Recently Chris Jackson, Microsoft’s worldwide lead for cybersecurity, decided to clear the air on Microsoft’s legacy Internet Explorer (IE). Microsoft considers Internet Explorer a compatibility solution for business/enterprise customers that deal with legacy sites that aren’t updated for modern web browsers. In fact the underlying technologies for Internet Explorer haven’t been updated since 1999. IE should be used very selectively for internal sites that need it.
Jackson also says that Microsoft isn’t supporting new web standards for IE, so while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers like Google Chrome, Firefox, and Edge.
Safely Remove USB Flash Drives? Not on Windows 10
Just about every tech “expert” you meet will tell you that it’s super important to safely eject a flash drive before pulling it out of your PC.
Well, Microsoft confirmed once and for all that – in Windows 10 – it’s no longer a thing you need to worry about. In October, Windows 10 introduced a feature called “quick removal” which lets users disconnect a drive anytime. It’s now the default setting for each new drive you plug into Windows 10. Quick Removal keeps Windows from continuously trying to write information to the drive, which helps in the event you disconnect it.
Just another reason how Windows 10 is making the computing experience safer for everyone.
Market Share Update!
Windows 10 is officially the most used version of Windows (worldwide).
Password Change Policies – An Expired Approach to Security
Hate changing your password every 60, 90 or 120 days? So does Microsoft.
The company recently decided that it plans to drop expiring password policies in its security configuration baseline for Windows 10 & Windows Server.
“Periodic password expiration is an ancient and obsolete mitigation of very low value, and we [Microsoft] don’t believe its worthwhile for our baseline to enforce any specific value”, explains Aaron Margosis, a Microsoft principal consultant.
Organizations will not be able to pick their own password expiration date or choose not to have one at all.
Forcing users to pick a new password is a defense only against a valid password or password hash being stolen and used by an unauthorized person. The policy doesn’t offer much protection, but does create headaches for end-users.
Microsoft’s proposal follows US National Institute of Standards and Technology’s (NIST) overhaul of its guidance for password rules two years ago, which dropped periodic password changes and password complexity requirements.
It’s important to note that Microsoft isn’t changing its requirements for minimum password length, history or complexity, and still recommends administrators use tools which ban common passwords.