Secure your files from Ransom Malware Encryption on Windows 10.

Hi Guy & Girls,

Well, you’ve just upgraded to the current Windows 10 Fall Creators update and you find a few goodies under the bonnet?

No? Well there is an option to turn on a feature called “Controlled Folder Access” on their Windows machines

It’s described here. So, I will not re-invent the wheel.

But, basically. It keeps an eye on the activity of the Hard Drive and stops mass encryption occurring on both the System files and the Specific User Local folders that are currently active.

The Hit on the system performance is not noticeable and certainly will not be noticed on an SSD.

So, a bit of a no-brainer!

So, if you are already on Windows 10 Fall Creators do it today!

If you aren’t. It actually makes the pain of upgrading worthwhile. That from a Computer Engineer that normally would say hold off the update for at least 3 months.

But this is a sensible improvement worth the risk.

Yes, they have moved all the settings around again. But, the underlying improvement of speed of the new OS makes it worth the pain of the upgrade.

So, hold your nose and upgrade to Windows 10 Fall Creators soon!

Cheers.

WPA2 – Broken : In the middleman attack possible.

Guys & Girls.

For those of you that remain wedded to the earlier versions of Windows – W95/W98/W7 & W8.0 & 8.1?

You should note that the WiFi element of communication has been found wanting again.

For further details click on here.

If you are on Windows 10 / Windows 10 mobile you can relax this time as it has already been patched as long as you have been allowing Windows to update itself.

Cheers

post

Tagware Crew goes to Future Decoded at Excel – Microsoft 2016 Server & Cloud

Microsoft Windows Server 2016 is on its way!

All the best bits were highlighted in another session I went to. One of the main ones was the Microsoft 2016 Servers ability to interact with TPM version 2.0. In a nutshell, this allows the ISP or Cloud provider to point to the owner should our friends NSA or GHCQ want to look at the server. Microsoft has nice sidestepped the issue of encryption. As with TPM 2.0 enable hardware. If, you can’t talk to the certificate holder for that hardware. Nothing is going to happen.  You can bounce in a pick up the Hard drive or the complete unit. Without the system being able to retrieve the certificate. Then, the whole lot is grounded. Wiping out any of the drives will just provide an encrypted drive that you cannot read on any system that cannot talk to its Security systems. Nicely, done there Microsoft. That should stop your friends in government putting you in an untenable position in terms of data security.

Dawson and I seem to think we were the only old plods left!

The young smiling face of youth. I remember when I was that bouncy! Secondly, that this Cloud stuff it is very busy and noisy by all accounts. I’m still waiting for Air Traffic control to come to a sort this mess out!

But, as I was walking around the show. I had a feeling that I got when I watched  Chitty chitty bang bang many years ago. When the Child catcher turns up with sweets and ice cream. All of which were free.

 

Until of course the cage is closed and the pretty decorations come down!

Don’t forget. If, you do set up on Cloud. Make sure that you can migrate away should you need to. Or, you may end up with a larger bill than the CIO was expecting.

Well, that’s me done for today.

As always. If you have a comment. Please feel free to do so.

post

Tagware Crew goes to Future Decoded at Excel UK.

Well, what did we find?

First of all. Microsoft invited us back after last year’s event! So, we must have been on best behaviour last year.

This year they invited us to download a purpose written APP to help in guiding us around the event without issue. As you might expect. There were a few teething troubles with some folk saying that they couldn’t log in and the APP thing crashing everywhere. Hey, what did you expect? It’s Microsoft after all. I can hear you say!

Well no it wasn’t. It was a crew that was contacted by our Microsoft friends to clean up the entry to the event after a busy entrance last year. In truth, I think Microsoft events, was behind the curve last year and got caught by the sheer numbers that turn up.

However, I can report that this year’s event was back to it’s normal USA style efficiency in checking people into the event. They also carefully reminded everyone to bring the 5 digit code. So, that most of the process was complete by us. This surprisingly works out really well. As we were all technical bods anyway! I did help out by wearing one of our sweatshirts that have ‘TAGWARE’ embroidered on the front. I have saved you from looking at the picture of me wearing it. Are you grateful?

The only issue that Dawson quite rightly pointed out. The app wanted to suck up all of the contact information from our phone contact list. Which, would normally be ‘Commercial in Confident’ level of information? Bad Microsoft! However, if you use Windows 10, then, there is nothing that is off limits. However, that’s for another post.

So, Dawson and I swan into this large hall where we learnt about Microsoft’s new ideas. I believe that most of the speakers at the event have video’s which can be viewed at channel9.msdn.com. However, for those that like to read the overview, it’s here.

Well the most informative session of that morning to me was the COW mission. Yep, I can hear you now saying “what do Cows have to do with technology”?

Click Here – to find out about technology and Cows >>

 

When you see the little Key symbol you think you are safe?

Well, here we are again.

So you are login into the banks or Credit card. You made sure that you have the Key in the browser and you think you are safe?

Well, unfortunately, you are not. As most websites including Gmail, Cahoot, Tesco etc use the version 1.0 SSL.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Trouble is this has been broken. So, you say oh dear. they will send out a fix. Well, the Fix has been out since 2006. But, the websites are somewhat in a chicken and egg problem.

As the normal browser including IE, Chrome, FF  etc are set at version 1.0. Although most can use 1.2 which is the most secure. If they did force you to use this level then quite a few of the commercial sites would refuse to work. :o( and of course the site would lose web traffic.

So, they decided to leave it. Now, of course, it is going to come and bite them. As they have left open a way for an attacker to high jacking the session. Trouble is, you will not know.

As you will turn up to the right website and be unaware of anything being wrong. You will see the lock in the browser and to the normal person. Everything would be fine.

So, my suggestion is to convince Google and other Search engines to rate the Websites positions by what SSL level they are using. So, the safe ones that use 1.2 are the ones that don’t.

Personally, I think you would then find a lot of websites migrating to the secure version. Which, then would make the site more secure the default standard. A quick tweak to the browser security settings and everyone would be using 1.2 in a short space of time. Then, the hackers would have to crack the 1.2. Which is going to be a lot more difficult.

The search engines then get the credit for providing a more secure internet. The banks have a very little excuse. They should have completed this upgrade many moons ago.

Well, that’s my point of view. What’s yours?

Thanks for reading.

David Vincent.