Meltdown & Spectre

Yet another reason why you want to keep current with updates. Two hardware (CPU) level vulnerabilities, Spectre and Meltdown, have been detected.

Be aware that these issues are in your device’s microprocessor chip and not the operating system software.  Intel and AMD as well as ARM processors dating back to 1995 are affected. The patches will tweak operating system and browser functions to compensate for the hardware problem.  Brings back memories of HP days when firmware mods routinely “fixed” hardware problems in disk drives.  Another important fact here is if you are still running XP or Vista it’s not likely a patch will be provided.  Much more info.

No cause for panic for individuals but for the big boys it is going to be a headache. With that said you still want to install any operating system and browser updates that are available over the next few weeks.  If you are stilling running XP or Vista you will be at slight risk since these vulnerabilities are now public knowledge so the black hat guys are aware of them.

Windows 10 Free Upgrade

 According to December issue of PC World Microsoft will end their free upgrade path to Windows 10 on December 31, 2017.  The savvy reader will say “Hey, Greg that free upgrade ended many months ago.” And that is correct. But, what most people aren’t aware of is that Microsoft has had available an extended free upgrade path for users implementing any type of “assistive technology”. Here is an article detailing that program. Microsoft does not throw any hoops and loops to jump through to upgrade to Win 10 via this path. Kind of the honor system. Before you start feeling guilty about taking this route it benefits Microsoft to get as many people off Win 7 & 8 as possible.

Here is the Microsoft page to start the process if you are so inclined.

Protect Yourself

Do you use strong passwords? Do you use unique passwords for your various website log on’s? What type of account do you use on your computer? Have you ever upgraded the firmware on your router? Do you find these questions mundane or annoying? If so you might want to look at the Basic Security Package I have put together. It is a few simple items that if implemented will give your computer an extra level of protection against all those nasty things you read about like malware, ransomware, keystroke loggers and so on. Those that are most vulnerable are those that do not have the basics covered. It’s kinda’ like backups. People know they should do them. But until you actually experience that feeling realized when you have lost a document that took several hours to create or decades worth of family photos it doesn’t hit home. If you are not the do-it-yourself type let me help you out.

FireFox – Lickety Split

Firefox QuantumAs most of you know I am a Google fan.  I use Google’s Chrome, Calendar, Gmail, Keep, Drive plus many other Google products.

After taking Mozilla’s latest release of Firefox (aka Quantum) for a test drive I may be taking Chrome off that list.  Quantum is noticeably faster than Chrome in my unscientific testing.

If you are looking for something to do on these long dark nights give it a try and see what you think.  The user interface is not that much different than Chrome’s so there isn’t much of a learning curve.

KRACK

Not talking crack cocaine here boys and girls.  It is possible you may have heard about this by now on mainstream media.  I haven’t heard or read anything from those sources yet but they will have undoubtedly sensationalized it like everything else.  This is a serious vulnerability dealing with WPA2.  WPA2 is the key protocol that makes wireless communication secure and safe.  For the gritty details check this article by Kreb’s.  Here’s what you need to do:

  • Don’t panic.
  • Ensure all your devices are current and stay current on updates.
  • By devices I mean not only PC’s, be they desktop or notebooks, but also tablets, routers/access points, WiFi range extenders, smartphones, any web-enabled device like a thermostat, appliance and so on.

From my reading Microsoft has released updates to patch their part of the problem.  I have no information regarding Apple.  You Window’s and iOS fans will love this but it sounds as if Android devices are the most exposed to this potential hack.  But don’t laugh too hard because many devices implement the same code for WPA2 as does Android.  Oh, those devices can be routers, access points, refrigerators, webcams and so.  For many of those devices do not hold your breath on patches being provided.

Let’s be safe out there.

Windows 10 Update Experience

Following is my account of getting the Fall Creators Update installed.

I was logged in as a regular user.  Clicked through Settings > Update and security > Windows update and saw two updates  listed – “Features Update to Windows 10 version 1709” and one related to Adobe Flash Player.  My suspicion that the “features” update was the Fall Creators Update was later verified.  I initiated the update process only to have it end reporting that “some updates couldn’t be installed”.  Care to guess what update didn’t install?  Yep, it was the Fall Creators Update.

To make a long story short I ended up having to download Microsoft’s Upgrade Assistant tool to be able to do the update.  At that point the update went well.  Took 2 hours from start to finish and included 3 restarts.  Drilling  through Settings > System > About you will see 1709 as the version and 16299.15 as OS build if the update was successful.

Curious thing is that my update history is now blank.  Even more interesting is that the previously mentioned SMBv1 component is still very much present and I can still see and talk to my networked XP box.  Hmmm.

It is the most basic and hard fast rule that for security you should not be using an admin account as your day-to-day log in.  But by not being logged in as an admin this update didn’t work for me.  I would be very interested in hearing how your update went.

Heads Up! Windows 10 Fall Creators Update Rolling Out

Coming soon, whether you want it or not,  to a Windows 10 PC near you is what Microsoft is calling the Fall Creators Update (aka Redstone 3).  As you should know Microsoft does not give you the ability to not accept updates.  From my initial read through there is going to be some new eye candy (Fluent Design), enhancements to One Drive, tweaks to Edge (my suggestion you still should be using Chrome), beefing up security and a myriad of other tweaks.  You might want to take time and read the article in the above link for a complete rundown on what this update brings.

One potential issue for folks with old hardware on your local network (like me) is the removing of the SMB v1 protocol.  This protocol harks back to XP days and is a major component of local networking.  It is also a major security risk.  With SMB v1 gone old devices requiring it will not be seen by your Windows 10 machine.  Looks like I will be going back to using “sneaker net” to transfer files between the XP machine and my Win 10 box.  Luckily, my older printer that is networked via a USB connection to my router will be functional.

Let’s keep our fingers crossed that this forced update doesn’t break anything for us.  If it does I would be interested in hearing about it.

CCleaner Has Been Hacked

If you are a PPCS client you are aware that CCleaner is a tool that is highly recommended for DIY maintenance.  We can now add it to the list of software that has been compromised.  Unless you are running the software on an older 32-bit PC there is no reason to panic.  Read this How-To Geek article for the details.

If you still have questions or concerns please contact me.