The IT Nerd

About a year ago, Microsoft announced plans to move their Edge browser to Chromium  which is the open source version of Chrome. As in Google’s Chrome. While that announcement raised eyeballs pretty much everywhere, it does make sense. By using Chromium, Microsoft can simply not worry about compatibility issues and bring features to multiple platforms at the same time.

Today Microsoft announced that you can get Microsoft Edge in its new Chromium form on the following platforms:

• Windows 10, 8.1, 8, and Windows 7. Support for Windows 7 seems a bit weird to me as support for that OS ended yesterday.
• macOS
• iOS
• Android

Fun trivia fact: For Mac users, this is the first time Microsoft has put out a browser for the Mac since 2003.

You can download the new Edge browser here. My question for you is will you use the new Microsoft Chrome Edge? Leave a comment and share your thoughts please.

To be honest, every Patch Tuesday should be taken seriously as the bugs that are fixed on Patch Tuesday are usually exploited by hackers 24 hours later with the targets being those who have not updated on Patch Tuesday. Having said that, today’s Patch Tuesday may be more important than usual because of this discovery by Brian Krebs:

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.

According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles “certificate and cryptographic messaging functions in the CryptoAPI.” The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.

If this is true, this is a big deal and you should patch all the things the second that this fix becomes available. Because based on the above description, any exploit that leverages this flaw will be serious and highly damaging. Assuming exploits aren’t already out there. I’ll update this post as soon as I get more info on this.

UPDATE: This is likely the first of many updates on this story. The NSA just held a press briefing and according to the Washington Post they confirmed that they found a flaw that matches the description that Brian Krebs reported and alerted Microsoft. That’s a major shift for the NSA as they tend not to report such flaws and instead weaponize them. That officially makes this a big deal and you should patch all your Windows computers the second this becomes available.

UPDATE #2: I posted this Tweet with a link to the Microsoft write up about this issue a few minutes ago:

But as informational as that is, what you actually want to read is the CERT document on this. I had a look and this bug is incredibly bad. This summary has all you need to know:

The Microsoft Windows CryptoAPI fails to properly validate certificates that use Elliptic Curve Cryptography (ECC), which may allow an attacker to spoof the validity of certificate chains.

In English, that means that an attacker can use a fake certificate to look at data that should be encrypted at all times. Thus I will reiterate what I said earlier in this post. As soon as the patch comes out, patch all the things.

Windows 7 is reaching end of support on January 14 2020. What that means is that there will be no technical support, software updates or security fixes from Microsoft. Meaning that if you have a problem and the OS is the issue, it won’t be fixed. New or improved features will not be added. And most importantly there will be no software updates which means that the security of your PC will immediately come into question. And you can copy and paste what I just said for Windows Server 2008 and 2008 R2 which also go out of support on the same day.

So what do you do?

Well, Microsoft would really like it if you upgrade to Windows 10. If you go that route, I recommend doing a fresh installation of your programs and apps on your new Windows 10 PC. I would not just try to upgrade on top of your existing Windows 7 system as you may run into issues.

Here’s the minimum specifications for Windows 10:

• Processor: 1 gigahertz (GHz) or faster processor or SoC.
• RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit.
• Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS.
• Graphics card: DirectX 9 or later with WDDM 1.0 driver.
• Display: 800 x 600 resolution

Top Tip: If your hardware is more than a couple of years old, you may be better off buying a new PC and installing up to date apps as well as moving your files over to said new PC.

Another option is to stay with Windows 7. But you leave yourself open to becoming a victim of malware as well as the fact that nobody is going to fix anything in that OS. I will say that nobody is forcing you to go to Windows 10. But if I were you, I would make the jump.

The last option is to move to another OS such as Linux or macOS. In the case of the former, there are a number of Linux distros that are specifically designed to run on older hardware. Such as hardware that once ran Windows  7.  These distros can give your hardware a new lease of life, allowing it to run better than ever. There’s also a ton of free apps that should allow you to replicate your setup. However there is a catch. Linux is quite different to Windows in a number of ways, and that can create a bit of a culture shock. If you do go from Windows 7 to Linux you’ll need to spend some time learning how to use the new operating system and how it works. In the case of macOS, Apple has the advantage of making the hardware and software, and there are versions of applications like Microsoft Office available. But you’ll have to pay up for them, on top of the fact that Apple hardware isn’t exactly cheap. And like Linux, there’s a bit of a culture shock in terms of moving to macOS. That’s something that could be smoothed over with some help from your local Apple Store. But the shock still exists.

Whichever way you go, there are only a few days left to decide what to do if you run Windows 7. Regardless of what you do, my advice is that you act on a course of action ASAP.

Windows 10 feature updates tend to be a bit of a risk to update. The last few feature updates have been gong shows with serious issues that impact users. So it would be understandable if you’re gunshy about upgrading to Windows 10 version 1909. You can read what comes to the table in this feature update here. But I’ll cut right to the chase. Unlike most feature updates which overhaul the operating system, the majority of version 1909’s changes are to how the OS lets users manage their system and app notifications. In other words, these are cosmetic fixes. That means it should be low risk to upgrade.

In my case, I upgraded all my Windows 10 computers to version 1909 quickly and without an issue. And when I say quickly, I mean it updated in under 10 minutes which is unusual for a feature update. That’s a stark change from the last few feature updates which would “brick” at least one of my computers. The other thing that I note is that for the first time in about two years, a Windows 10 feature update hasn’t caused my phone to ring off the hook from clients who had an install of a feature update go south.

That all suggests to me that this feature update is safe to update to. The only thing that I would recommend is what I always recommend. Which is to back up your data before trying to install it. Even though this is a low risk feature update, there’s still risk involved. Which means that it is better to be safe rather than sorry.

Something that Microsoft has done recently that is in my mind a real step backwards is that when you set up a new Windows 10 computer, you need a Microsoft Account to set it up. And there appears to be no way around that via setting up a local account which used to be an option in the Windows 10 setup process. But that option has appeared to have disappeared in the setup process that you are presented with at present.

But there actually is a way to work around this. Actually three of them which are really simple:

• Option 1: Start the setup process WITHOUT a network connection. This will force the Windows 10 setup process to present you with the option to create a local account and skip the requirement for a Microsoft Account.
• Option 2: If you started the setup process with a network connection and are presented with the prompt to enter or create a Microsoft Account, hit the back arrow at the top left of the screen to go back to the previous screen and disconnect from your network by either turning off WiFi or disconnecting your Ethernet cable. Then click next on the bottom right corner and you should be presented with the option to create a local account. 
• Option 3: If you started the setup process with a network connection and are presented with the prompt to enter or create a Microsoft Account, disconnect from your network by either turning off WiFi or disconnecting your Ethernet cable. Then try creating a Microsoft account and you’ll see a “Something went wrong” error message. You can then click “Skip” to skip the Microsoft account creation process.

This requirement to have a Microsoft Account just to install an operating system is another data point in a pattern of behavior from Microsoft where choice is being taken away and being replaced by “do it our way or it’s the highway.” That’s very troubling and Microsoft would be well advised to reconsider this as people want choice. At least in this case, there are ways around what Microsoft would like you to do.

Microsoft had a media event in New York today and the company announced a ton of new Surface related hardware. Here’s the highlights:

• Microsoft announced the Surface Pro X. It has a 13″ screen with a resolution of 2880 x 1920 at 267 PPI with a 1400:1 contrast ratio. The unit weighs 1.68 pounds, has USB-C and constant LTE connectivity.” It has a pen that lives in the cover/keyboard and uses a custom Qualcomm processor called the Microsoft SQ1 and runs “full Windows 10.” Additionally, the Pro X has a removable solid-state drive.
• Microsoft is taking dead aim at the MacBook Pro with the Surface Laptop 3. It comes in 13″ and 15″ sizes. The former uses the Intel 10th-gen “Ice Lake” quad-core processor which Microsoft claims that makes it faster than the MacBook Air. The 15″ uses an AMD Ryzen processor that is custom made for Microsoft. The trackpads are supposed to be spacious and the keyboard is designed to have travel and be silent. Something that isn’t the case with the MacBook Pro at the moment. Something else that the MacBook Pro can’t touch is the fact that these laptops are modular and repairable which should make a whole lot of people happy.  Preorders are open now from the online Microsoft Store, Expect to pay $999 USD and $1,199 USD for the 13-inch and 15-inch models respectively, with Microsoft shipping them on October 22.
• Up next is the The Surface Pro 7 retains the same size as the previous model. Microsoft has kept the Surface Connector for power, but has replaced the mini DisplayPort with a USB-C port because USB-C is what all the cool kids use in their devices. The Surface Pro 7 will ship on October 22, and will start at $749 USD.
• Microsoft has joined Samsung, Amazon and others in coming out with an Apple AirPods killer. The Surface Buds have a charge case with 24 hours or so of charge. But of more interest, they have Spotify integration, and each earbud has a disc-like exterior that provides a huge looking flat surface for users to tap on and interact with. The company showed off being able to swipe through a Power Point presentation using them. Expect to pay $249 USD for a pair this holiday season.
• Microsoft has a new flavor of Windows 10 called Windows 10 X. designed for dual-screen PCs. Windows 10X will power dual-screen PCs from Asus, Dell, HP, Lenovo, and of course Microsoft.
• Coming for the holiday season next year is the Surface Neo foldable tablet. Unlike the Samsung Galaxy Fold, the Neo is a foldable tablet that has a 360 degree hinge that separates two 9″ displays. It also runs Windows 10 X. The Neo features a keyboard that seems to magnetically attach to the foldable tablet, as well as a Surface Pen that attaches to its rear. Both of which I am sure are “borrowed” the iPad.
• Microsoft also announced the Surface Duo which is a folding smartphone that uses two 5.6-inch displays that are connected by a hinge. Google, yes that Google is working with Microsoft on the device to make it work with Android apps. Beyond that, there wasn’t a whole lot else that was shared. This too will ship next year in time for the holidays.

In case you missed the event or you want more details, I can help you with that: