hello World series here.

Thursday, May 26, 2016

Microsoft bangs the final nail in Nokia Devices’ coffin, will lay off 1,850

Company will take one last $950 million hit as a result; is a Surface phone next?

Satya Nadella and former Nokia CEO Stephen Elop during happier times. Elop got the boot in 2015.

The last remaining vestiges of Nokia at Microsoft are being closed down as the company "streamlines" its smartphone hardware business. "Up to 1,850" people will lose their jobs (1,350 in Finland, 500 elsewhere) as the company essentially exits the phone market.

Microsoft bought Nokia's Devices and Services business in 2013 for $7.1 billion. In July last year, Microsoft laid off 7,800 of the staff from that acquisition and took an impairment charge of $7.6 billion. The remaining feature phone portion of the business was sold off last week for $350 million. With today's announcement, the smartphone hardware business is being all but wiped out. There will be one last impairment charge of approximately $950 million, of which $200 million is severance pay.

CEO Satya Nadella insists that the company is still working in the phone space, but in a much narrower way, saying "We are focusing our phone efforts where we have differentiation—with enterprises that value security, manageability and our Continuum capability, and consumers who value the same."

Should we still expect a Surface phone?

In an e-mail to staff, Terry Myerson, executive vice president of the windows and devices group, said that the company will "be more focused" in its phone efforts but insisted that "we're scaling back, but we're not out!" He says that the company will "develop great new devices," a statement that will continue to fuel speculation about a Windows-powered smartphone developed by the Surface team. The broad Windows strategy, and in particular the push for Universal Windows Apps, "remains unchanged," and Myerson says that the best experiences will continue to use the Microsoft "device, platform, and service combination."

His e-mail also acknowledges, however, that Microsoft will embrace other platforms, offering not just its apps but device management (through Intune) and developer tools (with the recently purchased Xamarin a key part of this) to iOS and Android users and developers.

While the decision may not come as a shock—except for anyone surprised to learn that there were more people to lay off—the move just underscores what a difficult strategic spot the company is in. Microsoft has been promising developers a single Windows platform, the Universal Windows Platform (UWP), that spans phones, tablets, PCs, Xboxes, HoloLenses, and anything and everything else that someone might want to run software on. With Windows 10, it was finally in a position to offer that platform.

But last year's layoffs and drastic scaling back of smartphone ambitions, coming just weeks before Windows 10's consumer release, undermined the entire value proposition. If one's target is the desktop market alone, then either traditional Windows apps or Web apps are sound technology choices. The full value of UWP is only apparent when a developer wants an app that can span form factors and usage models, and the smartphone in particular benefits from having native apps rather than Web apps. Without a viable phone platform, this ability to span devices becomes much less compelling.

That viability seemed within reach, too, with Windows Phone 8 breaking 10 percent market share in a number of European countries. That momentum dissipated, however, amid an uncertain corporate strategy and a failure to bring compelling phones to market, and the platform never recovered.

In spite of it all, Microsoft says that it is still seeing demand for its phone platform from the enterprise space, with corporations being attracted by UWP, Continuum, and enterprise manageability in general—and phone- and desktop-spanning apps in particular. The ability to use a Windows phone with a screen, mouse, and keyboard for enhanced productivity, a tantalizing glimpse of a possible future, is also appealing to enterprises. On the management front, Microsoft is building an increasingly capable set of tools, and taken together, the result is a well-rounded enterprise offering.

With Microsoft's smartphone hardware business now "streamlined" to the point of nothingness, it's increasingly going to be up to third-party manufacturers to fill the gap. The Lumia 950 and 950 XL will remain available, for the time being, and new Windows 10 Mobile devices, such as HP's enterprise-oriented Elite x3, should still come to market later this year. All of these support Continuum, with HP having a range of accessories to enhance the experience on its phone.

Myerson's full e-mail (which, hey, includes a link to Ars Technica):

To: Microsoft - All Employees
From: Terry Myerson
Date: Wednesday 5/25, 2AM Pacific Time
Subject: Focusing our phone hardware efforts

Team,

Last week we announced the sale of our feature phone business. Today I want to share that we are taking the additional step of streamlining our smartphone hardware business, and we anticipate this will impact up to 1,850 jobs worldwide, up to 1,350 of which are in Finland. These changes are incredibly difficult because of the impact on good people who have contributed greatly to Microsoft. Speaking on behalf of Satya and the entire Senior Leadership Team, we are committed to help each individual impacted with our support, resources, and respect.

For context, Windows 10 recently crossed 300 million monthly active devices, our Surface and Xbox customer satisfaction is at record levels, and HoloLens enthusiasts are developing incredible new experiences. Yet our phone success has been limited to companies valuing our commitment to security, manageability, and Continuum, and with consumers who value the same. Thus, we need to be more focused in our phone hardware efforts.

With this focus, our Windows strategy remains unchanged:

1. Universal apps. We have built an amazing platform, with a rich innovation roadmap ahead. Expanding the devices we reach and the capabilities for developers is our top priority.
2. We always take care of our customers, Windows phones are no exception. We will continue to update and support our current Lumia and OEM partner phones, and develop great new devices.
3. We remain steadfast in our pursuit of innovation across our Windows devices and our services to create new and delightful experiences. Our best work for customers comes from our device, platform, and service combination.

At the same time, our company will be pragmatic and embrace other mobile platforms with our productivity services, device management services, and development tools -- regardless of a person’s phone choice, we want everyone to be able to experience what Microsoft has to offer them.

With that all said… I used the words "be more focused" above. This in fact describes what we are doing (we're scaling back, but we're not out!), but at the same time I don't love it because it lacks the emotional impact of this decision. When I look back on our journey in mobility, we’ve done hard work and had great ideas, but have not always had the alignment needed across the company to make an impact. At the same time, Ars Technica recently published a long story documenting our journey to create the universal platform for our developers. The story shows the real challenges we faced, and the grit required to get it done. The story closes with this:

And as long as it has taken the company, Microsoft has still arguably achieved something that its competitors have not... It took more than two decades to get there, but Microsoft still somehow got there first.

For me, that’s what focus can deliver for us, and now we get to build on that foundation to build amazing products.

Terry

Wednesday, May 25, 2016

Bendable Smartphones Are Coming

But are they ready for prime time?

A little-known startup in China is gunning to be the first to sell bendable smartphones this year, seeking to upstage Samsung Electronics Co., which has started to dabble in flexible-screen technology.

Moxi Group, based in Chongqing, says it will ship 100,000 of the devices in 2016. They are, at the very least, unique. The phones, which will sell for about 5,000 yuan ($765) apiece, are designed to be rolled into a bracelet and worn on the wrist. The touchscreens work when curled up, or can be unfurled into rectangles to use just like any other smartphone.

The bendable smartphone based on graphene technology.
The bendable smartphone based on graphene technology.

For now, the gadgets will only feature black and white displays. with a color version to follow later. Still, that gives Moxi enough bragging rights to beat out other smartphone makers in being first to release bendable products.

"Black and white phones are much easier to make," said Chongsheng Yu, Moxi’s executive vice president. "The color model power usage is also much higher than that of the black and white unit. We’ll sell in China and if there’s demand overseas, we’ll look into it."

The wobbly screens are based on graphene technology, where carbon atoms are arranged in a specific pattern to make them more conductive and resilient. Instead of putting all the smartphone’s parts behind the flexible screen, Moxi crammed the battery, processor and the other components into one end of the gadget. That enables the display to almost bend into a full circle. A key question is how good the screen will be.

The smartphone is developed by Moxi Group, a company based in Chongqing, China.

"If they’re using flexible e-ink then it’s a real loser," said Roel Vertegaal, director of the Human Media Lab at Queen’s University in Canada, which showed off its own prototype of a bendable phone using the technology five years ago. "It was the only flexible technology we could get, but the colors are poor, the contrasts are poor and you can’t play videos on it."

Yu said the bendable phone is based on e-ink, which is also used in Amazon.com Inc.'s Kindle devices, but it's superior than what's been seen before because it uses better touchscreen capabilities.

Still, the desire to find a new hit product is fueling efforts to introduce bendable phones. Moxi, whose official corporate name is Chongqing Graphene Tech Co., is seeking to make the most of a technology that could eventually help to boost sales in a market that’s starting to decelerate. Smartphone sales in the $423 billion industry declined for the first time ever in the first three months of the year, according to Strategy Analytics.

"If you make a working, bendable phone then it’s a massive market," said Aravind Vijayaraghavan, a graphene researcher at Manchester University. "If they’re going to release it commercially this year I’d be thoroughly impressed. If you have a low-resolution black and white screen that is not terribly reliable, then that’s not a commercial prospect."



Tuesday, May 24, 2016

This Handheld Laser Could Replace the Vegetable Squeeze Test (BW)

Hello World visits Israel to try out SCiO, a pocket molecular sensor that can reveal the calorie count of a steak—or spot counterfeit drugs.
Image result for SCiO, a pocket molecular sensor

We’ve all squeezed a fruit to see if it’s ripe. What if you could gauge its exact calorie count and sugar and fat content while you were at it?

A startup in Israel called Consumer Physics has developed a keychain-size device called the SCiO that can shoot a beam of light at, say, an avocado and instantly tell you just that.
Above, Hello World host Ashlee Vance takes the SCiO for a spin in a Tel Aviv market, joined by Consumer Physics’s chief executive officer, Dror Sharon. They zap cheese, meat, and even a dog to figure out what makes them tick. Beyond analyzing food, the SCiO can spot watered-down fuel at the pump and even tell counterfeit drugs from real ones.

The device plays to Israel’s strength in computer chips. Consumer Physics has taken a big, boxy piece of scientific equipment known as a spectrometer and shrunk it down to a chip the size of a coin. By coupling the chip with a near-infrared light, the SCiO can stir up the molecules in an object and tell a story about its makeup. It has already caught the public’s attention through one of the biggest Kickstarter campaigns in Israel’s history, and Sharon hopes the technology will soon be small enough to fit in everyone’s cell phone.

Monday, May 23, 2016

Inside Project Ara:The modular smartphone

Google's Lego-like plan to disrupt the smartphone

Next year, Google will sell a smartphone that lets you swap in interchangeable parts to get new abilities.

Rafa Camargo is playing ping-pong. Thirty minutes ago, he placed the world's most interesting smartphone into his jacket pocket. Now that jacket and its precious contents are lying on the floor. Right under my nose.

Camargo is the lead engineer on Project Ara, Google's attempt to build a smartphone that lets you swap out its parts like Lego blocks -- just by popping them on and off. Slide in a couple of speaker modules if you're throwing a party, insert an additional battery if you'll be out on the town or even slot in exotic modules like glucometers (for diabetics) or sensors to measure air quality. While we've recently seen LG attempt to build a modular smartphone with the G5, these Ara snap-on concepts are the kind of features you'd never find on a normal phone built for mass-market adoption.

Camargo and I have just shared a five-minute shuttle ride to Google Building CL5, where he's promised to give me a closer look at the phone he'd demonstrated minutes earlier to an ecstatic crowd at Google's I/O developer conference.

After several failed demonstrations in the past, he says a consumer version of the phone will ship next year. Moreover, while manufacturing will no doubt be subcontracted out to the likes of a Flextronics or Foxconn, Google will design the phone itself. That's a change from its Nexus phones, where it relied on hardware partners such as LG, Huawei and Samsung.

The result -- if it hits its target 2017 delivery date to consumers -- will be a user-upgradeable handset with the potential to totally upend the smartphone market as we know it.

The dream: A truly customizable phone

In the three years since work first started on Ara, the modular phone has always seemed like a pipe dream, and Google has always treated it that way. It's been part of the company's ATAP division -- Advanced Technologies and Products -- a skunkworks explicitly tasked with turning such fantasies, like sensors you can swallow, into consumer reality.

But Ara made promises it couldn't keep. In years past, the modular tech failed repeatedly in demonstrations. The prototype was all set to start a pilot program in Puerto Rico. And then, all of a sudden, it wasn't, with barely an explanation. There were tweets from the project's team that suggested ATAP was rethinking how the components linked together.

On top of that, the team's original head, Paul Eremenko, left the company. Then, in even more of a blow, Regina Dugan, the leader of ATAP itself, departed Google for Facebook. There, she'll run something called Building 8, a similar effort focused on creating experimental hardware.

So after Friday's announcement, you would be forgiven if you thought the past few months had been a magic trick of misdirection. Because Project Ara was quietly evolving while we were all wondering if it was even still breathing.

An hour before the ping-pong match, in a jam-packed session at Google's developer conference, Ara's key innovation finally works. Camargo places his phone on a table, and says the magic words. "OK Google, eject the camera." When the phone's camera pops out of its socket, all by itself, the crowd erupts with applause.

But then Camargo slips the phone into his jacket pocket -- presumably to thwart handsy journalists like me from learning too much. I worry that he won't show me the phone at all, that I'll never be able to tell if his successful demo on stage was an exception to the rule. When he drops his jacket and picks up the ping-pong paddle, a tiny part of me wonders what would happen if I were to sneak a peek at the phone.

But when we finally sit down in a conference room to talk about the future of Ara, it turns out I had nothing to fear: Camargo repeats the magic words and out pops the camera.

The modular phone is real.

Scaled back

Ara isn't quite the same project that captured my imagination. It's still pretty exciting, but the idea has been notably scaled back.

Originally, Project Ara would have let you build your own phone like computer enthusiasts build their own desktop PCs, choosing all the parts yourself. Ara could have been the last phone you'd ever need: just swap out the processor and cellular radios when newer ones come along, and you'd be up to speed. Google would provide the "endoskeleton" -- the equivalent of a PC's motherboard -- and an ecosystem of hardware partners would have done the rest.

The current prototype of the Project Ara Developer Edition. Camargo assures us the final version will be thinner and more "beautiful."

But the new Project Ara isn't designed to let you swap out core components like the processor. Now they're all built right in.

"When we did our user studies, what we found is that most users don't care about modularizing the core functions," Camargo explains. "They expect them all to be there, to always work and to be consistent."

"Our initial prototype was modularizing everything...just to find out users didn't care," he adds.

So instead of letting you build your own future-proof phone, the new Ara is about giving you a phone with mix-and-match features you can't get anywhere else.

The Ara advantage

When the Project Ara Developer Edition ships this fall, it will come with four modules to start: a speaker, a camera, an E-Ink display (like the one you'd find on an Amazon Kindle e-reader) and an expanded memory module.
Those might not sound all that exciting, but they're all things that even high-end smartphones don't necessarily do well. If you don't like the single, easily muffled speaker on your Samsung Galaxy or wish your iPhone had more storage space, you're generally out of luck.
"[Phone manufacturers] say, here, you have 3 millimeters to make a speaker, and you're stuck with your sound quality," says Kevin Hague, a VP with Harman Audio. Harman is working with Google to prove that a dedicated speaker module might be one of many reasons to buy an Ara phone.
ara-battery-free-gif.gif
The Project Ara team has already modularized the battery technology. Pull out the second battery, and it keeps working.
Sean Hollister/CNET
And with Ara, you're not limited to just one: you'll be able to turn Ara into a boom box with multiple speakers and multiple batteries snapped into the phone's six module slots. With even the standard integrated battery, Camargo says we should expect a full day of battery life from the consumer version of Ara, and he estimates that adding a single modular battery should boost that by roughly 45 percent.
But cameras, batteries and speakers are just the low-hanging fruit: the Ara team believes its platform will open the floodgates for third-party hardware developers to build all sorts of products that never would have made it into smartphones before -- from a wireless car key fob (Camargo says he has a working prototype) to a one-use pepper spray dispenser. BACtrack, a companyspecializing in alcohol breathalyzers, is also on board.
"We know that people are going to build crazy stuff, and that's OK," says Blaise Bertrand, ATAP's head of creative and marketing chief. "In fact, we're looking forward to this."
Medicine could be a particularly interesting market, where people are willing to pay for technology that might improve their lives, but only a small percentage of people have any given need.
"The glucometer example: I'm lucky, I don't need it, so I don't care about that module. But if you're a diabetic, it's probably essential in your life," says Camargo. "Nobody's going to build a phone with that integrated."
When I think about awesome technology that not everyone needs, some of Google's other ATAP projects also come to mind, like the Project Tango depth-sensing camera or the Project Soli gesture-sensing radar. Camargo won't say yes or no, but suggests Ara could help:
"You see all these technologies that are very applicable to mobile but have a hard time making it into the next flagship phone because it's a high risk. You're selling 80 million of that thing, and you don't want to make a mistake [...] I expect them all to see modules."
In other words, instead of trying to figure out how to build the world's best phone camera that fits into a phone that people can actually afford, camera makers could focus on building the world's best phone camera, period -- and sell it for a premium to boot.

Serious business

ara-module-flip-gif.gif
The prototype Ara camera module. Imagine swapping it out for one with a wider-angle lens, or upgrading it entirely in a few years.Sean Hollister/CNET
While a lot of the details aren't sorted out yet -- like how much modules will cost -- Google seems serious about building out Ara. As of last month, the Ara team is no longer part of the ATAP skunkworks; it now reports directly to Rick Osterloh, the head ofGoogle's new hardware division and a recent transplant from Motorola.
"We can get all the resources and funding we need to make it a business," says Richard Wooldridge, a leader on the Ara project.
Wooldridge, who coincidentally ran supply chain operations for Osterloh back at Motorola, says Ara will make it easy for just about anyone to build modules, whether they're a "bedroom student" or a fashion brand looking for a way to physically interact with consumers.
Not only will Google provide instructions and developer test beds, it'll help module makers navigate the challenging process to get those gadgets certified by federal regulatory agencies if need be.
Wooldridge sees Google launching an online store to sell the modules, and a marketplace for consumers to swap them with each other. (To protect against counterfeits, Google will have its own certification program for Ara modules, and Ara phones will reject ones that haven't been approved.)
"We want to create a hardware ecosystem on the scale of the software app ecosystem," says Camargo.
But the biggest sign of Google's sincerity may be this: the company will be building the first consumer version of Ara all by itself. While every previous flagship Androidhandset has been built by one of Google's partners, most recently Huawei and LG, Ara is the first handset that Google has ever designed from scratch.
When it arrives next year, the Ara team says the basic version should cost around the same amount as other premium smartphones, with performance on par.

A modular future

Even if Ara is no longer "the last phone you'll ever need to buy," that doesn't mean it couldn't become more PC-like in the future. Camargo says the technology to swap out processors and radios still exists. "We have the capabilities to do that, so things will evolve."
Google's Greybus -- the digital backbone that allows these modules to seamlessly interface with each other and the Android operating system -- can already transfer data at speeds of up to 11.9 gigabits per second. (That's faster than USB, and Carmago says it uses one-third the power.)
As the technology stabilizes, says Camargo, Google also intends to let other companies build Ara frames -- not just the modules, but entire Ara computers with module slots.
Camargo playing ping-pong.Sean Hollister/CNET
In fact, there's nothing saying Ara devices need to be phones. "In my lab, I have configurations that don't have anything to do with a phone and cannot make a phone call."
couldn't help but notice that Camargo plays a bit too aggressively. His shots sailed just past the end of the table. But when it comes to Ara, Camargo has a lighter touch.
"We really have to bring it to consumers, we have to make it attractive, we have to make them understand it," says Camargo. He needs to land this shot.
CNET's Gabriel Sama and Richard Nieva contributed to this report.


Friday, May 20, 2016

The Last Windows 7 ISO You’ll Ever Need: How to Slipstream the Convenience Rollup



Microsoft has finally released a “Convenience Rollup” for Windows 7 that combines updates from the past few years into one package (like a service pack). Microsoft doesn’t offer ISO images with these updates integrated, but you can create your own in a few simple steps.

That way, whenever you install a fresh copy of Windows 7 in the future, you won’t have to wait for it to download several years worth of updates (and reboot multiple times). It’ll have everything it needs up through May 2016.

What You’ll Need

This process requires a Windows 7 disc or ISO file with Service Pack 1 integrated. These are very easy to get at this point. You can download Windows 7 ISO images straight from Microsoft’s website, and these disc images already have Service Pack 1 integrated. Simple!

You’ll also need to download the Servicing Stack Update and Convenience Rollup packages before continuing. You’ll need the packages that match the version of the ISO you’re using. For example, if you’re going to create a 64-bit installer disc, you’ll need the 64-bit update packages.

Finally, you’ll need to download and install the Windows AIK for Windows 7. Microsoft makes this available for download as an ISO file. You’ll have to either burn it to a DVD and install it from the DVD, or install a tool like WinCDEmu to mount the Windows AIK ISO image and install software from it without burning it to disc first.

Step One: Extract the Files From the Disc or ISO
You’ll first need to extract the contents of the ISO image–or copy the files off a disc. If you have an ISO file, you can open it with a program like 7-Zip to extract the contents. If you have a disc, you can select all the files on the disc, copy them, and paste them in a folder on your computer.

In the screenshot below, we’ve copied all the files from a Windows 7 SP1 disc to a new folder in C:\Win7SP1ISO on our computer. We’ll use that folder in our examples below. We also created a folder called C:\updates where we put the Servicing Stack update and the Convenience Rollup package.


Step Two: Use Dism to Integrate the Updates

Next, launch a Command Prompt window as Administrator. Open the Start menu, type “Command Prompt” to search for it, right-click the “Command Prompt” shortcut that appears, and select “Run as Administrator.”


Run the following command, using the path to the folder you placed the files in (in our case, C:\Win7SP1ISO ):

Dism /Get-WIMInfo /WimFile:C:\Win7SP1ISO\sources\install.wim

This will tell you the name of the Windows 7 edition in the image, which is something you’ll need later. In the screenshot below, you can see we’re using Windows 7 ENTERPRISE  install media. You may be using a Windows 7 Home, Professional, or Ultimate edition instead.


You’ll now need to mount the image offline. First, create a directory to unpack it to:

mkdir C:\Win7SP1ISO\offline

Now, unpack the files so the DISM command can work with them:

Dism /Mount-WIM /WimFile:C:\Win7SP1ISO\sources\install.wim /Name:"Windows 7 ENTERPRISE" /MountDir:C:\Win7SP1ISO\offline

Again, replace C:\Win7SP1ISO with the folder you extracted the files to, and Windows 7 ENTERPRISE with the edition of Windows you got from the previous command.


You’ll now need to add the downloaded Servicing Stack Update–the KB3020369 update–to the Windows 7 installation files.

To integrate a 64-bit package:

Dism /Image:C:\Win7SP1ISO\offline /Add-Package /PackagePath:C:\updates\Windows6.1-KB3020369-x64.msu

To integrate a 32-bit package:

Dism /Image:C:\Win7SP1ISO\offline /Add-Package /PackagePath:C:\updates\Windows6.1-KB3020369-x86.msu

You only need to use one of the above commands–it depends on whether you’re creating 64-bit or 32-bit installation media. Replace the package path with the folder where you saved the Servicing Stack Update (in our case, C:\updates )

Next, add the downloaded convenience rollup update package–that’s KB3125574. This part may take a while.

To integrate a 64-bit package:

Dism /Image:C:\Win7SP1ISO\offline /Add-Package /PackagePath:C:\updates\windows6.1-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu

To integrate a 32-bit package

Dism /Image:C:\Win7SP1ISO\offline /Add-Package /PackagePath:C:\updates\windows6.1-kb3125574-v4-x86_ba1ff5537312561795cc04db0b02fbb0a74b2cbd.msu

Just like the last step, replace the folders with your own, and only run one of the above commands. Use the appropriate one for the installation media you’re creating–32-bit or 64-bit.


Lastly, commit the changes and unmount the image:

Dism /Unmount-WIM /MountDir:C:\Win7SP1ISO\offline /Commit


Step Three: Create an Updated ISO File

The install.wim file in the directory you were working with now has the Convenience Rollup package integrated. We’ll use the oscdimg tool included with the Windows AIK to make a new ISO image with your modified install.wim file integrated.

First, launch the Deployment Tools Command Prompt as Administrator. Head to Start > All Programs > Microsoft Windows AIK. Right-click the “Deployment Tools Command Prompt” shortcut and select “Run as Administrator.”


Run the following command at the prompt, replacing C:\Win7SP1ISO with the path to the directory you used earlier. You can also replace C:\Windows7Updated.iso with whatever location you want the resulting disc image to be created at.

oscdimg -n -m -bC:\Win7SP1ISO\boot\etfsboot.com C:\Win7SP1ISO\ C:\Windows7Up


You now have an updated Windows 7 ISO file. You can burn it to a disc using the tools integrated into Windows, or create a bootable USB drive from it with Microsoft’s Windows USB/DVD Download Tool. Be sure to save this ISO in a safe place, so you can use it again later if you ever need to reinstall!


Now that Microsoft offers Windows 7 ISO images for download, it would be nice if Microsoft itself updated these images with the latest patches occasionally. However, Microsoft has never done this for anything but a service pack (or a “build” of Windows 10), so we’re not holding our breaths.