6 C
Wednesday, November 22, 2017
Home Tags Microsoft Windows 7

Tag: Microsoft Windows 7

Microsoft really, really wants everyone to dump Windows XP, Windows 7, and Windows 8 in favor of Windows 10.
It's been aggressively urging users to upgrade to Windows 10, even preinstalling the Windows 10 update on PCs unasked.

This week, it provided a new incentive to encourage Windows 10 updates, especially in businesses: enhanced security. The company announced a new service built into Windows 10 called Windows Defender Advanced Threat Protection that helps IT detect and make suggestions on how respond to attacks that have made it into the network. Windows Defender ATP does not yet actually remediate any breaches that it detects, though Microsoft plans to add such capabilities in the future. (Don't confuse Windows Defender APT with Exchange Online ATP, a for-pay add-on to Office 365. Windows Defender APT complements Exchange Online ATP, not serves as an alternative to it.) Windows Defender APT is one of several security features that Microsoft has brought to Windows 10 in hopes of upping the appeal to enterprise IT departments. Others include: Credential Guard: Built into Windows 10 Enterprise and Education editions, this tool stores credentials (NTLM hashes and Kerberos tickets) with the LSASS process that manages them in an isolated Hyper-V virtualized container. Device Guard: This tool prevents untrusted apps from running on Windows 10 Enterprise PCs.
Via virtualization, it isolates the Code Integrity services from the Windows kernel.

For this to work, you have to go through and sign your apps and determine their trustworthiness.  Windows Hello: This is a biometric authentication feature built into Windows, using fingerprint matching and facial recognition. Enterprise Data Protection: This tool works with Microsoft's Intune and Configuration Manager servers, as well as with third-party mobile management servers, to encrypt enterprise data and remotely wipe enterprise data from devices. Other mobile management tools offer similar capabilities, but Microsoft's stands apart in its integration with Azure Active Directory for access management to cloud and other sevices.  Windows 10 also provides security tools included in previous Windows versions, such as a software firewall, BitLocker drive encryption, and the Windows Defender antimalware tool.
Windows Defender APT – no, not that type of APT RSA 2016 Microsoft will be rolling out a new form of security system for enterprises later this year aimed at stopping attacks as soon as they happen. Dubbed Windows Defender Advanced Threat Protection, the system will monitor a company's computer systems looking for signs that an attack is occurring.
If someone starts trying to break in, the software will alert the IT manager and give a detailed rundown on the best way to mitigate the attack and lock down data. "Deploying Windows Defender Advanced Threat Protection gave us incredible awareness about several critical security vulnerabilities in our network, which we've already taken immediate action to address, along with updating our security policies," said Henrik Pedersen, IT Manager at TDC Hosting in a canned statement. Microsoft is already trialing the system with 500,000 enterprise users and is fine-tuning the release before launch.
It'll only be available for Windows 10 users and will be turned off by default and activated on a subscription fee basis, although pricing hasn't been announced as yet. Youtube Video Tim Rains, director of security at Microsoft, told The Register that there was no technical reason why the software couldn't run on Windows 7 or 8.1, but that it has been developed for Windows 10 primarily so that it could take advantage of the more advanced security features of the newer operating system. To develop the attack plans, he explained, the new system takes information from Microsoft's 1.2 billion sensors – primarily on computers round the world running its software – and then feeds them into a central console run by its best security bods. We'll have to see how well the system works in practice, since this is the kind of code that could drive IT managers nuts with false positives.

But Redmond is confident that the system works well and, if so, it could give rival security vendors some serious problems. ® Sponsored: Four ways to achieve more efficient and effective vulnerability management
The second edition of a business-development focused cyber security challenge, the Cyber 10K, has concluded – with the worthy winner receiving £10,000 to further develop an innovative security dashboard tool. The challenge was run by the information assurance firm NCC Group supported by a judging panel including and your correspondent, representing The Register. Cyber 10K was open to both individuals and groups and geared towards backing ideas to tackle the most pressing security challenges affecting businesses and consumers. Students, graduates and non-security specialist IT workers and software developers were all encouraged to apply. Products from across the spectrum of infosec problems were considered but applicants were offered suggestions of areas that might want to focus upon. These included: consumer and user awareness, training and support; IoT and mobile security1; cyber incident response and clean-up; and cloud security. The challenge was opened in September, with a 30 November deadline set for competition entries. Entries were judged by a panel consisting of: Paul Vlissidis, director of the .trust division at NCC Group; Professor Tim Watson, director at University of Warwick’s cyber security centre; Professor Steve Schneider, director of the Surrey Centre for Cyber Security; Alex van Someren, founder and former chief exec of nCipher turned managing partner at Amadeus Capital Partners; and your correspondent. The entries were whittled down to a short-list of the two most promising: "MouseVault", a computer mouse with a built-in fingerprint sensor and password storage technology, and "Defence in Depth", a computer health-check and security dashboard app for Windows aimed at small businesses. Judges were asked to evaluate each on the basis of the significance of the problem being addressed, market potential and feasibility. Each of the two finalists were gently grilled by the judges on their ideas during a 30-minute group Skype session during which the finalists pitched their product development ideas. "Defence in Depth" emerged victorious from this Dragons’ Den-style exercise, gaining higher marks for both technical merit and artistic flair. Winner Ross Higgins, a school network manager with IT security training, will be offered additional advice and support from NCC on how to develop his product alongside the prize money. "Defence in Depth" has already reached the prototype stage, with Windows 7 as the initial target platform. During the judging processes, the idea of further developing the technology so it helped promote user awareness of social engineering threats such as phishing and tricking users into downloading dodgy apps was floated. Runner-up Alex Illsley, a software engineer, was also be offered tips. Defence in Depth screenshot A (slightly edited) version of Higgins' pitch for "Defence in Depth" can be found (below): Many home users and small businesses have poor defences against malware, viruses and rootkits, often only relying on antivirus products alone. The main point of entry for attacks is usually email or exploitation of vulnerabilities in web browser plugins. Users have little visibility of these problems. The Defence in Depth depth application is designed to carry out an overall assessment of the computers defences, assisting users to make any required changes to improve this, such as updating out-of-date apps or remove insecure plug-ins. A score level is also provided for the computers current state along with a separate score for future protection. Cyber 10K aimed to stimulate creative thinking as well as encouraging innovative approaches towards addressing the many challenges the industry faces. The competition is partly designed to encourage students and recent grads to take up careers in IT security. A key aim of the competition is to engage young people and discover hidden talent in the field of cyber security. The UK is historically a key worldwide centre of infused development, spawning security innovators such as nCipher, Sophos and many others. Cyber 10K aims to help in finding the next generation of security innovators. Seeking out new talent and encouraging the younger generations to become immersed in the world of cyber security more generally can be part of wider plans to tackle the skills gap. ® The Register is a media partner of Cyber 10K and our security correspondent John Leyden is a member of the judging panel. Bootnote 1There was a marked shortage in the number of mobile or IoT security apps entries submitted to the competition, for reasons that aren’t immediately clear. Perhaps the problems in these areas are so severe that they are putting would-be developers off. Alternatively it might be that designing mobile security apps has become somewhat unfashionable, possibly temporarily. Sponsored: Building secure multi-factor authentication
Microsoft released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .Net Framework.The patches are covered in 12 se...
Microsoft has patched 41 CVE-listed security vulnerabilities in its software this month. The second Patch Tuesday monthly update of the year brings with it fixes for security flaws in both Internet Explorer and Edge that could allow remote-code-execution attacks simply by visiting a webpage. Also fixed are remote-code-execution holes in the Windows PDF Viewer and Microsoft Office. The full list is as follows: MS16-009 A cumulative update for Internet Explorer 9 through 11. The update includes fixes for 13 CVE-listed issues, including remote-code-execution flaws and information disclosure vulnerabilities. As with all IE updates, the fixes are considered a lower risk for Windows Server installations. MS16-011 An update for the Edge browser in Windows 10 comprising six fixes for CVE-listed issues, four of which are remote-code-execution vulnerabilities. MS16-012 A fix for two remote-code-execution vulnerabilities in Windows PDF Library and Reader for Windows 8.1, Server 2012 and Windows 10. MS16-013 A memory-corruption vulnerability in Windows Journal potentially allowing remote code execution in Windows Vista, Server 2008, Windows 7, Windows 8.1, Server 2012 and Windows 10. MS16-014 Five security holes in Windows, including two remote-code-execution holes and a denial-of-service condition in Windows DLL Loading. Also fixed were an elevation-of-privilege error in Windows and a Kerberos security bypass flaw. MS16-015 Six memory-corruption vulnerabilities in Office, each of which could allow for remote code execution. The update covers Office 2007, 2010, 2013, 2013 RT, and Office 2016 as well as Office for Mac 2011 and 2016. MS16-016 One elevation-of-privilege flaw in WebDAV for Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8.1, Server 2012, Windows RT 8.1 and Windows 10. MS16-017 An elevation-of-privilege flaw in Remote Desktop Protocol that could allow an attacker to log in to systems that have enabled Remote Desktop, which is turned off by default. The issue affects Windows 7, Windows 8.1, Server 2012 and Windows 10. MS16-018 An elevation-of-privilege flaw in the Win32k component for Windows Vista, Server 2008 and 2008 R2, Windows 7, Windows 8.1 and 8.1 RT, Server 2012 and 2012, and Windows 10. MS16-019 Updates for a denial-of-service flaw in .NET Framework and an information disclosure hole in Windows Forms. The fix covers Windows Vista, Server 2008 and 2008 R2, Windows 7, Windows 8.1 and 8.1 RT, Server 2012 and 2012 R2, and Windows 10. MS16-020 A fix for one denial-of-service vulnerability in Windows Server 2012 R2. Other versions of Windows and Windows Server are not affected. MS16-021 A denial-of-service vulnerability in the Network Policy Server Radius Implementation on Windows Server 2008, Server 2008 R2 and Server 2012. After installing the Microsoft updates, users and administrators would be wise to install monthly fixes issued Tuesday by Adobe for Flash Player. The updates cover a total of 22 CVE-listed flaws for Flash, all of which could potentially be targeted for remote-code-execution attacks. The Flash Player update also affects versions for OS X and Linux boxes. ® Sponsored: Building secure multi-factor authentication
Revision Note: V5.0 (February 9, 2016): Rereleased advisory to announce the release of update 3126593 to enable the Restricted Admin mode for Credential Security Support Provider (CredSSP) by default. See Updates Related to this Advisory for details.Su...

Doneo Castle

Even the best antivirus products are fairly utilitarian. You run a scan, make sure real-time protection is turned on, check that malware definitions are up to date, that sort of thing. Naturally the websites for these products are also strongly focused on the task of wiping out viruses (and on getting you to upgrade to a more advanced product). Doneo Castle, which the company claims is the "safest place on earth," varies from the norm. Its main Web page displays an imposing castle, and a sepulchral voice intones the product name ("done-oh castle") when you visit. Fun, right? And you get "completely clean data," without the need for a local antivirus. It's a lovely fantasy, but in reality, relying on this castle's walls to protect you would be a big mistake. Plans and PricingYou won't solve the mystery of Doneo Castle by signing up for a free trial. The closest you can come is an $8.99 refundable Happy Month subscription. There are plenty of other options: A $22.99 Safe Season subscription covers you for 90 days, and a $36.99 Six and Sound subscription is good for six months. For $69.99 you get a Best Year of protection for two devices. There's also a limited-time one-device $49.99 per year offer. They're Bad, We're GoodAccording to the Doneo Castle website, existing antivirus products "have the elementary structure of their first generation," and "still use a 20 year old algorithm which checks all files one by one against their virus database." They have a "primitive client-based structure" and can't match products in "resent [sic] years" that operate in the cloud. Current antivirus products "start scanning after the entrance of a virus in the system, which in any case put your security in danger." There are a few problems with those statements (besides the spelling and grammar). In truth, modern antivirus products use layer upon layer of protection. The old-fashioned signature-based detection system is still present, in most cases, but it doesn't work alone. Behavioral analysis, cloud-based detection, URL reputation checking: There are many technologies that go beyond Doneo Castle's claims, as you can see in our reviews of competing products. In particular, some products are very good at preventing malware from ever reaching your system. I run a test using very new malware-hosting URLs, checking whether products prevent the malware payload from reaching my test system. Symantec Norton Security Premium and McAfee AntiVirus Plus (2016) both earned 91 percent protection in this test. That's a far cry from "scanning after the entrance of a virus." Completely Clean Data?So what does Doneo Castle actually do? Once installed, it functions as a Virtual Private Network (or VPN), diverting all your Web traffic through the company's servers. According to the website, "All data before entering to your device will be checked against viruses, spyware, and malware by several engines." As a result, you receive "completely clean data." Doneo Castle relies on AVG's technology, along with the antivirus fighting powers of Avira Antivirus 2015 and Bitdefender Antivirus Plus 2016. Now, you may wonder why the company would rely on the same "primitive" and "20 year old" antivirus techniques decried by its own Web page. Sorry, I can't answer that. I did check with those three antivirus companies, asking about their partnership with Doneo Castle. The two that responded knew nothing about it; one mentioned bringing in the legal department. Difficult InstallationOnce you've signed up for the service, you can use your email address and password to enter the Chamber—the online dashboard for Doneo Castle. Don't try this on an old, small monitor. Unless your desktop is at least 1,280 pixels wide, you won't be able to see all of the Chamber, and there's no horizontal scrollbar. I had to widen my virtual machine's desktop in order to test this product. If you can't see all of the Chamber, you might not notice that you have some more work to do. Your incoming Internet traffic won't be sanitized until you install the VPN component, called Doneo Bridge. Fortunately, there's a utility to perform the installation. Unfortunately, it didn't entirely work in testing. I downloaded the DoneoBridgeCreator application, overriding Chrome's warning that it might be dangerous. I ran it, with no apparent effect. After some investigation, I found that it only worked if I right-clicked the file and chose Run as administrator. How many average consumers would figure that out? The company fixed this problem just before I completed the review. The fix seems to work, though of course, it doesn't help customers who hit the earlier problem and gave up. Once the utility finished its work, I did find Doneo Bridge as an available network connection. Alas, it rejected my attempt to log in, stating "Connections that use the L2TP protocol over IPSec require the installation of a machine certificate." It took quite a bit of digging to sort that one out. Naturally the real problem didn't relate to a certificate. It seems the installer failed to populate the Doneo Bridge connection's authentication properties with the correct pre-shared key. Going back to the Chamber, I found a link to "instractions [sic]" for manually installing Doneo Bridge. Poring over the steps (more than 20 of them) I found the key, entered it manually, and finally managed to connect to the Doneo Bridge. Whew! The instructions for manually installing the connection are specific to an earlier version of Windows—I'm guessing Windows 7. If you try to follow them in Windows 8.x or Windows 10, you'll hit a wall. Just before the release of this review, the company contacted me, reporting that they'd fixed the missing key problem. I verified that indeed the Doneo Bridge installer now runs correctly and doesn't need the Run as administrator workaround. Once again, though, this doesn't help users who gave up on encountering the problem before it was fixed. Poor ProtectionI double-checked that the product was installed correctly by attempting to download the EICAR test file, from the Anti-Malware Testing Standards Organization (AMTSO) Security Features Check page. Doneo Castle correctly blocked access to direct download of the file, though it failed the drive-by download test using the same test file. My malicious URL blocking test does use direct download, so it was time to proceed. For this test, I use a feed of recently discovered malware-hosting URLs, generously supplied by MRG-Effitas. When I run this test on a full-scale antivirus tool, I give equal credit for blocking URL access and for wiping out the malicious payload. With Doneo Castle, URL-blocking is the sole line of defense. I found that it took a very noticeably long time for the browser to open many of the URLs; I assume this was due to processing time on the Doneo Castle servers. In some instances, I got a large notification in the browser window stating that Doneo Castle blocked an infected file. It listed the filename and also displayed the three antivirus engine names with a checkmark next to the ones that detected the malware. Doneo Castle's accuracy was disappointing. Out of 100 malware-hosting URLs, it blocked just 31. That's a far cry from the promise of "completely clean data." As noted earlier, some products managed 91 percent protection in this test. Comparing it only with URL-based blocking by other products, Doneo Castle still doesn't look great. McAfee and Trend Micro Antivirus+ Security 2016 managed 85 percent strictly at the URL level. A product that offers nothing but Web-based protection needs to be really, really good at it. Doneo Castle isn't. Further DifficultiesAfter I managed to connect to the Doneo Bridge, I observed that nothing changed back in the Chamber. It still advised me to set up Doneo Bridge. Worse, after a reboot the bridge connection was lost, without any indication or warning. The average user wouldn't notice the loss of Doneo Castle protection, and would probably have a tough time figuring out how to log into it again. Among the choices on the Chamber's left-rail menu are My Key (to manage username and password), Statistics, FAQ, and Contact Us. These, along with the other left-rail menu items, did nothing. It turns out this was because I was running the product in a virtual machine. For some reason, Doneo Castle only works with Firefox inside VMware VMs. On a physical test system it functioned correctly under Firefox, Chrome, and Internet Explorer. Clicking the Statistics button got me a more detailed list of URLs that passed or failed Doneo Castle's safety check. It even listed which of the three antivirus engines blocked a bad URL. The Gift menu item is echoed by a Gift button. This lets you give "days of your own residency at Doneo Castle" as a gift. Basically, you shorten your own subscription period by offering a portion of it to a friend. Not surprisingly, the Purchase button and menu item both work fine. They bring up a page that lets you extend your subscription. Have Fun Storming the Castle, Boys!I really wanted Doneo Castle to be a winner. The imposing castle on the home page is so much more interesting than almost any competing site. I even sort of like the slightly wacky stream-of-consciousness screeds on the main page, e.g. "Our Leader Vint Cerf, Father of the Internet, crossed over to the telco side of the force. Cerf Vader and legions of imperial stormlawyers are now defending the death stars against the insignificant ISPwoks." (Not joking.)  Unfortunately, the protection just doesn't perform as promised. Perhaps in the future (or in a galaxy far, far away) Doneo Castle will reappear and make good its promise of "completely clean data." Until then, stick with our Editors' Choice antivirus products Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, and Webroot SecureAnywhere Antivirus. And don't believe anyone who says those products are relying on primitive 20-year-old technology.
Enlarge Image Windows 7 remains the leader in the desktop OS world. NetMarketShare Microsoft's Windows 10 is free for Windows 7 and 8.1 users, but people aren't rushing to upgrade. The latest version of Windows operating system, released in late Ju...
Revision Note: V1.0 (March 10, 2015): Advisory published.Summary: Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. Th...
Revision Note: V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues uninstall this update. Microsoft is investigating behavior associated with this update,...
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality...
CIOs need to evolve their desktop strategy after Windows 7, but migrating wholesale to the next Windows version may not be the best option. Although Microsoft has stated that it will support Windows 7 for a further five years until 14 January 2020, IT departments should take a long-term view. IT consumerisation and the trend for people to bring their own devices to work mean that a desktop strategy conceived a few years ago will look positively ancient by 2020. Software as a service and the internet delivery of applications via a browser are set to become the normal way to deploy applications. Desktop software strategy Rather than standardising on Windows, IT teams need to consider how they will operate in a heterogeneous end-user computing environment, where users might carry three types of device including iOS, Android and Windows-based tablets and smartphones, all of which need to be supported. Experts recommend taking  a mobile-first approach to software and a generic approach to software development, to avoid being tied to a specific environment. "We are making a big push on all our suppliers to support browser-based applications, so the device's primary application is just a browser," said Glen Larkin, lead technical architect at Kent County Council. "This is a bit of an ideal, so we will need VMware's virtual desktop to give us the flexibility to contain our legacy environment, leaving the end-user device space in a greenfield, vanilla place, giving us freedom of choice and better mechanisms to upgrade in future." The challenge for IT remains application compatibility. In the report Plan Now to Avoid Windows XP Deja Vu With Windows 7, Gartner analysts Stephen Kleynhans and Michael Silver wrote: "The biggest compatibility issues in terms of applications not working will continue to be those that require specific releases of Internet Explorer (IE)." Gartner said the new enterprise mode in IE supports strong backward compatibility with IE 8. "This is significantly better than that provided with previous compatibility modes," it explained. "It should enable many applications that require IE 8 to run on IE 11 on a per-website basis by IT, through group policies." Mobile first Some experts argue the case for developing applications for mobile devices first. When Transport for London (TfL) revamped its website, its head of online, Phil Young, said the new site used responsive design to reformat web pages in an optimal way for the device being used. So, on a smartphone, the new website renders in one column, while a tablet user will see two columns.  Although TfL's site is consumer-facing, its design principles can be applied in a business context, especially if IT does not have full control over which devices are used to access a given corporate application. A report by Forrester, 2014 Mobile Developer Platform Preferences, recommends that IT managers explore the implications of adding support for additional platforms. "Start by asking all teams (design, development, quality assurance) to assess the impact of adding support for additional mobile platforms," it says. "If your team is building hybrid or web apps, the impact of additional platform support will be higher in QA than in development. If you’re investing in native apps, the impact on development resources could be substantial, and you may need additional testing resources to validate Android apps running on compatible platforms." Desktop containerisation Clearly, a traditional desktop management strategy is not ideal in a world where users want the flexibility to run their own apps on their own devices. Virtualisation enables IT to separate the application from the underlying hardware. While it is a long way off, we are already forming a strategy on what we do post-Windows 7 migration Glen Larkin, lead technical architect, Kent County Council Garry Owen, senior product marketing manager for end-user computing  at VMware, said: "Today you have to run Windows on end-point devices all the time, while also making sure all your applications run on that operating system as well. In a virtual environment, you can still run a Windows desktop if absolutely necessary, but there is a choice: you could migrate some of your applications to the cloud, so that access is via a browser, rather than on a local copy of Windows which is highly application-dependent." Kent County Council plans to address future Windows upgrades by separating the application from the physical operating environment. The council’s Glen Larkin said: "While it is a long way off, we are already forming a strategy on what we do post-Windows 7 migration." Larkin says it is important to virtualise and containerise the council's desktop and user application environment so that any legacy applications are delivered from a single, central, contained environment. "This opens the way for us to use vanilla devices on the LAN and WAN that have no application dependencies," said Larkin. "This gives us the agility to change versions of Windows or even OS platforms entirely." He said the council is designing an architecture based on virtualising as much as possible and running applications in the browser, where possible. "If you can rationalise, standardise, virtualise and reduce complexity, you give yourself options and agility to move faster," he added. Changing the council’s desktop strategy to support containerisation and browser-based computing will pay dividends the next time there is a major Windows release, says Larkin. "We do not want to repeat migrations the way we always have in the past – manually. It’s too expensive, cumbersome and you never get off the roundabout." Browser-based applications, containerisation and mobile-first software developments are the hallmarks of next-generation end-user computing. So IT departments should start planning now because the desktop of 2020 will look very different from the one deployed in 2014. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK