Windows 10’s Summer Storm

Microsoft’s free upgrade to Windows 10 for eligible computers will end July 29. But rather than just let the offer expire, the company is actively pushing out upgrades. You can expect a storm of activity as part of the effort. If you don’t want to upgrade, here’s how you can batten down your electronic hatches.

Our best advice right now is to let it happen – sort of – and undo it with a rollback. Just make sure you roll back to your version of Windows 7 or 8 within 30 days of the download (and possible installation). Here’s why we believe this is the best course of action. Again, just to remind those of you who could be affected, Microsoft has a free upgrade offer for eligible computers running Windows 7 and 8. The free offer will end July 29. Starting July 30, the upgrade to Windows 10 will cost $119.

In a “big brother” way, Microsoft knows which computers are eligible and which ones have been upgraded. That’s because there’s a chip in your computer that has the information about the version of Windows that was installed when the computer was assembled. It’s not all that bad of a system because Microsoft can use it to push out the correct updates on an as-needed basis to make sure you have all the latest security patches and bug fixes. It takes the onus off you to download and install them. Microsoft also knows which version of the OS you have, such as the Home or the Pro, and that prevents you from, for example, downloading and installing the Pro when you’re entitled only to the Home.

On the other hand, it can be highly intrusive for the upgrades. We’ve had a number of instances in which clients have accessed their computers – at work and at home – in the morning and found a message from Microsoft to continue with the installation of Windows 10. Or, we’ve had clients tell us that all of a sudden, in the middle of the day, their machines started acting funny and then they received messages to continue the Windows 10 installation process.

Naturally, none of these clients had taken advantage of the offer, but Microsoft can’t distinguish if that was by oversight or intent. (Add your own comment here.) Essentially you have two options:

  1. Go through the entire installation and then roll your system back to Windows 7 or 8.
  2. Don’t accept or agree to the terms and conditions.

Each option has its own set of consequences.

If go through the installation and then roll it back, that’s a major time suck. However, we have not encountered any problems with getting old systems back and running again. If you don’t accept or agree to the upgrade, you will lose your entitlement to the free upgrade – at least so far as we can determine. We have not gone through the process of trying to reclaim it.

To make your best decision on whether to accept the upgrade to Windows 10, make sure you are clear on what you need.

We firmly recommend the Windows 10 upgrade because it has a lot of new security measures, and the support for security and bug fixes are crucial to keeping data safe. For home and SOHO systems and for offices that are not using highly customized application software, the upgrade should work well. However, if your application software will not work with Windows 10 or not work as well as it should, we recommend that you keep your present Windows OS. Application software developers and publishers are working to upgrade most packages, but we all know that it’s a complex endeavor.

If you need to reinstall Windows 7 for any reason, it’s still a pain, but Microsoft has released an update to cover all the updates as a one-time deal. That will ease the pain somewhat, but the longer you wait – assuming you have a choice about when to do it – the more updates you’ll need to install manually going forward.

If you have any questions at all about Windows 10 and any other version of the OS, please contact us as soon as possible by phone – 973-433-6676 – or email. We can answer your questions or schedule any work that needs to be done to keep your system running smoothly and safely.

Upgrade for Better Browsing

Browser performance is becoming a bigger issue as browser updates and website advances require new versions – and even new computers. Not upgrading can also present security issues.

The problem we are seeing is a combination of clients with older computers using older versions of their favorite browsers trying to view websites that have advanced features the browsers and computers can’t support. The problem manifests itself when visitors can’t access a site or they can’t move around the site and use all of its features. They also start to see pop-up messages to upgrade their browsers.

We all tend to keep using our older systems and make a lot of allowances until something has to give. In this case, it’s your browser and/or computer. If your computer is not woefully out of date, you likely can upgrade your browser, but there are a few things to keep in mind.

Most important, don’t click on an upgrade pop-up message without being absolutely sure it’s a legitimate message. We have not heard of scammers and hackers using this type of pop-up to get your money or your data or both, but if they’re doing it already…

You can always go to the browser publisher’s website (Microsoft, Firefox/Mozilla, Chrome/Google, Apple, etc.) and download a browser upgrade from there. We believe it’s a safer way to do it. If you happen to download more than one upgraded browser, make sure you designate only one as your preferred or default browser. That will ensure that links you click – such as the link from our email message to get to this article – open in the browser you prefer to use.

If your computer cannot support a browser and a website you use, you should consider upgrading your computer. It’s not really an arbitrary suggestion; it’s all about security.

From the website owner’s point of view, they constantly need to incorporate new software to cover multiple platforms, such as Windows or Apple computers and a host of mobile devices. At some point, they just cannot incorporate the software needed to function properly on older browsers and older computers. Some of the reasons may include the ability to perform e-commerce transactions efficiently and securely, the storage of financial and medical records, the protection of encrypted messages and vulnerability to a variety of attacks.

Those needs take into account legal and insurance issues that affect their decisions about the software and systems they use and support. (We will discuss those in a future issue of Technology Update).

For you, the computer user, you need to consider costs – and that goes beyond just the cost of a new computer.

  • What is your cost if you cannot purchase business items online from your preferred vendors?
  • What is your cost if you cannot purchase any items online – personally or for business – because your browser (and computer) may have security risks?
  • What is your cost if you cannot bill customers and clients because of doubts about your security (see Protection in the Third-Party World)?
  • What is your cost if your data is breached?
  • What is your cost if you are found liable for others’ data breaches?

Browser requirements are likely to get tighter as we go deeper into our Internet-based world and as security becomes an even more important concern for website owners. We can help you get the most up-to-date browsers onto your computers, and we can help you plan an orderly upgrade of your personal and commercial systems to take advantage of any possible cost efficiencies. Call us – 973-433-6676 – or email us to help keep your website browsing as safe and enjoyable as possible.

Protection in the Third-Party World

The reliance on third-party providers for so many data servers continues to grow. That increases your dependence on other people’s diligence, and it increases your responsibility to be more vigilant.

“NJ Biz” recently devoted a series of articles to many aspects of online safety and protection, and one of them focused on issues we’ve been discussing: verifying the integrity of third-party providers and two-factor authentication. Third-party providers are being used more and more by businesses of all types because they can scale up faster and more economically to handle any number of users from any number of locations.

However, you need to rely on those providers to protect your data, and according to Jonathan Dambrot, CEO and co-founder of Prevalent, a Warren-based IT security, compliance and third-party risk management service provider, the security environment is far from ideal. In one of the “NJ Biz” articles, he says: “Depending on who you talk to, between 40 to 80 percent of all data breaches are happening at third-party vendors, because that is where most of the data is. People are focusing on third-party data security risks because criminals are going after the data where it resides.”

If a provider has weak security, it can be more vulnerable to an attack by hackers. But government and industry leaders are getting together to help you. Last December, Congress passed The Cybersecurity Act of 2015 to encourage companies to share with the government and each other technical details of hacking threats. This regulation reflects a growing acceptance of collaboration as a way to access data security threat intelligence and enforce vendor compliance.

It’s the latest of several early steps in a fluid regulatory process.

“Regulators have put controls in place over the last two-and-a-half to three years, and there is a combination of reasons why third-party or downstream risk has become really important to people as they look at their cybersecurity,” Dambrot said. “Third-party vendor and business associate risk has really changed as vendor services have changed. Years ago, people weren’t talking about cloud usage as much as they are today, and so, regulators will continue to change the wording to match the way data is handled.”

This collaborative effort, however, doesn’t get you off the hook. On the contrary, you need to do more. Two other articles we recently came across expand on two security matters we discussed last month: two-factor authentication and asking the right questions of any data-services provider.

Rather than re-explain some of the more effective ways to use two-factor authorization (2FA), we can refer you to a recent post by Ed Bott on ZDNet. There are many options available, including apps you can download to your mobile devices.

As he asks, “How much are your private communications worth? How about your reputation? Your bank account? Your identity?”

We know they are priceless to us but have great value on the black market. With 2FA enabled for a cloud service, any attempt to sign in on an unrecognized device might require you to enter a secret code that’s either received as a text message or generated by an authenticator app on your previously registered smartphone.

“Depending on the service, entering a code might automatically establish the current device as trusted, or you might be given the option to trust the current device,” he writes. “If this is your new computer or tablet (or a new browser), and you have this option you should say yes. When you’re signing in on a device you don’t control, you shouldn’t allow it on your trusted list. One way to make sure that the device isn’t marked as trusted is to use a browser in private mode (aka incognito in Chrome). If a bad guy manages to steal your credentials for an account that’s protected by 2FA, he’s unable to do any damage. Because he is signing in on an unrecognized device, he’s required to provide a second form of authentication. Without access to your trusted device, he can’t authenticate himself and can’t go any further.”

There are many variations on that theme, and we can help you find one or two 2FA programs that can best meet your needs and comfort level with your devices. But you need to be sure the data center that houses your information has all the right policies and procedures in place, too.

Services provider vXchange, which estimates some 78 percent of work-related data will be on the cloud by 2018, has a list of 10 questions you should ask your next data center manager, and we suggest you read them to get an idea of what’s at stake. They’re questions we ask of ourselves and our provider to minimize your risk and ours.

While you don’t get total control of your data, you will have a much better grasp of the possible risks and the steps you can take to maximize your protection.

As your trusted IT service provider and advocate, we have 2FA techniques we prefer and providers with which we have established relationships. We can answer your questions and address your specific concerns in selecting and installing 2FA programs, and we can help you select and vet data centers. Call us – 973-433-6676 – or email us to set up an appointment to discuss your specifics.