Horse Sense #129
Windows 10 (In-)Security, Part 1
[As of this moment, many people are being notified regularly that their machine is ready to Upgrade to Windows 10. The marketing is enticing, noticeable, and fairly relentless. This Windows 10 (In-)Security series of articles will talk about why most people should ignore the marketing and go on with their day for quite some time.]
Why Would We Even Publish This Article?
Iron Horse does not sell a lot of PCs or operating systems. Our government clients have huge contracts for PCs and operating systems that do not allow us to sell the products. We still need to know a lot about them, though. Sometimes we say the business Iron Horse does is more about what goes in, on, around, among, and between PCs to make them useful, but not the PCs themselves. Our sales and consulting work usually revolves around printing, services, power, accessories, management tools, networking and security software and devices, mail and spam, etc.
Security drives a lot of our thinking. Plans and every day operations should always include security elements if you want to get the best security and bang for your buck over the long term. Security is about appropriately managing a host of risks. We look for reliability in hardware and software. We make sure the power, networking, and other infrastructure can handle what is needed now and in the future. We look at the skills and resources of the people who will be using and managing the network to make sure they can handle what we propose, get help doing it, and/or learn to do it themselves. We strive to build in redundancy so the business can continue operating if something bad happens.
We think security should not be just about keeping the bad guy out, but about staying healthy and productive. We look at how valuable, visible, and vulnerable your information is to others. We help our clients keep their information confidential, trustworthy, and available. And, most of all, we try to make things as easy as we can. Your job and mine have enough built in difficulty factors.
We evaluate new products, companies, and services for ourselves and our clients on a continual basis. Windows 10 and its free upgrade are a big deal in the marketplace and many of the changes being made are important for your business security. Many of the concepts and techniques in the Windows 10 articles we are publishing are not unique to Microsoft. This (In-)Security series of articles focuses on business security. For those who have already upgraded their personal machines to Windows 10, I know you are not all that worried. Read on. You may well rush to your computer to tighten up your security.
Windows 10 Default Security Setup is Unsafe, Period
Windows 10, especially in the business editions, has some nice security features built in. The operating system and Edge browser have fewer security holes. You can encrypt the whole disk. You can use biometrics instead of passwords to improve security. You can even run temperamental software within an isolated "box." But.... Most security features are off by default. Even worse, Microsoft has made poor default configuration choices that compromise your security. These poor security defaults may be in areas you might think have little to do with security. Microsoft "broke" some things that worked before, particularly in the Edge browser. Existing web sites using older coding methods or that rely on the browser executing code that is not in the browser itself will not work correctly. Part of security is availability, or helping workers get their work done. Support for third party extensions in Edge is "planned." Until then you will have to use another browser to get your work done.
If you accept the Express Configuration choice when Windows 10 first boots, thinking it will keep you safe, you will gut your security instead. That choice tells your PC it is OK to connect "promiscuously" and share all kinds of private information. Click on the small "Custom Configuration" option choice instead. It is on the bottom left of the screen where you do not expect it. Express Configuration says it is OK to send all kinds of information to Microsoft and that you want to automatically sign in to any wireless network you see, including the one labeled "BadGuyStealsStuff." Express Configuration lets all of your applications know where you are and allows them to look at nearly everything on your machine and on your on line accounts.
Windows 10 comes with a number of default applications you may not want. Worse, they are often turned on, compromising security and wasting resources. Why business people would want XBox software on their machines is beyond me. Not only does Microsoft prevent you from removing Xbox like it does other apps, it is quite difficult to turn it off.
I like that Windows Defender and Windows Firewall are on by default, but these applications stink when compared to third party vendors. Still, when you are trying to set the machine up, it is nice to know it has at least a little protection. Installation of another firewall or anti-malware solution might shut the Windows versions down, or they might not. Two firewall or anti-malware programs running at the same time can cause compatibility, connectivity, reliability, and performance issues.
Microsoft wants even business users to sign in with Microsoft accounts and store data in their cloud and the defaults lead you this way. This is NOT how most organizations want or need to manage access to their data and machines. Microsoft login accounts do not synchronize with Office 365 accounts which will really confuse people. There is not one Microsoft login to "rule them all."
How to Better Secure Windows 10
This is where you would normally see some steps we recommend to improve your security. Then we realized how *boring* they are if you are not actually performing the fixes we talk about. So, sit in front of the computer you want to better secure, and then go to the Iron Horse site. Click on the Newsletters button and open the link entitled "Feeling More Secure in Windows 10." There is no such thing as being perfectly secure and I am not talking about a suit of armor here, but running around "naked" on the Internet is not a good idea.
Where to Find More Information
The easiest place to find consumer level information about the Windows 10 upgrade is the "Get Windows 10" icon in the right hand lower corner of your PC. Click on it and then click the menu in the upper right to find out more about your system compatibility and Windows 10 features.
Click here for The Microsoft Frequently Asked Questions Page for Windows 10.
We are interested in what your experiences are and stand willing to help if you need us!
©2015 Tony Stirk, Iron Horse tstirk@ih-online.com