Windows 10 to Scrap Optional Updates

Uncategorized
31
Jul 2015

Windows-10-alla-enheter-1

Windows 10 plans to push mandatory updates. Learn how it affects Windows 10 systems by understanding options available for different versions of the OS.

Any networks that run Windows 10 will find their systems subject to mandatory updates. This means that most versions of Windows 10 will lose control to delay or disable such updates when needed.

Most versions of Windows 10 will have security and feature updates thrown in together as well instead of being released separately.  Therefore, if a company were to disable automatic updates within a network, they’ll be risk disabling all updates completely.

How-to-upgrade-from-Windows-7-or-8-to-Windows-10-via-Windows-Update

The flip side is that this will ensure that no Windows 10 system will miss any updates, which is good in an ideal way. Despite the positives, not every business is keen to apply automatic updates without realizing what it covers, or even if it’ll disrupt their systems. Despite the latter, it’s possible to overcome this; however it would come at a premium with Windows 10 Enterprise.

Windows 10 Home

Windows 10 home users will have no choice but to receive updates from the Current branch from Microsoft. Therefore, whenever Microsoft pushes an update they’ll immediately go out to Windows 10 home users. Bear in mind, Microsoft states they tests all updates before being sent out. The downside is that Microsoft users will not have any option to delay or defer updates. This is not such a bad idea, as most home users will benefit from staying updated and secure.

Windows 10 Pro

Systems running Windows 10 Pro can choose between receiving updates directly from the Current Branch, through the Current Business Branch or via Windows Server Update Services (WSUS). With Current Branch, feature and security updates will be issued automatically similar to Windows 10 Home systems.

The Current Branch for Business method and WSUS allow for more flexibility for users to select when to issue the fixes, new features and security patch updates. Despite this flexibility, such updates are not intended to be deferred indefinitely and will eventually need to be pushed out within a set window of time.

Windows 10 Enterprise

The only version to offer fully configurable updates will be Windows 10 Enterprise, which is not included as part of the free upgrade from Windows 7 and 8. This version is the most expensive of them all and is available exclusively to volume licensees. It’s no surprise that it gets the most choices.

This version can choose to push out updates to any number of machines through the Current Branch, Windows Updates or WSUS. Such update methods and can also be configured to be delayed for an unspecified amount of time.

Updates for new features can also be separated from security updates, thus allowing further choices for Windows 10 Enterprise. This is all possible with access to the Long Term Servicing Branch. 

Windows 10 Education

The Windows 10 Education version will offer the same features as Windows 10 Enterprise offered to teachers and students. They’ll also have the same options as Windows 10 Pro. Windows 10 Education users will be able to choose when to adopt updates for new features, fixes and so forth via Windows updates. When using the Current Branch for Business method to update, they are able to slightly defer receiving new features.

For more ways to stay updated, contact your local IT professionals.

Read More

8 Misconceptions About the Cloud

Internet,
29
Jul 2015

Futuristic Cloud Computer

With plenty of claims floating around about “the Cloud”, it’s no wonder many people find it somewhat confusing. Here are 8 misconceptions about the cloud.

The Cloud; a buzzword that has been tossed around for many years into the vocabulary of  businesses and individuals alike. We’ve written this article to address some myths regarding cloud computing.  According to Wikipedia, the Cloud is a “metaphor” for the Internet.  One could say that the Cloud is a modern way to describe how the Internet is used to store and access data files in large data centers. Like any other physical system, data centers run physical disks to store data that and could be thought of as the Cloud. Despite the latter, the files accessed by cloud users appear as “virtual” when accessed from their systems or devices.

 

Typical_Data_Center

How confusing can all this be?

Applications_in_the_Cloud

According to many circles of IT professionals and businesses alike, the cloud concept has deviated from being a solution for accessing files on the Internet, to many other outrageous things we hear about.  Here are some examples of popular misconceptions:

“The cloud will solve all of your organization’s problems”

The Cloud still isn’t entirely secure and there are other aspects to running a business that the cloud has not yet reached, there’s still a way to go for this.

“Is always available with no down time”

The Cloud solution of choice is just as susceptible to downtime as any other system on earth. This ranges from a genuine outage to scheduled maintenance. Anyone and everyone’s files on the cloud are stored virtually on a company’s physical disk. This means that the Cloud Company is also susceptible to down-time like any other business.

“Needs no backups or disaster recovery plans as the data cannot be lost, deleted, or is never down”

Even files on the Cloud should be backup up (ideally offline ). The Cloud is not 100% guaranteed to hold your files. Cloud servers could go down or even ransom-ware could reach file shares to encrypt or wipe them altogether. For instance Dropbox has been known to be susceptible to ransom-ware attacks.

“I’ve never used the cloud”

Many claim to have never used the cloud despite having used the internet before, a lack of understanding perhaps?  If you’ve accessed email online, social media sites, online banking, shopped online, you’ve definitely accessed the cloud.

“The Cloud gets affected by the weather”

Many believe the literal meaning of the word “cloud”, and associate it with the “fluffy white thing” that is seen over the skies.  Of course, we know that this is complete nonsense!

Cloud Smile

“It’s a backup”

The Cloud is not a backup; however third party services over the cloud like Amazon AWS can be used as a service to form part of a backup strategy.

“With cloud computing you’ll never need to buy hardware again”

Not true. You still need to purchase systems and devices to access the cloud.

“Our Virtual machine environment at our business is the Cloud”

Not entirely wrong. Virtual machines will form the company’s private Cloud which is different to a public cloud.

To help clear up the mental fog about the broad use of the term “Cloud” for many individuals or businesses, it’s best to understand the difference. In reality, the cloud can mean many different things to different people. In essence, the difference for many businesses will mean choosing between an in-house solution or the “cloud” solution “. Of course, they can have both if they wanted to.

For more ways to safeguard your data, contact your local IT professionals.

Read More

3 new security features for Windows 10

Security,
21
Jul 2015

Win10-security

With the release of Windows 10 just around the corner, learn about three new security features in Windows 10 being introduced in the operating system.

Microsoft has been branding Windows 10 as a system that will include security upgrades like biometric authentication and app-vetting.

Learning from past mistakes, Microsoft took note from the after the disappearance of the start menu in Windows 8. In fact, many users found it a challenge to navigate through Windows 8 because of the heavy tile-like set up. Windows 10 will bring the start menu back along with Cortana – a personal assistant and new browser called Edge. It is said that Microsoft is trying to emulate the Smartphone experience for a PC or a laptop with Windows 10.

Here are three interesting security features coming to Windows 10:

Device Guard

Device guard is a feature that will automatically block applications that lack an authentic vendor signature. Lenovo, Acer, HP are teaming up with Microsoft to utilize device guard on all their devices using Windows based services.

This feature will protect users from malware. When a user executes an app, Windows will run a credential check and notify the user about whether or not to trust the app. Device guard is unique because it can make these analytical decisions outside of window’s OS – which is known to be susceptible to hackers and malware.

Device guard is different from antivirus software as it is immune (for now) to stealth attacks and tampering. However it will guide your antivirus by flagging questionable apps. It will be functional even if Windows Kernel is not.

Windows Hello

windows-hello

Imagine your fingerprints, iris or your face being the key to access to your computer. Biometrics makes it all possible without the need to worry about passwords. Windows Hello attempts to make users immune to password hacking attacks as it lets them carry out their every-day online activities without having to key in a password or store one on your device or a network server. Your device will need a sensor to register such biometric information. So unless you are planning to buy a new device capable of Windows Hello, you won’t be able to experience it.

Passport

Windows-Passport

Microsoft is streamlining passwords by introducing Passport. Passport will allow you to access apps and services online without entering a password. This will be done by using a ‘pin’ or Microsoft hello. Before authenticating, Microsoft will be able to verify if you are in possession of your device. Passport will use Microsoft’s Azure Active Directory Services to accomplish this task.

For more ways to stay informed with new technologies, contact your local IT professionals.

Read More

Customer Accounts Drained Through Starbucks App

Security, ,
16
Jul 2015

coffee_on_computer_key

A recent security loophole has affected Starbuck’s customers thanks their mobile app. Read more on this story to learn how it happened and how to avoid it.

For some unlucky coffee lovers, it was not a great morning when they found that hackers were draining their bank accounts through Starbucks mobile app. Starbucks were not the prime target as many would think. The sneaky attack was aimed at users who were directly impacted by the latest Starbucks hacking incident.

Point of entry

It seems that the attacker had spotted vulnerability in Starbucks’ app that permits multiple attempts to guess the correct password.starbucks-tb

Not only did user’s passwords become compromised, the attack exposed some users with the same ID and password for logging into other existing accounts. In theory, this could give an attacker the keys to access and “drain” your online banking accounts and other significant accounts where shopping transactions are permitted.

Considering that 18% of Starbucks’ total transactions are made via their app, its imperative for Starbucks to take corrective measures to handle this issue.

The dirty deed

It’s estimated that $2 billion dollars were made in transactions via mobile payments alone in 2014. Yet, it was incredibly easy for the hackers to carry out this hacking attack.

  • The attackers managed to acquire stolen passwords and ID’s from “black-hat” sources.
  • The attackers used a program to test out combinations of stolen ID and password on the Starbucks app until they successfully gain access into an account.
  • These programs are believed to be sophisticated and efficient enough to process thousands of ID and password combinations every second.
  • Once the attackers were able to access an account, they’d add a gift card to it.
  • After adding the gift card, hackers would then typically transfer all the money from the user’s main account on the app to the gift card itself.
  • The gift card is then managed entirely by the hackers who pocket all the funds.

The real danger lies on what other accounts the hacker may have access to once they’ve compromised an account through the Starbucks App. PayPal account or Credit Card details are also at risk as these can be linked to Starbucks accounts. All this can lead to unimaginable financial damage in both the short and long run.

The “Gift” card

Ever wondered what happens to the money transferred to the gift cards?

Hackers or thieves, whichever way you look at it, will sell or resell these gift cards for their face value. They sometimes fetch less on the internet, churning real dollars out of Starbucks dollars. It may be worth holding on to your real wallet for a little longer!

635671531553796731-star

The whole Starbucks hacking ordeal was first reported by consumer journalist, Bob Sullivan. In fact CNN-Money was able to interview many who had experienced same scandals in the past. The interviews reveal Starbucks slacking on security procedures by not having enough secure authentication processes in place for transactions. For instance, transactions involving those who deposit money onto gift cards or initiate money transfers from bank accounts.

How to stay protected

If ever you’ve been a victim of such a scam, then we suggest you put in a complaint about it to Starbucks ASAP. They will most likely investigate the matter; however you may be prompted to take it up with you bank or PayPal.

Also be sure to update, cycle and change your passwords at your earliest convenience. If you suspect your account details were stolen, your old account credentials may have been sold under scheming “underground” trade sites that buy lists of user credentials.

Many customers have uninstalled the Starbuck’s app and have started to pay with cash or with credit/debit cards. We suggest you follow this advice too until tighter security measures are put in place.

For more ways to safeguard your personal data, contact your local IT professionals.

Read More

How to spot phishing emails and avoid malware infections

Security, ,
14
Jul 2015

Phishing

Do you know how to spot a phishing email? Phishing emails are not only a nuisance, but can also lead to theft. Our guide will show you how to spot them.

The term “phishing” is likened to the word fishing, which sounds almost the same and is used with the same notion to reel in some information such as a username/password or to hook you into taking some action via an unsolicited email. The aim of a phishing email is to “phish” a user by having them fall for the bait without initially realizing it.

Convincing phishing emails work well for the originator without raising too much suspicion to the end user.  So how does one avoid this? First, let’s understand the damage a phishing email can generate before we delve into how to spot one.

What harm can phishing emails cause?

There are two major risks that can result from opening up links or attachments from phishing emails.

  1. Many email authors aim to trick users into believing that they’ve been contacted by a legitimate company that may prompt them to visit a link which can lead to a fake website. This site may be a copy-cat site of a legitimate one, for instance a banking site, complete with a login screen. The spoof site then captures and records login credentials which can be used again by the originator of the dummy site.
  2. The email itself may pretend to pose as the legitimate company, such as a bank, prompting their targets to take action through their link. Usual email wording triggers the user to prompt some action such as “your account is suspended”, “update your information”, or even that an account has had “unauthorized access”. Anything which triggers panic or confusion is enough to get a user to follow through the phishing email’s instruction.

Such scams can lead users to give away their credentials, passwords, and private information, which can be used to steal their identity and money.

Many phishing emails also attempt to infect systems with malware. This is a common entry point for a large majority of infections at companies leading to infecting one’s computer system and network with nasty malware. The worst case scenario includes the malware holding a user’s data hostage in exchange for a ransom.

How to spot phishing scams

Below are usual signs of phishing email to watch out for.

  • Unrecognized sender. This is usually a big giveaway. If you don’t recognize the sender, treat it with suspicion. Even if the recipient appears with the same domain, always question this as clever phishing attacks can use the same company domain to trick users.
  • Unexpected emails. Unless you’re expecting an email from a company i.e. a delivery shipment notification, or a lottery win, treat this with suspicion. If unsure about a delivery shipment, contact the official company – acquiring their contact details through their official website.
  • Prompts to open up attachments. Avoid clicking any links or opening attachments.
  • Odd looking website addresses. Another clue to phishing emails are links in the email having suspicious website addresses, which can redirect you to a dodgy website.
  • Odd looking or out of place emails. If you’re able to look at the sender’s details, see what email address it displays. Most of the time their email domains will not match the company they claim to be from. For instance, an email claiming to be from your bank could have @yahoo.com domain. This is an obvious giveaway!
  • Impersonating institutions and companies. As mentioned earlier, be suspicious of so-called emails posing to be Banks, the IRS, Social Security Office and so forth. They rarely contact users through email. If in doubt, contact them directly and not through any telephone numbers given in the message.
  • Poorly written English and grammar. Many phishing emails contain poorly structured sentences and grammatical mistakes which sound like they’ve been written by a ten year old or a non-native English speaker.

Anatomy of Phishing-1

If ever you’re in doubt, don’t hesitate to notify your IT administrator who can help to block as many phishing emails as possible. Even if some manage to filter through, which does happen, put this guide into practice.

For more ways to secure your business systems and networks, contact your local IT professionals.

Read More
1 2