Start Mozilla has launched version 60 of their popular Firefox browser. It comes with a whole host of new features, but not all of these features have been welcomed with enthusiasm.
Anyone looking for a revolution of browsing features are likely to be disappointed. The developers promise that the browser is a bit faster and a bit more secure, now offering critical two-factor authentication to log into Internet applications. Added to that, Firefox now includes new notification features that make it easier to spot whether your data is encrypted while you are using websites. If you surf an encrypted connection while the browser is in private mode, you’ll see a lock with a cross over it displayed in the address bar, for example.
But that’s where the useful features end. In order to finance future developments, Mozilla relies on advertising revenue. So now, when you open a new blank tab, you’ll see sponsored content displayed. Mozilla are rolling out this new money making experiment in the US first, so how successful it is there will influence whether you see similar sponsored content in your browser.
Hopefully the adverts won’t be too intrusive, and it will be a small price to pay for such a fantastic free browser.
The Windows 10 April 2018 update brings with it a host of enhanced settings, new features and a revamped design. However, there are some innovations that are less welcome. Microsoft hasn’t drawn attention to this new change: with Windows 10 April 2018, the operating system resurrects a feature that we thought had been removed. When you shut down your PC, or restart it, it’s no longer possible to skip the installation of an update. This feature was very handy when you needed to start your system up quickly and didn’t want to have to wait for updates to be installed. But now, you can face the situation whereby it takes several minutes for your desktop to load when you turn your machine on.
Also, if you usually turn the mains power off after you have shut down your PC, you will now be forced to wait longer to do so if Windows is installing updates. Why Microsoft have brought back this feature that forces you to install updates at times of their choosing is a mystery.
It sounded like a good idea: Windows 10 users could talk to Amazon’s Alexa running on Echo devices using Cortana. Unfortunately, Microsoft seem to be falling behind somewhat.
Currently there are four main voice recognition systems competing for the consumer’s attention: Siri (Apple), Google Home (Google), Alexa (Amazon) and Cortana (Microsoft).
Amazon and Microsoft have planned to team up and their project to develop a combined speech recognition assistant was supposed to be finished by the end of 2017, but there’s still no sight of it.
In a press conference, Javier Soltero, Vice President of Cortana at Microsoft, promised that they were working to continue to deliver a great user experience. He said that customers would not want a product that wasn’t ready to be brought to Windows 10, hence the delay. Microsoft and Amazon are still trying to work out how to fit their products together, and it’s likely to take a long time.
Apparently, the whole process is more difficult than was first imagined, and linking the two systems via smart speakers (to create appointments in your Outlook calendar, for example), is taking them longer than they thought. Hopefully they’ll manage to get their software in place in time for the next major Windows 10 update.
If you use the Google Chrome browser, you may have noticed that it’s not working reliably since the last set of updates from Microsoft were installed on your PC.
It seems that one of the most recent fixes issued by Microsoft breaks Chrome, but both Microsoft and Google have been left scratching their heads because they can’t work out why.
The bug also breaks the Cortana personal assistant, meaning that you can no longer say ‘Hey Cortana’ to wake up your system.
If you are affected, I’d suggest using another browser, such as Edge, for the time being. Hopefully Microsoft will come up with a fix soon, but they’re likely to have a lot of work on their hands. That’s because security researchers have just uncovered a host of new problems related to the Spectre bug in Intel processors.
The researchers have discovered at least 8 new ways to exploit the problems in Intel processors. The researchers are still investigating whether the problems could affect AMD processors too.
Spectre is a serious problem for all PC users, since flaws in the design of the processor inside your PC means a hacker could take over the machine and steal data, even if you have a firewall, anti-virus tool and all the latest fixes from Microsoft.
The only fool-proof solution is to replace the processor in your PC with one not affected by the bug.
However, that’s not really practical considering the millions of systems affected, so instead Intel, AMD and Microsoft have been looking to use software updates to protect against the problems.
That’s had mixed results, with one of Microsoft’s fixes causing more problems than it solved and requiring an updated version to be released almost immediately.
Hopefully these latest problems will be fixed quickly!
But because the underlying security flaw is deep inside the processor of practically every PC, new problems like this are likely to crop up regularly, and the software and hardware companies will be constantly battling against them.
If you use Microsoft Outlook to read your email, there's bad news. A security bug in the program can allow an attacker to send you a malicious email using rich text format (RTF). If you so much as preview this message – without actually opening it – your PC can be taken over!
By setting up the message in a certain way, the Outlook bug allows the attacker to get hold of your Windows username and password.
While the password is scrambled – using a process called hashing – a determined attacker could probably break it.
The problem is all down to the way that Outlook loads remote content from a server, but it appears to be tricky for Microsoft to tackle.
The problem was first reported in October 2016! Microsoft's previous patch failed to fully solve the problem, but hopefully this new one will.
If you have Outlook installed on your computer (it comes as part of Microsoft Office), you should make sure that the fix is installed, even if you use a different email reader.
That isn't the only long-standing security problem that Microsoft have recently had to issue new fixes for. Windows has had security problems caused by fonts for a while.
These little files do nothing more than tell Windows how to display various type faces on screen. But bugs in how they are handled mean that fonts can also be used to spread viruses and worms.
This month Microsoft have fixed five different problems that would allow an attacker to use malicious fonts on a web page to execute code on your PC.
Simply viewing the page is enough to activate the bugs. This kind of attack is similar to the Duqu virus of 2011, which also used malicious fonts to attack PCs. You'd have thought Microsoft would have got on top of the problem by now, but apparently not.
If you have Windows 10, or automatic updates activated on Windows 8.1 or 7, these should be put in place automatically. If not, install them manually from the Windows Update Control Panel.
All software should be created with security in mind. But when the primary purpose of a tool is to protect your computer’s security, you’d hope the developers were doing everything they could to minimise any targets that hackers can exploit.
Unfortunately, it seems that Microsoft took their eye off the ball in this respect, and Windows Defender has a nasty bug that can spread malware.
For a tool designed to protect your system that’s a major problem, especially with Microsoft building the tool directly into Windows 10.
On many Windows 10 systems it's the only security tool installed, putting them particularly at risk.
The problem is down to the way Windows Defender handles .RAR archive files. If the tool scans a malicious RAR archive, it can trigger a bug that launches code embedded in the RAR, giving it total control over the system.
This is exactly the opposite of what Windows Defender should be doing.
And the security researcher who uncovered the problem also discovered how it came to be there in the first place.
The problem originated with an open source tool, called Unrar, designed to allow you to create and extract files from RAR archives.
It seems Microsoft took a copy of this code and included it in Windows Defender. Open source licence terms usually allow code to be included in other products, provided the original developer is acknowledged, so there is nothing wrong with Microsoft borrowing someone else’s code, in principle.
However, there was nothing wrong with the original Unrar code. Instead, the problem was created by the way Microsoft modified the code they borrowed. By changing some of the variables in the code, they managed to mess up the way the Unrar code checked files, creating the bug and putting Windows Defender at risk.
Fortunately, they’ve managed to rush out a fix for the bug via Windows Update. If you have Windows 10, or automatic updates enabled on Windows 8.1 or 7, this will be installed without you having to do anything.
If not, open the Windows Update Control Panel and check for any available updates.
The hugely serious Meltdown bug, present in systems with Intel and AMD processors, still shows no sign of being fully solved.
If you have an affected processor in your PC, you should be worried. The bug allows a hacker to exploit a flaw in the design of the processor to run their own code on your system.
People can't easily swap the processor in their PC, and usually need to change the motherboard and memory too. So, Microsoft stepped in and issued patches for Windows in January and February which were designed to block hackers from making use of the bug.
However, it turns out that Microsoft's fixes might have made PCs running Windows 7 less secure, rather than more secure.
According to security researchers, Ulf Frisk, the fixes from Microsoft made a crucial kernel memory table readable and writable for normal user processes.
This means that any malware code that manages to run on your system, even without administrative privileges, can access the full system memory, gain administrator privileges and insert its own code into protected areas of memory. Once it has done this, it has full control of your system.
Malware could also use the bug in Microsoft's fix to read passwords, and other sensitive data, from protected areas of memory.
Although the problem with Microsoft's fix affects all versions of Windows, from Windows 7 to Windows 10, Windows 8.1 and 10 have extra security features that protect the memory contents.
Unfortunately, these features are not present on Windows 7, so the fix leaves those systems wide open to attack.
Microsoft have managed to act on the tip off and have just released a new fix to cure the problem they created.
If you have Windows 7, you need to make sure that this fix is installed immediately. Unlike Windows 10, it is possible to configure Windows 7 to disable automatic updates, so you are not guaranteed to have it.
To check if there are any updates waiting to be installed for your system, click on Start > Control Panel > Windows Update.
Click on the Check now button to search for available updates and install any that are found.
With all the latest security features that Microsoft have built into Windows 10, you'd hardly think it was possible for your PC to be infected with malware from a simple hacked web page.
After all, it’s the hackers' first line of attack, so Windows should be wise to it by now.
But unfortunately not! It turns out that both Internet Explorer and the new Edge browser are vulnerable to a problem that allows a malicious web page to implant a virus on your computer.
The problem affects the browser's Chakra scripting engine and could allow a malicious web page to run any code it likes on your PC.
Luckily, Microsoft have crafted a fix for this problem and 74 other Windows bugs, just hours before a major hacker conference was due to start in Vancouver, Canada.
The CanSecWest Pwn2Own meeting of security researchers includes a competition for hackers and security investigators to see how fast they can compromise a Windows system.
Any of the hackers planning on using one of the 75 security problems Microsoft have now fixed will be disappointed.
But, as a Windows user, you can at least be relieved that another bunch of problems that put your PC at risk have been dealt with and are no longer available to crooks trying to steal from you.
As well as the browser problems, Microsoft's latest batch of patches fix problems in Excel, the SharePoint document sharing server, and 13 different bugs in the Windows Kernel – the heart of the Windows operating system.
If you have automatic updates enabled, which is pretty much compulsory on Windows 10, and the default setting on Windows 8.1 and 7, then the patches will be installed for you and your PC will be protected.
If you don't have automatic updates enabled, you need to manually check and install the fixes.
To do so: open the Control Panel and click Windows Update.
Click Check for updates and when the new fixes are found, click on Install now. Once the update process completes, re-boot your PC for the changes to take effect.
We all know that Microsoft have upped the amount of data they collect on Windows users in the latest Windows 10 versions.
They're trying to copy their big rivals, Apple and Google, and focus on earning money from advertising. That's why you see adverts for new Apps appear in the Start menu, even if you've never shown any interest in installing the Apps in question.
By using Windows 10 and the Edge browser, Microsoft can build up a profile of the kinds of things you view on the Internet and what you use your PC for. Added to this, because you sign into all your Windows 10 devices using the same Microsoft account, Microsoft can link what you search for on all of your devices.
They know the Apps you use and what is installed on your PC.
But what exactly does Microsoft know about you, and what information do they collect?
That's a very good question and, until now, Microsoft have been cagey about answering it.
However, it looks like they’re having a change of heart. They've brought out a new tool, called the Windows Diagnostic Data Viewer, which will give you a breakdown of everything the operating system sends to Microsoft.
The company claims it will display:
Common data, such as the operating system name, version, device ID, device class, diagnostic level selection and so on.
Device connectivity and configuration information, including the device properties and capabilities, preferences and settings, peripherals, and device network information.
Product and service performance data that shows device health, performance and reliability data, movie consumption functionality on the device and device file queries. It’s important to note that this functionality is not intended to capture user viewing or listening habits.
Product and service usage data, including details about how you use your device, operating system, applications, and services.
Software setup, such as installed applications and installation history, and device update information.
The tool isn't available yet, but a preview version should be released in the next few weeks, and the final version will be available from the Windows Store.
Let's hope it is released soon, and we can all check what Microsoft knows about us.
Skype’s a great program to keep in touch with friends and family, whether they live down the street or on the other side of the world. Using it you can make free phone and video calls to anyone using the software from the comfort of your PC.
So, if you use Skype like I do, you were probably terrified if you saw the latest security scan concerning it this week. The problem has led to panic and heated debate in online forums and on Twitter.
Basically the claim was that there was a security problem in the software that was so severe that Microsoft couldn’t fix it without rewriting the entire program.
The problem does indeed exist in Skype 7.4 and earlier. It allows malware running on a computer to use Skype’s update mechanism to take over the entire PC via a fake DLL file.
But the problem isn’t with Skype itself, but rather with its companion updating tool.
The rumour seems to have started when a security researcher uncovered the bug and told Microsoft about it. Microsoft told him that patching the bug would require a large code revision, so he subsequently went public with his findings.
The thing is, Microsoft have already fixed it. They released Skype 8 last October which fixes the problem.
So the solution is simple – update to Skype 8.
Unfortunately, Skype 7.4 won’t automatically update to Skype 8 so you will need to install it manually.
To do so, visit the site below and download the latest version:
One you’ve installed the latest version, you should check that the old version is not present on your PC.
To do so, press [Windows Key] + [R], type control and click OK.
In the Control Panel, click on Programs and Features. Look through the list of programs for an entry for Skype.
There should only be one version. If there is more than one, uninstall the old version by selecting it and clicking on Uninstall.