Windows

Thanks for open sourcing .NET say Point of Sale villains

VXers say Microsoft’s good intentions let them brew truly evil malware

Trend Micro researcher Jay Yaneza says Point of Sale malware has begun using Microsoft .NET, following its release as open source last year.

Yaneza found the new so-called GamaPoS malware being distributed to US organisations including credit unions, developers, and pet care businesses through the resurgent Andromeda botnet. He says the use of .NET as a platform to build point of sales malware is unique and likely to be adopted by the criminal underground.

“GamaPoS holds the distinction of being a .NET scraper — something unseen in prior PoS threats,” Yaneza says .

“We can attribute this development to the fact that it is easier to create malware in the .NET platform and, now that Microsoft made it available as an open-source platform, more developers are expected to use it for their applications.

“This makes .NET a viable platform to use for attacks.”

Yaneza says GamaPoS uses Andromeda’s back doors to spread in a shotgun fashion further infecting about four percent of the botnet’s existing victims.

The malware combines two malicious features including PsExec, which hackers used to help pop retailer Target last year, and the Mimikatz hack tool that is considered one of the best vacuumers of Windows credentials.

That combination grants attackers a high degree of capability to move laterally inside breached networks.

Andromedia infections.

Victims are targeted using phishing scams that masquerade as would-be guidance on Payment Card Industry Data Security Standard (PCI DSS) or as information on installing Oracle’s MICROS, a popular payment operating system which it can also compromise.

GamaPoS will siphon Visa and Discover cards to its command and control servers over HTTPS.

The attack campaign organisers are thought to be also spreading the NitLovePoS payment operating system malware found in May.

“Using an old botnet as a shotgun method to cast a wide net for targets has its merits,” Yaneza says.

“Using spam and exploit kits to establish a large mass of bots enables operators to steal information from specific targets, some of which can be resold to other threat actors.”

 

Source: Thanks for open sourcing .NET say Point of Sale villains • The Register

Thanks for open sourcing .NET say Point of Sale villains Read More »

What’s the deal with Windows 10 for the Non-Technical Friend

The calls are starting to come in, as I, like you, Dear Reader, am the head of IT Support for my friends and family. You’d think my cell phone was an IT helpline, and my email is filled with Word documents with pasted in screenshots along with subject lines like “Is this safe?!?!?” and “What’s the deal with Windows 10?”.

Anyway, Window 10 is coming soon, and this little icon (the Windows icon) is stating to show up in folks’ taskbars. For the techies, it’s called GWX (Get Windows 10) and it’s there to prep your machine and possible download Windows 10 if you want to reserve a spot. It’s added by KB3035583.

image

If you click it, you’ll get this screen where you can add your email and when July comes around your system will start downloading Windows 10 automatically.

You may also see this in Windows Update if you run Windows Update manually as I do.

Windows 10 is coming soon

You get to decide when you want to install it, it’s not automatic.

Free Upgrade to Windows 10

The important part you and your non-technical friend should know and explore is the “Check your PC” section. Click the “hamburger” menu in the upper left corner, then click “Check your PC.” Here’s mine. Looks like I need to update or uninstall one program that isn’t yet compatible, but my devices (video, usb stuff, etc) are cool.

Windows 10 will work on this PC

There’s a great FAQ (Frequently Asked Questions) on Windows 10 here that you should check out.

Here’s my personal translation/take on the most important parts:

  • Windows 10 upgrades start July 29th and you can choose to upgrade for free until July 29, 2016 so no rush. If you want wait and see, you can.
  • The upgrade is free for that period (July 29th 2015 until 2016, a year later). Upgrading after July 29th, 2016 will cost something.
  • You can upgrade machines running 7 and 8.1.
  • You machine should have these specs, which are pretty low and reasonable. Most anyone with a running PC can upgrade.
  • Yes, Solitaire and Minesweeper and Hearts will be removed BUT you can download the new versions of Solitaire and Minesweeper free in the Windows Store. They are pretty nice versions.
  • You’ll move to either Windows 10 Home or Windows 10 Pro, according to this table:
    What Windows 10 version will I get?
  • You apps will keep running. I’m running all sorts of apps, many quite old, on Windows 10 and I have had no issue. The Compatibility Wizard still exists, though, so you can “lie” to really old apps and tell them they are running on Windows 95, or whatever. Just right-click the App that isn’t working and click “Troubleshoot Compatibility,” or right-click, Properties, then Compatibility. I haven’t had to do this myself, yet, so consider this a rare thing.

So far it’s been pretty interesting and I think that if non-technical friend liked Windows 7 and tolerated Windows 8 that they will like Windows 10. I’ve been doing “Windows 10 Build to Build” upgrade videos over at my YouTube and I would love it if you’d subscribe to my YouTube as well.

It’s amazing that Windows 7 users and Windows 8 users will all be able to upgrade and come forward to a single version of Windows. As a developer (both web and apps) it’ll be nice to have people on an “evergreen” Windows where I can do things like Feature Detection and not think as much about versioning.

versioning.

Source: What’s the deal with Windows 10 for the Non-Technical Friend – Scott Hanselman

What’s the deal with Windows 10 for the Non-Technical Friend Read More »

Is Windows 10 ready?

Windows 10 is different. While Microsoft aggressively tracked down leaked builds of Windows Vista and Windows 7, the software giant has opened its doors to let anyone test Windows 10 through a process that’s not normally public. It’s a change that has allowed everyone to judge and critique Windows 10 before it’s even ready. We’ve seen the good and the bad, and now we’re about to witness the final result on July 29th. With Microsoft now committing to a Windows 10 release in less than two months, is it really ready?

Windows 10 has progressed well over its relatively short development period. If you compare preview builds from two months ago to today, there are many changes and improvements, but still a lot of bugs. While it’s two months until release date, Microsoft will still complete a process known as release to manufacturing (RTM) later this month. Windows might be switching to a servicing model with regular updates, but there’s still a final point needed for PC makers to start loading their own images to ship devices in time for the back to school period and the holidays. That RTM phase means Microsoft only has a few weeks to get Windows 10 ready before it has to rely on patches and hotfixes that can be distributed automatically to machines once they’re upgraded.

A few weeks doesn’t seem like enough time right now, especially given the current state of Windows 10. The latest build (10130) looks almost finished and polished, but then there are continued issues with the Start Menu not opening or crashing and driver problems that are slightly alarming at this stage of development. Perhaps the biggest issue I have encountered is the upgrade process between builds. Microsoft has been testing this vigorously, as it’s a key part of getting Windows 7 and Windows 8 users to Windows 10 for free. If an upgrade fails then it’s one less machine running the latest operating system. I’ve had a variety of upgrade failures, even with the recent builds that Microsoft has distributed. Please note this is the author’s experience. I haven’t had a problem with any update upto and including 10130. (BJ)

These could all be fairly minor bugs, but they’ve been consistent and present throughout the Windows 10 development period, which suggests there have been some issues that have prevented Microsoft addressing them fully. Fortunately, Microsoft is now in a period of code completion. Additions to the core of Windows 10 will be locked soon, and Microsoft is now focused on improving the built-in apps and crushing bugs. Like any version of Windows, Microsoft has a number of tests and processes to check off before it declares Windows 10 is ready. The overall bug count will have to drop, and the company will decide which bugs can wait for launch day patches and prioritize accordingly.

Windows 10 Spartan

Windows 10 will of course be ready for July 29th, but how complete and stable it will be could vary depending on your hardware and usage. I have some machines that work well, and others that are crashing or the display drivers and audio drivers don’t work correctly. At this stage I would like to be using a release candidate on my machines that feels like the final version of Windows 10, but we’re not quite there yet. Microsoft will start pre-loading the final bits on PCs that have opted in for the Windows 10 upgrade, with patches and updates to follow once it launches on July 29th.

WINDOWS 10 IS GOING TO HAVE A BUNCH OF UPDATES ON DAY ONE

Windows 8 launched with a number of day one patches, and I expect Windows 10 will have plenty. Microsoft has been regularly patching Windows 10 preview builds to address bigger problems, and receive additional feedback to help shape changes. The dedicated feedback app will ship with the final version of Windows 10 so that Microsoft can continue to receive input from users. It’s really Microsoft’s method of using the general public for its own testing. With recent headcount reductions on the testing teams for Windows, public feedback and beta testing has helped Microsoft change the way it’s building Windows.

Microsoft is very close to getting Windows 10 ready, but the Windows team has a lot of sleepless nights ahead throughout June and July to ensure the quality is high across the vast amount of PCs out there. Microsoft can’t afford to make any bad impressions with Windows 10 after the mixed reception to both Vista and Windows 8. Providing the driver issues are cleared up, the company can easily avoid the problems associated with the early days of Windows Vista. Windows 10 is really shaping up to be the next great successor to Windows 7 and Windows XP, and Microsoft wants to ensure everyone upgrades. Windows 10 will never really be ready thanks to continuous new features and updates coming for the rest of the year and beyond. The road could be a little bumpy to start, but it’ll only get smoother and smoother over time.

Source: Is Windows 10 ready? | The Verge

Is Windows 10 ready? Read More »

Why Microsoft is calling Windows 10 ‘the last version of Windows’

“Right now we’re releasing Windows 10, and because Windows 10 is the last version of Windows, we’re all still working on Windows 10.” That was the message from Microsoft employee Jerry Nixon, a developer evangelist speaking at the company’s Ignite conference this week. Nixon was explaining how Microsoft was launching Windows 8.1 last year, but in the background it was developing Windows 10. Now, Microsoft employees can talk freely about future updates to Windows 10 because there’s no secret update in the works coming next. It’s all just Windows 10. While it immediately sounds like Microsoft is killing off Windows and not doing future versions, the reality is a little more complex. The future is “Windows as a service.”

IT’S ALL ABOUT WINDOWS AS A SERVICE

Microsoft has been discussing the idea of Windows as a service, but the company hasn’t really explained exactly how that will play out with future versions of Windows. That might be because there won’t really be any future major versions of Windows in the foreseeable future. Microsoft has altered the way it engineers and delivers Windows, and the initial result is Windows 10. Instead of big releases, there will be regular improvements and updates. Part of this is achieved by splitting up operating system components like the Start Menu and built-in apps to be separate parts that can be updated independently to the entire Windows core operating system. It’s a big undertaking, but it’s something Microsoft has been actively working on for Windows 10 to ensure it spans across multiple device types.

The last version of Windows

While we’ll witness the results in the coming months, Microsoft is already in launch mode for a number of its apps and services that power Windows 10. The software company is testing preview builds of Window 10 with willing participants, and apps like Xbox and Mail have been engineered for regularly monthly updates. Even Office for Windows 10 will also get regular updates, much like a mobile version, instead of the big bang release every few years.

WINDOWS ISN’T DEAD, BUT THE IDEA OF VERSION NUMBERS COULD BE

When I reached out to Microsoft about Nixon’s comments, the company didn’t dismiss them at all. “Recent comments at Ignite about Windows 10 are reflective of the way Windows will be delivered as a service bringing new innovations and updates in an ongoing manner, with continuous value for our consumer and business customers,” says a Microsoft spokesperson in a statement to The Verge. “We aren’t speaking to future branding at this time, but customers can be confident Windows 10 will remain up-to-date and power a variety of devices from PCs to phones to Surface Hub to HoloLens and Xbox. We look forward to a long future of Windows innovations.”

With Windows 10, it’s time to start thinking of Windows as something that won’t see a big launch or major upgrade every few years anymore. Much like how Google’s Chrome browser gets updated regularly with version numbers nobody really pays attention to, Microsoft’s approach will likely result in a similar outcome. This is really the idea of Windows as a service, and the notion that Windows 10 could be the last major version of Windows. Microsoft could opt for Windows 11 or Windows 12 in future, but if people upgrade to Windows 10 and the regular updates do the trick then everyone will just settle for just “Windows” without even worrying about the version number.

Source: Why Microsoft is calling Windows 10 ‘the last version of Windows’ | The Verge

Why Microsoft is calling Windows 10 ‘the last version of Windows’ Read More »

Microsoft answers the question, ‘Why Windows Phone?’

Why Windows Phone?
With no flagships announced, software that is on other platforms and a weak app store for the better part of a year, many consumers have asked what is the value proposition of Windows Phone. Up until last week, Microsoft did not have an answer that they were publicly willing to share but now we know how the company will respond to this question going forward.

Continuum for phones, that is coming with Windows 10, is Microsoft’s ace up the sleeve. The feature, which requires new hardware and will be arriving in new devices this summer, is the ‘killer’ feature that you can only get on Windows 10 for phones and it will not be easily replicated by any other player in the market.

What this feature allows you to do is take your phone, connect it to a keyboard, mouse and monitor and use the device like a desktop PC. This isn’t a watered down experience either, because of how Universal apps are designed, you can run all the Office apps just like you would on the desktop with most of the features being present as well. While we know this may not be a feature everyone will use on day one, it’s easy to see how this functionality will one day replace your laptop.

Looking at how quickly smartphones have progressed over the past 10 years, it’s fair to say that the devices of today are at least as powerful, if not more so, than the laptops of ten, maybe even five years ago. If you think about where the smart phone is headed in the next five years or so, you can only imagine how much horsepower will be under the glass in future devices.

Phone Continuum will likely never replace developer machines or those used for video/photo editing but for some users who only need email, chat and web browsing, this scenario is a very real solution to consolidating their technology.

There are other reasons to choose Microsoft’s mobile platform like Cortana and the many new security features that offer a better ecosystem when you are already using a Windows PC. But for a quick, one sentence answer that is easily directed at consumers, Continuum is the marketing word of choice as it is not only new but forward-looking as well.

When it comes to ‘killer’ features, Cortana, while better than Siri and on equal footing to Google Now, has competitors that now exists but Continuum is unmatched. Yes, there were earlier devices that tried to replicate this experience but they were limited to a few handsets and the apps were simply phone apps on a larger screen; they never gained much attention.

While Microsoft hopes that its new iOS/Android app porting strategy will fill out its store and they will consistently update Cortana, Continuum is the new show pony for the platform.

Source: Microsoft answers the question, ‘Why Windows Phone?’

Microsoft answers the question, ‘Why Windows Phone?’ Read More »