Tag: windows

Microsoft sued over Windows 10

Three people in Illinois have filed a lawsuit against Microsoft, claiming that its Windows 10 update destroyed their data and damaged their computers.

The complaint, filed in Chicago’s US District Court, claimed that Vole’s Windows 10’s installer was a defective product, and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation.

The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the US who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation.

They claim there are hundreds or thousands of affected individuals.

Microsoft responded that they’d offered free customer service and other support options for “the upgrade experience,” adding “We believe the plaintiffs’ claims are without merit”.

The complaint argues Windows 10’s installer “does not check the condition of the PC and if the hard drive can withstand the stress of the Windows 10 installation”.

The lead plaintiff says her hard drive failed after Windows 10 installed without her express approval, and she had to buy a new computer.

Windows security cure is sorting out Admin rights


More than 94
percent of Windows vulnerabilities are mitigated by removing admin rights, according to a team of insecurity experts.

Avecto, which has issued its annual Microsoft Vulnerabilities report and found that there were 530 Microsoft vulnerabilities reported in 2016, and of these critical vulnerabilities,

All vulnerabilities impacting both Internet Explorer and Edge could be mitigated by removing admin rights, Avecto reported.

Mark Austin, co-founder and CEO of Avecto, said that privilege management and application control should be the cornerstone of your endpoint security strategy, building up from there to create ever stronger, multiple layers of defense.

“These measures can have a dramatic impact on your ability to mitigate today’s attacks. Times have changed; removing admin rights and controlling applications is no longer difficult to achieve,” he said.

Windows 10 was found to have the highest proportion of vulnerabilities of any OS (395), 46 per cent more than Windows 8 and Windows 8.1 (265 each).

Microsoft Office had 79 vulnerabilities in 2016, up from 62 in 2015 and just 20 in 2014. This data includes Office 2010, Office 2013, Office 2016 and the various applications. Removing admin rights would mitigate 99 per cent of the vulnerabilities in older versions and all of those vulnerabilities would be mitigated in Office 2016.

Avecto said this method of turning off admin privileges works alongside tools such as antivirus to proactively prevent malware from executing in the first place, rather than relying on detection and response after the event.

Windows 7 is a chocolate teapot, Microsoft warns

Nestle-chocolate-teapot-1Software giant Microsoft has warned the world that its Windows 7 software is the chocolate teapot of software and is advising people to upgrade to Windows 10.

Microsoft ended mainstream support for Windows 7 back in January 2015 and stopped OEMs from selling PCs with Windows 7 and 8.1 near the end of 2016.

A spokesVole said that Windows 7 will approach its end of extended support in less than three years, and warned enterprise customers and other users to upgrade to Windows 10.

While January 14, 2020 might seem a long way away it does take organisations rather a long time to do a roll out. But Vole warned that Windows 7 really was not an option anymore and not fit for the purpose for most corporates.

In a new blog post, the company says that continued usage of Windows 7 increases maintenance and operating costs for businesses. Similarly, time is needlessly wasted on combating malware attacks that could have been avoided by upgrading to Windows 10. Microsoft also says that many hardware manufacturers do not provide drivers for Windows 7 any longer, and many developers and companies refrain from releasing programs on the outdated operating system.

Markus Nitschke, Head of Windows at Microsoft Germany said that the Operating system did not meet the requirements of modern technology, nor the high security requirements of IT departments.

Companies should take early steps to avoid future risks or costs, he said.

Microsoft further pointed out that its obsolete operating system is based on “long-outdated security architectures”. It also cautioned that companies and businesses who still use it are more susceptible to cyber-attacks.

Windows 10 to lock when you move away

8746-dSoftware king of the world Microsoft has a wizard wheeze to hack off users.

Vole has thought that it would be much more secure if every time a user steps away from their machine, Windows 10 senses this and goes into lock down automatically.

The feature is labelled as Dynamic Lock and has started appearing in recent test builds of Windows 10. Vole has dubbed the software “Windows Goodbye” internally which might be a prediction more than a label.

Vole uses special Windows Hello cameras to let Windows 10 users log into a PC with just their face and big corporates want employees to use the winkey+L combination to lock machines when they’re idle.

The new feature will make it an automatic process and it is not clear how Microsoft detect inactivity, but it’s possible the company could use Windows Hello-compatible machines or detect idle activity and lock the machine accordingly.

Windows can already be configured to do this after a set time period, but Vole is streamlining this feature into a simple setting for anyone to enable. Microsoft is planning to deliver Dynamic Lock as part of the Windows 10 Creators Update, expected to arrive in April.

It might work in a corporate world although logging on and off each time you go to the loo is going get annoying quick. Supervisors often must get up for a moment to help their employees, logging on and off each time they do that is going to force them to lob their PC through the window.  But home users are up and about all the time.

To be fair all this will be redundant when the computer starts to recognise who you are and switches back on automatically. That tech is already there with Windows Hello.

Watchdog tells Microsoft to refund Windows 10 update victims

Watchdog-Lele1A UK watchdog Which?  has growled at the software giant Microsoft over the fact its update bricked some users PCs and told it to pay up to have them repaired.

For those who came in late, last year Vole rolled out a free Windows 10 update to all its customers. However Which? received hundreds of complaints about the software, including repeated pop-ups regarding updates, various problems regarding printers, Wi-Fi cards, working of speakers, files being lost and email accounts no longer syncing.

Many complained about being “nagged” by Microsoft to install the new update and despite declining notifications. Which? said there have also been complaints about poor customer service from Microsoft when users contacted the company about the problems they are having, the report said.

Alex Neill, Director of Campaigns and Policy said that of 2,500 people surveyed, who had upgraded to Windows 10, more than 12 percent said they ended up rolling back to their previous version of the operating system. More than half stated that this was because the upgrade had adversely affected their PC.

”We rely heavily on our computers to carry out daily activities so, when they stop working, it is frustrating and stressful,” A, was quoted as saying. ALSO READ: Microsoft’s Cortana to help refrigerators in ‘food management,” Neill said.

“Many people are having issues with Windows 10 and we believe Microsoft should be doing more to fix the problem. Which? is now calling on Microsoft to improve its customer service and compensate its customers where appropriate.

 

Linux on Windows might be a giant bug

bugWhile the world cheered at the prospect of Linux running on Windows, security experts were less sure and fear that it might have bought a new way to hack a Windows machine.

Alex Ionescu, chief architect at Crowdstrike told the assorted throngs at the Black Hat USA security conference that some problems he reported to Microsoft during the beta period have already been fixed, but the larger problem, though, is that there is now a new potential attack surface that organisations need to know about and risks that need to be mitigated.

“In some case, the Linux environment running in Windows is less secure because of compatibility issues, There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.”

The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated.

He said that Windows was now a “two-headed beast” that can do a little Linux and can also be used to attack the Windows side of the system.

Linux on Windows does not run inside of a Hyper-V hypervisor, which potentially could isolate the Linux processes. Instead Linux is running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface, he said.

The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories.

The updating mechanism inside of Linux for Windows is also an area Ionescu looked at. There is a scheduled task that can be set in Windows to run the Apt-Get Linux command to update packages for the user mode that is enabled by Ubuntu. That said, Ionescu noted that Microsoft isn’t actually using an Ubuntu Linux kernel, just user-land tools and applications.

AppLocker, which is Microsoft’s whitelisting service for Windows applications, doesn’t work for Linux applications. As such, if an enterprise has enabled Linux on systems, Linux apps can potentially run without first checking with AppLocker.

 

French Windows privacy slammed

c3f9850de05b9d4e64c50e5353a17117The French government is furious that Windows 10 appears to collect rather too much user data.

France’s National Data Protection Commission (CNIL) has order Microsoft to comply with the French Data Protection Act within three months. and “stop collecting excessive data and tracking browsing by users without their consent.”

In addition to this, the chair of CNIL has notified Microsoft that it needs to take “satisfactory measures to ensure the security and confidentiality of user data”. The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft’s part.

Microsoft is accused of not only gathering excessive data about users, but also irrelevant data. The CNIL points to Windows 10’s telemetry service which gathers information about the apps users have installed and how long each is used for. The complaint is that “these data are not necessary for the operation of the service”.

The company is also criticised for its lack of sufficient security — such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL’s list of complaints does not end there. It also took exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US.

In a statement, the CNIL said:

Given the above, the Chair of the CNIL has decided to issue a formal notice to Microsoft Corporation to comply with the Act within three months. This proceedings only commits French Data protection authority. The other data protection authorities belonging to the WP29 Contact group are continuing their investigations within their respective national procedures.

The purpose of the notice is not to prohibit any advertising on the company’s services but, rather, to enable users to make their choice freely, having been properly informed of their rights.

It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory).

Vole is probably not too concerned. It fully expects the cheese munching surrender monkeys to back down when the three month deadline it is up, but if France’s objection is heard by the Germans, who are a lot more earnest about privacy then it might have a fight on its hands.

Thunderstorm hits Microsoft’s Windows 10 nagware

live_tv_windows_10Microsoft’s Windows 10 nagware is making a public idiot of the company and rendering the software customers have paid for unfit for the purpose.

The latest public humiliation of the company happened during a live TV weather forecast. Instead of the weather map that the television station KCCI wanted, the screen was full of a demand that meteorologist Metinka Slater upgrade to Windows 10 immediately.

Slater was busy trying to warn the good and the bad citizens of Iowa about thunderstorms rolling through Iowa, which was a little more important than a software upgrade.

“Microsoft recommends upgrading to Windows 10. Gosh, what should I do?” Slater asked the viewing public.  Upgrading to Linux instead perhaps? Certainly a TV company can’t risk being seen as being that unprofessional ever again.

Microsoft is increasingly alienating people from its Windows 10 operating system with these sorts of antics. Forced upgrades of any sort are a pain.  We know this because even after you upgrade to Windows you are forced to upgrade on demand even when you do not have enough disk space.  Windows 10 wants to upgrade itself every morning and fills up our hard drive and then insists that it needs 5GB to install itself which the SSD slave drive does not have.

Frankly we hope that the TV Company sues Microsoft, because there does not seem to be any way to make the company understand that nagware on legitimate paid for software is just wrong.

Microsoft makes a Chinese Windows 10

cimg3254Microsoft has made the Chinese government its own version of Windows 10.

Dubbed Windows 10 Zhuangongban, or “Windows 10 Specially-provided Edition” – Vole has already completed the first version of the specialised Windows 10.

Microsoft announced the deal and its intention to develop the China-specific software in December and Vole is not the only government focused OS on the Chinese market.

The Zhuangongban features fewer of Microsoft’s consumer-targeted apps and services, while including more management and security controls. So in other words it does not phone home to Microsoft as much as the western version does either.

Microsft said the Chinese version has the ability to run any Windows-compatible programs, but is not saying if there are any other differences.

China’s government has itself been developing NeoKylin, a partially Chinese developed Linux fork, but this new move might indicate that China needs a broaders support of software – particularly in its state-owned enterprises, which need to be able to use industry standard software tools.

 

McAfee security has become spyware

spyMcAfee software which comes bundled with some PCs seems to be converting itself to spyware to help serve up advertising and could be used as a geolocation tool.

Help Net Security wrote that  seven laptops, the Lenovo Flex 3, Lenovo G50-80 (UK version), HP Envy, HP Stream x360 (Microsoft Signature Edition), HP Stream (UK version), Acer Aspire F15 (UK version), and Dell Inspiron 14 (Canadian version) were tested by the security research team of Duo Security.

Duo sniffed the traffic sent from and to them once they have been taken out of the box, plugged in, and connected to a network.

“Within the first few packets on all seven laptops, there were issues. It took awhile to figure them out, as much of the traffic was encrypted and one had to go by server hostname or calling program name, or by reverse-engineering the calling code to find out what was going on,” they pointed out.

It found several security issues which should have been fixed last year and some of the Windows 10 security settings were being reset to their “phone home” defaults.  But that was not the worst thing.

The McAfee software was using web beacons that can be used to track and serve advertising to users and to track users.

Basically to fix the problems is to turn off all privacy settings, make some registry settings adjustments, and turn off some services. You have to do this each time you patch your PC, the researchers advised. Of course removing McAfee, setting up Windows Defender, and adjusting firewalls to stop the transmission of data is probably better.