Get Windows 10 Today!!!

August 6, 2015

Microsoft released Windows 10 and has made it available so you can upgrade Windows 7 and Windows 8.1 users for free. For those who have previously used the Windows 10 Reservation app, Windows 10 should start to download to your computer and then prompt you for installation. For those who are impatient, and want it immediately, you can download the Windows 10 Download Tool and start the upgrade immediately.

To start upgrading, visit the following link and download the appropriate download tool:

http://www.microsoft.com/en-us/software-download/windows10

Once it has downloaded, double-click on it to execute the program.

At the opening screen, you can choose to automatically upgrade to Windows 10 or create a bootable ISO or USB flash drive to upgrade another PC. Upgrading is a much easier process as it will automatically detect your product key and install Windows 10 over your existing Windows installation. For those, though, who wish to perform a clean install, you will need to find your product key first. Information on how to do this can be found in Microsoft’s Windows 10 FAQ.

If you have any questions regarding this process, feel free to ask for help in this topic or the Windows 10 forum.

Microsoft’s Office for Android tablets

January 31, 2015

You can download Microsoft’s Office for Android tablet apps today

Microsoft’s Office for Android tablets suite has emerged out of beta after three months in the labs and can be downloaded to your mid-sized tablet of choice for free.

So long as you have a Microsoft account and a tablet with a display that’s between 7 and 10.1-inch in size, you can download and use the free (basic) versions of Word, Excel and PowerPoint to your heart’s content.

Unlimited Data?

January 28, 2015

Recently the FTC has been quite interested in all things data stream related. One of those things being the throttling of whats known as ‘Unlimited Data’. Seems most people’s interpretation of unlimited is just that, UN Limited.

Well we all know that carriers do not seem to follow conventional definitions of terms. And it looks like the FTC wants the definition of Unlimited Data to mean the same thing to everyone. Consumers and carriers alike. So with backing of a $40 Million Dollar fine to TracFone. The FTC is sending a message that Unlimited means UN Limited. Not throttled.
TracFone advertised “unlimited text, talk, and data” for $45 a month under the brands Straight Talk, Net10, Simple Mobile, and Telcel America, and until September 2013, did not clearly disclose its throttling policies that saw customers experiencing data speeds that were cut by up to 90 percent, thereby violating the FTC Act.

While this ruling only affects TracFone at the current time, there are several other carriers that have similar practices for their unlimited customers. AT&T and Verizon no longer offer unlimited data plans, but continue to provide unlimited data for many people who remain on grandfathered plans. AT&T has engaged in throttling practices for years, often cutting off customers who exceed 5GB of LTE data usage.
“The issue here is simple: when you promise consumers ‘unlimited,’ that means unlimited,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “This settlement means that Straight Talk, Net10, Simple Mobile, and Telcel America customers will be able to get money back from the company for services the company promised but didn’t deliver.”

Free Upgrade to Windows 10 during first year of release!!!

January 22, 2015

At today’s Windows 10 press event Terry Myerson, Microsoft’s Executive Vice President of Operating Systems, announced that Windows 10 would be a free upgrade for all user’s of Windows 7, Windows 8.1, and Windows Phone 8.1 who upgrade during the first year of launch. This is a significant move by Microsoft and aims to deliver the OS into as many hands as possible. This is especially profitable for coporations who typically take a long time to upgrade to new versions in order to ensure compatibility with legacy programs and procedures. By providing a free upgrade path, the cost savings may be to large for organizations to ignore.
Windows 10

Old Scam with a twist

December 22, 2014

A tech support scam was discovered that not only locks your browser stating your computer may be infected, but also has a computer generated voice trying to scare you as well. Typically, browser support scams will display a text or graphical alert that states that your computer is infected, you should call a number, and then makes it difficult for you to close the window or navigate away from it. A new alert was discovered that takes it to the next level by also playing a computer generated voice that states the following:

Important security message: Please call the number provided as soon as possible. You will be guided for the removal of any adware, spyware, or virus that is found on your computer. Seeing these messages means that you possibly have it installed on your computer which puts the security of your personal data at a serious risk. It’s strongly advised that you call the phone number provided and get your computer scanned before you continue using your internet.

This audio recording is contained in an MP3 file that is set to repeat itself when viewing the ad. This MP3 file can be found here.

When you call the number 877-363-6747, which is displayed in alert, someone will answer who says Tech Support and speaks in perfect English without any accent. When questioned, they stated that their company name was 1 Good IT and started giving me the standard pitch of taking over my computer to see what was wrong and then fix it. Having done this before with other scams, I did not proceed further and hung up.

Though you may hear a voice speaking to you, this is still the same old scam. So stay vigilant and close any browsers that display these types of messages. If you are having a problem closing the browser, then you can start the Windows Task Manager and kill the process associated with your browser. Finally, never call the numbers listed in tech support scams unless you just want to mess with them

Be on your toes for scam emails during the Holidays!

December 3, 2014

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

Home Depot

An “order confirmation” malware email blasted out by the Asprox spam botnet recently.
Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.

Walmart

This Asprox malware email poses as a notice about a wayward package from a WalMart order.
According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet.

Asprox is a nasty Trojan that harvests email credentials and other passwords from infected machines, turns the host into a zombie for relaying junk email (such as the pharmaceutical spam), and perpetuates additional Asprox malware attacks. Asprox also deploys a scanning module that forces hacked PCs to scan websites for vulnerabilities that can be used to hack the sites and foist malware on visitors to that site. For an exhaustive and fairly recent analysis of Asprox, see this writeup (PDF) from Trend Micro.

Target

Target is among the many brands being spoofed by Asprox this holiday season.
Malcovery notes that the Asprox spam emails use a variety of subject lines, including “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”
If you receive an email from a recognized brand that references an issue with an online or in-store order and you think it might be legitimate, do not click the embedded links or attachment. Instead, open up a Web browser and visit the merchant site in question. Generally speaking, legitimate communications about order issues will reference an order number and/or some other data points specific to the transaction — information that can be used to look up the order status at the merchant’s Web site. I know I’m probably preaching to the choir for the loyal readers of this site, but I’m sure most of you have friends and relatives who could use a reminder about all of this. Please feel free to forward them a link to this story.

Patch Tuesday is here!!!

September 10, 2014

Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update!
winicon
Most of the flaws Microsoft fixed today (37 of them) are addressed in an Internet Explorer update — the only patch this month to earn Microsoft’s most-dire “critical” label. A critical update wins that rating if the vulnerabilities fixed in the update could be exploited with little to no action on the part of users, save for perhaps visiting a hacked or malicious Web site with IE.

I’ve experienced troubles installing Patch Tuesday packages along with .NET updates, so I make every effort to update .NET separately. To avoid any complications, I would recommend that Windows users install all other available recommended patches except for the .NET bundle; after installing those updates, restart Windows and then install any pending .NET fixes). Your mileage may vary.

For more information on the rest of the updates released today, see this post at the Microsoft Security Response Center Blog.
flashicon
Adobe’s critical update for Flash Player fixes at least 12 security holes in the program. Adobe is urging Windows and Macintosh users to update to Adobe Flash Player v. 15.0.0.152 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted. If you’d rather not be bothered with downloaders and software “extras” like antivirus scanners, you’re probably best off getting the appropriate update for your operating system from this link.

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 15 for Windows, Mac, and Android.

Adobe had also been scheduled to release updates today for Adobe Reader and Acrobat, but the company said it was pushing that release date back to the week of Sept. 15 to address some issues that popped up during testing of the patches.

As always, if you experience any issues updating these products, please leave a note about your troubles in the comments below.

Adobe and Microsoft today

December 11, 2013

Adobe and Microsoft today each separately released security updates to remedy zero-day bugs and other critical vulnerabilities in their software. Adobe issued fixes for its Flash and Shockwave players, while Microsoft pushed out 11 updates addressing at least two dozen flaws in Windows and other software.

Five of today’s 11 update bundles earned Microsoft’s “critical” rating, meaning that the vulnerabilities those patches fix can be exploited remotely by malware or miscreants without any help from users. At the top of the priority list for Windows users should be MS13-096, a patch that plugs a critical zero-day security hole in certain versions of Windows and Office. Microsoft first warned about this flaw on Nov. 5.

Microsoft also is urging customers and system administrators to prioritize two other critical fixes:  MS13-097, a cumulative patch for Internet Explorer (all versions), and MS13-099, which fixes a dangerous scripting issue in Windows. All three of these patches fix bugs that Microsoft says are likely to be exploited by attackers in the near future.

Ross Barrett, senior manager of security engineering at Rapid7, points out a noteworthy patch (MS13-104) for users of Microsoft Office 2013′s “cloud” services, which apparently fixes another vulnerability that is actively being exploited. “This information disclosure issue affects the Office ‘client’ and could allow an attacker to hijack an authentication token and gain access to documents stored in cloud resources,” Barrett said.

For more information on today’s updates, see the roundups at Microsoft’s Technet Blog, the SANS Internet Storm Center Diary, and the Qualys blog.

 ADOBE FLASH AND SHOCKWAVE UPDATES

Adobe has issued a patch for its Flash Player software that addresses at least two security holes, including a vulnerability that is already under active attack. Adobe said it is aware of reports of an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content. The company credits researcher Attila Suszter for reporting the flaw; more information about this bug is available at Suszter’s blog.

To find out whether your system has Flash installed and at what version, check this page. Updates are available for Windows, Mac and Linux versions of Flash. The latest version for Windows and Mac users is 11.9.900.170, and 11.2.202.332 for Linux.

Google Chrome auto-updates its own versions of Flash (although not always right away); the newest Flash for Chrome is 11.9.900.170. Internet Explorer 10 and 11 on Windows 8 include an embedded version of Flash that gets updates from Windows Update, rather than through Adobe’s installer. On Windows 7 and earlier, Flash is not embedded, and needs ot be updated via Adobe’s updater or manually by downloading the appropriate version from this page.

In addition, Adode AIR (required by some applications like Pandora Desktop, for example) was updated to v. 3.9.1380 for Windows, Mac and Android devices. Adobe AIR checks for and prompts you to install any available updates anytime you launch an application that uses AIR; in any case, the download link is here.

Adobe also issued an update for its Shockwave Player software that fixes at least two vulnerabilities, bringing Shockwave to v. 12.0.7.148 on Windows and Mac systems. Shockwave is one of those programs that I’ve urged readers to remove or avoid installing. Like Java, it is very often buggy software that many people have installed but do not really need for everyday Web browsing. Securing your system means not only making sure things are locked down, but removing unneeded programs, and Shockwave is near the top of my list on that front.

If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don’t have Shockwave installed and in all likelihood don’t need it. Firefox users should note that the presence of the Shockwave Flash plugin listed in the Firefox Add-ons section denotes an installation of Adobe Flash Player plugin — not Adobe Shockwave.

Goodbye Microsoft Security Essentials: Microsoft Now Recommends You Use a Third-Party Antivirus

October 17, 2013

Microsoft Security Essentials (Windows Defender on Windows 8) was once on top. Over the years, it’s slid in the test results, but Microsoft argued the tests weren’t meaningful. Now, Microsoft is advising Windows users to use a third-party antivirus instead.

 This revelation comes to us from an interview Microsoft gave. Microsoft’s official website still bills MSE as offering “comprehensive malware protection” without any hint that they no longer recommend using it. Microsoft is not communicating well with its users.

Critical Java Update Plugs 51 Security Holes

October 16, 2013

Oracle has released a critical security update that fixes at least 51 security vulnerabilities in its Java software. Patches are available for Linux, Mac OS X, Solaris and Windows versions of the software.

This update brings Java 7 to Update 45, and addresses a whole mess of security flaws. Oracle says that all but one of the 51 vulnerabilities fixed in this update may be remotely exploitable without authentication.

Updates are available from Java.com and the Java Control Panel. Apple has issued an update to its supported version of Java, which brings Java on the Mac to 1.6.0_65 for OS X 10.6.8 or later. As CNet notes, Apple is using this update to further encourage users to switch to Oracle’s Java runtime, especially for Web-based Java services.

“When this latest update is installed, according to Apple’s documentation it will remove the Apple-supplied Java plugin, and result in a ‘Missing plug-in’ section of a Web page that tries to run a Java applet,” CNet’s Topher Kessler writes. “If you click on the missing plug-in message, the system will direct you to Oracle’s Java Web site so you can download the latest version of Java 7, which will not only support the latest features in the Java runtime, but also include the latest bug and vulnerability fixes. Apple’s last supported version of Java is Java SE 6, and since handing the reigns over to Oracle, has progressively stepped back from supporting the runtime in OS X.”

Broken record alert: If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Oracle likes to remind everyone that 3 billion devices worldwide run Java, and that 89 percent of desktops run some form of Java (that roughly matches what vulnerability management firm Secunia found last year). But that huge install base — combined with a hit parade of security bugs and a component that plugs straight into the Web browser — makes Java software a perennial favorite target of malware and malcontents alike.

If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click to play). Java 7 lets users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

Otherwise, seriously consider removing Java altogether.  I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

There are a couple of ways to find out if you have Java installed and what version may be running.  Windows users can click Start, then Run, then type “cmd” without the quotes. At the command prompt, type “java -version” (again, no quotes). Users also can visit Java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from Java.com.