News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

ISSUE 17.31.0 • 2020-08-10

Logo
The AskWoody PLUS Newsletter

In this issue

WOODY’S WINDOWS WATCH: Will Windows transition to one update a year?

BEST OF THE LOUNGE: Simply the best music!

LANGALIST: More tales from the drive-sanitation trenches

PRIVACY: Is there a DNS Blackhole in your future?

ON SECURITY: Living in a time of digital obsolescence


WOODY’S WINDOWS WATCH

Will Windows transition to one update a year?

Woody Leonhard

By Woody Leonhard

Windows 10 upgrades have had a rocky past, with minimally useful new versions cropping up two — or even three! — times a year.

I assume that an exceedingly few Windows users want that much churn. The entire process has brought more smoke than light.

But it now looks like Microsoft will finally fall back to just one new “feature” release each year. Arguably, we’re there already.

Raise your hand if you can remember the Windows versions that lasted two, four, six, or even more years.

Yeah, I’m an old guy, too. In case you’re too young to recall, it’s every release before Win10.

The demise of the tick-tock

Windows 10 rolled off the block five years ago with promises that it would be updated continuously, with new versions appearing three or so times a year. (This was the concept of Windows as a “service.”) Then, someone at Microsoft who was a bit more astute than the rest slowed the upgrade process down to a more manageable twice a year.

More recently, that pace was further slowed to our current tick-tock, major-minor cadence … sorta. Even the most recent upgrades are not quite a simple tick-tock. Here’s a brief history of Win10 releases:

  • Version 1507: the original — when it was released in July 2015, it didn’t even have a version number. (I assume there were still “discussions” within Microsoft as to how future releases would be pegged.)
  • Version 1511: the November Update — it appeared just four months after 1507. It was more a big bug patch than an upgrade.
  • Version 1607: the Anniversary Update — it was released in August 2016, nine months after 1511.
  • Version 1703: the excessively hyped Creators Update — Microsoft delivered this release in April 2017 (eight months later).
  • Versions 1709: the Fall Creators Update — this was Microsoft’s last attempt at giving Win10 releases catchy names. It shipped in October 2017, six months after Version 1703, and launched the tick-tock era of upgrades.
  • Versions 1803, 1809, 1903, 1909, and 2004: each release appeared more or less six months after the preceding version.

Of course, these release dates were totally spurious for average Windows users, who might wait months for an upgrade to be offered on their PCs.

The award for the most disastrous rollout goes to Version 1809, released October 2018. When upgraders started losing data, Microsoft yanked the new OS — then released it again, yanked it again, and finally released a fully working version in mid-November. True to form, many Windows users did not see the final, final Win10 1809 until early 2019.

The six-month tick-tock pattern became far more apparent with Versions 1903 and 1909. I characterized the fall release as akin to a Win7 service pack: an update with under-the-hood fixes and almost no new features. In fact, to this day, both 19xx versions share the same update patches.

Clearly, Microsoft’s current plan is to send out the first feature release each year for the cannon fodder — er, masses — to test. It will then solidify interim fixes with the second, “fall,” update. Again, this is a sort of service-pack approach — you get the main release, then a service pack six months later.

Those with Enterprise licenses get a bit of a snooze button. Most Win10 versions include support for 18 months, but Enterprise editions of the “fall” releases get patches for 30 months. In other words, pay the vig, and you get extended support on the “tock.”

Where we’re headed

It appears that this six-month upgrade cycle will persist through this year, with Win10 2004 designated the “major” update (though in truth, it has few new features) and the next release (code-name 20H2) acting as the “minor” update.

However, don’t get too comfortable with this cadence; well-informed rumors say that we probably won’t get a spring 21H1 — or if we do, it’ll be stunted. Reportedly, the next real update for Win10 will come in late 2021.

In place of the “tick” release, the inside bet is that Microsoft will switch gears and release a stripped-down version of Windows in early 2021, commonly called Windows 10X. It would go head-to-head with the Google Chromebook.

I wrote about Windows 10X in “Windows 10X: Future fireworks or another dud?” — AskWoody Plus Newsletter 2020-02-24. The vision has changed quite a bit in the interim:

  • Windows 10X will initially ship on single-screen devices — not exclusively on dual-screen units as originally rumored. (Microsoft has, apparently, put dual-screen machines on the shelf for now.)
  • Windows 10X won’t support native Windows apps — likely a bad decision. That’s the same mistake that doomed Windows RT and Win10 in S mode. In theory, native Windows apps will appear on the 10X desktop but run in the Microsoft cloud. In other words, an Internet connection will be required.
  • Again, Windows 10X will be squarely targeted at the low-cost, low-maintenance Chromebook market.

Zac Bowden has more details at Windows Central.

By taking this approach, Microsoft could try to kill two birds with one Windows stone: the horrendous and universally decried churn in Win10 versions gets cut in half, and a new kind of Windows is allowed to rise to the forefront.

Will it work?

Color me skeptical.

I have a hard time believing people will buy a Windows computer that doesn’t run standard (i.e., local) Windows programs. It’s an old refrain, but legacy apps remain the reason — and the only reason? — to stick with Windows.

If Microsoft creates a Windows-centric cloud service, how long will it be before Apple, Google, Samsung, Huawei, and others jump onto the bandwagon?

This much I know for sure: Microsoft has gotten away with rapid-fire and disruptive feature upgrades for far too long. Instead of emphasizing — even relishing in! — the churn, MS should return to the days of producing a dull, boring, but rock-solid operating system.

The last thing we need is more psychedelic lipstick on the pig.

Questions? Comments? Thinly veiled prognostications of impending doom? Join the discussion about this article on the AskWoody Lounge. Bring your sense of humor.

Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.


Best of the Lounge

Simply the best music!

Yes, in this era of streaming, some of us still have stacks of CDs. And we’d love to play them … if only they were better organized and more easily accessed! No doubt audiophiles have established their own elaborate systems. But how are the rest of us supposed to do it?

@NetDef does a superb job of showing us troglodytes — step by step and illustrated — just how to make high-quality digital copies of our favorite music, and how to organize them into a form that makes sense.

Check out “A guide to archiving RedBook standard audio CD’s!” in the AskWoody Knowledge Base. Technical considerations such as FLAC and MP3, preservation, and playlists are all covered.


Linux

AskWoody MVP Microfix launched a discussion on Linux distros by posting a link to a TecMint article and another link to Linux Journey — an excellent resource for tutorials. Other Loungers added tips for newbies: Plus Member DrBonzo recommended trying out live distros with a flash drive, and firemind contributed links to videos about Linux Mint. Fellow members provide solid advice on good distros to start out with … and which to avoid.


Malware

New computing vulnerabilities seem to pop up like spring flowers. In truth, there’s something for everyone. Are they just catchy names, or are they something you need to lose sleep over? You can find out in the AskWoody forum. Here’s a sample:

  • Read about how BootHole could affect Windows, Mac, and Linux!
  • A WastedLocker ransomware attack took out Garmin services — and the company’s flight services were affected!
  • ThiefQuest ransomware is targeting Macs!

How do you keep your system safe and secure? AskWoody will keep you up to date on possible threats.

Keep in mind that not everything that goes wrong is caused by malware. Alex5723 warned that Windows Defender is tagging CCleaner as potentially unwanted software. And Woody gives us the inside scoop on the event that took down Outlook for hours — and it wasn’t caused by a virus!


Hardware

Now, this is something you don’t see every day — fortunately. But AskWoody Plus member billbled did. There was a rumor that BitLocker might be the cause of similar problems. However, billbled had BitLocker turned off. So many possibilities: video drivers, system failures, bad video cords, failing displays? In this case, changing BIOS settings seems to have solved the problem — for the moment.


Newsletter articles

Looking for that LangaList article from earlier in the year? How about that freeware utility Deanna reviewed in Best Utilities? Curious about what you’ve missed with your new membership? Our quarterly updated index will help.


If you’re not already a Lounge member, use the quick registration form to sign up for free.


LANGALIST

More tales from the drive-sanitation trenches

Fred Langa

By Fred Langa

My report about making a hard drive permanently inaccessible really struck a chord with AskWoody subscribers!

That article, “‘Moving house is great fun,’ said no one ever” (AskWoody Plus Newsletter 2020-07-13), kicked off a profusion of reader tales about drive sanitizing — a mix of excellent advice, unexpected suggestions, and amusing anecdotes. Take a look!

Is one overwrite pass enough?

Losing 5TB of files on a drive that didn’t survive my recent move was painful. (I had backups, of course.) But AskWoody Plus subscriber Alex had even worse luck: he lost a 6TB drive!

But his misfortune may be our gain, based on the research he shared in this outstanding note.

  • “Hi, Fred!

    “I saw the feedback you’ve been getting on drive-destruction catharsis.

    “Recently, I had to replace a populated 6TB drive that was still under warranty. To secure my data, I was forced to take a crash course on non-destructive drive scrubbing.

    “Typically, my preferred method of drive destruction involves gouging and bending the platters. I also like to remove the magnets — an easy task, once the drive is open.

    “But when returning a dead drive for exchange, physical destruction is out of the question. Wiping was my only option.

    “After some research, I chanced on the seminal paper on drive sanitizing: Peter Gutmann’s ‘Secure Deletion of Data from Magnetic and Solid-State Memory’ (University of Auckland paper). When first published in 1996, that article must have turned IT professionals and institutions into zealots, ready to overwrite data 35 times on the off-chance that spy agencies, applying their infinite resources, searched for info that’s likely just animated GIFs and cat videos.

    “Since that paper was first published, Peter has added valuable epilogues that shatter drive-wiping myths.

    “For example, overwriting the entire drive just one time should render it unrecoverable — something I was able to confirm years ago when a deep-pockets client asked me to wipe a drive, then send it to Ontrack to see whether the data-recovery company could pull anything from it. They couldn’t.

    “I found additional references to the safety of a single-pass wipe in forums such as Server Fault and Stack Exchange. So though it’s easier and more cost-effective to physically destroy a drive that will be tossed, I’m pretty certain that wiping is secure.

    “When it comes to drives destined for destruction, something useful can be recovered: the controller board. Some of the data-recovery companies buy the boards to use on drives whose electronics are fried. They don’t pay a ton of money for those parts, but donating or selling the electronic components might help a desperate person recover invaluable files that would otherwise be lost.

    “So drill and shatter the platters all you want — but save the board.”

Excellent note, Alex! Thanks for sharing!

Peter Gutmann’s paper is still relevant, especially with the three epilogues he’s added over the years to keep the paper up to date.

There was a good reason early HDDs required multiple overwrites to prevent data recovery. Somewhat crude and inaccurate, they were constructed with generous spacing between the data tracks to ensure that one track’s magnetism didn’t affect the next. But as data were written, there could be some spillover into these “unused” adjacent areas — and those traces of data might have been recoverable. The only way to ensure that these spillover data were muddled beyond recovery was to perform multiple overwrite passes, one after another.

Today, however, disk tolerances are extremely tight and data are densely packed. So there’s no longer a need for multiple overwrites.

Now, when routinely selling or donating a used-but-still-functional hard drive (or a used PC with drive), a single and complete overwrite pass, followed by fresh formatting and the from-scratch installation of an operating system, should make the drive safe for re-use. There’s virtually no chance of the old data bleeding through.

On the other hand, if a drive can’t be reliably overwritten, the only way to make it secure is to render it physically inoperable prior to disposal.

And for that task, your fellow AskWoody readers have some, um … interesting solutions! See the next item.

Still more erase/disposal tips and stories

What an exuberance of email! A big thanks to all who wrote in and shared their tips and anecdotes about hard-drive sanitizing and disposal. It was fun and informative to read so many distinct and interesting stories.

The following are just a sample.

  • “Here’s what I did several years ago to destroy a hard drive.

    “My techie suggested a sledgehammer. I tried mine — and it did nothing.

    “So, I degaussed the drive with the VCR tape device I had around from decades past. (Yes, I’m a packrat.) I then removed the disks and cut them up with tin snips. Finally, I dumped the metal pieces in several public trash cans.” — Ron Promboin

Holy moly, Ron, that’s over-the-top, spy-level security! Did you have the nuclear launch codes on your PC? The sledgehammer alone probably did more damage than you think. HDDs depend on precise alignment of parts, so a couple of solid, case-denting whacks with a heavy hammer would probably have been sufficient to prevent simple repair and recovery.

But surely your added steps removed any doubt about rendering your old data totally, utterly, and irreversibly gone!


  • “Dear Fred. I’ve dealt with dead drives by dismantling them. I save the magnets (so many uses!), recycle the metal parts, crush the platters (I’ve not yet found a use for them), and junk the printed circuit boards.” — Ken Moser

Thanks, Ken. That’s certainly thorough! And like you, I used to toss the printed circuit boards. But I’m rethinking that after reading Alex’s note. It was news to me that a drive’s printed circuit board has value to data-recovery businesses for repairing otherwise mechanically sound drives. I think I’ll start saving my drive PCBs from now on. It won’t just help someone who desperately needs the part, it’ll also keep a bit of electronic waste out of landfills. Cool!


This next note from a UK subscriber was the first (but not the only) mention of a rather (ahem) extreme method of drive destruction.

  • “Many years ago, I was an IT Manager for a charity here in the UK. Of necessity, we had to be more careful than most with the pennies. One of my staff was ex-Army, and as we were located in a semi-rural location, he was into huntin’, shootin’, and fishin’. When we had drives to dispose of, he would bring in a couple of rifles and use the drives for target practice — a very effective disk hole-punch!” — WSbrush-head

Yikes!


And that’s just a few of the subscriber emails on this topic. For more reader-submitted tips, anecdotes, and suggestions, check out these related threads in the AskWoody Lounge:

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback on this article is always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.


Privacy

Is there a DNS Blackhole in your future?

Richard Hay

By Richard Hay

Managing your online security and privacy is a never-ending battle.

There is a variety of tools for this task, but each has its limitations. So I decided to experiment with a somewhat lesser-known technique called DNS Blackholes.

Normally, my AskWoody articles all have the same topic in the headline: Windows 10. So discussing Domain Name Services is quite a departure. (Yes, there is a small connection between DNS Blackholes and Windows, as I will note below.) Here’s my report on a journey of discovery.

A quick tutorial on DNS

As I’m sure most AskWoody readers know, the Domain Name System, better known as simply DNS, is roughly analogous to home addresses and ZIP codes. Every device attached to the Internet is assigned a numeric Internet Protocol (IP) address. Some IPs are internal to a local network, while others are publicly visible on the Web. Devices such as servers are typically given static addresses — i.e., they almost never change. Most of our computers and mobile devices have “dynamic” IP addresses that are commonly assigned by Internet service providers. A dynamic IP can change every time a device connects to the Web.

To access a particular device, you could type its IP address into a browser — for example, 172.217.14.238 for Google. But of course, it’s a lot easier to remember “google.com.” This human-to-machine translation is managed by DNS servers. Note that you don’t have to use the DNS server managed by your ISP. Check out the AskWoody article “How to find and change DNS settings” (2019-03-25).

Enhancing Internet privacy

A large part of our ongoing battle for online privacy is controlling and eliminating trackers — those bits of downloaded code that tell advertisers, search engines, and many, many others where we go on the Web and what we do there.

The number of trackers you encounter in your day-to-day browsing and device usage is astounding. Load a popular blocker such as uBlock Origin, and you’ll quickly see the numerous active elements on common websites. Shown below is a pretty reasonable number on one site — I’ve seen other sites with 30, 40, or more active trackers.

uBlock report
Figure 1. This uBlock Origin summary shows blocked content on the mspoweruser.com site.

There are various techniques for dealing with trackers, most of which you probably know.

For example, browsers typically offer anonymous or incognito modes that are really not (more info). For the most part, the anonymity is limited to keeping your activities out of the browser’s History and deleting some tracking cookies when you leave anonymous mode. Most importantly, your ISP still knows everywhere you go as part of the DNS translation process.

Browser-based cookie crushers/ad blockers can also help with Web privacy. But not all cookies are bad, and most large websites now require that you accept cookies — at least while you’re attached to their servers.

Moreover, browser-based tools for blocking trackers are no help against the trackers, telemetry, and other elements built into modern operating systems such as Windows 10.

(For the record, I enable all telemetry on my Win10 devices. I believe the service has value for keeping my devices updated and running well. Many of you might disagree.)

One of the best tools for managing Internet privacy is via a virtual private network (VPN) service. In this case, the user’s IP address is effectively hidden from Web servers. However, good VPN services are not free; they can also slow down Internet connectivity, and some popular sites such as Netflix probably won’t work.

And there are other ways of tracking you: that app you downloaded for streaming video and/or music is undoubtedly keeping track of your activities on the streaming service.

Implementing a DNS Blackhole

Simply put, a DNS-based Blackhole list (DNSBL; more info) is a database of suspect IP addresses linked to malware, zombie PCs, ad-tracking services, and other unwanted or potentially dangerous sites. If the address for an incoming website or webpage component is on the list, it will then be dumped into a “black hole.” (There’s a controversial side to these lists, as described on Wikipedia.)

Your ISP probably keeps a record of your browsing history, which it might then use or sell in order to advertise products and services to you. (Did you read your ISP’s Terms of Service agreement? I thought not.) Moreover, it’s just not in an ISP’s interest to block tracking sites via its DNS servers.

But you can change that dynamic by using a different DNS service such as the popular OpenDNS. (See the aforementioned DNS-settings article in the 2019-03-25 AskWoody Plus Newsletter issue.)

Or host your own DNS services — as was the objective of my experiment.

DIY DNS

After some research, I settled on two apps for hosting a DNS server: Pi-hole and AdGuard Home. Both products are designed to protect every Internet-connected device on your local network.

Note that these apps are free and open-source, but donations help keep the lights on and development progressing.

I installed Pi-hole on a Raspberry Pi device (more on that in a minute) and AdGuard on a Linux Mint distro mounted on an old notebook PC. In a typical setup, you want these apps running full-time, and I did not want to tie up my Win10 systems. The next step was changing settings on my devices to use either of the two new DNS servers.

Again, DNS Blackhole services employ databases of problematic IPs — tracking domains, services, and connections — and prevent your devices from linking to those sites and online services. AdGuard Home calls its lists DNS Blocklists and Pi-hole refers to them as Adlists. Most of these databases are in the public domain and managed by various groups and organizations — which means they can vary significantly.

In general, the more lists you use with your DNS Blackhole service, the more sites are blocked. But that level of protection can also impact browsing performance and the functionality of websites and online apps you’re using. Balance is an important consideration when deciding how deep you want to take blocking. You’ll just have to experiment.

Both Pi-hole and AdGuard Home let you “whitelist” or “blacklist” specific domains. This is a great way to customize your service and not hobble websites you want to be fully functional on all your devices. Fortunately, the process isn’t complicated — just a quick click, as you review the DNS-query history.

Both apps also let you designate a fallback DNS server, should your local DNS fail. You can also customize device names and encrypt DNS queries over the local network and the Internet.

To take your security one step further, Pi-hole and AdGuard can take the role of Dynamic Host Configuration Protocol (DHCP) servers, assigning internal IP addresses to local network devices. I won’t go into more details here, except to say that setting up DHCP will be easier with ISPs that will let you change DHCP and DNS settings.

That wasn’t the case with my Xfinity account. Until I bridge my Xfinity Gateway router to my personal router, I must set my DNS options manually on each device that’s using my DNSBH service. That’s far from simple.

Ideally, your “black hole” will cover your entire home network — including Smart Home and similar connected devices. But every environment is unique.

Hello, Raspberry Pi

I sort of fell into the Raspberry Pi phenomenon while researching DNS Blackhole applications. The Pi-hole app runs on various Linux distros — including the inexpensive and intriguing Raspberry Pi system (more info). This computer-on-a-board started as an inexpensive instructional tool but soon became wildly popular with hobbyists — far beyond its creators’ expectations. Development of the Pi began in 2006, but production versions did not start shipping until 2012.

I must say it’s been fun exploring entirely new — to me — areas of technology, both Linux and Raspberry Pi.

Using my dedicated DNS Blackholes

I found AdGuard Home and Pi-hole easy to use and effective. Both provide a comprehensive dashboard of blocking stats and options.

AdGuard Home

This app has a simple and clean interface. Figure 2 shows just a small portion of AdGuard Home’s blocking information. Its general settings cover DNS, encryption, clients, and DHCP.

AdGuard's daskboard
Figure 2. AdGuard Home‘s dashboard gives a quick summary of blocked IP addresses.

AdGuard Home includes extensive and easily configured filters for DNS blocklists, DNS allowlists, DNS rewrites, blocked services, and custom rules. The Query Log lets you search through past DNS queries and includes options for adding domain names to a blocklist (Figure 3).

AdGuard Home block lists
Figure 3. My active DNS blocklists

AdGuard also offers paid ad-blocking apps for Windows, macOS, Android, and iOS, plus browser extensions and other tools (more info). The company even offers a paid VPN service.

Pi-hole

I have settled on Pi-hole as my ongoing DNS Blackhole service. It’s running on a Raspberry Pi 4 (Model B); the tiny single-board device is really nifty.

As you can see in Figure 4, the Pi-hole interface is extensive and offers a wide range of options for managing your service. It reports statistics in a richly visual format, giving you a quick summary of its effectiveness.

Pi-hole's primary interface
Figure 4. Pi-hole‘s dashboard makes good use of colors for displaying blocking stats.

Just as with AdGuard Home, Pi-hole lets you manage whitelists and blacklists, review all DNS queries, and review long-term data — all from its well-organized interface.

Adlist blocked screen
Figure 5. Pi-hole‘s adlists of blocked IP addresses are easily managed.

Expanding your tech horizons

I am a die-hard Windows power user. I’ve only touched lightly on anything to do with Linux. So if I can set up my own DNS Blackhole service, I assume most AskWoody readers can, too. I spent less than an hour getting each app up and running. More importantly, my setups were extremely easy to reset and start again, as I made changes.

My advice: Do a bit of research on your own and then start experimenting. I’m a big proponent of learning by doing. And if you’ve had some experience with DNS Blackholes, share your stories and tips in the AskWoody forum.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Richard Hay is the owner and operator of windowsobserver.com and WinObs.com. He is also a senior content producer at ITPro Today. Richard served for 29 years in the U.S. Navy, specializing in telecommunications, and retired as a Master Chief Petty Officer


On Security

Living in a time of digital obsolescence

Susan Bradley

By Susan Bradley

Recently the U.S. Federal Bureau of Investigation released a document warning about unpatched Windows 7 machines.

That alert (PDF) reinforced what we already know: using an unpatched copy of Win7 is risky. According to the FBI, cybercriminals are targeting network infrastructures containing Win7 systems. And the document pointed out past problems with obsolete operating systems. For example, after Windows XP’s end of life, the healthcare industry was slow to upgrade to a supported version, leading to increased exposure of “records.”

The warning also points out that the number of remote desktop protocol (RDP) attacks has increased — mostly in the form of ransomware attacks. Cybercriminals have successfully employed reused passwords obtained from credential-dumping sites. And they find a fertile field in users who pick extraordinarily weak passwords. (Yes, “1234” is still popular.)

The alert is focused on business risks, but it’s still wise for individuals to move to a supported OS — whether it’s Windows 10, Windows 8.1, Apple, Chromebook, or Linux.

In the meantime, if you’re still using an unpatched version of Windows 7 (or Win Server 2008 R2, for that matter), here are two tips for reducing the risk:

1) Be exceedingly careful about where you go on the Internet. Use a tablet, smartphone, or Chromebook for casual browsing.

2) If you use remote connections, lock down RDP.

In a networked environment that uses RDP access, I recommend installing Cisco’s Duo (more info) in order to enforce two-factor authentication. Firms with fewer than 10 users can use Duo for free.

Note: The duo.com site doesn’t list Win7 as a supported platform. But I tested the service on a Win7 test system, and it worked fine. My Win7 systems have Extended Security Updates (ESU) enabled, but using Duo’s two-factor RDP protection (more info) gives me a bit more peace of mind.

Using a service such as Duo is especially important if your firm allows RDP access to networked servers. The second confirmation step can be as simple as sending a notification — text message, six-digit code, or simple Approve/Deny — to your smartphone, tablet, or even a smart watch (depending on the server platform).

Managers should keep in mind that phone verification means that they’re mandating the use of personal devices as business assets. Consider establishing some sort of reimbursement policy.

Another out-of-support problem

Keeping devices up to date doesn’t apply just to PCs. The threat to the Internet of Things (IoT) is often overlooked — I’m referring to smartphones, Chromebooks, media-streaming boxes, Internet-connected toasters … .

Recently, when I tried to watch a Facebook streaming video on my Chromebook, I received a message warning that my machine wasn’t up to date — and would no longer receive updates. The machine still booted, still accessed the Web, and so forth. In other words, it was otherwise working just fine. But to Google, it was obsolete.

That reminded me that a 2019 The Guardian article still rings true. As with all things security, your level of exposure depends on how you use the device — e.g., what browser plug-ins are installed, and do you use the device for school or business? The article noted that obsolete machines may no longer have the management features you once relied upon.

Be especially careful when buying refurbished Chromebooks and other devices — they may no longer receive updates. (Anyone with an older iPhone has faced that dilemma.) That said, there may still be some life left in an “obsolete” Win7 or Chromebook machine. Consider turning an old PC or Mac into a CloudReady Chrome device — the Home edition is free.

Do you have an older iPhone? I attended a security presentation that warned those devices are now unsecure. The presenter stated that we should be on iPhone X or later. (One wonders whether they work for Apple.) In my experience, a dead battery is the more immediate problem on iPhones. With a battery replacement, the device still works well, albeit a bit slower than I’d like.

In my estimation, “jailbreaking” iPhones is the greater threat to personal security. This technique gives users root access to iOS and lets them run software not approved by Apple. You get more control over the phone, but you also introduce a greater risk of installing malicious code and unwanted tracking.

I’ve found it harder to determine whether an Android tablet is still supported. Often, acquiring that information means going to the device manufacturers’ sites (Android Help).

I’ve often joked about keeping Internet-connected refrigerators, dishwashers, and toasters out of my home — mostly because of poor security and obsolescence. But other forms of digital extinction are truly pernicious. For example, Microsoft recently changed Cortana to remove third-party integration (PCWorld).

Which means: If you purchased, say, the Harman Kardon Invoke “smart speaker,” it’ll eventually be just an expensive Bluetooth device. (I love my smart speaker’s ability to play music on request, get information from the Internet, and do other cool things I’d rather not live without.) Note that Microsoft is sending owners of that model a USD $50 Microsoft Store online gift card. But that’s small consolation for losing voice commands. (Surface Headphones also lost their Cortana integration.)

Just imagine purchasing that expensive Internet-connected refrigerator, only to discover a few years later that it needs to be upgraded — or it’ll be reduced to … just keeping food cold! (That vintage refrigerator sitting in your garage or the back porch might work better and longer than that fancy new model in your kitchen.)

My inner geek sees these IoT gadgets and goes: “Ooh! … That’s cool!” Then the practical me who deals with keeping digital devices fully updated thinks: “Well … maybe not.” Sooner or later, all these Internet-connected products will no longer be supported — or, worse yet, Apple, Google, Microsoft, etc. will remove or change some must-have feature long before the device’s useful life is over.

Bottom line: We’re living in the digital-obsolescence era. How many of us have old smartphones sitting on a closet shelf? Many of these “retired” devices probably still work but can no longer be upgraded with new features and security patches. (I’m looking at you, Apple TV.)

My advice? Before purchasing that Internet-connected gadget, do a bit of research first: how long will it receive new updates? Check whether the manufacturer has a support-timeline policy. And while a slightly older and less-expensive model might look like a great value, it’s not — if it’s effectively obsolete within a couple of years.

And on those IoT refrigerator-type devices? Ask yourself whether a connection to the Internet is really necessary. The longer you plan to use a product, the greater the argument for not including Internet connectivity. I bet you’ll be happier in the long run.

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Susan Bradley has been the one and only Windows Secrets Patch Watch diva for many years. In real life, she’s a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2020 AskWoody LLC, All rights reserved.