Security Protection – Harry Waldron MVP Rotating Header Image

Android Nougat 7.0 – Comprehensive FAQ

The new Android Nougat 7.0 phone O/S offers improved security & functionality. Below is a comprehensive

Android 7.0 is officially on its way into the world. So what’s Nougat — the Android software, that is — all about? And what’ll it mean for you? Here are answers to all of your burning questions.

Windows 10 – Ten advanced and hidden usage tips AUG-2016

PC Magazine highlights 10 advanced and hidden usage tips for Windows 10 users as noted below:

Here we present a list of 10 cool tips that will help you get a little bit more out of your Windows 10 experience. Or, at least, there are some things you may have not known about. Some have been available in Windows for a number of generations, while some are native to Microsoft’s most recent OS.

PCMag has some dedicated Windows fans in our readership, so you likely know at least some of these features, but you probably don’t know them all. I tested these on a pair of Lenovo laptops, one running Windows 10 (non-Anniversary Update version) and the other (when accessible) on Windows 7 Professional.

1. Secret Start Menu
2. Secret Desktop Button
3. Rotate Your Screen via Keyboard Ctrl-Alt-D Arrows
4. Enable Slide to Shutdown
5. Enable ‘God Mode’ (power user mode)
6. Right-Click on Tiles
7. Right-Click on the Taskbar
8. Shake – which clears clutter in window displays
9. Drag to Pin Windows
10. Hidden Games in Cortana

Windows 10 – Anniversary update changes for PIN and Windows Hello Behavior

After the recent Windows 10 “Anniversary update” (1607), The capability to use the PIN functionality is now restricted by Global Group policy settings that must be turned on in advance for use of this feature.

The purpose of this post is to quickly publish details of some changes designed to create distinction of our next generation credential, now called Windows Hello for Business and its associated PIN. If you are currently managing an enterprise computing environment utilizing Windows 10 with Windows Hello then you should read this article to determine if you need to take action.

So, What’s Changed? — Starting in Windows 10, Version 1607, the default behavior to allow convenience PIN creation has changed.  The new default is that convenience PINs cannot be created on domain joined machines unless you specifically enable it via policy:

In summary, if you are looking to deploy Windows Hello for Business (formally Microsoft Passport for Work) then this might be the perfect opportunity to move to that more secure credential and not re-instate the convenience PIN sign in. However, if you have happy with the convenience PIN sign in functionality and security, you should enable the “Turn on convenience PIN sign-in” GP setting before you upgrade so that users can continue to use Windows Hello and not be interrupted by the upgrade.

Windows 10 – Anniversary update issue for Webcams using MJPEG and H264 encoding

After the recent Windows 10 “Anniversary update” (1607), an issue surfaced for webcams using an older MJPEG and H264 encoding standard. The use of the older webcam standards was more prevalent than originally anticipated and will likely be restored soon during a future update.

On August 2nd, Microsoft released the Anniversary Update for Windows 10 and when the bits arrived on computers around the globe, it brought with it new features and also broke webcams for millions of consumers. If your webcam has stopped functioning since the release of the Anniversary update, you are not alone but the good news is a fix is coming, hopefully in September.

Microsoft made a significant change with the release of Windows 10 and support for webcams that is causing serious problems for not only consumers but also the enterprise. The problem is that after installing the update, Windows no longer allows USB webcams to use MJPEG or H264 encoded streams and is only allowing YUY2 encoding.

Why did the company remove these options? The short answer is that with the Anniversary update there are new scenarios for applications to be able to access the webcam and the MJPEG or H264 encoding processes could have resulted in duplication of encoding the stream (poor performance) so the company limited the input methods to stop this from happening.

This issue impacts a wide variety of webcams including the popular Logitech C920 that both Paul and I use for podcasting. Paul has been having this issue for months where every time the camera tries to go into HD on a video call, it would freeze and now I am experiencing this issue as well. When Paul started having these issues a few months ago, we figured it was either a bad driver from Logitech or possibly even the Skylake CPU.

MS16-095 – IE11 and Edge browsers remove RC4 cryptographic support

Microsoft has phased out all browser support for the older RC4 communications encryption standard as it is rarely in use and considered obsolete and insecure compared with new standards (like TLS 1.2 for example)

It might be thought that RC4, a stream cipher used in client-server communications that’s long been considered to be cryptographically insecure, was already gone from those browsers. Microsoft declared its intention to kill it off last year. In March of this year, Microsoft indicated that RC4 would go away on April 12. However, it later delayed that action in response to “customer feedback.”

This time Microsoft will pull the trigger on RC4. It’s happening via patch KB3151631, which is part of Microsoft’s security update MS16-095 in the August batch of bulletins, released today. The patch will disable RC “for Microsoft Edge and Internet Explorer users on Windows 7, Windows 8.1 and Windows 10,” Microsoft indicated in its announcement today.

Not many browsers currently use RC4. The Trustworthy Internet Movement’s SSL Pulse page showed just 6.5 percent of modern browsers used RC4 this month. Microsoft described RC4 use as “small and shrinking” in its announcement.  Microsoft is following the lead of Google and Mozilla by getting rid of RC4 because the cipher can be broken in hours via man-in-the-middle session hijacking attacks. Typically attackers trick browsers into using the insecure RC4 cipher to carry out the attacks. The Internet Engineering Task Force has stated that RC4 should be prohibited from use with client and server Transport Layer Security (TLS) connections.

Microsoft recommends that organizations enable Transport Layer Security 1.2 in their services and stop using RC4. Ciphers supported by various Windows versions are described at this page.

Intel – Kaby Lake features graphics improvement in 7th-generation microprocessors

Intel is developing the new Kaby Lake microprocessor to succeed Skylake with improved features in it’s 7th generation model.

Intel isn’t known for its graphics processors, but the company is promising a big improvement with its 7th-generation Core processors, code-named Kaby Lake. The Kaby Lake chips, which will succeed Skylake, will feature integrated 4K graphics processors, the company said at the Intel Developer Forum on Tuesday.

The chip will allow PCs to play premium 4K content smoothly, said an Intel representative demonstrating the PC. The chip will have hardware-accelerated 4K video decoding.  While graphics will be smoother with Kaby Lake, you’ll still need a separate graphics processor for virtual reality headsets and demanding games.  Laptops based on Kaby Lake will ship this fall, Krzanich said

SPAM EMAIL – Best practices for 2016

I briefly shared the following with some friends who have become inundated with some recent increases in spammed email messages.  Strategically, it is better to ignore and delete these incoming messages than to attempt to fight the spammers directly.  This is shared below.

When it comes to SPAM email, that’s basically just a fact of life these days, that cannot be stopped unless one changes their email account name periodically (and that is too much trouble). 

The more one limits sharing email addresses publicly, it helps decrease the potential for attacks.  For example, when you signup for a contest or publicly list it spammers can put you on their list. Watch carefully how you give out your email address, and safeguard it just like you watch how you hand out your social security #

What often happens is if someone gets infected with virus, an ENTIRE address book of contacts is accessed & emailed to spammers as an “active & clean” email address to use in future.  In the DARK WEB, these lists are purchased at a bulk rate.  The bad guys can also SPOOF email addresses, so it looks like it comes from a friend or legitimate contact also.

YAHOO, GMAIL, HOTMAIL, and usually corporate business email all have great spam & AV filters.  Usually, the SPAM quarantine folder will only have 1 or 2 possible legitimate items.  It is always important to recognize spam filters won’t catch all spammed items in inbox.  When unwanted messages are found in the regular inbox — please delete them without opening

You are usually safe on spam as long as you never click on links (including to OPT OUT), and never click on an attachment.  Most MALWARE attacks need a “permission click” to install the bad stuff, and one mistake can cost you hours of time and even a potential loss of data.  It is important to always “think before you click”.

Never click on a link to OPT OUT or send any “get lost” type emails back to spammer.  That lets them actually they know they have got a good email otherwise.  If the bad guys never hear from you, you’ll sometimes have a much better chance of being DROPPED from their lists.

Finally, it is better to err on the side of caution and be over-zealous in deleting or not opening email messages that are out of character or unexpected.  There are no “free lunches” out there and it is more appropriate to think of spam email more like telemarketing phone calls (where one must be extra careful)

Microsoft Security – Major changes for WIN7 and WIN8 monthly updates

Starting in October 2016 — Microsoft will be changing WIN7 and WIN8 monthly security updates to use a more “WIN10-like” approach where all changes are rolled up into a single update

Security-only updates — Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog. Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update. The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.

Windows 10 — Asus VivoStick PC on a stick

The Asus VivoStick is a full 64-bit Windows 10 computer that a little larger than a “flash drive”. It’s short on memory and storage, but can instantly turn a display or TV into an all-in-one PC for $129 (although you need a wireless mouse/keyboard or smartphone to fully utilize).

So-called stick PCs like the Asus VivoStick PC (TS10) ($129) turn any TV or HDMI-equipped display into an all-in-one desktop PC. That’s a natural fit if you need to run Windows-only programs or plug-ins (like a VPN service to your corporate office) on a really big screen, or if you’d rather use a PC to stream your movies and music. It’s also one of the easiest ways to carry a PC along with you in your pocket, since it’s much smaller than even your smartphone.

The one caveat is the lack of a microSD card slot, which could expand system’s miserly 32GB of eMMC flash storage. When testing the VivoStick, I noticed that there was only 15GB of space free, which is barely enough for a few installed programs and maybe one movie download. Both versions of the Compute Stick and the Lenovo Ideacentre Stick 300 have microSD card slots that let you add up to 128GB more local storage.

PROS – Fits in your pocket. Plugs directly into an HDMI port on a monitor or TV. Includes USB 3.0 and USB 2.0 ports. Supports dual-band 802.11ac Wi-Fi and Bluetooth. Uses 64-bit Windows. Headset jack.

CONS – Lacks a microSD card slot. 2GB of memory and only 15GB of free storage space. Remote app needs work.

Windows – Intel Skylake processors supported for WIN7 and WIN8 users

Microsoft announced today that Intel Skylake advanced processors will be supported for WIN7 and WIN8 fully until the final EOL date for each operating system

On Thursday Microsoft extended their support for Intel’s “Skylake” processors on its older Windows 7 and Windows 8.1 operating systems. Now Skylake PCs running those OSes will receive the standard length of support.   In a controversial move, Microsoft had previously said this past January that it would only support Skylake PCs running its older operating systems for about 18 months. Support for Skylake would have run out in July 2017, far earlier than for older systems powered by Intel’s “Broadwell” processors.

Now, the support lifetimes for “Broadwell” and “Skylake” PCs are the same: Windows 7 support will expire on January 14, 2020, and support for Windows 8.1 will end January 10, 2023. Microsoft noted the changes in a blog post it published Thursday.

Why this matters: Microsoft originally pitched the changes to its support lifecycle as a positive: The older OSes were designed with older CPUs in mind. Thus Intel’s Skylake was not only not optimized for Windows 7 and Windows 8.1, but it also required special tweaks to ensure those OSes remain compatible. But customers latched on to the fact that Microsoft was ending support years early for Skylake PCs, and Microsoft has steadily backtracked since then. The Windows Server team publicly stated that it would not be enforcing Microsoft’s policy and it would support Skylake-based servers through the original support dates.