Sunday, February 25, 2018

ShutUp10 A privacy anti-spy tool

 This courtesy of Bill Buppert and the sctxwindows.com web site and resource.

 Windows 10 has a lot of configuration settings for privacy. Perhaps too many?
A few tools have been released to help with management of these settings. The one Bill found is the best I have seen to date. I do not like to place links in blogs, but i will this time since I've found other links and search results that do not bring the same utility to your machine.

O&O software ShutUp10

The utility is now an executable instead of a zip file that needed to be decompressed.
Once invoked as ADMINISTRATOR the utility provides a large litany of settings to enhance privacy.

NOTE: As with any security or privacy settings, some applications may change their behaviour.

A partial screenshot:


The utility provides more detail on each setting as you click. 
The utility shows the author's recommended setting.
The utility allows you choices for settings to change.
The utility will create a restore point if requested.
The utility will track changes so you can review at anytime and/or after a Microsoft update


One setting I recommend that was not addressed is the ability to Ask if/when an application is attempting to be installed that is not from the Microsoft store. Very useful to help prevent malware that takes the form of an executable application or installer package.

3-2-1 Backup - revist

For more detail see the previous post  ransomware.

As ransomware gets better, more capable, and more wide-spread the ability to get your files recovered becomes more and more important. As ransomware evolves the goal is to prevent you from using normal recovery methods instead of paying the ransom.

 Restore points, media creation tool instances, and similar tools allow the recovery of the Windows Operating system. Not your data files like pictures, videos, documents, spreadsheets, etc.

 Normal backup methods for such data files like USB sticks, Network Attached Storage (NAS), cloud backup, File History, third party backup applications/utilities, homegroup, workgroup, etc. usually rely on the backup method being always available to keep the backup data current and available. Thus the problem. Since ransomware runs as you (your account) then access to those backup copies are available to the ransomware as well. If the account used to invoke the ransomware is the Administrator account, every account may have their data files encrypted as well.

 Ransomware will find and encrypt any/every file it can to ensure ransom is paid. Getting the decryption key to decrypt those data files is another matter. You may not realize you have become yet another victim until too late. If major corporations with all their protections, staff, policies, and off-site backup vaults fall victim and pay ransom ...

 3-2-1

 3 copies of your data.  We have been in situations where our backup plan did not work. So at least 3 copies, more for sensitive data.

 2 separate backup media or methods. Internal disk, external disk, NAS, cloud, DVD/CD, etc
.
 1 OFFLINE copy. OFFLINE meaning offline all the time, except for when the OFFLINE backup is running to refresh the backup or recover the data. While recovering the data, recover to a freshly patched and scanned machine without network access!! The ransomware may still be on the machine or the vector used to infect may still be available.

 Once the data is on the offline media, guard that media by the best and most appropriate means.
If found and stolen they have your data. An encrypted drive, hidden in another room?

NOTE: Cloud backup or cloud duplication provide utility for backup, ability to access from remote locations, access from/for family, etc.
Do be aware if someone else can convince the cloud service provider that they are you and need the password reset for your account ...
Use "need to know", folder separation, and encryption to protect data in "the Cloud".

Windows - Got System Protection??

 I am finding some Windows PCs without System Protection. Even one of my own.
 As you change, add, or remove settings on any of your devices  -  make a note in your inventory.
That inventory should list all computing devices, devices for the devices, network interconnects, AND settings.

 For defense against malware, human error, Microsoft updates and patches with impact to your systems usability - you need the ability to restore your Windows systems to a previous known state.
This requires a restore point and a 3-2-1 backup. I will cover the 3-2-1 backup in another post.

 To ensure you have the ability to create a restore point, use the search box for restore point:

 This brings up the window

This shows the Windows system C: drive with protection On.
You can use the Configure button to manage restore points and the Create button to create restore points as needed/desired.

Friday, February 2, 2018

Microsoft Patch number 15 so far

 Patches anew, patches withdrawn, patches to patches. It has been a busy month for Microsoft
 Patch released today  KB4058258. This one requires a reboot. Microsoft even released for download a patch/update for Windows 7 Service Pack 1.

 All these in addition to updates to signatures for Windows Defender.

 In addition browser maintainers have been just as busy with browser updates. Edge, Internet Explore, Firefox, Opera, Safari, Brave to name a few.

 Most patches thus far have been for Meltdown and Spectre. Patches to Intel microcode, firmware, and BIOS are part of the updates and patches.