Microsoft & GDPR

Recently the European Union, introduced new regulation which enhance protection of users within the EU. This regulation is known as GDPR and practically it succeeds the Privacy Regulation and it is new opportunity to have a better control and protection over users’ privacy and it enforce all companies and organizations and everyone who is dealing with data involving the EU citizens or companies must adhere this new regulation or they will face penalty and they have to response if they are not being compliance. Being compliance with such regulation is actually a way to protect human right and it is right to privacy but being compliance with regulation is costly and difficult for companies. It is not only about understanding the GDPR and how it works but it is about how to adapt it in the real environment. Hopefully, Microsoft is among the first companies which fully compliance with GDPR and it prepared tools for users to get ready for GDPR even before it comes into action. If you are using Microsoft Cloud technologies like Azure, Office365 and others, you cloud is fully compliance with GDPR and you could use Microsoft tools to adapt compliance easier. If you are in charge of development of application on cloud, you have to be careful about your software design and that is another issue. Windows 10 and Windows Server 2016 also giving you tools which help you to be more compliance with GDPR. Adapting GDPR would required privacy assessment and expert knowledge on field but you will come into technical issues to adapt and implement it and it is where features inside Windows and Windows Server could come and help you. If you are using Microsoft Technologies and you are in EU or you are dealing with EU, take a look at following resources:

https://blogs.windows.com/windowsexperience/2017/09/25/windows-resources-to-help-support-your-gdpr-compliance/

https://docs.microsoft.com/en-us/windows-server/security/gdpr/gdpr-winserver-whitepaper

https://docs.microsoft.com/en-us/windows/privacy/gdpr-win10-whitepaper

https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

I wish you all to have a safe GDPR journey and be ready to protect your users and customers.

 

Advertisements

Why My Anti-Malware Product Won’t Detect All Malwares?

Common question, I am hearing from users is well, I am using Anti-Malware software and I paid the license but why it won’t be able to detect all malwares? Do we have any Anti-Malware product to be able to detect and remove all malwares?

We always say that, there is no Anti-Malware software which is able to detect and remove all malwares. Anti-Malware products are able to detect all malwares in wide-list. It is list of all malwares which has been discovered and it is keep updating. Of course, if we know about malware, we could detect it. But there are tons of new malwares which are being created every day and let say it is not possible to say our Anti-Malware product is able to detect all unknown malwares too. However, they won’t leave them to go around and harm users. Anti-Malware products comes with techniques to detect unknown malwares like using heuristic detection which uses machine learning and detect suspicious objects or applications based on similarity with other known malwares and behavior monitoring which detect unknown malwares based on abnormal behavior or similarity of their behavior to known malwares. There are several techniques which Anti-Malware vendors are using to detect unknown malwares. They are placing spam-trap or honeypot to collect sample of new malwares. They doing research on black markets for new malwares and users also submit sample to them. It is whole ecosystem and keep improving to make sure unknown malwares are being detected and discovered by good guys before get used by bad guys. However, it is not possible to detect all unknown malwares. So, what to do?

Anti-Malware is not the only thing which protects you against malware. There is beautiful concept of defense in depth in Windows, which explained you have defense layers which could stop malware even before they reach to Anti-Malware product like SmartScreen Filter, DEP, ASLR and others. In addition, you as a user should learn about threats around you, if you are visiting website which looks suspicious, you have to report it through SmartScreen filter. If you have sample of program which you believe it is malware but your Anti-Malware software says it is safe, submit it for analysis. Don’t hesitate contacting support or security forums to ask about your concerns with unknown malware and unknown programs. Keep yourself update about latest security incidents and best practices.

 

 

 

Questions about Windows Defender in Windows 10

Windows 10 comes with Windows Defender pre-installed (actually Windows 8 comes with Windows Defender) and it is full real-time Anti-Malware product. Windows Defender was free download for Windows XP and build into Windows Vista and Windows 7 as Anti-Malware product only. Later on, if you want to protect yourself against all malware, you could install Microsoft Security Essentials for Windows XP, Windows Vista and Windows 7. Today, Windows XP and Windows Vista are no longer supported and hence Microsoft Security Essentials are also no longer supported in these platforms and we have Microsoft Security Essentials for Windows 7 and Windows Defender pre-build into Windows 8 and Windows 10. Here I would like to answer to some of questions related to Windows Defender in Windows 10:

I am using Windows 10 , do I need another Anti-Malware product?

No, you have Windows Defender inside your Windows and it is full Anti-Malware product and it is protecting you against all malwares including Virus, Worm, Trojan, Spyware, Rootkit, Bootkit, Adware and so on.

Is Windows Defender really protecting me?

Windows Defender shows a good performance in detecting and removing all malwares according to latest test by independent researcher.

There is file I believe is a virus but it won’t be detected by Windows Defender or I have a file which is safe but being detected as virus incorrectly, what can I do?

These are known issues to all antivirus vendors like Windows Defender. You could report both cases through Microsoft Anti-Malware Sample Submission website https://www.microsoft.com/en-us/wdsi/filesubmission

Can I use different Anti-Malware product?

Yes, as long as Anti-Virus software is working fine with Windows 10 and it is compatible, you may use another Anti-Malware product and they will disable Windows Defender and replace it. Once you uninstall your Anti-Malware product, Windows Defender should get back to work.

I do have other questions or problem, what can I do?

There are other questions and answers you could find about Windows Defender and other Microsoft Anti-Malware products on https://answers.microsoft.com/en-us/protect and if your question is not answered or asked there, you may ask new question .

Enjoy using Windows Defender and have a safe cyberspace.

Google Can Read Your Mind!

I don’t think there is anyone who is using internet but they won’t do their job using Google, except for certain countries like China which Google is filtered or their own search engine is more popular. However, this is applicable to all search engines which are storing search results. Google is the most popular search engine in the world and it could read your minds. When you perform a search, what you have been searched will be stored in Google data center and it is associated with your IP address. If you already login with Google Account, it is associated with your Google Account too. This is not a bad thing and it is not intended to be a bad thing, it help advertisement to find right people to advertise their product and it also help you as a user to get right result and advertisement. For example, you might have notice this that when you keep searching for specific terms in Google like you are searching for cybersecurity, ethical hacking, it shows advertisement for bestselling books or course in these areas. IT is good for you because you will find what you want fast and for this reason we are actually using Google and advertisement will find a right target which has high likelihood of sale their products.

Storing our data and associate with IP or Account, could help Google to see what your interest are and help Google to give you what you want. However, the dark side of it is that they will know what you think, what are your interest are? And they could get complete profile of you. Of course, collection of such data is under Google Privacy statement but in the same privacy statement, Google mentions with authorization of government we shall share data, if warrant has been presented. This is great risk for national security of a country. Let say there is a country which is consider enemy nation to the United State, like North Korea, Iran, Cuba and Syria. They want to do harm to these countries and to do that, they will just ask Google tell us what people of Syria or Iran are thinking right now? Google need to check IP range for that country and see what trending search are there and based on those search trend come up with policy to harm that country. Getting warrant for enemy nation is not that hard. However, it is risk for ally too. Governments would love data, and let say government of United State want to know what people of Germany are thinking? They could get same data but not to harm Germany but to make sure during negotiations, everything will go in their interest. Like what are problems of people in Germany and what they are interested in. For example, they might see what people of Germany are interested about United State and create policies to make sure more people travel there and this is indirect way of transfer fund from Germany to United State. One good approach would be having data center inside country and under government control. United State couldn’t gain access to data in European countries easily, because data center located in Germany and is under control of German governments. Reading minds is no longer a theory, it is possible through cyberspace. Google could read your mind from what you search. Even if you enter fake data or use VPN, they could identify you by seeing what your search for and from your searching behaviors. So be careful while you are searching.

 

Why Protecting Copy Right is a Cybersecurity Issue?

If you want to gain unauthorized access to a system, there are two main strategy you could follow, one is to find a zero-day vulnerability in the system and exploit it and if you are lucky enough, then you might get access to the system. Another way is to persuade the user not follow best practices for security and use already known exploit to gain access to the system. Then you won’t need to discover unknown 0-day and you could use already know 0-day. If you ask someone to not use Anti-Virus, not update system and so on. They will raise their guard and wonder why you want them to do this and they might not listen. For this reason, hackers gone for old but useful method and it is software piracy. Well, you might persuade them to use pirate software by telling them, why you are paying so much money for license, get this software for free instead, then they won’t get latest update and why black hackers working on uncover new vulnerabilities and white hackers to patch them, unpatched system will be target for hackers with known vulnerabilities.

Protecting intellectual properties and copy right is not just ethical and legal matter. It is matter of inter(national) security. When we are not fighting against piracy, meaning letting user to buy pirate software. It means, we are open the system over known vulnerabilities which patch is available but because it is pirate, user won’t get them and it leads to what we know as botnet (zombie) and cybercriminals could expand their botnets and use infected systems for their criminal purposes. I am asking governments, will you let your citizen’s system use for criminal purposes? If you really concern about national security, you should fight against piracy and protect copy-right. In addition, based on our human right approach, everyone need to have fair access to legitimate software and programs. Political reasons shouldn’t consider as a mean to block access of people to legitimate programs. You should remember, when they don’t have access, they will go for pirate version and this leads their system to be used for criminal purposes and it makes it harder for good guys to combat cybercrimes.

I am requesting international community for better unification against software piracy. This is no longer matter of legal issue but it is important agenda in cybersecurity. We need to united otherwise we would face new attacks from legitimate users (e.g. DDoS, Malware Distribution, illegal blockchain, etc.)

 

Protect Windows Against Spectre and Meltdown

You might hear about recently published vulnerabilities which affect chipset and they are known as Spectre and Meltdown. They are affecting microprocessor and unlike previous vulnerabilities which updating operating system would fix the issue, updating operating system alone won’t fix the issue. You will need to update your device’s firmware. If you are using Windows operating system, you will need to do the following tasks:

  1. Check for Anti-Malware update and make sure it is fully updated and is compatible with Windows 10. There are report of certain Anti-Malware products which are facing compatibility issue with the update that fix this security vulnerability. You may check with your Anti-Malware manufacturer’s website and see whether they product is compatible for this update or not.
  2. Check for Windows Update and you should get security updates to fix this issue. These updates released on January 3, 2018. So, if you are checking for update today, you should receive them. You might get other Windows Update and in some cases, you will need to restart your PC before be able to get update. Windows Update will let you know what to do.
  3. Once such Windows Update has been installed, you need to check your PC manufacturer’s support website and install the latest firmware for your device. You have to remember installing firmware is sensitive process and it is better to backup your data and read firmware installation guideline with care, before doing that.

There are report that some devices might not get security update to fix this issue. This is because either their Anti-Virus software is not compatible or there is known compatibility issue with update in their devices. For example, certain devices running on AMD processor report problem with booting and bluescreen and they are in hold while problems are being investigated and update will be released once issues have been fixed. For compatibility issue with Anti-Virus, you need to update your Anti-Virus or wait for update from them. In some cases, you will need to wait for other updates before be able to install the update and in some cases, you will need to wait for firmware update from your PC manufacturer. Meanwhile, before patching all devices take extra cation and be aware of unknown websites and links. These updates also reported to have performance issue in some devices. You may read more about this update on Microsoft Support page. Good news for Microsoft Surface users, you may download this update and firmware will be updated through Windows Update for Surface devices. Microsoft Anti-Malware products including Windows Defender, Microsoft Security Essentials, Microsoft System Center Endpoint Protection and others also are compatible Anti-Malware products.

What We Should Know About Hackers?

As security guy, I get involved with hackers (black, white and gray hats), hacking incidents, security issues and so on. One of the interesting thing is you will see a well reputable company or website get hacked, not because hacker is so smart but the company forgot one of the key security best practices. Here are some notes you should know about hackers and hacking incidents:

  • Gap Between Academic and Industry Security: There are several people doing PhD in area of security and governments spends millions of budgets for academic research and you will see their outcomes on as published paper. Unfortunately, academic research doesn’t have much impact on industry security. They end up with playing with numbers and mathematical formula and makes things complex but they failed to provide a actual solution to industry. For this reason, you will see several university professors who have been hacked by teenage hackers. It is because they have different understanding about security compare to industry about security. In Industrial research things are different. They normally won’t publish their result, because they don’t want hackers to figure out a way to bypass it. Their research will directly adapt into industry. Therefore, if you see a professor or PhD student in security, don’t leave your company to them, you will gain nothing but embarrassment when a teenager takes over your company’s network.
  • We are the smartest Guy: Most people won’t know how hacking works, they just see a guy play with black screen with a lot of codes and then get a lot of data and we will see wow they are cool. Even though, hacking required certain talent and expertise, but not all hackers all that super smart. In most cases, they just know some codes and scripts which is available publicly and they just copy and paste and modify it to get the job done. Because they have a dark screen with some code, they are not super. You should see what they are doing to see whether they are real smart hacker or just someone who is playing with some scripts.
  • I could hack into everything: We know in world of security, nothing is unbreakable. No matter how well you secure your systems, there could be a way to break into it. But it doesn’t mean every hacker could hack into everything. They required to have expertise in certain areas and they need to try and do research to figure out how to hack into your system. And they might get more failure than success or they might not be able to hack into your system at all.
  • Linux is the most secure operating system: Several people mentioning, we are migrating to Linux, which is absolutely WRONG. If you have any friend or you know any hackers, just ask them about hacking Windows or Linux. If you are hacker yourself, you will know what I am saying. Hacking Linux is a lot easier than hacking the latest version of Windows. Just have a try on it. It doesn’t mean there is no way to hack a Windows but to do that, you need to spend a lot of effort and normally, you couldn’t hide your identity after hacking. This is one of the reasons that top secrets servers and systems like NSA, US Army, NATO, CIA, FBI, Europol and so on all running on Windows.
  • No one ever knows about my hacking: Sun won’t stay under the cloud for too long. Even the best and most professional hackers have been discovered by authorities and internet is not just free place without any trace and detection. In the other hand, authorities are getting new tools to better discover cybercrimes and hacking incidents. Therefore, if you are a black hacker who hack into companies and damage them, it is better to switch to become white hackers who help companies securing themselves and be a good hacker, otherwise, you won’t have a nice future.

 

Hacking is interesting journey, if you want to be a hacker, try to be a good one. Try help companies with their security issues. If you are a black hacker, you may also switch to become good guys.