Defender gets more defenses

Its no secret. There are lots of viruses on the web and there are lots of anti-viruses too and even lots of anti-viruses that are actual viruses.  It gets messy

As an IT Pro I always recommend using some form of protection when browsing the web.  The list of awesome free tools out there is long and distinguished.

I just came across a piece of very interesting information. I use a leading free product as my main AV solution and keep Windows Defender in the background. It has come in handy a few times.  Now Windows Defender has an offline mode as well.  In the anniversary update version you will be able to scan your drive offline.  Also, it introduces Block at First Sight which reduces detection time by leveraging cloud resources for analysis. Also, and this one I really like (if it works), is the ability to block unwanted programs from installing.  It has happened to us all, me included: you get so excited about a new application or are just not paying enough attention and while installing an app you forget to uncheck the boxes to install all the rest of the garbage that it suggests.  Hopefully this update will help us in those moments where we forget to help ourselves

Stay clean!

EDIT: After this was originally written I read another article which has some more fantastic news for Defender.  Post-anniversary it will offer lots of post-breach mitigation. I have been to a number of conferences lately and the motto is “It’s not if you will get breached, it’s what you do when you are breached”. Tools like Windows Defender Advanced threat protection offer a solution in the new cyber reality

There is a fully detailed post on the ATP functionality here: https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/post-breach-detection-with-windows-defender-advanced-threat-protection/

 

Get Ignited

The Ignite sessions list has been posted! If you planned to attend take a look at what seminars, labs and sessions are available:

https://ignite.microsoft.com/

Hopefully yours truly will be there next year in person 🙂

 

There are over 70 windows entry level sessions and some amazing level 200 sessions as well.  Lots of talk about Azure by some highly respected people as well.  I am going to try and adsorb as much of this (virtually) as possible.  Isn’t it wonderful to live in an edge of online recording and live steaming!

Get your Windows serviced

Keep the faith Windows users!  The much debated issues with updating older OSs (7 and 8.1) is about to get a lot easier 🙂

As of October of this year windows updates for Windows 7 and Window 8.1 will be monthly pushes.  What is that you say? How is that a big change? Well, from October on the udates are all going to be… cumulative. That’s right – each update will include all the previous updates so you will only need to download one file and not run a series of updates to get back to “current branch”.

This does beg a few questions from this humble blogger

  1. How big do the “rollups” become?  I am wondering about bandwidth usage and companies on slower networks
  2. If you are only one or two versions behind do you really need to download the whole package? Hopefully there is some mechanism that checks the version you are running and only pulls down the portions you need
  3. What if you only want certain updates (i.e.: critical and security updates) and not the rest?  There seems to be some answers here as MSFT says they plan to release a separate package of just security updates
  4. How can you recover from a failed update?  What to do if an update causes issues. I can recover from that (hopefully) but how can it be removed from the list of file I have to download.  Am I blocked from ever updating again??

I am going to have to dig deeper on this one dear readers!

Stay tuned 🙂

Xbox controls man’s PC

At the time this gets posted I will be in the wilds of Algonquin park. I a weird twist I will also hopefully have cell reception so I can watch the last ever Tragically Hip concert. I have never wanted a signal when camping before (it was nice at times when I did get one) but this is an exception.  Much respect for the band and Gord himself.

To try and segue here – combining things that are quite different (see, I’m trying) the Xbox One controller is a supported device in Windows 10.  As the platforms start to show some overlap it will be nice to use a controller for PC based gaming without needing to shell out another 60/80/100 dollars.  The wired cable works, if you have a wireless adapter that works and the newer controllers have Bluetooth.

Sweet!

Pass the Hash: Windows security (part 3) – Always site your sources

In 2 articles now I have talked about Pass the Hash.  I am by no means a security expert so I did what we all do.  I searched/Bing’d the ideas and used them as the sources of my articles.  If you want to learn more about Pass the Hash here are some great sites to check out.

https://www.microsoft.com/security/sir/strategy/default.aspx#!password_hashes

http://www.gfi.com/blog/security-101-pass-the-hash/

https://technet.microsoft.com/en-us/security/dn785092s

http://www.windowsecurity.com/articles-tutorials/misc_network_security/Dissecting_Pass-  Hash-Attack.html

http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/How-Cracked-Windows-Password-Part1.html

Get with the times (Office updates)

I really need to update my Office version. I am using 2013 at home.  In some free time I took a look at the new/improved features in Office 2016 (check out the full list here: https://support.office.com/en-us/article/What-s-new-and-improved-in-Office-2016-29d7e38e-ef06-4d9c-a476-03d896928b2f?ui=en-US&rs=en-US&ad=US)

Here are some of my favorites (in no particular order)

  1. Co-authoring.  Gives you the ability to work, from any device, with others in real time . Makes team documentation much easier in Word.
  2. Mail triage.  Outlook learns your email habits and moves low-priority emails to another folder so you can be more productive.  It will give you a list of emails moved so you are aware of them.
  3. Version history.  I really love this.  Word, Excel and PowerPoint have the ability to see previous versions of a document when you are editing it.  Makes documentation review and update way easier and more effective.
  4. Smart Lookup.  Uses the power of Bing while in a document to look up facts and information without needing to leave your work.  Efficient!
  5. Shared notebooks.  OneNote is the red-headed step-child of the Office family. But, man, does it have some awesome capabilities. I have posted about it a number of times and will do so again.  Updating in seconds means that you can share a list with your loved ones (and co-workers) from one location.  Brilliant!!

 

Pass the Hash: Windows security (part 2)

Here is my second installment in the Pass the Hash series.  In this section we will look at 5 ways to mitigate these types of attacks

Mitigation #1

Restrict and protect high privileged domain accounts – Restricts the ability of administrators to inadvertently expose privileged credentials to higher risk computers.  Make sure only a few people know the paswords to these high level accounts and make sure to configure windows settings to require a password when the accounts are to be run in admin mode

Mitigation #2

Restrict and protect local accounts with administrative privileges – Restricts the ability of attackers to use local administrator accounts or their equivalents for lateral movement PtH attacks.  Avoid using admin accounts as much as possible and (as per #1) force password on elevation

Mitigation #3

Restrict inbound traffic using the Windows Firewall – Restricts attackers from initiating lateral movement from a compromised workstation by blocking inbound connections on all workstations with the local Windows Firewall.  This is where your network techs get a staring role – prevent the attack and you won’t have to worry about mitigation

Mitigation #4

Use complex changing passwords – do it!  Avoid becoming Mordac, the preventor of information (http://blogs-images.forbes.com/ciocentral/files/2011/06/Mordac.png) but complex passwords and a properly managed change process are key here

Mitigation #5

Do not use LM hashes – use NTLMv2 exclusively on all Windows boxes currently supported by Microsoft.
Another step is to disable LM authentication across the network. Browse to HKLM\CurrentControlSet\Control\LSA. Once there, locate the key named LMCompatibiltyLevel. This can be set to 3 to send NTLMv2 authentication only which is a great setting for domain clients. The alternative is to set this value to 5 which configured the device to only accept NTLMv2 authentication requests, which is great for servers.

Virtually the coolest thing

Get ready for VR/AR windows!  MSFT has just announced that in 2017 they plan to release a Windows Holographic shell for PCs:

“Next year, we will be releasing an update to Windows 10, which will enable mainstream PCs to run the Windows Holographic shell and associated mixed reality and universal Windows applications.” (Terry Myerson)

This will allow some computers to use a headset for VR/AR use in Windows

BTW, VR is Virtual Reality – what we see in movies (and now in real life games) where your experience is total immersion in a virtual world. AR is Augmented Reality which puts virtual objects in our real world (think Pokémon Go – but with a headset).  AR has been the bailiwick of the Hololens project and has some fantastic uses aside from ruling your local pokemon gym.  Picture an AR headset showing you in, real time as you tour your building, pieces of equipment that are expected to fail or have run past their expected usage limits. C’est beautiful, non?

Edge bashing

I get it.  Everyone wants to pick on the new kid.  “He’s different”, “He’s weird” and  “He smells funny” (well, okay, that last one was just my own experience).  But what does all that really matter?  Of course it’s different and weird.  So were you… once.

IE has gotten a lot of flack as being slow, bulky and not user friendly like the newest generation of browsers. Again, I get it. It has been around a looong time. Longer than almost any other currently used browser.

So when Edge hit the scene it has to take all the flak for IE’s long history and the fact that is different.  I don’t get it.  One of the rallying cries of people against MS browsers is the speed.  Edge is faster than Chrome and Firefox. Yes, only sometimes but that means they are comparable in speed to say the least.  Check out these reviews of the browsers:

Battle of the browsers: Edge vs. Chrome vs. Firefox vs. Safari vs. Opera vs. IE vs. Vivaldi

Microsoft Edge vs. Google Chrome for Windows 10

          http://www.laptopmag.com/articles/best-windows-browser

They all say that the browser is better in some situation and as-good, or worse in others. So does it not stand to reason that these attacks against Edge are not fact based but rather fear based?  I think so. The market share for both Chrome and MS browers are neck and neck and the best the Chrome fanboys have to offer is arguments not based on fact but on history and conjecture.

I like using Edge and I don’t care who knows it.