NEWS: COMPUTER WORLD SECURITY NEWS
Setup News Ticker
   NEWS: COMPUTER WORLD SECURITY NEWS
Computer World Security News
Jan 25, 2021

Decoding Microsoft Defender's hidden settings
Ask someone what antivirus software they use and you'll probably get a near-religious argument about which one they have installed. Antivirus choices are often about what we trust — or don't — on our operating system. I've seen some Windows users indicate they would rather have a third-party vendor watch over and protect their systems. Others, like me, view antivirus software as less important these days; it matters more that your antivirus vendor can handle windows updating properly and won't cause issues.

Still others rely on Microsoft Defender. It's been around in one form or another since Windows XP.

To read this article in full, please click here



Computer World Security News
Jan 21, 2021

The work-from-home employee's bill of rights
Remote work became the new normal quickly as COVID-19 pandemic lockdowns came into force in spring 2020, and it's clear that after the pandemic recedes, remote work will remain the norm for many employees — as much as half the deskbound "white collar" workforce, various research firms estimate. As a result of the sudden lockdowns, many employees had to create makeshift workspaces, buy or repurpose personal equipment, and figure out how to use new software and services to be able to keep doing their jobs.

Navigating the WFH world Remote working, now and forevermore? The work-from-home employee's bill of rights How to set up a WFH ‘office' for the long term The New Normal: When work-from-home means the boss is watching 10 tips to set up your WFH office for videoconferencing Users and IT departments alike made Herculean efforts to adapt quickly and ensure business continuity, and the result was an improvement in productivity despite the pandemic. But now the pandemic has become a longer-term phenomenon, and remote work will become more commonplace, even desirable as a way to save on office expenses and commute time, even after the pandemi

Computer World Security News
Jan 19, 2021

Chrome vs. Edge vs. Firefox: Which is the best browser for business?
What's the most important piece of productivity software in the business world? Some might say the office suite. But if you look at the time spent actually using software, the answer may well be the web browser. It's where people do most of their fact-finding and research.

EdgeTo read this article in full, please click here

(Insider Story)

Computer World Security News
Jan 18, 2021

For Microsoft's January patches, no all-clear (yet)
I'm not ready to give an all-clear to the security patches released Jan. 12, and I want to warn you about one specific update that is affecting HyperV servers and some consumer level workstations.  

KB4535680, also known as Security update for Secure Boot DBX: January 12, 2021, makes improvements to Secure Boot DBX for a number of supported Windows versions. These include Windows Server 2012 x64-bit; Windows Server 2012 R2 x64-bit; Windows 8.1 x64-bit; Windows Server 2016 x64-bit; Windows Server 2019 x64-bit; Windows 10, version 1607 x64-bit; Windows 10; version 1803 x64-bit; Windows 10, version 1809 x64-bit; and Windows 10, version 1909 x64-bit. Key changes affect "Windows devices that [have] Unified Extensible Firmware Interface (UEFI) based firmware that can run with Secure Boot enabled." The Secure Boot Forbidden Signature Database (DBX) prevents malicious UEFI modules from loading; this update adds additional modules to block malicious attackers who could successfully exploit the vulnerability, bypass secure boot, and load untrusted software.

To read this article in full, please click here



Computer World Security News
Jan 15, 2021

Easing into the new year with a modest January Patch Tuesday
Microsoft rolled into 2021 with a fairly benign update cycle for Windows and Microsoft Office systems, delivering 83 updates for January.

Yes, there is an update to Windows defender (CVE-2021-1647) that has been reported as exploited. Yes, there has been a publicly disclosed issue (CVE-2021-1648) in the Windows printing subsystem. But there are no Zero-days and no "Patch Now" recommendations for this month. There are, however, a large number of feature and functionality groups "touched" by these updates; we recommend a comprehensive test of printing and key graphics areas before general Windows update deployment.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to 'Big Sur' security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 14, 2021

Apple makes welcome change to Big Sur security for Macs
When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system's security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong? For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple's own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn't in tune with Apple's traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

To read this article in full, please click here



Computer World Security News
Jan 12, 2021

Apple's mythical AirTags shimmer slowly to release
Stop me if you've heard this before: Apple seems to be closer to actually introducing the near-mythical AirTags, which you'll no doubt use to track hardware, devices, and the vehicles that make up your transit fleet.

What we think we know This is a long-running story. We first began to anticipate introduction of these products after WWDC 2019. Later, we thought they might show up even before the iPhone 12, or even as part of the company's holiday season launches.

To read this article in full, please click here



Computer World Security News
Jan 11, 2021

The first Patch Tuesday of '21; time to delay updates
It's Patch Tuesday time — that exciting second Tuesday of each month when we turn towards Redmond, WA, hoping for quality updates — and my advice is to not install updates tomorrow. To be fair, the vast majority of Microsoft users should be fine with whatever patches and fixes arrive. But, personally, I push off updates and delay installations on the systems I care about; you should do the same.

With that piece of advice out of the way, I have some suggestions for 2021 for a healthy patching year.

Susan's first recommendation of ‘21: Use Windows 10 Pro, not Home.

I recommend several things when dealing with updates: First and foremost, make sure you are on Windows 10 professional, not Windows 10 Home. 

To read this article in full, please click here



Computer World Security News
Jan 05, 2021

6 smart steps to get your Android phone in tip-top shape for 2021
Happy New Year! I don't know about you, but I find the start of a fresh voyage around this shiny ol' sun of ours to be a fine time for tidying up, optimizing, and getting good and organized for the months ahead. And while I'd love to pretend I'm the type of person who has one of those disgustingly pristine, clutter-free desks you see on the internet, let me be brutally honest: The physical space around me tends to resemble a half-abandoned hog parlor.

But my Android phone? My Android phone is as orderly as can be, gosh darn it. And if you ask me, that makes far more of a difference than the state of the physical space around me.

Our mobile devices are where we do so much of our actual work and contemplation these days, after all — and yet it's all too easy to overlook the importance of maintaining an optimal arrangement for both productivity and security within 'em. So now, as we gaze ahead at the promise-filled 2021 calendar, join me in taking 10 minutes to get your own trusty Android phone fine-tuned and fully ready for the coming year.

To read this article in full, please click here



Computer World Security News
Jan 04, 2021

Solarwinds, Solorigate, and what it means for Windows updates
Microsoft recently announced that its Windows source code had been viewed by the Solarwinds attackers. (Normally, only key government customers and trusted partners would have this level of access to the "stuff" of which Windows is made.) The attackers were able to read - but not change - the software secret sauce, raising questions and concerns among Microsoft customers. Did it mean, perhaps, that attackers could inject backdoor processes into Microsoft's updating processes

First, a bit of background on the Solarwinds attack, also called Solorigate: An attacker got into a remote management/monitoring tool company and was able to inject itself into the development process and build a backdoor. When the software was updated through the normal updating processes set up by Solarwinds, the backdoored software was deployed into customer systems — including numerous US government agencies. The attacker was then able to silently spy on several activities across these customers. 

To read this article in full, please click here



Computer World Security News
Dec 28, 2020

The end-of-the-year patching all-clear
It's that time of the month to give the final 2020 all-clear for installing updates.

Microsoft has already fixed the issue with KB4592438 for Windows 10 20H2 and 2004, where if you were lucky, or rather, unlucky enough to perform a chkdsk c: /f on your system after installing the December updates you might have been forced to rebuild your system — not exactly the greatest holiday present from Microsoft.  As I noted last week, this issue was fixed with a cryptic behind-the-scenes update for those who get their updates from Windows update. 

To read this article in full, please click here



Computer World Security News
Dec 23, 2020

The patching conundrum: When is good enough good enough?
As Günter Born recently reported at Born's Tech and Windows World, KB4592438 has a bug that triggers a blue screen of death when you run the chkdsk c: /f command, leaving the hardware unable to boot. Several others confirmed the issue independently in the various venues and forums. Still others graciously decided to risk their systems and install the update and when they ran the command had zero issues. I tested it myself and also didn't see a blue screen of death.

To read this article in full, please click here



Computer World Security News
Dec 21, 2020

Android security: Analysis, advice, and next-level knowledge
It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here



Computer World Security News
Dec 17, 2020

Thoughts on Apple versus Facebook
War against Apple on the part of Facebook has officially begun, with the social media giant spending some of its user data targeted ads revenue on a series of press ads against the computer company, presumably because using its own platform to spread such claims may fall foul of anti-trust law.

You are the product Facebook is making the usual hyperbolic arguments around "standing up for small business" and "making sure the internet stays free", though it isn't entirely clear when Facebook became "the internet", or why we as users aren't paid for the provision of the personal data the soc-med company builds its business on.

To read this article in full, please click here



Computer World Security News
Dec 16, 2020

2020: A look back at patching and the pandemic
As we close out this extraordinary year, it's important to remember the unusual patching experiences this year that affected many businesses and their processes.  

The pandemic effect Not surprisingly, the pandemic impacted patching in a big way. In April, it forced Microsoft to push off the end of life for two products, Windows 10 1709 and Windows 10 1809 — by six months each. Win 10 1709 wound up with a 36-month support window for Enterprise and Education users and 1809 Home and Pro got an extra six months, to Nov. 10. Clearly, Microsoft could see the impact of the pandemic on enterprise rollout plans and understood that most of us had other things on our minds.

To read this article in full, please click here



Computer World Security News
Dec 14, 2020

Apple's Privacy Nutrition Labels, available now and good for business
Apple today is introducing iOS 14.3, and among a host of improvements the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises and users.

What are Privacy Nutrition Labels? Apple announced Privacy Nutrition Labels at WWDC 2020. Under the scheme, developers selling apps on the App Store must explain the privacy practices of each one they sell. That means detailed information concerning what data they collect, why, and what they do with it must be provided to users in the form of what looks like a food nutrition label.

To read this article in full, please click here



Computer World Security News
Dec 11, 2020

Microsoft presents us with a light Patch Tuesday for December
With just 58 updates to deal with this month, the December Patch Tuesday should make for a welcome  light-duty patch-and-test cycle. There were no zero-days or reports of publicly exploited security issues, though there is a critical update to Microsoft Exchange Server that should be a priority. But we saw less pressure on the Windows, browser, and Office updates.

Microsoft has also released two Servicestack Updates (SSUs) for its desktop and server platforms (ADV990001) and an update to the Chromium project (ADV200002).

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

December Patch Tuesday round-up: Winding down for the year
At last, we have the final updates for 2020 from Microsoft. For anyone keeping count, we ended up with 1,250 CVEs (Common Vulnerabilities and Exposures) for the year. That's almost 50% more than the 800 we had to deal with in 2019. Given the way we get updates delivered in a cumulative fashion, I don't think of it as about the number of vulnerabilities; I think more about how many times I had to deal with post-release issues in 2020. I'll recap the year's major patching issues later this month. For now, I'll summarize the issues to watch out for in December.

First, a reminder if you're running Windows 10 1903: This is the last official release for that version. You must be on Windows 10 1909 (or later) to continue to receive security updates. In the past, I have recommended setting the deferral for feature updates for 365 days. Now, I recommend using the targetreleaseversion setting to specify the exact feature release version you want. So if you set the value at 1909, you'll receive 1909; if you set it at 2004 — even if you are on 1903 — you'll get offered 2004, not 1909. (For Windows 10 Home users, I continue to recommend you upgrade from Home to Professional to better control updates.) 

To read this article in full, please click here



Computer World Security News
Dec 09, 2020

Windows hackers target COVID-19 vaccine efforts
I've written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.To read this article in full, please click here

(Insider Story)

Computer World Security News
Dec 08, 2020

VP Craig Federighi wants competitors to copy Apple's privacy protection
Apple VP Software Engineering, Craig Federighi discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference December 8.

Privacy is possible It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," he stressed. 

"When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from," he said during this speech.

But it's under assault

To read this article in full, please click here



Computer World Security News
Dec 08, 2020

Apple VP Federighi wants competitors to copy Apple's privacy protection
Apple Vice President of Software Engineering, Craig Federighi, discussed his company's thoughts on ad tracking and more at the European Data Protection and Privacy Conference today. Not surprisingly, he stressed the importance of privacy for Apple — which has made it a centerpiece — in particular and users in general.

Privacy is possible... It is "absolutely possible to design technology that respects [customer] privacy and protects their personal information," Federighi said during this speech. "When it comes to privacy protections, we're very happy to see our competitors copy our work, or develop innovative privacy features of their own that we can learn from."

To read this article in full, please click here



Computer World Security News
Dec 07, 2020

SMS: Texting numeric strings is the best holiday gift to cyberthieves
For years, enterprise IT and security operations have been told they need to advance beyond texting short numeric strings in plain text and calling it meaningful Multi-Factor Authentication (MFA) or even just Two-Factor Authentication (2FA). It is stunning how many enterprises still cling to that entry-level security sham, even knowing how subject it is to man-in-the-middle attacks.

As for the oft-cited defense that, "it's better than having no MFA at all," I am not so sure. It provides false comfort to enterprise users that they have meaningful security. That prevents companies from quickly deploying truly robust security, such as an MFA that uses several authentication layers, including voice-recognition, facial- or finger-ID courtesy of the ubiquitous smartphone and almost any of the mobile encrypted authentication apps. (Don't forget that Signal can work well, too.)

To read this article in full, please click here



Computer World Security News
Dec 01, 2020

It's December patch prep time
It's the final patching month for 2020 — and what a year it's been. Two more Windows 10 feature releases, numerous servicing stack updates, the end of Office 2010, the pandemic — this has been a year when technology has driven us slightly crazy, and kept us sane. 

The first Tuesday of the month is the start of my Patching month and serves as a reminder to make sure my machines have all of the mandatory patches installed for November — and I'm ready to pause updates for December. We will not see any optional updates at the end of the month; Microsoft has indicated it will not be releasing the optional preview updates for Windows 10 that they would normally arrive during the third week of December.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

BrandPost: Security als platform, niet als verzameling point solutions
Richt je cybersecurity in vanuit een platformgedachte of vanuit de afzonderlijke point solutions? Sander Almekinders, hoofdredacteur bij IDG Benelux gaat over onder andere deze vraag in gesprek met Michel Schaalje, Security Lead bij Cisco Nederland.

To read this article in full, please click here



Computer World Security News
Nov 30, 2020

How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn't going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It's popular in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demands that you pay a ransom, frequently in Bitcoins, to decrypt them.To read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 25, 2020

Susan Bradley: Windows 10 Thanksgiving-week patches
Computerworld blogger Susan Bradley takes a look at the latest patches from Microsoft, just in time for Thanksgiving in the US.

Computer World Security News
Nov 24, 2020

Gmail encryption: Everything you need to know
Encryption may sound like a subject best left to hackers and tinfoil hat wearers, but don't be fooled: It's a critical part of contemporary life and something that's important for everyone, especially business users, to understand. And one of the places where encryption is most relevant and misunderstood is in the realm of email.

If you're using Gmail for electronic communication — be it for business purposes, for personal use, or some combination of the two — it's well worth your while to know how the service does and doesn't secure your information and what steps you can take to make sure you're getting the level of privacy you need.

Ready to dive in?

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

A pre-Thanksgiving all-clear to install patches
In the U.S., we're quickly coming up to the start of holiday season, meaning it's time for, well, time off. I typically add technology maintenance jobs to the monthly mix of patching and maintaining servers and workstations. This month, I'm also taking time to better understand the impact of one specific security bulletin — I honestly can't figure out exactly what I'm supposed to do to keep my network secure. 

The good news: for most readers, none of these concerns apply to you. I'm ready to give the all-clear to go ahead and install Microsoft's November updates on laptops, desktops and workstations — especially if you are running the Windows 10 1909 feature release. That said, do your Thanksgiving Zoom get-together first and then install any updates. I'd hate to have you see nothing but the spinning wheel of Windows updates instead of your family and friends.

To read this article in full, please click here



Computer World Security News
Nov 23, 2020

How to stay as private as possible on the Mac
Apple believes in your right to privacy. Here is some advice on how to use the privacy tools it provides on your Mac. We have a guide for iPhones and iPads here.

Use a strong passcode To secure your Mac, all your data, and your privacy it is essential to create a strong alphanumeric login password.

The temptation to use something short or easy to remember is completely understandable, but if your Mac goes missing your life is on show, so visit Security & PrivacyGeneral and tap Change Password to pick something more challenging.

To read this article in full, please click here



Computer World Security News
Nov 19, 2020

Deciphering (and understanding) Microsoft's patch management options
If you asked a normal user what they dislike most about Windows 10, the answer would likely be related to patching, rebooting and the generally confusing update process. Entire web sites have sections devoted to explaining the updating process and how to manage it — and I've written my fair share about the topic. 

In addition to writing about Microsoft patches here (and about Windows security for CSO), I'm also a moderator on the Patchmanagement.org listserve. We have many people who rely on various patching tools to deploy updates and maintain workstations.  There are a number of options, so it's important to understand how they work (and how they vary) so you can get the most out of them.

To read this article in full, please click here



Computer World Security News
Nov 16, 2020

Microsoft exhorts enterprises to quit text, voice multi-factor authentication passcodes
A Microsoft executive is urging enterprises to abandon the most popular multi-factor authentication (MFA) method — one-time passcodes sent to mobile devices via text or voice — for different approaches, including app authenticators, that he claims are more secure.

"It's time to start your move away from the SMS and voice Multi-Factor Authentication (MFA) mechanisms," asserted Alex Weinert, director of identity security, in a Nov. 10 post to a Microsoft blog. "These mechanisms are based on publicly switched telephone networks (PSTN), and I believe they're the least secure of the MFA methods available today."

To read this article in full, please click here



Computer World Security News
Nov 13, 2020

Browser updates are back for Update Tuesday; testing may be needed for Windows patches
Though we return to monthly browser updates after last month's brief respite — none of this November's browser security issues are worm-able, and we have not seen anything that would require a return to an urgent browser update cycle. The Windows platform gets the most attention this time, but no single issue requires immediate deployment — though some legacy systems may require full testing for graphically intensive applications that rely on older graphic/media conversion technology. And the Microsoft Office and associated development platforms receive some lower-rated patches, with recommendations for a standard roll-out regime. 

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

The November Patch Tuesday aftermath
November's updates held a few surprises. 

First, for those still running Office 2010 last month was supposed to be the drop-dead date for support.  No more security updates at all.  None.  Zilch.  Zippo.  

And yet, we week received updates for Excel (KB4486743), Office (KB4486737, KB4486738, KB4484534, KB4484455), and for Word (KB4486740) — all of which patch for remote code executions.  (I remember when Office 2007 had its swan song, we received updates after its end-of-life notice as well.) My guess is that these updates were probably still in testing and had not yet been completed, hence the late release. So, if you are still running Office 2010, you get one more month's worth of updates.  I don't expect another set next month. But then again, I didn't expect this month's either.

To read this article in full, please click here



Computer World Security News
Nov 12, 2020

Online privacy: Best browsers, settings, and tips
"You have zero privacy anyway. Get over it," Scott McNealy said of online privacy back in 1999, a view the former CEO of the now-defunct Sun Microsystems reiterated in 2015. Despite the hue and cry his initial remarks caused, he's been proven largely correct.

Where mainstream mobile browsers differ in privacy settingsTo read this article in full, please click here

(Insider Story)

Computer World Security News
Nov 10, 2020

11 Android settings that'll strengthen your security
You might not know it from all the panic-inducing headlines out there, but Android is actually packed with powerful and practical security features. Some are activated by default and protecting you whether you realize it or not, while others are more out of the way but equally deserving of your attention.

So stop wasting your time worrying about the Android malware monster du jour and which security company is using it to scare you into an unnecessary subscription, and take a moment instead to look through these far more impactful Android security settings — ranging from core system-level elements to some more advanced and easily overlooked options.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

For Patch Tuesday, it's time to pause those Windows 10 updates
First a bit of an introduction.  Recently, Woody Leonhard decided to take a much deserved "retirement" from both AskWoody.com and Computerworld. I put "retirement" in quotes because I find that in IT, you never really retire. You're often called on to fix anything that has a motherboard or boots up, no matter what operating system is under the hood — especially when visiting family members and even in a pandemic.  Woody is back in Thailand on what he calls an extended vacation.

To read this article in full, please click here



Computer World Security News
Nov 09, 2020

On a personal note...
A combination of medical concerns, family obligations … and a screaming desire to turn my attention to interests outside the computer industry have nudged me into retirement.

And it's my great pleasure to announce that "Patch Lady" Susan Bradley will be taking up the cause here at Computerworld  with a new blog: Microsoft Patch Lady. She will also be major-domo of AskWoody.com, managing editor of the AskWoody Newsletters, as guiding light of the @AskWoody twitter charge — and, most importantly, as a spiritual advisor to gazillions of disenfranchised Microsoft customers.

To read this article in full, please click here



Computer World Security News
Nov 03, 2020

How to give Chrome a super-simple security upgrade
Smart security, just like autumn attire, is all about layers. The more effective pieces you have working to protect you, the less likely you'll be to let a burst of cold air — whether a metaphorical one or a literal one — catch you off-guard. (Also, the more flannel, the better. I'm not entirely sure how that applies to the tech side of things, but I'm stickin' with it.)

When it comes to browsing this wild ol' web of ours, after all, potential threats are a-plenty. Shady sites sit in wait to try to trick you into doing something dangerous, passwords are compromised constantly, and ghoulish virtual boogeymen who look curiously like Gary Busey crouch behind dark corners and prepare to pounce.

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get Microsoft's October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 30, 2020

Get the October patches installed — and seriously consider Win10 2004
It was yet another patch roller coaster ride this month with the usual crop of one-off bugs, a  Malwarebytes-associated assault on networking, a promised Flash killer that doesn't — and that announced Dynamics 365 Commerce patch, CVE-2020-16943, still isn't out. 

To read this article in full, please click here



Computer World Security News
Oct 29, 2020

The New Normal: When work-from-home means the boss is watching
In the midst of a pandemic that's led to unprecedented levels of remote working, digital tools to monitor employees in real time are gaining popularity among companies looking for new ways to track employee productivity. At the same time, the trend raises concerns about employee privacy and how far companies should be allowed to go to keep tabs on their workers.

Applications such as StaffCop, Teramind, Hubstaff, CleverControl, and Time Doctor include real-time activity tracking, can take screenshots of workers' computers at regular intervals, do keystroke logging, and record screens. In some cases, the tracking tools can be installed without the knowledge of employees. Companies say they're focused on transparency and productivity, but privacy groups decry draconian "Big Brother" moves made possible by technology. (Computerworld reached out to several of the vendors for comment; they either did not return messages or could not provide someone to discuss their software.)

To read this article in full, please click here



Computer World Security News
Oct 22, 2020

Microsoft Patch Alert: October 2020
October 2020 brought a lighter-than-usual crop of patches. For the first time in recent memory, there were none at all for Internet Explorer or the (Chromium-based) Edge browser. The cumulative updates went in with few reports of problems, although there were many complaints about printers not working after the update.

Strange things happened, though, outside the usual monthly patching schedule. The day after Patch Tuesday, Microsoft announced a(nother) fix for a security hole in the HEVC codec — CVE-2020-17022 — distributed, once again, only through the Microsoft Store.

To read this article in full, please click here



Computer World Security News
Oct 20, 2020

Warning: Multiple Windows 10 retirements ahead
Two Windows 10 feature upgrades will reach end of support in the next seven weeks, the congestion caused by decisions Microsoft made earlier this year as the coronavirus pandemic began.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 20, 2020

A phenomenal Android privacy feature you probably forget to use
It's amazing how many useful Android features get buried in the operating system and then forgotten over time.

When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way.

One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014.

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Zoom's new encryption approach is incremental, but better
Just like their consumer counterparts, enterprise IT execs have flocked to Zoom for all manner of meetings. But security has invariably taken a backseat to convenience and availability, as anyone who has endured a Zoom intruder knows all too well.

Zoom this week (it hasn't yet said exactly when) will roll out its upgraded encryption option. But it comes at the cost of surrendering various popular features. And it also does not come with improved authentication and identification of users, a capability Zoom now is promising to deliver sometime in 2021.

Zoom describes its current encryption offering as adequate, but not ideal:

To read this article in full, please click here



Computer World Security News
Oct 19, 2020

Microsoft focuses on Office, less so on Windows, and offers nothing for browsers on Patch Tuesday
This posting is a little later than usual due to a number of late-in-the-week updates from Microsoft last week. We started off with no publicly reported zero-days or active exploits in the wild. (As we were working with Microsoft, we felt that an out-of-bound patch was imminent that would change our advice on patch cycles for October. But it appears the final "change" for this release was a relatively minor update to Visual Studio - leading to no change in our recommendations in this benign update.)To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 15, 2020

Is Windows the greatest cyberthreat to the 2020 US election?
If there's going to be a successful cyberattack on the 2020 U.S election, you can be sure Windows will be involved. It's the world's biggest exposed attack vector and the weapon of choice of cybercriminals and intelligence agencies the world over. In addition, the world's biggest botnets are made up of millions of infected Windows PCs used to launch cyberattacks.To read this article in full, please click here

(Insider Story)

Computer World Security News
Oct 12, 2020

As Patch Tuesday nears, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 12, 2020

With Patch Tuesday here, be sure Windows Update is paused
Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we've seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you're protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol' PC.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Apple's T2 Mac security chip may be vulnerable, researcher claims
A security researcher claims to have figured out how to break the T2 security chip on modern Intel-based Macs using a pair of exploits developed to jailbreak older phones. Apple has not commented on these claims.

What the research claims The claim seems to be that because the T2 chip is based on the older A10 series Apple processor, it is possible to use two jailbreak tools (Checkm8 and Blackbird) to modify the behavior of T2, or even install malware to the chip.

It's not an easy hack: Not only must an attacker have local access to the Mac, but they must connect to the target Mac using a non-standard "debugging" USB-C cable and run a version of a jailbreaking software package during startup.

To read this article in full, please click here



Computer World Security News
Oct 06, 2020

Wire targets Zoom, Teams and others with secure video upgrades
Secure communication platform Wire has overhauled its video conferencing capabilities and now allows more users to simultaneously have fully encrypted video calls.

Beginning today, Wire users will be able to video chat with up to 12 people and voice call with up to 25. While video conferencing rivals Zoom and Webex already offer end-to-end encryption on some plans, Wire's latest move will provide that high level of security to all its users. Wire now boasts that it offers "the world's first completely end-to-end encrypted video environment."

As many companies enter their seventh month of employees working from home, the demand for video conferencing services has not had any let up. That has led to something of an arms race as Microsoft, Zoom and a variety of other services have in recent months announced upgrades and feature tweaks of their own.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Current trends in Mac security threats
Current trends involving Mac threats indicate that while attempts are on the rise, users remain the first line of defense — particularly as "show up when you want to" (SUWYWT) becomes the future of work.

The security risk remains In the first few weeks of the pandemic, we saw multiple businesses invest in VPN software and new hardware as they equipped employees to work from home. In the UK, for example, Starling Bank claimed it purchased every available MacBook as the pandemic struck.

Now that working from home (WFH) is normalized, there's a need to take stock of security concerns and remind employees of good security procedure on all platforms, including Macs. Apple's platform seems to have enjoyed incredibly strong sales as companies upgraded for WFH, but even with better inherent security those Macs must also be protected.

To read this article in full, please click here



Computer World Security News
Oct 05, 2020

Working from home? Slow broadband, remote security remain top issues
Unreliable home broadband connectivity is the primary technical challenge businesses are having to deal with as remote working continues during the COVID-19 pandemic.

That's one takeaway from a survey of 100 C-level executives and IT professionals in the US by Navisite designed to highlight the biggest headaches for organizations providing IT services to workers since offices began to close in March.

[ Related: Remote working, now and forevermore? ] Around half (51%) of those surveyed said they experienced some "IT pains" during the rapid shift to support home workers, while almost a third (29%) continue to face technical challenges.

To read this article in full, please click here



Computer World Security News
Oct 02, 2020

The coast is clear to install September's Windows and Office patches
There are a few odd problems with the September Microsoft patches, but they're relatively sporadic and reasonably-well understood. That makes it's a good time to get the outstanding updates installed, though you should avoid the "optional" patches.

I'm still not ready to put Windows 10 version 2004 on my main machines. The "E Week" optional, non-security patch, KB 4577063, fixes two well-known bugs and many dozens of lesser bugs (none of which were officially documented, by the way) in the latest released version of Windows 10. @mikemeinz has hit several replicated bugs in Win10 version 2004, and bug reports continue to hit my inbox.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Oct 01, 2020

Microsoft's Brad Anderson on Apple in the enterprise
When it comes to Apple in the enterprise, Microsoft wants to make the experience as smooth as possible. At this weeks JNUC2020 event I (virtually) spoke with Microsoft's Corporate Vice President of the Enterprise Client & Mobility (ECM) team, Brad Anderson, who shared insights on his company's work with Jamf and the emerging new normal of remote work.

Securing the remote enterprise The COVID-19 pandemic has accelerated the rate of digital transformation, underlining the need for Microsoft to support device choice and improve cloud-based collaboration.

To read this article in full, please click here



Computer World Security News
Sep 30, 2020

Lessons learned: Provisioning new employees during a pandemic
COVID-19 means just about everyone who can do so now works from home. But the rapid pace at which this happened put IT under a great deal of pressure, so, what have we learned that may help in future?

The digital transformation continues The JNUC conference this week sees 15,000 Apple-in-the-enterprise IT staff come together, and a lot of the focus is on the challenges of rapid migration to remote work. The scale of this migration is vast, and it seems to be continuing at pace.

Microsoft Vice President Brad Anderson shared a little data to illustrate this: "We're seeing 1.5 million new devices every seven days coming into the cloud to be managed (by Microsoft Endpoint Manager) and that's Windows, iOS, Mac and Android." (Italics mine.)

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

JNUC 2020 opens with big news for Apple and Azure
Apple in the enterprise focused company, Jamf, kicked off its virtual JNUC conference today with a deluge of news and information for Mac, iPhone and iPad using enterprises.

Apple and Microsoft together for work The show comes at a pivotal moment in the transformation of enterprise IT. Not only is work becoming virtual, but Apple's presence in the space continues to grow.

The move to virtual conferences means the event has more attendees than ever before, with around 15,000 people attending, the company said.

To read this article in full, please click here



Computer World Security News
Sep 29, 2020

How to fix Android's Smart Lock Trusted Places feature
Android's Smart Lock feature is spectacular — that is, when it actually works.

Smart Lock has been around since 2014's Android 5.0 era (which, according to my calculations, was approximately "an eternity" ago by 2020 standards). The basic idea behind it is to make securing your smartphone less inconvenient, thus making it more likely that you'll actually use a pattern, PIN, passcode, or person-paw press (also known as a fingerprint) to keep your data safe. The sensational headlines about big, bad malware monsters lurking in the dark and waiting to pounce on unsuspecting victims may be scary, after all, but here in the real world, you're far more likely to suffer from your own self-made security shortcomings than from any sort of theoretical threat.

To read this article in full, please click here



Computer World Security News
Sep 28, 2020

Microsoft Patch Alert: September 2020
What September's patching frenzy lacked in fireworks, it more than compensated for in volume - and belligerence. Server 2016 hiccups on Security Options. Win10 version 2004 surprises - Lenovo still hasn't fixed its Blue Screen-inducing Biometric Security setting; the TRIM function still tries to trim spinning hard disks; for some, Start goes wonky, Action Center disappears, and there's the usual litany of odd, one-off bug reports.

As of early today, we're still waiting for the Win10 version 2004 "optional, non-security, C/D/E Week" patch, but all of the other expected September patches are in.

Defrag woes in Win10 version 2004 largely fixed, but TRIM still nips As I've mentioned many times, Windows 10 version 2004 shipped with a bug that causes the Windows Optimizer Drives defrag tool to skip updating the completion date on defrag runs. As a result, defrags occur much more frequently than necessary. Microsoft has known about the bug since January - months before 2004 shipped -- but didn't bother to acknowledge it until a fix appeared this month.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 28, 2020

Dual biometrics for banking: Double trouble or super-secure?
In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and - nonintuitively - convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition - both performed via a mobile device - and the banks are Hungary's OTP Bank and Spain's Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It's clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

To read this article in full, please click here



Computer World Security News
Sep 23, 2020

Pandemic gives VDI a new lease on life
The COVID-19 pandemic and subsequent shift to working from home have brought about numerous technological disruptions, many centered around how organizations deliver IT services to their workforce. Technologies that were dabbled in before, like videoconferencing, have suddenly become standard practice.

Such is the case with Virtual Desktop Infrastructure (VDI), also known as desktop virtualization or thin-client computing. Led by vendors such as Citrix, Microsoft, Cisco, and VMware, it has been around for decades and hasn't changed much in that time. But with companies' entire workforces now connecting to corporate networks from home, sometimes without a company-issued laptop with a VPN and all the necessary settings for secure access, VDI is getting a second look.

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 22, 2020

How IT can keep remote workers' Windows 7 PCs safe
In the time of COVID-19, with so many people working from home, it's inevitable that many will be using Windows 7 devices. And that's a big security problem for IT. As of January 2020, Windows 7 is no longer supported by Microsoft. That means no security patches — particularly dangerous at a time when many people are connecting to enterprise networks from their Windows 7 PCs.

It adds up to one of the biggest security risks many companies have seen for some time. Unpatched systems can be more easily hacked than ones that regularly receive security patches. Hackers go after low-hanging fruit — and right now Windows 7 is the lowest fruit there is. As the FBI stated in an August 2020 warning to businesses:

To read this article in full, please click here

(Insider Story)

Computer World Security News
Sep 17, 2020

Why you need Apple support to secure the C-suite
I get it. You're one of those enterprises that doesn't (yet) support Apple products among employees, but does that moratorium extend to the C-suite? I'm willing to bet it does not, and that's why even Windows-only IT must learn how to secure Apple's products.

Ignore the fantasy, this is reality The reality is that Apple's products are popular in the enterprise. And while there are many businesses that don't officially support them, one section of civic society that pretty much always do their own thing no matter what they ask others to do are the boys and girls in the C-suite. I can still recall the number of CFO's I spoke with early on in the iPad days who were deeply interested in trying the Apple tablet. Many did.

To read this article in full, please click here



Computer World Security News
Sep 17, 2020

Windows 10 upgrades are rarely useful, say IT admins
A majority of IT administrators polled this summer said that the twice-a-year Windows 10 feature upgrades are not useful - or rarely so - a stunning stance considering how much effort Microsoft puts into building the updates.

About 58% of nearly 500 business professionals who are responsible for servicing Windows at their workplaces said that Windows 10 feature upgrades - two annually, one each in the spring and fall - were either not useful (24%) or rarely useful (34%).

[ Related: Windows 10 version 2004: Key enterprise features ] Only 20% contended that the upgrades were useful in some fashion, while a slightly larger chunk - 22% - choose a noncommittal neutral as a response, claiming that the operating system's updates were neither useful nor not useful. (It might be best to consider this answer as undecided since in this binary world if something is not not useful, that must mean it is useful.)

To read this article in full, please click here



Computer World Security News
Sep 15, 2020

How COVID-19 has changed IT's focus and plans for 2021
The COVID-19 pandemic - and the lockdowns that followed last spring - wrought changes across IT operations and strategy as businesses and employees adjusted to a new environment. But what changes were made, and which ones are likely to last?

Spiceworks Ziff Davis, a B2B tech marketplace, polled 1,073 IT buyers in North America and Europe in June and July 2020 to find out. The results in its 2021 State of IT report, released today, show that the pandemic-fueled transformation will continue, affecting both planning and budgets for the long term.

[ Keep up on the latest thought leadership, insights, how-to, and analysis on IT through Computerworld's newsletters. ] The survey shows that 76% of businesses envision long-term IT changes, with more than half planning to retain flexible work policies (such as remote work); 64% of companies enabled remote work in 2020 due to the pandemic.

To read this article in full, please click here



Computer World Security News
Sep 11, 2020

A fat Windows Update for September's Patch Tuesday
Microsoft has released 129 updates to its Windows ecosystem, but the good news  this month is that we are not responding to any zero-days or publicly reported vulnerabilities. Microsoft appears to be getting serious about removing Adobe Flash Player (a good thing) and we see a very broad update to Windows desktops and servers. Unusually, Microsoft's browsers are not a huge focus this month, and both the Microsoft Office (excluding SharePoint) and development platform have received only a few, lower profile patches.

[ Related: Microsoft revamps Windows Insider release vernacular ] We have included a helpful infographic, which this month looks a little lopsided as all of the attention should be on Windows components.

To read this article in full, please click here



Computer World Security News
Sep 10, 2020

Beaucoup bugs beset this month's Windows patches
Someday, you'll tell your grandkids about the halcyon days of July and August 2020, when Microsoft took pity on us poor patching souls and introduced few bugs in its stew of Patch Tuesday patches.

Now, it looks like we're well on our way to another mess.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] Although it's still too early to throw up your hands and peremptorily pass on the September crop, I assure you that there is no joy in Patchville.

To read this article in full, please click here



Computer World Security News
Sep 09, 2020

Microsoft puts Application Guard for Office into public preview
Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operationm - something that existing documentation omitted when the public preview was launched late last month.

[ Related: 10 productivity-boosting apps for Microsoft Teams ] "Microsoft Office will open files from potentially unsafe locations in?Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read,?edit,?print, and?save?the files without having to re-open files outside of the container."

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday here, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 07, 2020

With Patch Tuesday near, get Windows Update locked down
Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right this minute; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

[ Related: Windows 10 version 2004: Key enterprise features ] It's been like that for years. Don't believe it? Computerworld has month-by-month details for the past three years here.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Yes, you can install the August Windows and Office patches now
It looks like we're good to go with Microsoft's August Windows and Office patches. The second cumulative update for Windows 8.1, KB 4578013, throws some Virtual Private Networks out of kilter, and the Win7 patches may knock out your printers (for those of you paying for Win7 Extended Security Updates). But most of the other bugs appear to be squashed.

To read this article in full, please click here



Computer World Security News
Sep 04, 2020

Apple strengthens commitment to human rights with new policy
Apple has once again responded to critics with the publication of a human rights policy it says commits the company to "freedom of information and expression."

Freedom of expression "At Apple, we are optimistic about technology's awesome potential for good," says CEO Tim Cook. "But we know that it won't happen on its own. Every day, we work to infuse the devices we make with the humanity that makes us."

However, the document also points out that Apple is required to obey the law.

To read this article in full, please click here



Computer World Security News
Aug 31, 2020

Microsoft Patch Alert: August 2020
With Windows 10 2004 gradually creeping (I use the term intentionally) onto more machines, faults and foibles are coming out of the woodwork. It looks like a fix for the long-lamented version 2004 defrag bugs is on the way, but we aren't there yet. Lenovo isn't too happy with the August version 2004 cumulative update. It's still too early to move to 2004, in my opinion — and those problems ensure I'll keep 2004 off my machines for a while.

Meanwhile, Microsoft extended the end of support date for Win10 version 1803 — a move that'll interest exactly nobody except for admins with aging Win10 machines. Windows 8.1 patchers got left out in the Remote Access cold for a week. The .NET security updates have an odd, acknowledged bug with a manual registry workaround.

To read this article in full, please click here



Computer World Security News
Aug 27, 2020

TikTok sues the Trump administration, responding to potential U.S. ban
TikTok, the popular short form video app, has filed a lawsuit against the U.S. government, calling the potential U.S. ban an extreme action. At first glance, this lawsuit may mirror another one filed by a different tech company, Huawei. While both Huawei and ByteDance, the owner of TikTok, are Chinese tech companies, the proposed U.S. bans of each of these companies are different. Juliet breaks down why TikTok may fare better in the face of a potential ban than Huawei. More on TikTok's alleged security threats: https://youtu.be/LzeIOH2U8-8 Check out my latest video about the Huawei ban: https://youtu.be/bDXc7xeS5OE Sources-- https://www.nytimes.com/2020/08/24/technology/tiktok-sues-trump-administration.html https://newsroom.tiktok.com/en-us/tiktok-files-lawsuit Follow Juliet on Twitter: https://twitter.com/julietbeauchamp

Computer World Security News
Aug 26, 2020

Microsoft adds 6 months support to Windows 10 1803, again cites pandemic
Microsoft on Wednesday stretched support for a third version of Windows 10, again citing the coronavirus pandemic and its impact on business.

The Redmond, Wash. developer extended security support for Windows 10 Enterprise 1803 and Windows 10 Education 1803 by six months, to May 11, 2021. The original end-of-support date was to be Nov. 10.

[ Related: Microsoft makes 'major-minor' Windows 10 release cadence the new normal ] "We have heard your feedback and understand your need to focus on business continuity in the midst of the global pandemic," Chris Morrissey, who leads the communications team for Windows' servicing group, wrote in a post to a company blog. "As a result, we have decided to delay the scheduled end-of-service date for the Enterprise, Education, and IoT Enterprise editions of Windows 10, version 1803."

To read this article in full, please click here



Computer World Security News
Aug 21, 2020

Did Microsoft just solve a big business iPad problem
One of the most disappointing things about iOS devices as business devices, and one of the things that keeps the iPad from being a true computing solution, is that there is no support for multiple-user accounts. An unlikely ally is determined to solve the problem for Apple. A future version of Microsoft Authenticator will allow for a multi-user iPad experience.

Computer World Security News
Aug 20, 2020

Google to trial drastically truncated URLs in Chrome in anti-phishing move
Google will run a trial with Chrome 86, the browser set to release in October, that will hide much of a site's URL as a way to foil phishing attacks.

"We're ... going to experiment with how URLs are shown in the address bar on desktop platforms," Emily Stark, Eric Mill and Shweta Panditrao, all members of Chrome's security team, wrote in an Aug. 12 post to a company blog. "Our goal is to understand -- through real-world usage -- whether showing URLs this way helps users realize they're visiting a malicious website, and protects them from phishing and social engineering attacks."

To read this article in full, please click here



Computer World Security News
Aug 17, 2020

Xcode becomes vector for new Mac malware attack
Trend Micro has identified an insidious new form of Mac malware that is propagated by injecting itself into Xcode projects before they are compiled as apps.

So good they tried it twice We've seen a similar attack before. The so-called ‘XCode Ghost' was a malware infested version of Apple's developer environment that was distributed outside of Apple's channels. Apps built using the software were preinstalled with malware.

To read this article in full, please click here



Computer World Security News
Aug 14, 2020

A zero-day and testing of key printing features will drive August Windows updates
Though a DNS spoofing vulnerability in Windows (CVE-2020-1464) has been rated as a zero-day due to reports of exploitation in the wild, the focus for this month's updates should be on testing key Windows features prior to deployment. Primarily, printing and back-up scenarios will require your attention. You will also need to work with multiple and potentially overlapping updates to Window and the .NET development platform and, in some cases, Windows Store updates to your application portfolio.

Given the number and nature of changes we have seen in the update testing cycle during the past month, we advise a "Patch Now" approach to Windows 10, but with an extended test cycle on printing and more attention to the Windows 8.x platforms.

To read this article in full, please click here



Computer World Security News
Aug 13, 2020

Managing Windows 7 security risks
We've heard security experts warn that remote employees working on personal devices running old operating systems, like Windows 7, pose a huge security risk to enterprises. With some work from home regulations extending into 2021, IT teams will continue to manage employee devices and mitigate security risks remotely. Computerworld contributing editor and Windows expert Preston Gralla joins Juliet to discuss why Windows 7 is a security risk and what IT teams can do to manage that risk as employees continue to work off of unsecure personal and company devices.

Computer World Security News
Aug 12, 2020

Slack talks up security with new encryption options, FedRAMP certification
As Slack works to entice large organizations to deploy its channel-based collaboration app, the company is touting a variety of security upgrades, including an expanded enterprise key management (EKM) system and stronger compliance capabilities.

Among the updates announced Tuesday is the extension of EKM to give admins greater flexibility over the encryption of message data. Slack's EKM, introduced in 2018 for Enterprise Grid customers, can now cover data sent by users accessing the Workflow Builder automation tool. The company also plans to expand EKM to messages sent in Slack Connect - the company's  recently announced platform for multi-company conversations - when it launches later this year. 

To read this article in full, please click here



Computer World Security News
Aug 10, 2020

It's Patch Tuesday time. Make sure to have auto updates paused.
If you want to join the ranks of the unpaid beta testers, please go right ahead. Don't do anything and Patch Tuesday will find you. Make sure you tell us about any problems on AskWoody.com.

Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right away; the patches bring bugs; the screams of imminent doom disappear as folks realize it takes a while - sometimes quite a while - for the security holes to turn into real, live exploits.

To read this article in full, please click here



Computer World Security News
Aug 04, 2020

Firefox gets next-gen anti-tracking defense, stymies 'bounce' trackers
Mozilla today announced a new defense against advanced tracking tactics that it will be switching on in Firefox 79 starting immediately and pushing out to the remaining user base during the next few weeks.

Calling the improved technologies and techniques Enhanced Tracking Protection 2.0 - Mozilla said that ETP 2.0's primary job is to block redirect tracking, also known as bounce tracking.

[ Related: 9 steps to lock down corporate browsers ] Trackers have been exploiting a loophole of sorts to continue following users browsing with Firefox, which enabled its first-generation ETP by default in June 2019. ETP takes a hands-off approach for first-party cookies - those tied to the site being browsed - because to do otherwise would break many of those websites or require users to, say, log in each time they returned.

To read this article in full, please click here



Computer World Security News
Jul 31, 2020

Despite an unexpected monkey wrench, now is the time to install the July Windows and Office patches
The folks at Microsoft have pretty much exterminated the bugs they introduced in July's patches. The Outlook-killing bug got fixed by an emergency update to Microsoft's own servers. The Win7 .NET patch was fixed and re-released nine days after paying Win7 Extended Security customers started bellyaching.  

To read this article in full, please click here



Computer World Security News
Jul 30, 2020

Microsoft Patch Alert: July 2020
July tends to be a leisurely month in Windows and Office patch land, and this one's no exception.

We had a bit of a thrill July 15 when Outlook stopped working on millions of PCs all over the world, but Microsoft fixed the bug four hours later by updating its servers.

Folks who pay for Windows 7 Extended Security Updates felt rightfully miffed when the new .NET Framework 4.8 patch, KB 4565636, refused to install. Microsoft took nine days to fix the bug and re-ship the patch.

To read this article in full, please click here



Computer World Security News
Jul 24, 2020

Windows Update is a bifurcated mess
This week's "Preview" patches led to some bizarre, unexplained, and self-contradictory behavior. Here's what we've been able to piece together, based on what actually happened - not on what Microsoft says is supposed to happen.

Two general sets of "Preview" patches arrived on Tuesday:

Optional, non-security, C/D Week Cumulative Updates for Win10 versions 1809, 1903, 1909, and various Servers, but not Win10 version 2004. Microsoft stopped distributing the C/D Week patches in March because of the "public health situation," but started pushing them again this week. July 21, 2020 Cumulative Update Previews for .NET Framework 3.5 and 4.8 on various versions of Win10. These are optional, non-security Preview patches released later in the month. Microsoft pushes Previews for .NET patches on Win10 infrequently; this year we've only seen two, one of them in January, the other in February. They're Previews,

Computer World Security News
Jul 24, 2020

At Microsoft Inspire, the new Edge browser took center stage
Disclosure:  Microsoft is a client of the author.

In the new Microsoft, Azure has - to a certain extent - taken over the center stage from the company's Windows Server platform, and the new Chromium Edge Browser has taken center stage from Windows. The ongoing COVID-19 pandemic has accelerated this result as the market rapidly turns from focusing on local hardware to using the Cloud as its primary place to do computing. 

As a result, each new browser update now feels a bit like what the old Windows refresh cycles used to feel like - but without the old compatibility drama. 

[ Related: FAQ: What the new Edge offers the enterprise ] Microsoft Inspire took place this week, so let's talk about the browser's new features, mostly focused on business users (now mostly working from home) that look compelling. 

To read this article in full, please click here



Computer World Security News
Jul 24, 2020

How to securely erase your Android device in 4 steps
It's an inevitable moment in the smartphone-owning cycle, the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever sexy new Android device your favorite manufacturer started selling.

Whatever the case, it's common nowadays to find yourself with an extra phone. And while there are plenty of practical uses for an old Android device, there's also a time when the best choice is to sell, donate, or otherwise pass it along.

To read this article in full, please click here



Computer World Security News
Jul 22, 2020

Microsoft releases some 'optional, non-security, C/D Week' Win10 patches. Avoid them.
I've always detested Microsoft's "optional, non-security, C/D Week" patches because they're confusing, easy to install accidentally, rarely solve any pressing problems, and potentially introduce yet more bugs. 

Guess what? They're back. 

As promised last month, Microsoft has started pushing them out again.

To read this article in full, please click here



Computer World Security News
Jul 21, 2020

Now let's guess what fish's new password is
It's COVID-19 days, and everyone at this tech company is practicing social distancing by working from home. All is fine for weeks for this pilot fish, but then his password expires.

An expired password cannot be replaced remotely, so he's going to have to go in to the office. Fish's boss says that the building is open, and once fish arrives, he finds it deserted and, he realizes, safer than the supermarket — no one has been inside there for weeks.

After he replaces his password, fish has an inspiration: He stops by the bathroom to grab some industrial-grade toilet paper, a product absent from store shelves for weeks.

To read this article in full, please click here



Computer World Security News
Jul 21, 2020

How to get one of iOS's best new privacy features on Android
Apple's latest iOS update may have taken plenty of inspiration from Android — to put it mildly — but iPhone owners will soon enjoy one important feature that isn't anywhere to be found here in the land o' Googley devices. And it's connected to a subject that's increasingly near and dear to many of our hearts: privacy.

The iOS 14 beta includes a new system that shows a visual alert anytime an app is using a device's microphone or camera, even in the background. It's a smart bit of added privacy protection, especially since traditionally — on iOS as well as on Android — once you've granted an app access to those parts of your phone, the app is technically able to tap into 'em anytime, with or without notifying you that it's doing it.

To read this article in full, please click here



Computer World Security News
Jul 20, 2020

Mozilla launches its first revenue-generating service, VPN for Firefox
Mozilla last week launched its virtual private network (VPN) in the U.S., Canada, the U.K. and three other countries, part of its strategy to expand revenue opportunities for its Firefox browser.

Dubbed Mozilla VPN, the service costs $4.99 per month and is available for devices running Windows and Android. Besides the U.S., Canada and the U.K., Mozilla VPN is also available in Singapore, Malaysia and New Zealand. The service will be offered on macOS and Linux devices "soon," while the iOS version is currently in beta, Mozilla said. For the monthly fee, users can access the VPN from up to five devices.

[ Related: 9 steps to lock down corporate browsers ] Mozilla kicked off a VPN preview - then tagged Firefox Private Network - nearly a year ago that relied on a browser extension and was free to users within the U.S. The Firefox Private Network was seen as the first of the paid services Mozilla would eventually introduce - another might be online storage - in an attempt to create new revenue streams to augment what the organization is paid to make specific search engines the Firefox default.

To read this article in full, please click here



Computer World Security News
Jul 17, 2020

Advisories and mitigations, oh my! Critical updates for Windows this July
This month's Patch Tuesday update from Microsoft attempts to address 123 unique security vulnerabilities including an urgent issue with Microsoft Outlook (CVE-2020-1349) and a very serious vulnerability in Windows (CVE-2020-1350). The big difference this month is that a "Patch Now" (as in right now-now) effort may not be enough. With average update cycles measured in weeks for most organizations, rapid mitigation strategies are required. Microsoft has offered registry-based fixes, some suggested code-based fixes, and a request to simply stop using certain features.

To read this article in full, please click here



Computer World Security News
Jul 13, 2020

It's Patch Tuesday time; make sure you pause Windows Updates
Yes, with Windows you have to get patched sooner or later. No, you don't have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we're admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here



Computer World Security News
Jul 13, 2020

It's Patch Tuesday; make sure you pause Windows Updates
Yes, with Windows you have to get patched sooner or later. No, you don't have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we're admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here



Computer World Security News
Jul 08, 2020

Most bugs in Microsoft's June patches have been fixed; go ahead and patch
The most obvious problem with June patches was a conflict between Microsoft's latest version of Windows and Microsoft's latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn't run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn't work after installing the June Windows updates.

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

13 privacy improvements Apple announced at WWDC
Apple continues to focus on the challenge of providing technology-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people.

A smartphone, for example, knows when it is picked up, how often, how high, who by, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here



Computer World Security News
Jul 02, 2020

Microsoft Patch Alert: June 2020
There's never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the "Go ahead and kick me" crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 2009, 2003 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can't fix things the normal way, I guess there's always the back door.

The two printer bugs All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here



  • CEOExpress
  • 1 Boston Place | Suite 2600
    Boston MA 02108
  • Contact
  • As an Amazon Associate
    CEOExpress earns from
    qualifying purchases.

©1999-2021 CEOExpress Company LLC