RE: Microsoft Confirms Windows 10 New Monthly Charge.

August 26, 2016

So by now I’m sure most of you have heard that Microsoft has announced and confirmed that Windows 10 will now be a subscription service. What does this mean for consumers? Well apparently not much, yet, as Microsoft has also stated that this subscription fee will be for enterprises only. But for how long? How much trust are we willing to instill in that “promise?” We are talking about the company who went in and automatically upgraded users to the service without their permission or knowledge. I’m sure eventually Windows 10 will be a fee-based service for all who use it; Even if you don’t have to incur the fees automatically, like probably those who have already upgraded, I’m sure little features here and there will start having some fee attached to them.

My thoughts? Why fix something that isn’t broken. What I mean by that is, what was wrong with windows 7 or 8? Why do you or I or any average Joe computer user need windows 10? Most millennials don’t even have home computers anymore anyways. Want to save a buck, or 7? Stick to a slightly older but more than sufficient version of Windows and go buy yourself a drink or take yourself to dinner instead😉.

The Flash Patch and the Shocking truth about Shockwave Player

September 21, 2015

Adobe has released a critical software update to fix nearly two-dozen security holes in its Flash Player browser plugin. Separately, I want to take a moment to encourage users who have Adobe Shockwave Player installed to finally junk this program; turns out Shockwave — which comes with its own version of Flash — is still many versions behind in bundling the latest Flash fixes.

If you use and need Flash Player, it’s time to update the program (the latest version is 19.0.0.185 for Windows and Mac users). Google Chrome and Internet Explorer bundle their own versions of Flash (also now at v. 19.0.0.185); each should auto-update to the latest. Find out if you have Flash installed and its current version number by visiting this page.

Adobe said it was unaware of any exploits in the wild for the vulnerabilities fixed in this Flash release. Nevertheless, I would recommend that if you use Flash that you strongly consider removing it, or at least hobbling it until and unless you need it. Disabling Flash in Chrome is simple enough, and can be easily reversed: On a Windows, Mac, Linux or Chrome OS installation of Chrome, type “chrome:plugins” into the address bar, and on the Plug-ins page look for the “Flash” listing: To disable Flash, click the disable link (to re-enable it, click “enable”). Windows users can remove Flash from the Add/Remove Programs panel, or use Adobe’s uninstaller for Flash Player.

If you’re concerned about removing Flash altogether, consider a dual-browser approach. That is, unplugging Flash from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Flash.

If you decide to proceed with Flash and update, the most recent versions of Flash should be available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

SHOCKWAVE SHOCKER

In other Adobe patch news, on Sept. 8, 2015 I urged readers who have the Shockwave media player installed to update to the latest version or else junk the program altogether. In an post more than a year ago, I outlined Why You Should Ditch Adobe Shockwave, noting that the program bundles a component of Adobe Flash that was more than 15 months behind on security updates.

I checked back with Adobe last week to find out whether the version of Shockwave that the company released earlier this month is caught up on Flash flaws. Turns out, it’s still woefully behind. The version of Shockwave released just two weeks ago bundles the Flash runtime 16.0.0.305, a version of Flash that Adobe released in February 2015.

Translation: The version of Shockwave that Adobe released two weeks ago lacks fixes for a whopping 155 vulnerabilities in Flash that can be used to backdoor virtually any computer running it! Included in those missing fixes are patches for a half-dozen Flash flaws that were being actively exploited at the time they were fixed in Flash Player.

Not sure whether your computer has Shockwave installed? If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave (or in the case of Google Chrome for some reason just automatically downloads the installer), then you don’t have Shockwave installed. To remove Shockwave, grab Adobe’s uninstall tool here. Mozilla Firefox users should note that the presence of the “Shockwave Flash” plugin listed in the Firefox Add-ons section denotes an installation of Adobe Flash Player plugin — not Adobe Shockwave Player.

Windows 10 Automatic Updates Start Causing Problems

August 6, 2015

Microsoft has said that the Windows 10 updates are mandatory and automatic….no exception.

QUOTE:
With just four days left before launch, Windows 10’s policy of automatic updates has run into its first major problem and it is causing many PCs to stop working correctly………..

…..Interestingly the problem has also been experienced by Forbes contributor Paul Monckton who has done some digging and explained that the fault lies in a conflict between Windows Update and Nvidia’€™s own driver and software management tool the Nvidia GeForce Experience€™.
€œIt looks like driver version 353.54 [the latest at time of writing] is available only via Window Update, €œThe problem is the Nvidia GeForce Experience then tried to downgrade that to the previous version while claiming the previous version was actually newer………….

So, if you roll back the driver update, Windows will install it again…and again…and again…

Given Windows 10 updates cannot be stopped the most obvious solution is to uninstall third party driver management and hand it all over to Windows Update to avoid clashes. This potentially simplifies matters by providing an all-in-one update service, but it does mean taking away control from specialist companies over their own products.
A second approach is worth mentioning when Microsoft confirmed Windows 10 updates were unstoppable:

hack it.
Initially this might work, but in April senior Microsoft product marketing manager Helen Harmetz said during a Windows 10 webinar that users who forcibly stopped any Windows 10 updates would eventually have their security updates cut off. Microsoft has yet to confirm this brutal enforcement policy in official documentation, but if this is the path it chooses that would ultimately make any form of update hack pointless.

Windows 10 could share your WIFI with friends and social media

August 6, 2015

Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system, Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.


This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).
I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.
“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.
The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.
Update, July 30, 12:35 p.m. ET: Ed Bott over at ZDNet takes issue with the experience described in the stories referenced above, stating that while Wi-Fi Sense is turned on by default, users still have to explicitly choose to share a network. “When you first connect to a password-protected Wi-Fi network, you choose if you want to share access to that network with your contacts,” Bott writes. Nevertheless, many users are conditioned to click “yes” to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network). Updated the lead to clarify that users are prompted to share.
El Reg says it well here:

That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.

I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.
Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).
It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.
Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.
Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.

Source: How-To Geek
An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”
To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.
While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.
Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.
My suggestions:

  1. Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
  2. After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
  3. If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.

Get Windows 10 Today!!!

August 6, 2015

Microsoft released Windows 10 and has made it available so you can upgrade Windows 7 and Windows 8.1 users for free. For those who have previously used the Windows 10 Reservation app, Windows 10 should start to download to your computer and then prompt you for installation. For those who are impatient, and want it immediately, you can download the Windows 10 Download Tool and start the upgrade immediately.

To start upgrading, visit the following link and download the appropriate download tool:

http://www.microsoft.com/en-us/software-download/windows10

Once it has downloaded, double-click on it to execute the program.

At the opening screen, you can choose to automatically upgrade to Windows 10 or create a bootable ISO or USB flash drive to upgrade another PC. Upgrading is a much easier process as it will automatically detect your product key and install Windows 10 over your existing Windows installation. For those, though, who wish to perform a clean install, you will need to find your product key first. Information on how to do this can be found in Microsoft’s Windows 10 FAQ.

If you have any questions regarding this process, feel free to ask for help in this topic or the Windows 10 forum.

Microsoft’s Office for Android tablets

January 31, 2015

You can download Microsoft’s Office for Android tablet apps today

Microsoft’s Office for Android tablets suite has emerged out of beta after three months in the labs and can be downloaded to your mid-sized tablet of choice for free.

So long as you have a Microsoft account and a tablet with a display that’s between 7 and 10.1-inch in size, you can download and use the free (basic) versions of Word, Excel and PowerPoint to your heart’s content.

Unlimited Data?

January 28, 2015

Recently the FTC has been quite interested in all things data stream related. One of those things being the throttling of whats known as ‘Unlimited Data’. Seems most people’s interpretation of unlimited is just that, UN Limited.

Well we all know that carriers do not seem to follow conventional definitions of terms. And it looks like the FTC wants the definition of Unlimited Data to mean the same thing to everyone. Consumers and carriers alike. So with backing of a $40 Million Dollar fine to TracFone. The FTC is sending a message that Unlimited means UN Limited. Not throttled.
TracFone advertised “unlimited text, talk, and data” for $45 a month under the brands Straight Talk, Net10, Simple Mobile, and Telcel America, and until September 2013, did not clearly disclose its throttling policies that saw customers experiencing data speeds that were cut by up to 90 percent, thereby violating the FTC Act.

While this ruling only affects TracFone at the current time, there are several other carriers that have similar practices for their unlimited customers. AT&T and Verizon no longer offer unlimited data plans, but continue to provide unlimited data for many people who remain on grandfathered plans. AT&T has engaged in throttling practices for years, often cutting off customers who exceed 5GB of LTE data usage.
“The issue here is simple: when you promise consumers ‘unlimited,’ that means unlimited,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “This settlement means that Straight Talk, Net10, Simple Mobile, and Telcel America customers will be able to get money back from the company for services the company promised but didn’t deliver.”

Free Upgrade to Windows 10 during first year of release!!!

January 22, 2015

At today’s Windows 10 press event Terry Myerson, Microsoft’s Executive Vice President of Operating Systems, announced that Windows 10 would be a free upgrade for all user’s of Windows 7, Windows 8.1, and Windows Phone 8.1 who upgrade during the first year of launch. This is a significant move by Microsoft and aims to deliver the OS into as many hands as possible. This is especially profitable for coporations who typically take a long time to upgrade to new versions in order to ensure compatibility with legacy programs and procedures. By providing a free upgrade path, the cost savings may be to large for organizations to ignore.
Windows 10

Old Scam with a twist

December 22, 2014

A tech support scam was discovered that not only locks your browser stating your computer may be infected, but also has a computer generated voice trying to scare you as well. Typically, browser support scams will display a text or graphical alert that states that your computer is infected, you should call a number, and then makes it difficult for you to close the window or navigate away from it. A new alert was discovered that takes it to the next level by also playing a computer generated voice that states the following:

Important security message: Please call the number provided as soon as possible. You will be guided for the removal of any adware, spyware, or virus that is found on your computer. Seeing these messages means that you possibly have it installed on your computer which puts the security of your personal data at a serious risk. It’s strongly advised that you call the phone number provided and get your computer scanned before you continue using your internet.

This audio recording is contained in an MP3 file that is set to repeat itself when viewing the ad. This MP3 file can be found here.

When you call the number 877-363-6747, which is displayed in alert, someone will answer who says Tech Support and speaks in perfect English without any accent. When questioned, they stated that their company name was 1 Good IT and started giving me the standard pitch of taking over my computer to see what was wrong and then fix it. Having done this before with other scams, I did not proceed further and hung up.

Though you may hear a voice speaking to you, this is still the same old scam. So stay vigilant and close any browsers that display these types of messages. If you are having a problem closing the browser, then you can start the Windows Task Manager and kill the process associated with your browser. Finally, never call the numbers listed in tech support scams unless you just want to mess with them

Be on your toes for scam emails during the Holidays!

December 3, 2014

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

Home Depot

An “order confirmation” malware email blasted out by the Asprox spam botnet recently.
Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.

Walmart

This Asprox malware email poses as a notice about a wayward package from a WalMart order.
According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet.

Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam), and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. For an exhaustive and fairly recent analysis of Asprox, see this writeup (PDF) from Trend Micro.

Target

Target is among the many brands being spoofed by Asprox this holiday season.
Malcovery notes that the Asprox spam emails use a variety of subject lines, including “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”
If you receive an email from a recognized brand that references an issue with an online or in-store order and you think it might be legitimate, do not click the embedded links or attachment. Instead, open up a Web browser and visit the merchant site in question. Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction — information that can be used to look up the order status at the merchant’s Web site. I know I’m probably preaching to the choir for the loyal readers of this site, but I’m sure most of you have friends and relatives who could use a reminder about all of this. Please feel free to forward them a link to this story.


Follow

Get every new post delivered to your Inbox.

Join 119 other followers