The IT Nerd

The Register posted on Friday that up to 32TB of “official and non-public (Windows 10) installation images” were uploaded to BetaArchive.com. Now that sounds like a big deal. And frankly it is because at a very basic level, anytime source code for an OS like Windows 10 is available in the public domain, it opens the doors for epic hacks because hackers suddenly have access to resources that they wouldn’t normally have access to. Plus short of rewriting the entire OS, there’s not a whole lot that Microsoft in this case can do to stop them. So Windows 10 users should get ready for an onslaught of epic pwnage. Right?

Well…. Maybe not.

It turns out that the stuff that hit the streets is part of Microsoft’s Shared Source Initiative. In short, this is a program that Microsoft has that serves up source code for various products to certain “qualified” customers, governments and partners for debugging and reference purposes. The source code is only relevant to whatever the organization is working on and isn’t the whole OS. I’ve seen stuff that Microsoft serves up via this program and it’s not much. Thus, there’s very little chance of epic pwnage. That’s made The Register modify its original story to lessen what the perceived impact could be.

In short, nothing to see here. Move along.

Here’s a bit of a plot twist that I noticed last night while running updates on my virtual machines that have a variety of Windows OSes installed on them. My Windows XP and Vista machines got updates for either the first time in a very long time (in the case of XP) or the first time in a few months (in the case of Vista). I did some quick research and found that Microsoft actually documented that they were doing this in a post on their website:

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows. Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.

Interesting. But they also said this:

It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.

Translation: Dump XP and Vista and get with the times because Microsoft is likely not to do this again. So my advice is that if you’re running XP and Vista, run software update to ensure that you’re up to date. Then make plans to migrate to an updated OS from Microsoft….. Or Apple….. Or Red Hat….. Or whatever company you prefer.

Frequent readers of this blog know that I am not a fan of Windows 10’s update scheme which force feeds updates down your throat. The reason why I am not a fan is because they have a tendency to break your PC every once in a while. Such as this recent example. But because of this epic cyberattack this past week, I’ve altered my stance a bit. Maybe I was wrong on this and people should enable automatic updates.

But before I get to why am altering my stance and how to make automatic updates something that is tolerable, let me get one thing out of the way. And I’m directing this at you Microsoft. Automatic updates in Windows 10 needs to be way better than it is. I get that unlike the folks at Apple, Microsoft doesn’t fully control what their OS goes onto. Thus that opens the door to a weird combination of security patches and driver updates that Microsoft couldn’t possibly have tested crashing a PC. On top of that, there’s the fact that the way Microsoft has automatic updates implemented can also result in lost work when a computer is force rebooted, or bandwidth usage skyrocketing without your permission because a large volume of updates get downloaded. This whole experience needs to be redesigned so that it is way better than it presently is to make it less risky and more palatable to have automatic updates turned on.

Now, with that out of the way, here’s why I have altered my stance. Components of the ransomware that hit users in 170 or so countries this past week used an exploit that was patched by Microsoft in March. Now if you ignore the people who were running out of date Microsoft OS’es, a lot of computers that got hit by this could have avoided this if they automatically got the patch in question. That one simple fact has made me change my tune. Now how do you use automatic updates without it annoying the daylights out of you? Here’s my suggestion:

1. Tap or click on the Start button, followed by Settings. You’ll need to be on the Windows 10 Desktop to do this.
2. From Settings, tap or click on Update & security.
3. Choose Windows Update from the menu on the left, assuming it’s not already selected.
4. Tap or click on the Advanced options link on the right, which will open a window headlined Choose how updates are installed.

Here’s where the fun begins. You need to check the following:

• Automatic (recommended): Choose this option to automatically download and install updates of all kind, both important security patches as well as not-as-important non-security updates, like feature improvements and minor bugs.
• Give me updates for other Microsoft products when I update Windows: I recommend checking this option so other Microsoft programs (Microsoft Office for example) that you have installed will get automatic updates too.

From there, I would do the following:

1. Tap or click on the Start button, followed by Settings. You’ll need to be on the Windows 10 Desktop to do this.
2. From Settings, tap or click on Update & security.
3. Choose Windows Update from the menu on the left, assuming it’s not already selected.
4. Select Change active hours.

This feature allows you to define when you use your PC. That way it will not restart in the middle of your work and instead restart itself when you are asleep or likely to be away from your PC. Just make sure to save your work before you leave your PC and make sure you leave it on.

The last thing that I would suggest is to always backup your PC. None of this deals with the issue of updates making your PC non-functional. Thus you should have a recent backup handy in case things go south.

In closing, other operating systems that Microsoft still supports such as Windows 7 and 8.1 have a similar feature. If you want a guide for those operating systems to allow you to set up automatic updating, please leave a comment and I’ll do my best to build one.

We’ve just witnessed the biggest cyberattack in history with tens of thousands of computers in something like 170 countries being infected with ransomware. And the blame game has started. I recently posted a story where I leveled blame at a bunch of people.  Consumers, businesses, intelligence agencies and governments were on that list. But I missed someone. That someone is Microsoft. Though, if you ask them, the blame lies with intelligence agencies stockpiling exploits. Then losing control of them and those exploits evolve into the sort of carnage that we saw this past week. But I would argue that Microsoft needs to look in the mirror way before they point fingers elsewhere. Let me list the reasons why.

Microsoft has an agenda to push the latest and greatest OS’es onto the world so that they can make a buck or two. I get that. However, as evidenced by these cyberattacks, businesses and home users can’t always do what Microsoft would like them to do. Look at NHS in the UK who was reportedly running Windows XP machines even though the OS has been cut loose by Microsoft ages ago. While NHS does rightly need to own part of this because they didn’t upgrade to a more recent OS, Microsoft cannot simply expect companies to upgrade every time Microsoft deems it to be required. Many can’t as evidenced by the fact that something like 52% of businesses worldwide run at least one instance of Windows XP. After all upgrades cost money. Lots of money.

Nor can Microsoft say that if you get pwned by something, it’s not their problem because you’re running an older OS like XP. And backing that up by cutting off security patches to those OS’es that Microsoft doesn’t want you using to force the issue in terms of upgrading to something that is according to them is more secure. Let’s face it, that strategy clearly isn’t working. And I think Microsoft realizes that as they came out with patches for Windows XP very quickly to mitigate this threat. That implies that Microsoft could make XP secure if they really wanted to. It also implies that Microsoft knows that this is their problem despite what they’ve been saying for years. Or look at it another way. If they really cared about the security of users, they could offer OS upgrades for everybody for free the way that those guys over at 1 Infinite loop do. After all, Microsoft only offered free upgrades to Windows 10 for a limited time to home users. But that didn’t encourage businesses to update to Windows 10, and it could be argued that this could have been mitigated if those businesses could upgrade without spending a fortune.

Here’s my advice to Microsoft as this epic cyberattack is your wake up call. Help businesses and consumers to upgrade to Windows 10 by giving it away for free. Work with partners and IT consultants to help them to make the move as both groups need to consider the fact that they may have to replace hardware and upgrade software to make the move. Not to mention that they need the expertise to actually execute the move to Windows 10. By doing so you will give them the incentive that they need to make the move from XP, or Vista, or Windows 7 or 8.1. Maybe then you’ll hit your target of a billion or more devices in two to three years after Windows 10’s original ship date. You’ll also earn some goodwill and you may mitigate the next epic cyberattack, and I seriously doubt that you’ll lose that much cash by doing so.

So how about it Microsoft? Will you do what’s right for your customers? Or will you do what’s right for your shareholders? The choice is yours.

From the “update your systems right the hell now” department comes news that Microsoft has rushed out an emergency patch to fix a vulnerability in the Microsoft Malware Protection Engine that could be used to install malware on your Windows box and take control of your system.

An anti malware program that has a flaw that allows malware to be installed and allow your system to be remotely controlled? Let the irony of that that sink in for a moment.

In any case. the flaw was discovered by Google’s Project Zero superstar Tavis Ormandy his associate and Natalie Silvanovich. On Twitter, he had this to say:

If he thinks it’s crazy bad, then it’s really, really bad and you should pay attention. You can read the highly technical details here.

To Microsoft’s credit, it released a patch straightaway and you can find details here. Thus you should run to Windows Update and get this on your system. Because it’s a safe bet that hackers from the dark side will be looking to pwn those who don’t get this patch installed on their system in short order.

If you’re running Windows Vista, well…. you should really be running some other Microsoft operating system. I say that because Windows Vista goes into end of life status as of today. That means that Microsoft will not offer any kind of security updates or patches for the operating system. So for the roughly 11 million of you who still run Vista for whatever reason, it’s time to switch as every l337 h4x0r (elite hacker) or l337 h4x0r in their own mind is going target Windows Vista users. Besides, Vista wasn’t really that great of an OS anyway.

Ironically, Microsoft picked today to ship out the Windows 10 Creators Update. According to Microsoft, it will roll out in phases starting with newer computers. But those who want it for whatever reason right now can get it using the Update Assistant. Just make sure you have a current backup first. Now I’ll be doing the latter and I’ll let you know what I think of the update in a post later this week.

Microsoft is in the process of rolling out the Windows 10 Creators Update, the latest major update to its current desktop operating system. Here’s what you can expect from the Creators Update:

• Visual previews of tabs in Microsoft Edge.
• Edge now has built-in support for ebooks.
• Microsoft Paint now lets people create models in 3D.
• Picture-in-Picture mode for videos. Essentially you can now have a small window with video playing on it placed on top of any other application.
• Night Light: A baked in feature in Windows that will allow you to change the color and tone of display so that it doesn’t pain your eyes to look at the screen at night.
• Dynamic Lock: The feature first requires you to pair your phone or tablet with the computer. Once done, it will automatically log you out everytime you’re away from desk (or technically speaking, the device is out of the computer’s proximity).
• Native support for surround sound.
• Ability to scribble and make notes on Microsoft’s Maps app.
• Game mode: It “ensures” your computer is always maximizing its resources for an optimal gaming experience.
• Built-in support for mixed reality handsets.

It should hit Windows Update on April 11th, but if you know where to look, you can get it today. Not that I would if I were you as there is the remote possibility that a critical bug will be found and addressed between now and April 11th. Plus, hardware and software vendors may need the additional time to do updates of their own to make sure that they can play nice with this update. The update will be free to all. More info can be found here.