NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Mar 03, 2021

Of February's patches, Ignite, and the fate of Windows 10 feature releases
We finished off February with an all clear for that month's Microsoft updates. So if you haven't installed updates as we get into March, make sure you do so at this time.  

I do recommend that you skip KB4535680, the Microsoft secure boot patch that's been disruptive if you have Bitlocker enabled. (Many patchers reported that it triggered the Bitlocker recovery password.) If you got it installed, fantastic! You don't need to uninstall it now. There isn't a problem with the update; instead, there is a problem during the installation and for workstations with Bitlocker.

To read this article in full, please click here



Computer World Security News
Mar 03, 2021

How to protect Windows Remote Desktop deployments
Attackers gain access to your Windows network just as work-from-home employees do: remotely. Following these simple steps will send them looking for easier targets.(Insider Story)

Computer World Security News
Mar 02, 2021

3 Android 12 features you can bring to any phone today
Google's Android 12 software is nowhere near ready for prime time, but Goog almighty: We've sure seen plenty of hints about some of the tantalizing touches it could include. And if you're anything like me, that makes it tough not to feel at least a teensy bit hungry for a taste.

The current Android 12 developer preview, unfortunately, won't do much to satisfy that craving. It's basically just a barebones framework of the software, made mostly for developers, and most of the mouthwatering morsels are carefully tucked away, disabled, and not yet visible or available for regular-mammal phone-owner use.

To read this article in full, please click here



Computer World Security News
Feb 25, 2021

Podcast: 30K Macs infected with "Silver Sparrow" virus; M1 Mac SSD health
Security researchers uncovered malware affecting tens of thousands of macOS devices, but it's unclear what exactly the malware does. Affecting both Intel and Apple Silicon processors, this malware, nicknamed "Silver Sparrow," still poses a threat. And in other Apple news, some M1 Mac users have reported that the SSDs on their new systems are being overused. Macworld executive editor Michael Simon and Computerworld executive editor Ken Mingis join Juliet to discuss Apple's response to the virus and SSD issues and what users can do if they've been affected.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

How to hire and retain Black tech pros — for real
American companies are once again promising to increase minority hiring and retention in the aftermath of the 2020 police killings of George Floyd and other Black people and subsequent Black Lives Matter demonstrations. But Black people have heard this promise before — for decades, in fact — with little tangible change in the low employment numbers of Black engineers, developers, and IT pros.

For companies that really do want to change their staffs to better reflect diversity in the US, it's time to go beyond words and take action. To help you do that, Computerworld talked to several people in the frontlines of promoting the hiring of Black people for tech jobs. Their advice was strong and unambiguous: Define the business case for diversity, then follow up with a determined action plan and establish the metrics to monitor the results and adjust course as needed. And perhaps even harder, learn to truly connect with the Black community to establish the relationships that lead to sustainable diversity.

To read this article in full, please click here



Computer World Security News
Feb 24, 2021

Microsoft 365 Advanced Audit: What you need to know
Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.(Insider Story)

Computer World Security News
Feb 23, 2021

Two big buts about Samsung's Android security update announcement
Didja see? Samsung's pledging a full four years of support for security updates on its Galaxy-branded Android phones. Well, shiver me timbers: That sure is somethin'!

Samsung slapped the news down onto these here internerfs of ours Monday morning, and the glowing headlines predictably followed — with some stories going as far as to proclaim Samsung as the new undisputed "king of Android upgrades" or to declare that the company was now "beating Google at its own game."

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Why Apple should let you define private places on iPhones
If you've ever found the Significant Locations section on your iPhone, then a recently published study that shows how such data can be used to decipher personal information about users should pose some alarm.

Significant Locations The way Significant Locations works is that your iPhone keeps a list of places you frequently visit. This list usually shows your favorite places and shops and will, of course, log the location of any service you might visit often, such as the medical center.

Apple gathers this information to provide "useful location-related information" in its apps and services, and promises this data is encrypted and cannot be read by Apple. But I'm a little unclear whether this information is made available to third-party apps.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

Apple tramples on security in the name of convenience
Apple plans with iOS 14.5 to allow masked enterprise employees to access their iPhones if they are also wearing an Apple Watch (running WatchOS 7.4), that is unlocked. Heads up: This is a quintessential convenience vs. security trade-off from Apple, and if you don't insist that workers refrain from using the feature, corporate security will suffer.

In short, it will be make it much easier for corporate spies and cyberthieves to snag your company's intellectual property, which is being created, stored, and shipped within smartphones today at a far greater rate than 2019 — aka the pre-COVID-19 times.

[ Related: When work-from-home means the boss is watching ] Apple has refused to let this convenience do anything other than opening the phone (which is bad enough). And it will not allow the feature to bypass facial ID authentication for the AppleCard, ApplePay or any third-party app (such as banks and investment firms) that have embraced Face ID. That tells you pretty much all you need to know about how much of a security corner-cutter this move is.

To read this article in full, please click here



Computer World Security News
Feb 22, 2021

The .NET patch failure that wasn't
When we started this month of patching, I fully expected to come back by now with massive listings of applications that hated the February updates. That hasn't been the case, though there have been some issues related to .NET this month. 

In case you're wondering, .NET is a framework used by developers to build applications. It makes for standard coding techniques and "managed code" and can make an app more secure. Developers primarily use Visual studio to develop software that we all use on our Windows systems.

To read this article in full, please click here



Computer World Security News
Feb 18, 2021

Apple publishes in-depth M1, Mac, and iOS security guide
Apple has published its annual Apple Platform Security Guide, which includes updated details concerning the security of all its platforms, including the new M1 and A14 chips inside Apple Silicon Macs and current iPhones, respectively.

The first look inside M1 Mac security The extensive 196-page report explains how Apple continues to develop its core security models along the premise of mutually distrusting security domains. The idea here is that each element in the security chain is independent, gathers little user information, and is built with a zero-trust model that helps boost security resilience.

To read this article in full, please click here



Computer World Security News
Feb 15, 2021

For February, a 'bumpy' Patch Tuesday ride
One week out from Patch Tuesday and it's been a bumpy release for the month, especially for older versions of Windows 10 and Server 2016. (Less affected: the consumer versions of Windows 10 2004 and 20H2.)

Windows Server 2016/1607 suffered the worst of the issues: the original version of the Servicing Stack update KB4601392 caused patching to get "stuck." Server patchers had to jump through a ton of hoops to get the monthly security update installed. Microsoft pulled the bad update and replaced it with KB5001078. If you were unlucky and installed KB4601392 before it was pulled, Microsoft has this  guidance to manually reset Windows updates components.

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

What's not to love with this month's Patch Tuesday?
With only 53 updates in the February Patch Tuesday collection released this week — and no updates for Microsoft browsers — you'd be forgiven for thinking we had another easy month (after a light December and January). Despite lower-than-average numbers for updates and patches, four vulnerabilities have been publicly disclosed and we are seeing a growing number of reports of exploits in the wild.

In short: this is a big, important update that will require immediate attention and a rapid response to testing and deployment.

For example, Microsoft has just released an out-of-band update to fix a Wi-Fi issue that is leading to Blue Screens of Death (BSODs). Somebody is going to run into trouble unless this gets fixed fast. We have included a helpful infographic that this month looks a little lopsided (again), as all of the attention should be on the Windows components

To read this article in full, please click here



Computer World Security News
Feb 12, 2021

Can Apple Watch boost your endpoint security?
Enterprises seeking tools with which to improve endpoint security for the new remote working business environment may want to spend a little time considering the Apple Watch.

Access all areas My argument is simple: Apple's growing place in the enterprise means its complementary ecosystems can help support your business. As deal follows deal, the number of iPhones in use across the sector is growing fast, which means millions of workers already have access to the watch.

To read this article in full, please click here



Computer World Security News
Feb 11, 2021

Apple wants Safari in iOS to be your private browser
Apple seems focused on building Safari to become the world's leading privacy-focused web browser, continuing development of under-the-hood enhancements to protect private lives.

Better privacy by proxy Beginning with (currently in beta) iOS 14.5, Apple is improving privacy by changing how Safari accesses Google's Safe Browsing service. The latter warns users when they visit a fraudulent website. (Apple uses the service to drive the "Fraudulent Website Warning" in SettingsSafari on iOS or iPadOS devices.)

The Safe Browsing service works by identifying potentially compromised sites from Google's web index. If it suspects a site is compromised, virtual machines are despatched to see whether the site attempts to compromise them.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

Ahead of Patch Tuesday, a cautionary tale
Microsoft has officially deemed Windows 10 version 2004 as "ready for business," but I'd argue it still needs a bit more help to be fully ready for consumers. With this month's Patch Tuesday upon us, here's an example of what I mean. It involves mysterious NAS issues, some sleuthing, and a workaround — all of which show how troublesome updates can be sometimes.

This case involves one AskWoody subscriber who told me recently that each time he upgraded to Windows 10 2004 the installation would break his computer. Like any good geek who refuses to let technology get the best of me, I emailed him back and asked for more information about what was getting broken when he upgraded. Turns out, he would lose access to mapped drives on his NAS (network attached storage) devices. Though he tried to remap the drives, they would fail, forcing him to roll back to  Windows 10 1909 — where everything would work.

To read this article in full, please click here



Computer World Security News
Feb 08, 2021

The future of work: Coming sooner than you think
What will your worklife be like years from now? Today's work-from-home world has given us a glimpse of the future, as these five articles from CIO, Computerworld, CSO, InfoWorld, and Network World illustrate.

Computer World Security News
Feb 03, 2021

Jamf, TRUCE bring Apple to the deskless enterprise
A new partnership between Jamf and TRUCE Software will deliver significant benefits to Apple-based enterprises with remote, deskless workforces in such industries as manufacturing or construction.

The remote remote workers The idea sems pretty solid. Think how a move to adopt Apple kit and management solutions such as Jamf has enabled remote working to flourish during the pandemic.

To read this article in full, please click here



Computer World Security News
Feb 01, 2021

Is it time to install Microsoft's January updates? (Yes.)
Some people can't wait for a new version of Windows 10. They sign up for insider editions and eagerly watch for the next release.

I'm exactly the opposite of that.

I wait and make sure the version of Windows 10 that I'm using is fully compatible with my applications and I have time to deal with any side effects. My philosophy with security updates is the same; I don't install them right away. (Though I do install them every month without fail.) If you haven't yet installed the January updates, do so as soon as possible.

The major update that I warned about last month was KB4535680, which was offered up to Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit systems.

To read this article in full, please click here



Computer World Security News
Jan 29, 2021

When cryptographers looked at iOS and Android security, they weren't happy
For years, the US government begged Apple executives to create a backdoor for law enforcement. Apple publicly resisted, arguing that any such move for law enforcement would quickly become a backdoor for cyberthieves and cyberterrorists.

Good security protects us all, the argument went.

More recently, though, the feds have stopped asking for a workaround to get through Apple security. Why? It turns out that they were able to break through on their own. iOS security, along with Android security, is simply not as strong as Apple and Google suggested.

To read this article in full, please click here



Computer World Security News
Jan 28, 2021

Microsoft releases Application Guard for Office to M365 customers
Microsoft this week released Application Guard for Office, a defensive technology that quarantines untrusted Office documents so attack code embedded in malicious files can't reach the operating system or its applications.

The announcement of Application Guard's general availability came five months after Microsoft kicked off a public preview of the technology. At that time, Microsoft's roadmap indicated a December 2020 debut for Application Guard for Office.

"When you've enabled Application Guard and a user opens a file from a potentially unsafe location, Office opens the file in Application Guard; a secured, Hyper-V-enabled container isolated from the rest of a user's data through hardware-based virtualization," Emil Karafezov, senior program manager, said in a Jan. 27 post to a company blog.

To read this article in full, please click here



Computer World Security News
Jan 25, 2021

Decoding Microsoft Defender's hidden settings
Ask someone what antivirus software they use and you'll probably get a near-religious argument about which one they have installed. Antivirus choices are often about what we trust — or don't — on our operating system. I've seen some Windows users indicate they would rather have a third-party vendor watch over and protect their systems. Others, like me, view antivirus software as less important these days; it matters more that your antivirus vendor can handle windows updating properly and won't cause issues.

Still others rely on Microsoft Defender. It's been around in one form or another since Windows XP.

To read this article in full, please click here



Computer World Security News
Jan 21, 2021

The work-from-home employee's bill of rights
Remote work became the new normal quickly as COVID-19 pandemic lockdowns came into force in spring 2020, and it's clear that after the pandemic recedes, remote work will remain the norm for many employees — as much as half the deskbound "white collar" workforce, various research firms estimate. As a result of the sudden lockdowns, many employees had to create makeshift workspaces, buy or repurpose personal equipment, and figure out how to use new software and services to be able to keep doing their jobs.

Navigating the WFH world Remote working, now and forevermore? The work-from-home employee's bill of rights How to set up a WFH ‘office' for the long term The New Normal: When work-from-home means the boss is watching 10 tips to set up your WFH office for videoconferencing Users and IT departments alike made Herculean efforts to adapt quickly and ensure business continuity, and the result was an improvement in productivity despite the pandemic. But now the pandemic has become a longer-term phenomenon, and remote work will become more commonplace, even desirable as a way to save on office expenses and commute time, even after the pandemi

Computer World Security News
Jan 19, 2021

Chrome vs. Edge vs. Firefox: Which is the best browser for business?
What's the most important piece of productivity software in the business world? Some might say the office suite. But if you look at the time spent actually using software, the answer may well be the web browser. It's where people do most of their fact-finding and research.

EdgeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 18, 2021

For Microsoft's January patches, no all-clear (yet)
I'm not ready to give an all-clear to the security patches released Jan. 12, and I want to warn you about one specific update that is affecting HyperV servers and some consumer level workstations.  

KB4535680, also known as Security update for Secure Boot DBX: January 12, 2021, makes improvements to Secure Boot DBX for a number of supported Windows versions. These include Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit. Key changes affect "Windows devices that [have] Unified Extensible Firmware Interface (UEFI) based firmware that can run with Secure Boot enabled." The Secure Boot Forbidden Signature Database (DBX) prevents malicious UEFI modules from loading; this update adds additional modules to block malicious attackers who could successfully exploit the vulnerability, bypass secure boot, and load untrusted software.

To read this article in full, please click here



Computer World Security News
Jan 15, 2021

Easing into the new year with a modest January Patch Tuesday
Microsoft rolled into 2021 with a fairly benign update cycle for Windows and Microsoft Office systems, delivering 83 updates for January.

Yes, there is an update to Windows defender (CVE-2021-1647) that has been reported as exploited. Yes, there has been a publicly disclosed issue (CVE-2021-1648) in the Windows printing subsystem. But there are no Zero-days and no "Patch Now" recommendations for this month. There are, however, a large number of feature and functionality groups "touched" by these updates; we recommend a comprehensive test of printing and key graphics areas before general Windows update deployment.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to 'Big Sur' security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to Big Sur security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 12, 2021

Apple's mythical AirTags shimmer slowly to release
Stop me if you've heard this before: Apple seems to be closer to actually introducing the near-mythical AirTags, which you'll no doubt use to track hardware, devices, and the vehicles that make up your transit fleet.

What we think we know This is a long-running story. We first began to anticipate introduction of these products after WWDC 2019. Later, we thought they might show up even before the iPhone 12, or even as part of the company's holiday season launches.

To read this article in full, please click here



Computer World Security News
Jan 11, 2021

The first Patch Tuesday of '21; time to delay updates
It's Patch Tuesday time — that exciting second Tuesday of each month when we turn towards Redmond, WA, hoping for quality updates — and my advice is to not install updates tomorrow. To be fair, the vast majority of Microsoft users should be fine with whatever patches and fixes arrive. But, personally, I push off updates and delay installations on the systems I care about; you should do the same.

With that piece of advice out of the way, I have some suggestions for 2021 for a healthy patching year.

Susan's first recommendation of ‘21: Use Windows 10 Pro, not Home.

I recommend several things when dealing with updates: First and foremost, make sure you are on Windows 10 professional, not Windows 10 Home. 

To read this article in full, please click here



Computer World Security News
Jan 05, 2021

6 smart steps to get your Android phone in tip-top shape for 2021
Happy New Year! I don't know about you, but I find the start of a fresh voyage around this shiny ol' sun of ours to be a fine time for tidying up, optimizing, and getting good and organized for the months ahead. And while I'd love to pretend I'm the type of person who has one of those disgustingly pristine, clutter-free desks you see on the internet, let me be brutally honest: The physical space around me tends to resemble a half-abandoned hog parlor.

But my Android phone? My Android phone is as orderly as can be, gosh darn it. And if you ask me, that makes far more of a difference than the state of the physical space around me.

Our mobile devices are where we do so much of our actual work and contemplation these days, after all — and yet it's all too easy to overlook the importance of maintaining an optimal arrangement for both productivity and security within 'em. So now, as we gaze ahead at the promise-filled 2021 calendar, join me in taking 10 minutes to get your own trusty Android phone fine-tuned and fully ready for the coming year.

To read this article in full, please click here



Computer World Security News
Jan 04, 2021

Solarwinds, Solorigate, and what it means for Windows updates
Microsoft recently announced that its Windows source code had been viewed by the Solarwinds attackers. (Normally, only key government customers and trusted partners would have this level of access to the "stuff" of which Windows is made.) The attackers were able to read - but not change - the software secret sauce, raising questions and concerns among Microsoft customers. Did it mean, perhaps, that attackers could inject backdoor processes into Microsoft's updating processes

First, a bit of background on the Solarwinds attack, also called Solorigate: An attacker got into a remote management/monitoring tool company and was able to inject itself into the development process and build a backdoor. When the software was updated through the normal updating processes set up by Solarwinds, the backdoored software was deployed into customer systems — including numerous US government agencies. The attacker was then able to silently spy on several activities across these customers. 

To read this article in full, please click here



Computer World Security News
Dec 28, 2020

The end-of-the-year patching all-clear
It's that time of the month to give the final 2020 all-clear for installing updates.

Microsoft has already fixed the issue with KB4592438 for Windows 10 20H2 and 2004, where if you were lucky, or rather, unlucky enough to perform a chkdsk c: /f on your system after installing the December updates you might have been forced to rebuild your system — not exactly the greatest holiday present from Microsoft.  As I noted last week, this issue was fixed with a cryptic behind-the-scenes update for those who get their updates from Windows update. 

To read this article in full, please click here



Computer World Security News
Dec 23, 2020

The patching conundrum: When is good enough good enough?
As Günter Born recently reported at Born's Tech and Windows World, KB4592438 has a bug that triggers a blue screen of death when you run the chkdsk c: /f command, leaving the hardware unable to boot. Several others confirmed the issue independently in the various venues and forums. Still others graciously decided to risk their systems and install the update and when they ran the command had zero issues. I tested it myself and also didn't see a blue screen of death.

To read this article in full, please click here



Computer World Security News
Dec 21, 2020

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Dec 17, 2020

Thoughts on Apple versus Facebook
War against Apple on the part of Facebook has officially begun, with the social media giant spending some of its user data targeted ads revenue on a series of press ads against the computer company, presumably because using its own platform to spread such claims may fall foul of anti-trust law.

You are the product Facebook is making the usual hyperbolic arguments around "standing up for small business" and "making sure the internet stays free", though it isn't entirely clear when Facebook became "the internet", or why we as users aren't paid for the provision of the personal data the soc-med company builds its business on.

To read this article in full, please click here



Computer World Security News
Dec 16, 2020

2020: A look back at patching and the pandemic
As we close out this extraordinary year, it's important to remember the unusual patching experiences this year that affected many businesses and their processes.  

The pandemic effect Not surprisingly, the pandemic impacted patching in a big way. In April, it forced Microsoft to push off the end of life for two products, Windows 10 1709 and Windows 10 1809 — by six months each. Win 10 1709 wound up with a 36-month support window for Enterprise and Education users and 1809 Home and Pro got an extra six months, to Nov. 10. Clearly, Microsoft could see the impact of the pandemic on enterprise rollout plans and understood that most of us had other things on our minds.

To read this article in full, please click here



Computer World Security News
Dec 14, 2020

Apple's Privacy Nutrition Labels, available now and good for business
Apple today is introducing iOS 14.3, and among a host of improvements the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises and users.

What are Privacy Nutrition Labels? Apple announced Privacy Nutrition Labels at WWDC 2020. Under the scheme, developers selling apps on the App Store must explain the privacy practices of each one they sell. That means detailed information concerning what data they collect, why, and what they do with it must be provided to users in the form of what looks like a food nutrition label.

To read this article in full, please click here



Computer World Security News
Dec 11, 2020

Microsoft presents us with a light Patch Tuesday for December
With just 58 updates to deal with this month, the December Patch Tuesday should make for a welcome  light-duty patch-and-test cycle. There were no zero-days or reports of publicly exploited security issues, though there is a critical update to Microsoft Exchange Server that should be a priority. But we saw less pressure on the Windows, browser, and Office updates.

Microsoft has also released two Servicestack Updates (SSUs) for its desktop and server platforms (ADV990001) and an update to the Chromium project (ADV200002).

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

December Patch Tuesday round-up: Winding down for the year
At last, we have the final updates for 2020 from Microsoft. For anyone keeping count, we ended up with 1,250 CVEs (Common Vulnerabilities and Exposures) for the year. That's almost 50% more than the 800 we had to deal with in 2019. Given the way we get updates delivered in a cumulative fashion, I don't think of it as about the number of vulnerabilities; I think more about how many times I had to deal with post-release issues in 2020. I'll recap the year's major patching issues later this month. For now, I'll summarize the issues to watch out for in December.

First, a reminder if you're running Windows 10 1903: This is the last official release for that version. You must be on Windows 10 1909 (or later) to continue to receive security updates. In the past, I have recommended setting the deferral for feature updates for 365 days. Now, I recommend using the targetreleaseversion setting to specify the exact feature release version you want. So if you set the value at 1909, you'll receive 1909; if you set it at 2004 — even if you are on 1903 — you'll get offered 2004, not 1909. (For Windows 10 Home users, I continue to recommend you upgrade from Home to Professional to better control updates.) 

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

Windows hackers target COVID-19 vaccine efforts
I've written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 08, 2020

VP Craig Federighi wants competitors to copy Apple's privacy protection
Apple VP Software Engineering, Craig Federighi discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference December 8.

Privacy is possible It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," he stressed. 

"When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from," he said during this speech.

But it's under assault

To read this article in full, please click here



Computer World Security News
Dec 08, 2020

Apple VP Federighi wants competitors to copy Apple's privacy protection
Apple Vice President of Software Engineering, Craig Federighi, discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference today. Not surprisingly, he stressed the importance of privacy for Apple — which has made it a centerpiece — in particular and users in general.

Privacy is possible... It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," Federighi said during this speech. "When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from."

To read this article in full, please click here



Computer World Security News
Dec 07, 2020

SMS: Texting numeric strings is the best holiday gift to cyberthieves
For years, enterprise IT and security operations have been told they need to advance beyond texting short numeric strings in plain text and calling it meaningful Multi-Factor Authentication (MFA) or even just Two-Factor Authentication (2FA). It is stunning how many enterprises still cling to that entry-level security sham, even knowing how subject it is to man-in-the-middle attacks.

As for the oft-cited defense that, "it's better than having no MFA at all," I am not so sure. It provides false comfort to enterprise users that they have meaningful security. That prevents companies from quickly deploying truly robust security, such as an MFA that uses several authentication layers, including voice-recognition, facial- or finger-ID courtesy of the ubiquitous smartphone and almost any of the mobile encrypted authentication apps. (Don't forget that Signal can work well, too.)

To read this article in full, please click here



Computer World Security News
Dec 01, 2020

It's December patch prep time
It's the final patching month for 2020 — and what a year it's been. Two more Windows 10 feature releases, numerous servicing stack updates, the end of Office 2010, the pandemic — this has been a year when technology has driven us slightly crazy, and kept us sane. 

The first Tuesday of the month is the start of my Patching month and serves as a reminder to make sure my machines have all of the mandatory patches installed for November — and I'm ready to pause updates for December. We will not see any optional updates at the end of the month; Microsoft has indicated it will not be releasing the optional preview updates for Windows 10 that they would normally arrive during the third week of December.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

BrandPost: Security als platform, niet als verzameling point solutions
Richt je cybersecurity in vanuit een platformgedachte of vanuit de afzonderlijke point solutions? Sander Almekinders, hoofdredacteur bij IDG Benelux gaat over onder andere deze vraag in gesprek met Michel Schaalje, Security Lead bij Cisco Nederland.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 25, 2020

Susan Bradley: Windows 10 Thanksgiving-week patches
Computerworld blogger Susan Bradley takes a look at the latest patches from Microsoft, just in time for Thanksgiving in the US.

Computer World Security News
Nov 24, 2020

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business purposes, for personal use, or some combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

A pre-Thanksgiving all-clear to install patches
In the U.S., we're quickly coming up to the start of holiday season, meaning it's time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I'm also taking time to better understand the impact of one specific security bulletin — I honestly can't figure out exactly what I'm supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I'm ready to give the all-clear to go ahead and install Microsoft's November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I'd hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

How to stay as private as possible on the Mac
Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & PrivacyGeneral and tap Change Password to pick something more challenging.

To read this article in full, please click here



Computer World Security News
Nov 19, 2020

Deciphering (and understanding) Microsoft's patch management options
If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I've written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I'm also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it's important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here



Computer World Security News
Nov 16, 2020

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes
A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

To read this article in full, please click here



Computer World Security News
Nov 13, 2020

Browser updates are back for Update Tuesday; testing may be needed for Windows patches
Though we return to monthly browser updates after last month's brief respite — none of this November's browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

The November Patch Tuesday aftermath
November's updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month's worth of updates.  I don't expect another set next month. But then again, I didn't expect this month's either.

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Where mainstream mobile browsers differ in privacy settingsTo read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 10, 2020

11 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

For Patch Tuesday, it's time to pause those Windows 10 updates
First a bit of an introduction.  Recently, Woody Leonhard decided to take a much deserved "retirement" from both AskWoody.com and Computerworld. I put "retirement" in quotes because I find that in IT, you never really retire. You're often called on to fix anything that has a motherboard or boots up, no matter what operating system is under the hood — especially when visiting family members and even in a pandemic.  Woody is back in Thailand on what he calls an extended vacation.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

On a personal note...
A combination of medical concerns, family obligations … and a screaming desire to turn my attention to interests outside the computer industry have nudged me into retirement.

And it's my great pleasure to announce that "Patch Lady" Susan Bradley will be taking up the cause here at Computerworld  with a new blog: Microsoft Patch Lady. She will also be major-domo of AskWoody.com, managing editor of the AskWoody Newsletters, as guiding light of the @AskWoody twitter charge — and, most importantly, as a spiritual advisor to gazillions of disenfranchised Microsoft customers.

To read this article in full, please click here



Computer World Security News
Nov 03, 2020

How to give Chrome a super-simple security upgrade
Smart security, just like autumn attire, is all about layers. The more effective pieces you have working to protect you, the less likely you'll be to let a burst of cold air — whether a metaphorical one or a literal one — catch you off-guard. (Also, the more flannel, the better. I'm not entirely sure how that applies to the tech side of things, but I'm stickin' with it.)

When it comes to browsing this wild ol' web of ours, after all, potential threats are a-plenty. Shady sites sit in wait to try to trick you into doing something dangerous, passwords are compromised constantly, and ghoulish virtual boogeymen who look curiously like Gary Busey crouch behind dark corners and prepare to pounce.

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get Microsoft's October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get the October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 29, 2020

The New Normal: When work-from-home means the boss is watching
In the midst of a pandemic that's led to unprecedented levels of remote working, digital tools to monitor employees in real time are gaining popularity among companies looking for new ways to track employee productivity. At the same time, the trend raises concerns about employee privacy and how far companies should be allowed to go to keep tabs on their workers.

Applications such as StaffCop, Teramind, Hubstaff, CleverControl, and Time Doctor include real-time activity tracking, can take screenshots of workers' computers at regular intervals, do keystroke logging, and record screens. In some cases, the tracking tools can be installed without the knowledge of employees. Companies say they're focused on transparency and productivity, but privacy groups decry draconian "Big Brother" moves made possible by technology. (Computerworld reached out to several of the vendors for comment; they either did not return messages or could not provide someone to discuss their software.)

To read this article in full, please click here



Computer World Security News
Oct 22, 2020

Microsoft Patch Alert: October 2020
October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here



Computer World Security News
Oct 20, 2020

Warning: Multiple Windows 10 retirements ahead
Two Windows 10 feature upgrades will reach end of support in the next seven weeks, the congestion caused by decisions Microsoft made earlier this year as the coronavirus pandemic began.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 20, 2020

A phenomenal Android privacy feature you probably forget to use
It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Zoom's new encryption approach is incremental, but better
Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn't yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday
This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final "change" for this release was a relatively minor update to Visual Studio - leading to no change in our recommendations in this benign update.)To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 15, 2020

Is Windows the greatest cyberthreat to the 2020 US election?
If there's going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It's the world's biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world's biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 12, 2020

As Patch Tuesday nears, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 12, 2020

With Patch Tuesday here, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Apple's T2 Mac security chip may be vulnerable, researcher claims
A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.

What the research claims The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.

It's not an easy hack: Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard "debugging" USB-C cable and run a version of a jailbreaking software package during startup.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Wire targets Zoom, Teams and others with secure video upgrades
Secure communication platform Wire has overhauled its video conferencing capabilities and now allows more users to simultaneously have fully encrypted video calls.

Beginning today, Wire users will be able to video chat with up to 12 people and voice call with up to 25. While video conferencing rivals Zoom and Webex already offer end-to-end encryption on some plans, Wire's latest move will provide that high level of security to all its users. Wire now boasts that it offers "the world's first completely end-to-end encrypted video environment."

As many companies enter their seventh month of employees working from home, the demand for video conferencing services has not had any let up. That has led to something of an arms race as Microsoft, Zoom and a variety of other services have in recent months announced upgrades and feature tweaks of their own.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Current trends in Mac security threats
Current trends involving Mac threats indicate that while attempts are on the rise, users remain the first line of defense — particularly as "show up when you want to" (SUWYWT) becomes the future of work.

The security risk remains In the first few weeks of the pandemic, we saw multiple businesses invest in VPN software and new hardware as they equipped employees to work from home. In the UK, for example, Starling Bank claimed it purchased every available MacBook as the pandemic struck.

Now that working from home (WFH) is normalized, there's a need to take stock of security concerns and remind employees of good security procedure on all platforms, including Macs. Apple's platform seems to have enjoyed incredibly strong sales as companies upgraded for WFH, but even with better inherent security those Macs must also be protected.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Working from home? Slow broadband, remote security remain top issues
Unreliable home broadband connectivity is the primary technical challenge businesses are having to deal with as remote working continues during the COVID-19 pandemic.

That's one takeaway from a survey of 100 C-level executives and IT professionals in the US by Navisite designed to highlight the biggest headaches for organizations providing IT services to workers since offices began to close in March.

[ Related: Remote working, now and forevermore? ] Around half (51%) of those surveyed said they experienced some "IT pains" during the rapid shift to support home workers, while almost a third (29%) continue to face technical challenges.

To read this article in full, please click here



Computer World Security News
Oct 02, 2020

The coast is clear to install September's Windows and Office patches
There are a few odd problems with the September Microsoft patches, but they're relatively sporadic and reasonably-well understood. That makes it's a good time to get the outstanding updates installed, though you should avoid the "optional" patches.

I'm still not ready to put Windows 10 version 2004 on my main machines. The "E Week" optional, non-security patch, KB 4577063, fixes two well-known bugs and many dozens of lesser bugs (none of which were officially documented, by the way) in the latest released version of Windows 10. @mikemeinz has hit several replicated bugs in Win10 version 2004, and bug reports continue to hit my inbox.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft's Brad Anderson on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At this weeks JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Sep 30, 2020

Lessons learned: Provisioning new employees during a pandemic
COVID-19 means just about everyone who can do so now works from home. But the rapid pace at which this happened put IT under a great deal of pressure, so, what have we learned that may help in future?

The digital transformation continues The JNUC conference this week sees 15,000 Apple-in-the-enterprise IT staff come together, and a lot of the focus is on the challenges of rapid migration to remote work. The scale of this migration is vast, and it seems to be continuing at pace.

Microsoft Vice President Brad Anderson shared a little data to illustrate this: "We're seeing 1.5 million new devices every seven days coming into the cloud to be managed (by Microsoft Endpoint Manager) and that's Windows, iOS, Mac and Android." (Italics mine.)

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

JNUC 2020 opens with big news for Apple and Azure
Apple in the enterprise focused company, Jamf, kicked off its virtual JNUC conference today with a deluge of news and information for Mac, iPhone and iPad using enterprises.

Apple and Microsoft together for work The show comes at a pivotal moment in the transformation of enterprise IT. Not only is work becoming virtual, but Apple's presence in the space continues to grow.

The move to virtual conferences means the event has more attendees than ever before, with around 15,000 people attending, the company said.

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

How to fix Android's Smart Lock Trusted Places feature
Android's Smart Lock feature is spectacular — that is, when it actually works.

Smart Lock has been around since 2014's Android 5.0 era (which, according to my calculations, was approximately "an eternity" ago by 2020 standards). The basic idea behind it is to make securing your smartphone less inconvenient, thus making it more likely that you'll actually use a pattern, PIN, passcode, or person-paw press (also known as a fingerprint) to keep your data safe. The sensational headlines about big, bad malware monsters lurking in the dark and waiting to pounce on unsuspecting victims may be scary, after all, but here in the real world, you're far more likely to suffer from your own self-made security shortcomings than from any sort of theoretical threat.

To read this article in full, please click here



Computer World Security News
Sep 28, 2020

Microsoft Patch Alert: September 2020
What September's patching frenzy lacked in fireworks, it more than compensated for in volume - and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises - Lenovo still hasn't fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there's the usual litany of odd, one-off bug reports.

As of early today, we're still waiting for the Win10 version 2004 "optional, non-security, C/D/E Week" patch, but all of the other expected September patches are in.

Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips As I've mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January - months before 2004 shipped -- but didn't bother to acknowledge it until a fix appeared this month.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 28, 2020

Dual biometrics for banking: Double trouble or super-secure?
In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and - nonintuitively - convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition - both performed via a mobile device - and the banks are Hungary's OTP Bank and Spain's Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It's clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

To read this article in full, please click here



Computer World Security News
Sep 23, 2020

Pandemic gives VDI a new lease on life
The COVID-19 pandemic and subsequent shift to working from home have brought about numerous technological disruptions, many centered around how organizations deliver IT services to their workforce. Technologies that were dabbled in before, like videoconferencing, have suddenly become standard practice.

Such is the case with Virtual Desktop Infrastructure (VDI), also known as desktop virtualization or thin-client computing. Led by vendors such as Citrix, Microsoft, Cisco, and VMware, it has been around for decades and hasn't changed much in that time. But with companies' entire workforces now connecting to corporate networks from home, sometimes without a company-issued laptop with a VPN and all the necessary settings for secure access, VDI is getting a second look.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 22, 2020

How IT can keep remote workers' Windows 7 PCs safe
In the time of COVID-19, with so many people working from home, it's inevitable that many will be using Windows 7 devices. And that's a big security problem for IT. As of January 2020, Windows 7 is no longer supported by Microsoft. That means no security patches — particularly dangerous at a time when many people are connecting to enterprise networks from their Windows 7 PCs.

It adds up to one of the biggest security risks many companies have seen for some time. Unpatched systems can be more easily hacked than ones that regularly receive security patches. Hackers go after low-hanging fruit — and right now Windows 7 is the lowest fruit there is. As the FBI stated in an August 2020 warning to businesses:

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 17, 2020

Why you need Apple support to secure the C-suite
I get it. You're one of those enterprises that doesn't (yet) support Apple products among employees, but does that moratorium extend to the C-suite? I'm willing to bet it does not, and that's why even Windows-only IT must learn how to secure Apple's products.

Ignore the fantasy, this is reality The reality is that Apple's products are popular in the enterprise. And while there are many businesses that don't officially support them, one section of civic society that pretty much always do their own thing no matter what they ask others to do are the boys and girls in the C-suite. I can still recall the number of CFO's I spoke with early on in the iPad days who were deeply interested in trying the Apple tablet. Many did.

To read this article in full, please click here



Computer World Security News
Sep 17, 2020

Windows 10 upgrades are rarely useful, say IT admins
A majority of IT administrators polled this summer said that the twice-a-year Windows 10 feature upgrades are not useful - or rarely so - a stunning stance considering how much effort Microsoft puts into building the updates.

About 58% of nearly 500 business professionals who are responsible for servicing Windows at their workplaces said that Windows 10 feature upgrades - two annually, one each in the spring and fall - were either not useful (24%) or rarely useful (34%).

[ Related: Windows 10 version 2004: Key enterprise features ] Only 20% contended that the upgrades were useful in some fashion, while a slightly larger chunk - 22% - choose a noncommittal neutral as a response, claiming that the operating system's updates were neither useful nor not useful. (It might be best to consider this answer as undecided since in this binary world if something is not not useful, that must mean it is useful.)

To read this article in full, please click here



Computer World Security News
Sep 15, 2020

How COVID-19 has changed IT's focus and plans for 2021
The COVID-19 pandemic - and the lockdowns that followed last spring - wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

[ Keep up on the latest thought leadership, insights, how-to, and analysis on IT through Computerworld's newsletters. ] The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

To read this article in full, please click here



Computer World Security News
Sep 11, 2020

A fat Windows Update for September's Patch Tuesday
Microsoft has released 129 updates to its Windows ecosystem, but the good news  this month is that we are not responding to any zero-days or publicly reported vulnerabilities. Microsoft appears to be getting serious about removing Adobe Flash Player (a good thing) and we see a very broad update to Windows desktops and servers. Unusually, Microsoft's browsers are not a huge focus this month, and both the Microsoft Office (excluding SharePoint) and development platform have received only a few, lower profile patches.

[ Related: Microsoft revamps Windows Insider release vernacular ] We have included a helpful infographic, which this month looks a little lopsided as all of the attention should be on Windows components.

To read this article in full, please click here



Computer World Security News
Sep 10, 2020

Beaucoup bugs beset this month's Windows patches
Someday, you'll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.

Now, it looks like we're well on our way to another mess.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] Although it's still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.

To read this article in full, please click here



Computer World Security News
Sep 09, 2020

Microsoft puts Application Guard for Office into public preview
Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operationm - something that existing documentation omitted when the public preview was launched late last month.

[ Related: 10 productivity-boosting apps for Microsoft Teams ] "Microsoft Office will open files from potentially unsafe locations in?Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read,?edit,?print, and?save?the files without having to re-open files outside of the container."

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday here, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday near, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Yes, you can install the August Windows and Office patches now
It looks like we're good to go with Microsoft's August Windows and Office patches. The second cumulative update for Windows 8.1, KB 4578013, throws some Virtual Private Networks out of kilter, and the Win7 patches may knock out your printers (for those of you paying for Win7 Extended Security Updates). But most of the other bugs appear to be squashed.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Apple strengthens commitment to human rights with new policy
Apple has once again responded to critics with the publication of a human rights policy it says commits the company to "freedom of information and expression."

Freedom of expression "At Apple, we are optimistic about technology's awesome potential for good," says CEO Tim Cook. "But we know that it won't happen on its own. Every day, we work to infuse the devices we make with the humanity that makes us."

However, the document also points out that Apple is required to obey the law.

To read this article in full, please click here



Computer World Security News
Aug 31, 2020

Microsoft Patch Alert: August 2020
With Windows 10 2004 gradually creeping (I use the term intentionally) onto more machines, faults and foibles are coming out of the woodwork. It looks like a fix for the long-lamented version 2004 defrag bugs is on the way, but we aren't there yet. Lenovo isn't too happy with the August version 2004 cumulative update. It's still too early to move to 2004, in my opinion — and those problems ensure I'll keep 2004 off my machines for a while.

Meanwhile, Microsoft extended the end of support date for Win10 version 1803 — a move that'll interest exactly nobody except for admins with aging Win10 machines. Windows 8.1 patchers got left out in the Remote Access cold for a week. The .NET security updates have an odd, acknowledged bug with a manual registry workaround.

To read this article in full, please click here



Computer World Security News
Aug 27, 2020

TikTok sues the Trump administration, responding to potential U.S. ban
TikTok, the popular short form video app, has filed a lawsuit against the U.S. government, calling the potential U.S. ban an extreme action. At first glance, this lawsuit may mirror another one filed by a different tech company, Huawei. While both Huawei and ByteDance, the owner of TikTok, are Chinese tech companies, the proposed U.S. bans of each of these companies are different. Juliet breaks down why TikTok may fare better in the face of a potential ban than Huawei. More on TikTok's alleged security threats: https://youtu.be/LzeIOH2U8-8 Check out my latest video about the Huawei ban: https://youtu.be/bDXc7xeS5OE Sources-- https://www.nytimes.com/2020/08/24/technology/tiktok-sues-trump-administration.html https://newsroom.tiktok.com/en-us/tiktok-files-lawsuit Follow Juliet on Twitter: https://twitter.com/julietbeauchamp

Computer World Security News
Aug 26, 2020

Microsoft adds 6 months support to Windows 10 1803, again cites pandemic
Microsoft on Wednesday stretched support for a third version of Windows 10, again citing the coronavirus pandemic and its impact on business.

The Redmond, Wash. developer extended security support for Windows 10 Enterprise 1803 and Windows 10 Education 1803 by six months, to May 11, 2021. The original end-of-support date was to be Nov. 10.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] "We have heard your feedback and understand your need to focus on business continuity in the midst of the global pandemic," Chris Morrissey, who leads the communications team for Windows' servicing group, wrote in a post to a company blog. "As a result, we have decided to delay the scheduled end-of-service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1803."

To read this article in full, please click here



Computer World Security News
Aug 21, 2020

Did Microsoft just solve a big business iPad problem
One of the most disappointing things about iOS devices as business devices, and one of the things that keeps the iPad from being a true computing solution, is that there is no support for multiple-user accounts. An unlikely ally is determined to solve the problem for Apple. A future version of Microsoft Authenticator will allow for a multi-user iPad experience.

Computer World Security News
Aug 20, 2020

Google to trial drastically truncated URLs in Chrome in anti-phishing move
Google will run a trial with Chrome 86, the browser set to release in October, that will hide much of a site's URL as a way to foil phishing attacks.

"We're ... going to experiment with how URLs are shown in the address bar on desktop platforms," Emily Stark, Eric Mill and Shweta Panditrao, all members of Chrome's security team, wrote in an Aug. 12 post to a company blog. "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they're visiting a malicious website, and protects them from phishing and social engineering attacks."

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC