Tag Archive for 7

| August 21, 2014
Comments Off on MSFT Closing More Windows Support

MSFT Closing More Windows Support

MSFT Closing More Windows SupportIT departments organizations are busy keeping up with XP replacements, Cloud migrations, BYOD implementations and now Microsoft has reminded everybody that there are other fires burning on the horizon. Microsoft (MSFT) is warning that they are ending mainstream support for more popular Windows products. Some of the key products ending mainstream support include; Windows 7, Window Server 2008, Exchange 2010, and SharePoint 2010.

So what does Redmond mean when it ends “Mainstream Support”?

  • Microsoft supportMainstream support is the typically five-year period when Microsoft provides free patches and fixes, including but not limited to security updates, for its products.
  • When a product exits the mainstream support phase, Microsoft continues to provide a period (also often five years) of extended support, which means users get free security fixes but other types of updates are paid and require specific licensing deals.
  • “End of support” means there will be no more fixes or patches — paid or free, security or non-security — coming for specific products. CNET says there are some temporary workarounds, as Windows XP users have discovered, but as a general rule, end of support means, for most intents and purposes, the end.

start planning nowHere are some critical (or not so critical) dates. You may want to circle in red on your calendar and start planning now. Do you have funds in your 2020 capital budget for new hardware? Will cloudifying these be the answer? Are you up to speed on Azure? Are your apps up to speed on Azure?

September 14, 2014 mainstream support ends Windows Phone 7.8.

October 14, 2014, is a critical date, support ends for

  • Office 2010 (Including Viso and Project) with Service Pack 1 mainstream support ends.
  • SharePoint Server 2010 Service Pack 1 mainstream support ends

ending mainstream support for more popular Windows productsJanuary 13, 2015, is a big day for Microsoft support

  • Windows 7, Mainstream, free support ends on for all versions of  Windows 7 (Enterprise, Home Basic, Home Premium, Ultimate, and Starter) as well as Windows 7 SP1.
  • Extended support for Windows 7 lasts until January 14, 2020, so users can expect to continue to receive free security updates, but not feature updates, for Windows 7 until that point.
  • Some industry watchers have speculated that Microsoft will end up pushing out Windows 7’s support dates the way the company did for XP, given Windows 7’s popularity and pervasiveness, but so far, CNET says there is no evidence of it happening.
  • Windows Server 2008 – Mainstream support also ends on all versions of Windows Server 2008 and 2008 R2. Extended support remains in place until 2020.
  • Exchange 2010 – Mainstream support will also end on all versions of Exchange 2010. Extended support remains in place until 2020.
  • Other Microsoft products whose mainstream support ends on January 13, 2015 include :
    • All editions of Windows Storage Server 2008,
    • Dynamics C5 2010,
    • NAV 2009 and NAV 2009 R2
    • Forefront Unified Access Gateway 2010 with SP3
    • Visual Studio 2012
  • Microsoft recommends its customers to get updated, “Customers should migrate to the next available Service Pack to continue to receive security updates and be eligible for other support options.”

extended support cuts offJuly 14, 2015, Microsoft’s extended support period for Server 2003 cuts off (I covered the end of 2003 here). MSFT won’t be issuing patches, updates, or fixes of any kind for that operating system (unless users have pricey Custom Support Agreements in place). Redmond is hoping to move 2003 hold-outs to Windows Server 2012 R2 and/or Azure.

October 13, 2015, is another big deal day

  • Office 2010, Visio 2010, Project 2010 — Mainstream Support ends. Extended support should run into 2020.
  • SharePoint Server 2010 — Mainstream support ends. Extended support should run into 2020.

April 11, 2017 – Extended Support ends for Windows Vista ends. No more updates. Time to upgrade (rb- if you haven’t already moved on).

August 11, 2017 – Extended Support ends for Exchange Server 2007. No more updates. Time to upgrade.

January 10, 2018, Mainstream support for Windows 8.1 ends for all versions of Windows 8. Customers still running Windows 8 have until January 12, 2016, to update to Windows 8.1 in order to stay supported.

rb-

Remember this – running out-of-date software which no longer receives security updates is playing into the hands of online criminals and hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| July 7, 2014
Comments Off on Conficker Worm – Still Alive

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old Conficker

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker wormDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number,  it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

End Of Support Changes Little About Windows XP's Popularity

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Don’t open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 1, 2014
Comments Off on Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close MSFT HolesIt’s been best practice for a very long time: all users and processes should run with the fewest privileges necessary. That means no Admin rights for users. This limits the damage that can be done by an attacker if the user or process is compromised.

Avecto logoZDNet says that running users without admin rights on Microsoft (MSFT) Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, Windows 7, and Windows 8, but many organizations still run users as administrators because it makes things easier in the short term.

Impact of running with “least privilege”

ZDNet cites a new study from UK software company Avecto which demonstrates the real-world impact of running with “least privilege”. In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.

Dark Reading says that the Avecto results also revealed that removing admin rights would also mitigate:

  • running with "least privilege"91% critical vulnerabilities affecting Microsoft Office,
  • 96% of critical vulnerabilities affecting Windows operating systems,
  • 100% of vulnerabilities in Internet Explorer and
  • 100% of critical remote code execution vulnerabilities.

Breakdown of Microsoft V\vulnerability Impact in 2013

Avecto told ZDNet that non-administrator users can still be compromised, but it’s much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture including the prompt application of updates to patch vulnerabilities.

Paul Kenyon, co-founder, and EVP of Avecto told Dark Reading, “This analysis focuses purely on known vulnerabilities, and cybercriminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so.”

rb-

Employees with admin rights can install, modify and delete software and files as well as change system settings making more work for the help desk folks. The report demonstrates that many companies are still not fully aware of how many admin users they have and consequently face an unknown and unquantified security threat. It is also conceivable that privilege management would have made high-profile attacks such as the recent one on Target if not impossible then much harder, by reducing the potential for the abuse of partner access, believed to have been at the heart of the breach.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| July 16, 2013
Comments Off on Windows 8 Passes Vista – Finally

Windows 8 Passes Vista – Finally

Windows 8 Passes Vista - FinallyThere must be some happiness in Redmond. Microsoft’s Windows 8 is finally more popular than the reviled Windows Vista. Windows 8 has been available since August 2012, which means it took Microsoft‘s (MSFT) latest operating system nearly 11 months to surpass the highly unpopular Windows Vista.

Windows 8 logoPCWorld cites data from Net Applications’ NetMarketshare tracker, which found that Windows 8 captured a whopping 5.10 percent of all desktop systems the firm tracks for the month of June. Vista’s market share now stands at 4.62 percent. Of course, both will need a few months (or years) before they pass Windows XP and Windows 7, both of which dipped about half a percentage point’s worth of share to finish the month with 44.37 percent and 37.17 percent, respectively.

Windows 8 takes the keadNetApplications

Both Windows 7 and Windows XP’s sales are on the wane, Net Applications says, but it will be several years before Windows 8 passes them by. The article reports new momentum for Windows 8, which has struggled to lift its head above both third-party operating systems, as well as its own rivals in the Microsoft nest.

Waiting a long timeMicrosoft’s Windows 8 passed Apple’s (AAPL) Mac OS X 10.8 in February 2013. PCWorld calculates that if Windows 8 continues to increase its share at its current pace of about 0.5 percentage points per month—and if Windows XP continues to decline at about the same rate—Microsoft would need roughly 32 months, or until about February 2016, for Windows 8 to pass Windows XP.

The author also reports that analytics firm StatCounter showed similar results in June 2013, from its worldwide measurements of browser data which confirms that Windows 8 has increased its market share over Windows Vista. StatCounter said that Windows 8 captured 6.44 percent of all PCs, versus 5.94 percent at the beginning of June. StatCounter said, however, that the versions of Mac OS X combined, at 8.52 percent, were still higher than Windows 8.

rb-

The good news for most in Redmond (except those who were recently re-org’d) is that Windows 8 has finally gained more ground than Vista on desktops. Back in 2006, Vista had the same problem Windows 8 now has, but for different reasons. Windows Vista just did not work and now Windows 8 is confusing to consumers who don’t know what to do with the “Modern” touchscreen interface on their mouse-based systems.

MSFT joins the "post-pc era"MSFT might be trying to kill the desktop to join the “post-pc era” with the Metro apps in favor of touch tablets, laptops, and phones it has not worked out really well so far. To a degree, MSFT has caved in the pressure for a more traditional desktop experience with the recent free update to Windows 8.1 which restores some of the Start Button functionality.

Does it matter to you that it took Windows 8 nearly a year to become more popular than Vista?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| February 16, 2012
Comments Off on Better Mobile Security

Better Mobile Security

Better Mobile SecuritySmartphone users should be concerned about mobile security. This is more true if the mobile device is used for work and has your employer’s email or messaging server. IT staff can take steps to protect the data on the mobile. Eric Geier, the founder of NoWiresSecurity writes provided CIO Update with 6 tips for better mobile device security.

Choose encryption and use itTip No. 1 – Choose a mobile OS that supports encryption and use it: Mr. Greer says to make sure the mobile operating system (OS) and device support hardware-based encryption. The article says Apple’s (AAPL) iOS and Research In Motion’s (RIMM) BlackBerry support encryption for both internal and external storage. Without encryption, it’s possible that someone could recover the data on the device even without your lock PIN or password.

Full device encryption is limited and varies on current Android device manufactures. Mr. Greer writes that Motorola Mobility’s (MSI) business-oriented smartphones offer encryption capabilities on Android 2.3. Android 3.x includes an API to help developers offer encryption on tablets. Android 4.x tablets and smartphones should support encryption sometime in 2012. WhisperCore is a third-party encryption solution that is in beta for Nexus S and Nexus One.

Set a lock PIN or password:Tip No. 2 – Set a lock PIN or password: The article says that enabling a password, whether it’s called a PIN, passcode, or passphrase, is the first line of defense in maintaining privacy and security. It helps prevent others from picking up your phone or device and snooping around if it becomes lost, stolen, or just left unattended. It’s also usually required if encryption is enabled on the device writes the author. A PIN will protect data and privacy from causal snoopers.

Tip No. 3 – Enable auto-wiping of data: Most mobile OSes support automatic wiping of the device’s data after a certain number of incorrect passwords attempts. Mr. Greer says auto-wiping is natively supported by iOS, Windows Phone 7, and BlackBerry. Android requires a third-party app, such as Autowipe.

It is important to keep all your data regularly backed up so the data can be restored to a new mobile after it is wiped.

Setup remote trackingTip No. 4 – Setup remote tracking and management: Before your phone or device gets misplaced or stolen the blog recommends that a remote tracking and management system should be set up. Most let you see the device’s GPS location on a map, send audible alerts to help you find it, and display a visual message to tell others how to return it. They typically also let you remotely lock and/or wipe it before someone else gets their hands on it. According to Mr. Greer:

  • For iOS 4.2 or later, Apple provides a free service.
  • For earlier iOS versions there’s the MobileMe service from Apple at $99 a year after the 60-day free trial.
  • For Android, you have to use a third-party app.
  • For Windows Phone 7 Microsoft provides the free Windows Live for Mobile service.
  • For BlackBerry, RIM provides the free BlackBerry Protect service.

Limit Wi-Fi hotspot usageTip No. 5 – Limit Wi-Fi hotspot usage: When you use public Wi-Fi hotspots that aren’t encrypted, all your Internet traffic is transmitted through the air and can be easily intercepted. The most important sites and services, such as banking websites, usually implement their own (HTTPS/SSL) encryption that protects their individual traffic. But most email providers and many social networking sites don’t; thus eavesdroppers can likely capture their passwords and traffic.

On the other hand, most 3G, 4G, and other cellular data connections are usually encrypted by the carriers. Plus eavesdropping on these types of connections isn’t as popular. Therefore, when you’re out and about you should try to use the data connection rather than unsecured Wi-Fi hotspots.

If you insist on using Wi-Fi hotspots, use those that offer enterprise encryption and 802.1X authentication, such as from T-Mobile and iBahn. Alternatively, consider using a VPN connection to secure your traffic from local eavesdroppers.

Use an antivirus or security app:Tip No. 6 – Use an antivirus or security app: Viruses, malware, and hacking on mobile devices is a growing problem. The author recommends installing a security app to help prevent infections and intrusions. Most AV solutions also offer other features, such as remote wiping, backup, and locating.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »