Newsletter Archives
-
Who controls our tech?
ON SECURITY
By Susan Bradley
The other day I spotted a USA Today article by Kim Komando about how to ensure Chinese tech wasn’t spying on you.
She wrote: “Know that there are plenty of allegations that the companies below have government ties, but it’s up for debate how much the Chinese government is genuinely involved in operations. I’m sharing this to help you make more informed decisions on what you purchase and use daily.”
I think her view is far too simplistic.
Read the full story in our Plus Newsletter (20.13.0, 2023-03-27).
-
When you are flagged as malicious
ON SECURITY
By Susan Bradley
We rely too much on automated reporting in our security solutions.
Most of the time, such automation works pretty well. When it doesn’t, the consequences can be quite damaging. We can think back to many times when antivirus updates accidentally flagged a file as malicious, and all sorts of fun ensued.
Just recently, an update to Microsoft Defender interacted with Attack Surface Reduction rules and removed shortcuts on the desktop. If you were on Defender and had the “Block Win32 API calls from Office macro” Attack Surface Reduction rule in place, then updated to security intelligence builds between 1.381.2134.0 and 1.381.2163.0, you would find your icons missing. IT admins were scrambling for days to fix the resulting mess.
Read the full story in our Plus Newsletter (20.10.0, 2023-03-06).
-
Being legal, supported, and secure
ON SECURITY
By Susan Bradley
Who regulates your software decisions?
As an operating system comes to the end of its life span, we users have to decide what to do with our technology. Do we continue using it as is, with no consideration of risks? Do we stop using the technology and look for alternatives? Or do some of us do a combination of both?
With proprietary software, our decisions are often driven by what type of customer we are.
Read the full story in our Plus Newsletter (20.09.0, 2023-02-27).
-
Which antivirus solution is the best?
ON SECURITY
By Susan Bradley
Once upon a time, antivirus was the only thing that kept the attackers on the outside and protected your data on the inside.
Even though antivirus is still an important item in your security toolkit, it is by no means the only means of protection. These days, I look to security programs that provide a balance between protection, information, minimal or no performance impact, and rare false positives. In the days when Microsoft still released major Windows service packs, your antivirus solution often meant the difference between a successful upgrade and one that was painful.
Read the full story in our Plus Newsletter (20.07.0, 2023-02-13).
-
Passwords don’t work — until they do
ON SECURITY
By Susan Bradley
Let’s get real. We all would love it if every website requiring credentials would just launch to our desired page without our having to enter in a password or do any sort of authentication.
The process of entering a password or passphrase that is unique to every website is essential for security, but untenable. We usually counter our inability to remember more than a few passwords by using a Password Manager program (hopefully your display is not surrounded by Post-It™ notes). Password managers work great, until they are no longer safe.
Read the full story in our Plus Newsletter (20.05.0, 2023-01-30).
-
Finding good security information
ON SECURITY
By Susan Bradley
I do this so you don’t have to.
And I’ve been doing it for a long time, learning and cultivating sources of knowledge to allow me to make informed decisions about the stability and security of my computing environments, both at home and for my business. The latter has been extremely important to me; as a CPA, I am entrusted with the private financial information from the firm’s clients, which must be dealt with carefully.
Thus, I have been on a decades-long journey through the landscape of NNTP newsgroups, Listservs, email groups, chat rooms — you name it. Today the available resources are much broader, including all the social networks including YouTube; specialty websites dealing with security, privacy, and operating environments; governmental websites regarding regulation, especially with regard to privacy; and the many personal acquaintances I’ve developed over the years.
Read the full story in our Plus Newsletter (19.52.0, 2022-12-26).
-
Brute force vs. local admins
ON SECURITY
By Susan Bradley
Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover the Local Administrator account’s password.
The company introduced a new policy that provides “account lockouts for Administrator accounts.” Beginning with the October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable Local Administrator account lockouts. As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.
Read the full story in our Plus Newsletter (19.43.0, 2022-10-24).
-
When newer isn’t more secure, or better
ON SECURITY
By Susan Bradley
It’s a dirty little secret in software — when new code is added to existing code, it doesn’t always result in a more secure system.
Let me give you a specific example. Recently, Microsoft announced that there had been targeted attacks against ten organizations using fully patched Exchange servers. To gain access, the attackers needed rights on the server.
That meant they had already employed a successful phishing attack.
Read the full story in our Plus Newsletter (19.41.0, 2022-10-10).
-
Securing Windows 11 with 22H2
ISSUE 19.40 • 2022-10-03 ON SECURITY
By Susan Bradley
The recent Windows 11 update brings more security features, but with a big caveat — only users with specific license levels benefit.
In addition, hardware requirements are tighter; I’ll discuss those shortly.
I’ve received some key questions about Windows 11 from our readers, and I’m going to take the opportunity to answer some of those in this column.
Read the full story in our Plus Newsletter (19.40.0, 2022-10-03).
This story also appears in our public Newsletter. -
Keeping out the bad applications
ON SECURITY
By Susan Bradley
Both Microsoft and Apple are trying to tackle an ongoing problem that plagues us — keeping our systems secure and protected.
But the vendors are not tackling the problem in the same ways.
Apple has a huge user base of small devices, especially the iPhone, which provide the user with instantaneous access to real-time human interaction. Microsoft, on the other hand, has a huge user base of “traditional devices” (e.g., PCs) that certainly connect to the Internet but don’t involve phone calls, text messages, or anything else — such as FaceTime, the built-in visual medium.
Although the companies share the overall security challenge, their approaches are different.
Read the full story in our Plus Newsletter (19.39.0, 2022-09-26).
-
Do you need to encrypt your data?
ON SECURITY
By Susan Bradley
Encryption can protect your data, but sometimes it can block you from it.
Let’s get some facts. Encryption, when done right, protects your data at rest. If an attacker breaks into my house but does not know the username and password of the laptop I keep there, access attempts will fail.
But if that computer is running, it’s a different story. If I’m doing any sort of data transmission, such as interacting with a website or handling email, data is vulnerable unless I’ve taken separate steps to encrypt those processes.
Read the full story in our Plus Newsletter (19.36.0, 2022-09-05).
-
Check the health of your systems
ISSUE 19.36 • 2022-09-05 ON SECURITY
By Susan Bradley
It’s time to ensure your computer is sound, the operating system is healthy, and your system is backed up.
Why? Because a feature release is right around the corner: 22H2 for both Windows 10 and Windows 11 is due shortly. It’s not that I recommend that you move to those versions, at least not right away. But if you do decide to move ahead, it’s critical to be sure to do so safely, with your ability to retreat secured.
Read the full story in our Plus Newsletter (19.36.0, 2022-09-05).
This story also appears in our public Newsletter.