January 2019

Windows 10 October update – updated.

Yet another issue – when upgrading to the October 2018 version (1809) of Windows 10, the built-in local administrator account is corrupted under certain conditions. Again, hold off on this update at least until another fix is released – probably late January.

Microsoft announced this week that manually checking for updates may trigger a full upgrade to Windows 10 version 1809.

A flaw in Internet Explorer can allow malware to install simply by clicking on a malicious web page or link. A patch is available to protect against this problem. However, be cautious about simply clicking “check for updates” – it could trigger the October Windows feature update.

Clients on patch management will have the needed update installed safely, without updating the Windows 10 version unexpectedly.

Microsoft is Changing Windows 10 Support Lifecycle again

Starting with Windows 1809 (October 2018 update), the support window will now be 30 months for Enterprise and Education users only.  Unsupported (older than 18 or 30 months) versions will not get updates.

Type ‘winver’ in Search to check your Windows 10 version. Versions earlier than 1703 are in “End of Service”. Version 1709 support ends April 2019.

If you take credit cards using a network connected device (including QuickBooks or a web portal), your Card payment processor will require that you comply with PCI DSS network security standards. This includes having a written security policy – even if simple. It also suggests 2 factor authentication if you connect remotely to the work network.

Not sure if you should install certain software? Microsoft now has a solution for that. Windows Sandbox is an isolated virtual desktop environment where you can run untrusted software without the fear of lasting impact to your PC. Any software installed in Windows Sandbox runs in a virtual PC and cannot affect your original PC. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

Windows 2019 now includes OpenSSH  This is primarily of interest to network administrators.

Amazon is in an ongoing battle with its sellers to prevent fraud. Knock-offs have been an ongoing problem, and Amazon tries to address customer satisfaction issues. Some sellers are now using this policing algorithm to take out competition and gain market share by scamming the scam prevention tools. Consultants now make a living helping legitimate sellers try to redeem their reputation with Amazon.

Deliberate Practice – doing the (hard) things you are not good at until you are.

  1. Break it down to component skills
  2. Get a coach, or mentor – get feedback on what to improve
  3. Fine tune your practice

Beware of File-less malware, that can run in the memory (RAM) of your PC without ever being written on your hard drive. This makes it nearly impossible for antivirus to catch it.

General precautions you can take to avoid malware:

  • Enable display of file extensions in Windows File explorer.
  • Don’t allow macros to run in Microsoft Office documents, or restrict to known good add-ins.
  • Don’t open or click on anything sent to you via email unless you know the sender and were expecting it.
  • If something doesn’t work as expected, stop. Check your system for malware.

During the first six months of 2018, the equivalent of 291 records was stolen or exposed every second, including medical, credit card, and financial data and other personally identifiable information.

Here are the biggest data breaches in 2018:

Marriott International – 500 million records – reservation data, including passport number

Exactis – 340 million records – name, address, phone, shopping info

Under Armour – 150 million records – login name and password, email

Quora – 100 million records – login name and password, site activity.

MyHeritage – 92 million records – email, password hash (not the actual password)

Panera Bread – 37 million records – Name, address, billing and partial credit card info, birthday

Ticketfly – 27 million records – name, address, phone

The Sacramento Bee – 19.5 million records – name, address, email, phone

Prices for workstation backups will be going from $5 to $10 per month. Prices for server backups will be going from $35 to $40 per month. Offsite backups now have more capabilities and our cost has gone up. The backup still includes an unlimited amount of storage. Server backups include the ability to replicate to another standby server. Price changes will start in February. Please call with any questions.

Our hourly billing rate remains at $130.

J (Jose) Almarez has completed his classwork at COS and is now working with us full time answering the phones, responding to email, and providing basic remote support.

By Tim Torian

Newsletter Sign-Up

The Torian Group Times Newsletter is a service to our clients, and anyone who finds it useful. Topics include security updates; known problems with recent patches; new and upcoming software and hardware that might affect your business; and information about technology in the Visalia area.  It is free to anyone who wishes to subscribe by providing their name and email address. We will not do anything with this information other than sending the newsletter – no unsolicited marketing of any kind.

Subscribe to our Newsletters