Would you believe it-a built-in never being able to update Windows 10 to new Versions

There was a Windows 10 version, 1511 hat was one of the initial versions of Windows 10, during the time when the offer was available to go from Windows 7 or 8 to Windows 10.  In fact, the general release schedule is:

• Version 1507, released 5/29/2015, retired 5/9/2017
• Version 1511, called "the November Update" released 11/10/2015
• Version 1607, called "the Anniversary Update" released 8/2/2016
• Version 1703, called "the Creators Update" released 4/5/2017

The problem is, if you  want to update from Version 1511- yes update, not upgrade- to Version 1607, you can't!  For some reason an update route is not provided!  If you want to update to Version 1703 from version 1511, you can, but you have to wipe away all your installed programs; data is saved, but not programs.

So, even if you had automatic update on the entire time from the installation of Version 1511, as I did, Version 1607 may not have installed.  Why?  There is no rational reason that Microsoft can give.  If you don't have Version 1607 installed, you can't ever get to any future version of Windows  without doing a "clean install," where you have to reinstall all of your applications.

To find this out, I spent 2 weeks with Microsoft support, first at level 1 for a week, then at level 2, then doing phone tag for a week to get a level 3 person to talk to (that is about as high as you can go).  The total number of hours spent by Microsoft support was probably 3 hours.   However, the total time for level 3 was about 30 seconds, not counting having to listen to my consternation that the situation I described above actually exists.  At the beginning of the conversation I told the level 3 person what my version was, so the conversation would have been 10 seconds, but that person still logged on to my computer and checked the version for himself.  Then he just said that I couldn't update to any level without deleting all my programs.  That was all!  When I asked if I could see a knowledgebase article describing this situation, he said there was an internal article, but not an external article.  When I asked why it wasn't publicized, there was no answer.  (Ha!)  When I asked why level 1 didn't know about this, he said he didn't know.

That's two rants this week.  I must not be in a good mood.

By the way, no native English speaker in the chain of support, which I bet is part of the problem.Level 1, 2, and 3 could be continents away. Is that right, Microsoft?

The fault is yours, not the Russians!

Yes, I'm frustrated.  All the stuff in the news about Russian hacking.  The root causes of all the security breaches, whether email accounts, databases, or documents, are two:

1. Someone clicked on something they shouldn't (phishing)
2. Someone leaked information the shouldn't have, either because it was ethically wrong or it was legally wrong. 

Folks, this is a human problem, not a technology problem. And it is not 'their' fault.  Whether it is Hillary's server, the Democrat server, any of Hillary's comrade's emails, or documents released from undisclosed resources, the fault lies with the Democrats, Hillary, Hillary's comrades, or the deep state; it is not the fault of the Russians.  The "Russians" is just a euphemism for those out there that are trying to get information.  The Russians may in fact be Russians, but from a technological certainty, any one with a little technological black hat experience can fake the origin as Russians.

The lesson you need to take away from all this is that your clicking, your use of simple or the same password across multiple sites, your lax administration of your own IT environment, which allows any flash drive to insert bad stuff into your computer or take information out of your computing devices, is going to be the source of your security problems.

This whole episode in this country's history, and the whole assessment of your own security posture, is built on a lie if you don't follow the reasonable, responsible rules for internet security.  You are at fault; stop shifting the blame!

An Internet of Things (IoT) Router for the Home

Over the years I've discussed routers in several posts. Most recently I talked about the need for a total house router that will protect your Internet of Things (IoT) Technically, I'm not really discussing the Internet of Things, but the Intranet of Things, ie, the stuff connected to your internal network, or Intranet.)

This kind of router is the Next Generation Firewall (NGFW).  I've said that I could not find a router or firewall that was in the "home" price range; they were all $1000 or more and always stand-alone firewalls.

Norton has come out with a home solution.  It is called the Norton Core Router (Amazon link) .  I do not have this router.  However, the literature reads like this device has the functions required to protect your IoT.  You should take a look at it, especially if you are in a "greenfield" environment, such as a new home or small business, or you are replacing your router because you are changing providers.  Again, a disclaimer... I haven't used this device.

Important Reference Page for Windows 10 update errors

I've experienced a spat of Windows 10 upgrade errors in the past month.  In addition, people are reporting that their Windows 10 machines are "freezing" during operation or startup.  Their computer is useless.  The problem seems associated with either the incremental upgrades or with the big upgrade, "Creators Version." (version 1703, Builds 10.0.15063 and up)  

In other blog entries I have been and will be reporting on specific situations, but here I want to document an important reference page for Windows upgrade errors.  This entry is not for the casual user; it's for the IT pro.  But I need to refer to it on a regular basis, so I am putting it in my blog.  For those of you that are IT proficient, this page will be useful.  

https://docs.microsoft.com/en-us/windows/deployment/upgrade/resolve-windows-10-upgrade-errors

I'm working pretty much full time on computers with upgrade problems.  Some are diagnosed with hardware issues, some are related to the fast start option, coupled with partial upgrades in progress, and some are undiagnosed.  

Samba has security issue similar to Wannacry

Samba is a way for Linux machines to communicate with Windows machines and networks.  Before your eyes glaze over, this means all Apple products, all smartphones, and all hybrid networks that mix Windows with those devices.  (Have you seen smb when you connect your device to a windows network?)  Oh... there's a section in the following that talks about ALL devices.  Interesting, because my router has a smb mode as well.  The router is Linux-based, so it has a smb configuration for windows computers to get to the network flash drive or network printer attached to its USB port.  And you thought you were safe if you didn't use Windows!

Here is a good article that is provides background on the problem.

Samba vulnerability brings WannaCry fears to Linux/Unix

searchsecurity.techtarget.com/news/450419712/Samba-vulnerability-brings-WannaCry-fears-to-Linux-Unix

Researchers warn that many Linux and Unix systems contain a Samba vulnerability that could eventually lead to attacks similar to WannaCry or worse, if IT pros don't remediate quickly.

According to the Samba security advisory, the vulnerability (CVE-2017-7494) affects versions 3.5 (released March 1, 2010) and newer. The Samba vulnerability is remotely exploitable and could allow "a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."

Nick Bilogorskiy, senior director of threat operations at Cyphort, said although there are no active exploits in the wild, the damage from this Samba vulnerability could be steep.

"Because this vulnerability allows remote code execution, attackers will have full control over a compromised machine, and any payload is possible," Bilogorskiy told SearchSecurity. "For example, [an attacker could] drop a backdoor, steal data from the system, spy on the user, attack other systems or try to encrypt all data for a ransom."

Nick Bilogorskiy

Lane Thames, senior security researcher at Tripwire, said exploiting the Samba vulnerability "is a little more difficult than the SMB vulnerability targeted by WannaCry."

"For example, to exploit CVE-2017-7494 an attacker must find a vulnerable system, then find the path of an appropriate file share on the system, and the attacker must be either authenticated with the vulnerable Samba server or the share must be available to be written to without authentication," Thames told SearchSecurity. "Regardless, enterprises should move fast to patch this vulnerability and ensure that no unnecessary Samba services are exposed to the internet."

Samba vulnerability remediation

Research from Rapid7 Labs said attacks on this Samba vulnerability could come over the same port 445 used to access SMB on Windows machines, but port 139 could also expose endpoints to attack. Rapid7 suggested "organizations should review their firewall rules to ensure that SMB/Samba network traffic is not allowed directly from the internet to their assets."  {dgl note:  remember in class I talked about a 3 tiered approach- three different computers in series- to protect against malicious attacks.  This is one of the reasons for that approach:  to protect ports.  New routers should actually have a two tier design to accomplish the same thing.  OR you can become an export at router configuration. :-))

A patch has been released and the Samba advisory also noted a potential workaround for those who can't patch right away. Samba said adding the argument "nt pipe support = no" to the global section of the Samba configuration file will mitigate the threat, but could have the added consequence of disabling "some expected functionality for Windows clients."

Thames said the enterprise space will be "concerned with their file and print server systems running on top of Linux and Unix operation systems that use Samba," but warned that storage solutions "can also pose significant risks."

"Most of these storage devices use embedded Linux and Samba for their file sharing functionalities. Moreover, it is these types of devices that are likely to be the most troublesome for us with this vulnerability," Thames said. "Enterprise server vendors are moving fast to push out patches to enterprise customers for this Samba vulnerability. However, [network-attached storage] vendors might not move so quickly on this and in some cases they might not even issue patches for this."

Samba vs. WannaCry

Craig Williams, senior technical leader at Cisco Talos, said the comparisons between this Samba vulnerability and WannaCry "are due to the fact that both of these issues affected the same protocol."

"Samba is basically what [Linux/Unix] systems use to talk to Windows file stores and printers," Williams told SearchSecurity. "That said, to date we have not seen a worm or even an exploit with a ransomware payload though this could change at any second."

Bilogorskiy said although WannaCry makes better headlines, the better comparison was to EternalBlue -- the SMB vulnerability exploited by WannaCry -- because "right now we are dealing with a vulnerability, not malware yet."

"If a worm is discovered exploiting this Samba vulnerability, then yes, WannaCry comparisons are warranted and there are ways how it may even be worse than WannaCry. WannaCry hit Windows systems, more than 60 days after the patch. Most of them had auto-update enabled and were not vulnerable," Bilogorskiy said. "Any Samba worm may hit Linux and Unix servers, where most do not have auto-update enabled. In fact some of these Unix systems work for years without any maintenance. Also, unlike workstations, most of them are always on, users never power them off. So [there are] more online unpatched targets for a worm to infect."