Computerworld Security

Several weeks ago, I asked readers to answer 11 questions about Windows. More than 1,000 people submitted responses, and while the results aren’t statistically valid, they do shed light on attitudes to Microsoft’s operating systemWhat do users run? Not surprisingly, most respondents (74.75%) run some variation of Windows 10, with another 9.7% still on Windows 7. Linux was third, with 5.94%; “other” — a mixture of Windows 11, Windows XP, Chromebook, and even one Windows 98 user — had 4.55%. (I’m just hoping Windows 98 wasn’t used to answer the online survey questions.) The Mac was next, with 1.98%, followed by a smattering of phone platforms.To read this article in full, please click here

Apple will need to become more aggressive in how it polices the privacy promises developers make when selling apps in the App Store. What can enterprise users do to protect themselves and their users in the meantime?What’s the problem? Some developers continue to abuse the spirit of Apple’s App Store Privacy rules. This extends to posting misleading information on App Privacy Labels, along with outright violation of promises not to track devices. Some developers continue to ignore do-not-track requests to exfiltrate device-tracking information.To read this article in full, please click here

Microsoft provides Windows users with two tools that offer malware scanning and repair services, should those scans turn up anything in need of fixing. One is named MSRT; the other runs an executable called MSERT.To read this article in full, please click here(Insider Story)

As a Microsoft Patch Lady, I’ve been patching computers and servers for more than 20 years. We started with a process that wasn’t well planned. We had no set day or time for when patches were released, and no way to centrally manage and deploy updates. Over the years Microsoft has moved to a more dependable deployment plan and the ability to manage updates through platforms ranging from Windows Update to Windows Software Update Services to Cloud services.So things should be better now, right? We’ve had 20 years to get this right.And yet, here’s what I’ve seen regarding patching in just the last week.We are now on three months and counting of continuing issues with printing caused by patches. (This month included yet another fix for another print spooler vulnerability.) I’ve seen businesses dealing with new side effects directly impacting printing and, interestingly enough, these are businesses that didn’t have problems with earlier updates. This month, Windows 10 peer-to-peer networks appear to be the most affected. (FYI: The trigger for all of these printer issues seems to be older Type 3 printer drivers. Moving to type 4 drivers might help if that’s an option for you.)To read this article in full, please click here

This week’s Patch Tuesday was an unusual update from Microsoft and we have added Windows, the Microsoft development platform, and Adobe Reader to our “Patch Now” schedule. These updates are driven by the zero-day patch (CVE-2021-40444) to the core Microsoft browser library MSHTML. In addition to leading to significant remote code execution worries, this update may also lead to unexpected behaviours in legacy applications that depend on or include this browser component. Be sure to assess your portfolio for key apps that have these dependencies and perform a full functionality test before deployment. (We have identified some key mitigation strategies for handling ActiveX controls and for protecting your system during your testing and deployment phases.)To read this article in full, please click here

This week brought updates that I consider critical for the “Big Three” — my operating system (Windows), my browser (Google Chrome) and my phone (from Apple). All three releases patch major zero-day vulnerabilities on all three platforms.While I strongly recommend that you patch Chrome and your iPhone as soon as possible, I always recommend that you hold back on updating Windows. That remains true — at least until we see whether there are any trending side effects from the Patch Tuesday updates.Let’s break down the patching to do right away.First, prioritize patching Apple devices. Among this week’s patches is one for Pegasus spyware, which can open up access to the camera and microphone as well as text messages, phone calls, and emails.  iPhones, in particular, have been targeted. Apple typically pushes these updates overnight if your phone is plugged in and charging (and connected to the Internet). If you want to make sure your iPhone has received the update, click on Settings, then General, then tap Software Update. Typically, after my iPhone updates, some apps may need passwords again. I personally try to save critical ones in the iCloud keychain. Look for patches for iOS 14.8 and iPad OS 14.8, and Security Update 2021-005 for macOS Catalina and Big Sur 11.6.To read this article in full, please click here

It will be one thing, say, later this year or in 2022, to buy a new PC with Windows 11. We can be reasonably certain that Windows 11 will run on your new Dell, HP, or Lenovo PC. Maybe some of your drivers and programs won’t run, but Windows 11 itself? No problem.But, if you want to update your existing computers, especially those that have a few years on them — that’s another story. It’s difficult to know whether any given computer will run Windows 11, which arrives Oct. 5. Yes, there’s Microsoft’s PC Health Check app and other programs to determine whether you can run Windows 11. But Microsoft pulled it the first time around and I’m none too sure how reliable it is this time around.To read this article in full, please click here

Apple on Monday issued emergency security updates for iOS, macOS and its other operating systems to plug a hole that Canadian researchers claimed had been planted on a Saudi political activist’s device by NSO Group, an Israeli seller of spyware and surveillance software to governments and their security agencies.Updates to patch the under-active-exploit vulnerability were released for iOS 14; macOS 11 and 10, aka Big Sur and Catalina, respectively; iPad OS 14; and watchOS 7.According to Apple, the vulnerability can be exploited by “processing a maliciously crafted PDF,” which “may lead to arbitrary code execution.” The phrase “arbitrary code execution” is Apple’s way of saying that the bug was of the most serious nature; Apple does not rank threat level of vulnerabilities, unlike operating system rivals such as Microsoft and Google.To read this article in full, please click here

In a surprise Friday announcement, Apple said it will take more time to improve its controversial child safety tools before it introduces them.More feedback sought The company says it plans to get more feedback and improve the system, which had three key components: iCloud photos scanning for CSAM material, on-device message scanning to protect kids, and search suggestions designed to protect children.To read this article in full, please click here

Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there’s still some confusion about what hardware is required to support Windows 11’s beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading. To read this article in full, please click here

Microsoft will launch Windows 11 on October 5, but not every PC will be eligible for an immediate upgrade. Rollout will last well into 2022 for machines that meet the necessary hardware requirements, and Windows 10 will be supported through October 2025. But, there’s still some confusion about what hardware is required to support Windows 11’s beefed up security measures. Computerworld executive editor Ken Mingis and contributing editor Preston Gralla join Juliet to discuss Windows 11 security, whether it will require new hardware and what IT needs to know before upgrading.

Private browsing. Incognito. Privacy mode.Web browser functions like those trace their roots back more than a decade, and the feature — first found in a top browser in 2005 — spread quickly as one copied another, made tweaks and minor improvements.Protect Your Privacy Online privacy: Best browsers, settings, and tips How to protect your privacy in Windows 10 How to stay as private as possible on the Mac The ultimate guide to privacy on Android How to stay as private as possible on Apple’s iPad and iPhone But privacy-promising labels can be treacherous. Simply put, going “incognito” is as effective in guarding online privacy as witchcraft is in warding off a common cold.To read this article in full, please click here

I got an email the other day, and it was nearly impossible for me to tell at first whether it was legitimate. Given that some vulnerabilities can gain access to your system if you merely preview an email in Outlook, I get nervous. But I do need to determine when an email is safe.First and foremost, a healthy dose of skepticism is important. Always ask yourself whether the platform you’re using is patched and ready to fend off attacks. If, for instance, you’re still using a version of Outlook that’s no longer supported, you are at risk; never open an unexpected email in an unpatched Office suite. You’re better off migrating to a newer email client that offers better protection. There are many third-party email clients that can be useful alternatives to Outlook. Thunderbird, eM Client, and Mailbird are three options I’ve found to be good — if you simply need light email and calendaring.To read this article in full, please click here

Windows Hello is a biometrics-based technology that enables Windows 10 users (and those who update to Windows 11) to authenticate secure access to their devices, apps, online services and networks with just a fingerprint, iris scan or facial recognition. The sign-in mechanism is essentially an alternative to passwords and is widely considered to be a more user friendly, secure and reliable method to access critical devices, services and data than traditional logins using passwords.“Windows Hello solves a few problems: security and inconvenience,” said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. “Traditional passwords are unsafe as they are hard to remember, and therefore people either choose easy-to-guess passwords or write down their passwords.”To read this article in full, please click here

Supply chains are vulnerable to cyberattack and for the good of your business, it’s time to move to secure them as best you can, according to Apple and the White House.Apple to secure the tech supply chain That’s one item of news to emerge following a high-level cybersecurity meeting between US President Joseph Biden and big tech firms, including Apple, IBM, Microsoft, Google, Amazon, and others. Most of the companies who attended the meeting have since announced plans to beef-up security resilience and awareness, with a focus on training and security awareness.To read this article in full, please click here

Okay, Microsoft, we need to talk. Or rather, we need to print. We really do. We aren’t all paperless out here in the business world — many of us still need to click the Print button inside our business applications and print things out on an actual sheet of paper, or send something to a PDF printer. But over the last several months you’ve made it near impossible to stay fully patched and keep printing.Case in point: the August security updates.Microsoft made a change in how Group Policy printers are handled when it changed the default Point and Print behavior to address “PrintNightmare” vulnerabilities affecting the Windows Print Spooler service. As noted in KB5005652, “by default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:To read this article in full, please click here

There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft’s operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we’re here to help. Here’s how to protect your privacy in just a few minutes.Note: This story has been updated for the Windows 10 May 2021 Update, version 21H1. If you have an earlier release of Windows 10, some things may be different.[ Further reading: 15 ways to speed up Windows 10 ]Turn off ad tracking At the top of many people’s privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person’s interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn’t just gather information about you when you browse the web, but also when you use Windows 10 apps.To read this article in full, please click here

Reports of a massive 100 million account data leak at T-Mobile should encourage any Apple user to double-check password and account security. Here’s how to do that using Keychain.iCloud Keychain to the rescue Apple’s built-in password manager is called iCloud Keychain. It securely stores your saved account information such as account names and passwords across all your signed-in devices. It will automatically enter this information for you when you access an app or service.To read this article in full, please click here

This month Microsoft offered up a relatively light Patch Tuesday, rolling out 44 patches for its Windows, Office, and development platforms. To read this article in full, please click here(Insider Story)

From the NSO Group’s ghastly iPhone hack to Apple’s recently revealed system to scan user devices, it’s time to put an end to the endless mission creep from tech convenience to surveillance.Apple fixes one problem, creates another Take Apple, for example. The brouhaha surrounding its decision to invent a technology to scan user images for CSAM material has apparently “surprised” the company.To read this article in full, please click here