Advanced Malware Protection ?
Refusing to let Microsoft install Windows 10 build 1809 ?
I'd say it's working just fine...
Companies relying on Cisco's Advanced Malware Protection (AMP) software will have to hold off on installing the latest edition of Windows 10. The Redmond Zune-flinger says that the 1809 build of Windows 10, aka the Windows 10 October 2018 Update, will not be able to install on machines that run Cisco AMP for Endpoints. As a …
Quite, but how does that translate into being unable to save Office files, the bug caused by this system?
Seems like Microsoft might be hooking their fingers into some undocumented system calls themselves and getting thwarted by a malware protection scheme that's determined said 'features' are exploits waiting to happen so proactively stop anything using them.
Windows 10 already comes with decent malware detection already.
I'm getting a bit tired of having to repair friends computers because some big-box electronics stores are pushing out whatever garbage third-party "security" suite they happen to be partnered with that month.
Case in point, my friends son purchased a new Windows 10 laptop from Best Buy and they gave him a "free" copy of Web Root antivirus.
The problem is the square plastic case that was supposed to contain a tamper-proof, read-only CD of Web Root was empty and just had a URL printed on the inside to download the Web Root installer from the web.
Of course since it is his first computer he must have fat-fingered the address or entered only a partial address into the search bar or something but whatever the case was he was directed to a scam website which was very helpful by doing the install for him remotely over LogMeIn and then of course went about gathering my friends sons debit card information, phone number and email address and also the serial number for Web Root before I walked in and saw what was happening.
The URL he was supposed to have gone to was "webroot[dot]com/safe" but if you do a web search for webroot safe you will there are several bogus webroot sites of scammers taking advantage of the fact that there are no disks in the box including putting the real url in the title of the html on the bogus site.
However, if you do actually enter the CORRECT url you might see a quick 302 redirect because of an http link and of course you are greeted with tracking beacons from Facebook and Yahoo and other surprises before getting a download link.
Some of those bogus sites are linking directly to WebRoots servers for the convincing graphics and WebRoot logos so it makes me wonder why WebRoot's webmaster doesn't see this traffic in the logs.
(And of course Google's analytics running in there as well)
Before installing any dodgy third party "security" suite users should read a few of Tavis Ormandy's thoughts on the matter.
20 years ago, I was running into software that was "broken" because some genius nicked some demonstration code and put it into a production system - ignoring the warnings that came with the code that it was using unsupported features.
The best one was an enterprise-level program written in VB which used an unsupported OCX to implement an NT service. Guess what happened when a service pack was applied ?
Thank god for helpdesk software that records comments - as they looked for blame and noted that a year previous I had submitted a version with a note that it shouldn't be released as it contained unsupported features.
well, MY version of 'safe surfing' avoids using Edge, HTML mail, and Windows (in general) for web surfing, so maybe it's not so 'compatible' after all... (since 'avoid using windows' is a big part of it)
but at least do THESE things if you must use Windows:
a) don't view HTML mail as HTML [and no inline attachment previews, either]
b) don't preview e-mail nor web browse with an account that has 'admin' privs
c) don't use a Microsoft web browser
e) don't download/install the application/plugin 'to view the content'
f) don't use any Adobe viewers (PDF and flash especially)
'c' and 'd' are probably the biggest vectors for malware, followed by 'e' and 'f', and then 'a' and 'b'. It's not perfect, but it'll work for most of what's out there, especially 0-days.
in any case, no need for anti-virus/anti-malware if you execute some self-discipline and do those things I just mentioned. THAT, and don't surf the web nor read e-mail logged in with 'admin' privs.
(or you can ignore what I said, at your own peril)
Users can either uninstall AMP to get the new version of Windows, or they can wait until a fix for the bug is released.
Tough call...NOT! Yet another reason not to install that doorstop of an October release.
They said it was the "October release". Did they say what year?
Biting the hand that feeds IT © 1998–2019