• As you may be aware, a new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe.
    Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics. This now seems to be the third major outbreak of the year.
    Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without their decryption service".
    The criminals behind Bad Rabbit are tricking people into infecting themselves, by disguising the malware as an Adobe Flash installer and planting it on legitimate websites that have been compromised.
    However, a security researcher at Cybereason, claims to have found a vaccine for the attack, which should completely prevent Bad Rabbit from infecting your computer. This is a simple procedure that is carried out by blocking the execution of file “c:\windows\infpub.dat” and “C:\Windows\cscc.dat”, the main files the ransomware relies on in-order to carryout its attack.
    This makes sense because the ransomware needs the files, "infpub.dat" and "cscc.dat" to execute its attack, and by blocking them on your PC prior to any attack, you have prevented Bad Rabbit from carrying out its job.
    Prevention they say, is better than cure.

    Please follow the steps below to fully protect yourself.
    First, create these two files in c:\windows:
    infpub.dat
    cscc.dat

    You can do that really quickly by starting cmd.exe as an admin:
    image4.png

    Then type the following commands:
    echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat
    Next, remove all their permissions by right clicking each file and selecting properties:
    image7.png


    Then select the security tab:
    image3.png

    Now click advanced, opening the following window:
    image2.png
    Click change permissions, opening the following window:
    image5.png

    Then, uncheck the “Include inheritable permissions from this object’s parents” box.
    After you do that, the following window will pop up. Click “remove”.
    image6.png


    You are now done. Remember to perform this action for the two files you created.

    If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:
    image8.png


    And then select “Remove all inherited permissions from this object":
    image1.png




  • Hackers can steal macOS keychain passwords using unsigned applications, it works on the latest version of macOS, High Sierra 10.13, and previous releases.


    Cyber security expert Patrick Wardle, director of research at Synack, revealed that unsigned applications can steal macOS Keychain passwords, including plaintext passwords from the latest version of macOS High Sierra and previous versions of macOS.

    The researchers tested the exploit on Sierra and High Sierra, but he confirmed that El Capitan appears vulnerable as well. This issue is not a ‘High Sierra specific’ vulnerability.
    The researchers shared a video that shows how an unsigned application can exfiltrate sensitive data from the macOS Keychain, including plaintext passwords.

    OS keychain hack

    “What does your attack do?



    A: I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(” explained Wardle.



    on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭
    https://

    It interesting to note that the attack does not require root permissions. The attack does require the knowledge of the master password, it only needs the targeted user to download and launched a malicious application, clearly ignoring the warnings displayed when an app from an unidentified developer is being executed.

    “Q: What are the prerequisites for this attack?


    A: As this is a local attack, this means a hacker or piece of malware must first infect your your Mac! Typical ways to accomplish this include emails (with malicious attachments),  fake web popups (“your Flash player needs updating”), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc). Theoretically, this attack would be added as a capability or as a payload of such malware. For example, the malware would persist, survey the system, then use this attack to dump the keychain. If I was writing a modular mac backdoor or implant, I’d call it the “dump keychain” plugin :)”  added the expert.




    Wardle reported the discovery to Apple along with a proof-of-concept (PoC) code, he avoided to publicly disclose technical details to prevent malicious actors from abusing the technique.
    Security experts always recommend customers to download applications only from trusted sources and pay attention to the security warnings displayed by the operating system.

    “A few things. As mentioned before, this attack is local, meaning malicious adversaries have to  first compromise your mac in some way. So best bet – don’t get infected. This means run the latest version of macOS and don’t run random apps from emails or the web. Also, this attack requires that the keychain is unlocked. By default the keychain is unlocked when the user logs in. However, you can change the keychain password (so it is not automatically unlocked during login, or (via the Keychain Access app) lock the keychain while you are not using it. ” suggests Wardle to stay safe.

    Unfortunately, Apple’s bug bounty program doesn’t cover macOS., this means that the expert will not be rewarded. Well, let's hope that Apple will make his case an exception.


  • Skylake is the codename for Intel's sixth-generation range of Core laptop and desktop PC processors. They've already been superseded by the seventh-gen CPUs and you can find out how Skylake compares with Kaby Lake.

    But Skylake isn't dead yet. No. Intel has launched Skylake X CPUs, which are the high-end enthusiast versions.

    Interestingly, Intel isn't using the Core i7 branding as it has done in previous years but add a new number: 9. The Core i9 range could be in response to AMD's Ryzen processors, which were named to seem similar to Intel's Core i5 and i7 ranges. 

    Last year at Computex, Intel unveiled its first 10-core consumer CPU, the company's move into the world of a "megatasking." It was a pricey chip, launching at around $1,700, but it satisfied the needs for users who needed to juggle several intensive tasks at once. Now, Intel has upped the ante with a whole new family of processors for enthusiasts, the Core X-series, and it's spearheaded by its first 18-core CPU, the i9-7980XE.

    Priced at $1,999, the 7980XE is clearly not a chip you'd see in an average desktop. Instead, it's more of a statement from Intel. It beats out AMD's 16-core Threadripper CPU, which was slated to be that company's most powerful consumer processor for 2017. And it gives Intel yet another way to satisfy the demands of power-hungry users who might want to do things like play games in 4K while broadcasting them in HD over Twitch. And as if its massive core count wasn't enough, the i9-7980XE is also the first Intel consumer chip that packs in over a teraflop worth of computing power.




    If 18 cores is a bit too rich for you, Intel also has other Core i9 Extreme Edition chips in 10, 12, 14 and 16-core variants. Perhaps the best news for hardware geeks: the 10 core i9-7900X will retail for $999, a significant discount from last year's version.

    All of the i9 chips feature base clock speeds of 3.3GHz, reaching up to 4.3GHz dual-core speeds with Turbo Boost 2.0 and 4.5GHz with Turbo Boost 3.0. And speaking of Turbo Boost 3.0, its performance has also been improved in the new Extreme Edition chips to increase both single and dual-core speeds. Rounding out the X-Series family are the quad-core i5-7640X and i7 models in 4, 6 and 8-core models.




    While it might all seem like overkill, Intel says its Core i9 lineup was driven by the surprising demand for last year's 10-core chip. "Broadwell-E was kind of an experiment," an Intel rep said. "It sold... Proving that our enthusiast community will go after the best of the best... Yes we're adding higher core count, but we're also introducing lower core counts. Scalability on both ends are what we went after."

    As you can imagine, stuffing more cores into a processor leads to some significant heat issues. For that reason, Intel developed its own liquid cooling solution, which will work across these new chips, as well as some previous generations. All of the new Core i9 processors, along with the 6 and 8-core i7 chips, feature scorching hot 140W thermal design points (TDPs), the maximum amount of power that they'll draw. That's the same as last year's 10-core CPU, but it's still well above the 91W TDP from Intel's more affordable i7-7700K.

    Over the past few years, Intel's laptop chips have been far more interesting than its desktop CPUs. Partially, that's because the rise of ultraportables and convertible laptops have shifted its focus away from delivering as much computing power as possible, to offering a reasonable amount of processing power efficiently. The new Core i9 X-series processors might not be feasible for most consumers, but for the hardware geeks who treat their rigs like hot rods, they're a dream come true.




    When is the Core i9 release date?

    Release date: June 2017*

    At the chips' launch at Computex 2017, Intel said the new processors would be on sale "in the coming weeks". *That applies to the Core i9-7900X downwards. 

    The i9-7920X will go on sale in August, while the top three chips don't yet have an official release date.

















  • There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

    The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of "we told you so" head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.

    According to Europol, the attack had reached about 150 countries and more than 200,000 systems. When security researchers found a kill-switch for the attack that they used to their advantage, it didn't take long for new variants to start up again with infections occurring at a rate of 3,600 systems per hour.

    It was a nasty bit of business and while the hue and cry over ransomware shouldn’t be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.

    1: Vulnerability and Patch Management overshadows everything

    Patch, patch and patch. It's been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
    Hopefully, after this attack, organizations will significantly alter their continuous patch hygiene. Microsoft also released new emergency patches for Windows XP and 2003, even though it has stopped all security updates and technical support for XP since April 2014, which simply shows the seriousness of the attack and the risk of deploying out-of-date operating systems in work environments."

    2: Unknown Assets can cause you so much problems

    It's just about impossible to patch systems an organization doesn't even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale attacks against the forgotten systems that can be lost through inconsistent asset management.
    "Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors," says Steve Ginty, senior product manager at RiskIQ. "For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall."

    3: Network Segmentation Can Be a Valuable Risk Reducer

    Of course, patch management isn't as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. It's why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are very difficult to update due to government regulations and the organizations' own concerns about causing system disruptions during updates. We all have faced challenge(s) while updating our work and personal devices at one point or the other.
    "In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. Thus 'if it ain’t broke, don’t try to fix it' mentality can be tremendously detrimental to hospital security."
    This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations.
    "Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible," says Brighten Godfrey, co-founder and CTO of Veriflow. "Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized."

    4: Security Has Real-World Repercussions

    Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of people's life and limb.
    "With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.
    The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like "whack-a-mole" and "cat-and-mouse" to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what we're engaged in is not frivolous or fun. The consequences are real and serious.

    5: It's Easy to Forget the 'A' in Security's 'CIA'

    So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
    "Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored.
    Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those who've found they've lost access to their WindowsXP systems, there's at least some good news on that front. Security researchers with the French security firm Quarkslab have released a tool called Wannakey, which can help recover the private encryption key for infected WindowsXP systems.


  • If you can’t get enough of Space Black/Deep Blue iPhone colorways, we’ve got you covered with some nice looking photos of alleged iPhone 7 Pro units in Apple Watch-style Space Black finish that’s supposed to replace the current Space Gray option. Plus, we have a bunch of crisp shots of a working iPhone 7 Pro prototype in Deep Blue.
    Feast your eyes on the photos and let us know your thoughts in the comments.

    More iPhone 7 Space Black images

    As you can see below, the images purportedly show a rumored iPhone 7 Pro model sporting three pins on the backside, presumably for a Smart Connector. We can clearly see curved appearance of the dual-camera system on the back, along with cleaner antenna lines and a SIM tray on the side (so no e-SIM for the next iPhone).

    The Home button seems to sit flush with the front face, yet another indication that the iPhone 7 may come with a non-moving Home button outfitted with pressure sensors and haptic feedback to simulate clicks.

    After nine years, the iPhone 7 appeared ready to move to a MacBook-inspired touch sensitive button which uses haptic feedback to simulate the sensation of physical touch. A fixed button would be more reliable, save physical space and potentially enable Apple to use the touch sensitivity to add gesture support at a later date (there’s no sign of this in iOS 10).

    How about Deep Blue?

    The images you see below were sent by an unknown source. The pictured unit is apparently an engineering prototype, running iOS 10. A few images show the device running Apple’s internal testing software, called SwitchBoard.
    Aside from a nice-looking blueish hue, the device’s backside sports dual cameras, in line with previous rumors, along with legitimate-looking iPhone branding.
    Whether or not the device on these crisp photographs is a regular 5.5-inch iPhone 7 Plus model or its rumored “Pro” counterpart is anyone’s guess, but one rumor said Apple had abandoned Deep Blue in favor of a more subdued Space Black finish.

    Yesterday’s Space Black photos

    Yesterday, Dutch blog TechTastic.nl posted high-quality photos of iPhone 7 casings in Space Black that you can see right below. Japanese blog Mac Otakara was first to report earlier in the summer that the iPhone 7 might come in a new Deep Blue colorway, but the post was later amended to indicate that the hue is actually more akin to the stainless steel Apple Watch in Space Black, so there’s that.

    iPhone 7 to support fast-charge tech?

    Last but not least, earlier this morning The Malignant posted a sketchy image suggesting that the iPhone 7 may use a special circuitry to support “at least” 5-volt, 2-amp fast-charging. The image below is said to show an iPhone 6s logic board next to its iPhone 7 counterpart with a new circuitry to support fast-charge technology.


    No Stereo Speakers
    This news comes via highly reliable French site Nowhereelse.fr which has attained schematics of the iPhone 7. The schematics say the matching second speaker grill on the bottom edge of the iPhone 7 (added thanks to the removal of the headphone jack) is purely cosmetic and simply houses the microphone.

    Apple has pulled a similar stunt before with the iPhone 4S which also had matching dual speakers on the bottom edge (the headphone jack was at the top of the phone back then). Many predicted stereo sound at the time, only to be disappointed.

    September is almost here!

    With a little more than three weeks left until a rumored September 7 unveiling, small wonder we’re now seeing high-quality photographs of genuine-looking iPhone 7 parts.
    I’m eager to hear your thoughts on these rumored leaks for the next iPhone. Would you pick one over another, and why? or would you stick with your current iPhone?




  • Security Experts at Sophos explained the efficiency of the business model known as Cybercrime-as-a-Service in the specific case of Vawtrak botnet.

    The term Cybercrime-as-a-Service refers the practice in the cyber criminal ecosystem to provide product and services for use by other criminals. In September 2014, a report from Europol’s European Cybercrime Centre (EC3), the 2014 Internet Organised Crime Threat Assessment (iOCTA) report, revealed the diffusion of the business model in the underground communities and highlighted that barriers to entry in cybercrime ring are being lowered even if criminal gangs have no specific technical skills.

    Criminals can rent a botnet of machines for their illegal activities, instead to infect thousands of machines worldwide. These malicious infrastructures are built with a few requirements that make them suitable for the criminals, including User-friendly Command and Control infrastructure and sophisticated evasion techniques.
    The botnets are very flexible and could be used for several purposes, including to serve malware or to send out spam emails. For example, the botnet’s computers can be configured to serve as proxies or even — once all the other usability has been sucked out of them — as spambots.

    An example of banking malware botnet is Vawtrak, also known as NeverQuest and Snifula. According data provided by Sophos, Vawtrak was the second most popular malware distributed by malicious drive-by downloads in the period between September and November.

    Sophos published an interesting paper on the cybercrime-as-a-service model applied to the Vawtrak botnet, titled “Vawtrak – International Crimeware-as-a-Service“.
    “If you look at the client-side, the commands used, and the debugging code, suggests that it’s more user friendly than some of the other malware we look at,” said James Wyke, senior threat analyst at Sophos Ltd. “It’s almost certainly going to be a point-and-click Web-based interface. Simplicity is one of Vawtrak‘s positive points.”

    Despite Wyke hasn’t personally evaluated the Vawtrak for leal and ethical reasonsSophos was able to investigate the activities Vawtrak platform is being used for. The experts recognized a pattern in the “modus operandi” of the Vawtrak clients, which used the botnet to target banks and other financial institutions worldwide. The attackers are able to run sophisticated attacks in a methodical way, by-passing two-factor authentication mechanisms and implementing custom injection mechanism.

    The experts revealed that Vawtrak was used by criminal organization in US to compromise both large banks (i.e. Bank of America and Citigroup) and smaller financial institutions (i.e. Bank of Oklahoma, Cincinnati’s Fifth Third Bank, the Columbus-based Huntington National Bank).

    There are tens of thousands of computers already infected and in the network, Wyke said.
    cybercrime-as-a-service botnet infections

    That makes it smaller than some of its competitors but, because of its business model, it might actually be more profitable.
    The cybercrime-as-a-service model developed for the Vawtrak botnet allows customers to choose specific types of infected machines, to customize the botnet to hit a specific target (i.e. banks, private firms) or to request specific types of stolen data.
    “If you want banking credentials for certain banks, or certain regions of the world, they can start campaigns targeting those banks or those countries,” said Wyke. “We’re moving away from the model where the cybercriminals write their own software, or sell you a kit and you go away and create your own botnet,” Wyke said.

    The availability of stolen data makes the model of sale Cybercrime-as-a-Service very attractive for criminals that can use them to run further attacks by having more information on the targets.

    The Vawtrak botnet provides also specific data hijacked by the botnet, including banking access credentials, that allows the criminals to deliver new strain of malware to the infected computers.
    “This is a flexible business model,” he said. “Once the machine starts sending out spam it becomes obvious that it’s infected with malware and it’s not going to be infected much longer,” he said.

    Experts at Sophos suggest to keep defense systems up-to-date and provide a free removal tool for the Vawtrak botnet on the company website.

  • A basic guide to the Internet's underbelly -- the Dark Web.




    Deep or Dark?

    There's a difference between the "Deep Web" and "Dark Web." While the "Clear Web" is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can't crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.


    How do you access the Dark Web?

    You can't use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.


    Wait, .onion domains?

    An .onion address is the result of Onion networking -- low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.


    It's not just drugs

    Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a "prank" is also possible.


    It's also something of an eBay for peculiar items.

    A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular -- there is a wealth of devices available -- both counterfeit and apparently legitimate -- if you know where to look.



    The Dark Web is used for more than buying and selling.

    So-called "ethical" hacking and political forums, archives of forbidden books, tips on how to care for your cat -- there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.


    Trading is hardly safe or risk-free

    Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.
    Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn't stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant -- especially as there is no way to follow up with failed sales down the legal route.


    Buying and selling through the Dark Web

    How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes "tumbling," a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user's tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy -- although value fluctuations linked to Bitcoin use makes this move risky.


    Avoiding spying eyes

    Aside from using the Tor browser and VPNs, a number of buyers and sellers use "Tails," free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.
    To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.


    Reddit is used as a communication platform for Dark Web transactions

    Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to "clean house," create safe "drop" zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

    There is a whole lot more to know about the Deep web. Click this link to read more.



  • Microsoft's Windows 10 was launched some few weeks ago, but questions -- lots of questions -- still remain about the new operating system, from when it will be taken to the bosom of enterprise to whether some of Microsoft's moves leading up to it were premeditated.

    Microsoft expert, Steve Kleynhans, spoke at length about the latest OS answering 10 questions about Windows 10. Kleynhans' responses were lightly edited for length.


    Will Windows 10 beat Windows 7's first-year adoption rate, which stood at 22% of all Windows PCs at the end of 12 months? 

    "It is quite likely that Windows 10 will beat Windows 7's adoption in the first year due to three factors," said Kleynhans. "First, the free upgrade will probably be taken by a relatively healthy portion of the population. Second, more users have automatic updates enabled today than six years ago. And third, compatibility between Windows 7 and Windows 10 is significantly better than between Windows XP and Windows 7. There will be a lot fewer blockers to get in the way.

    "Enterprise adoption isn't likely to be significantly better in the first year. However, enterprises will move more quickly to Windows 10 than Windows 7 and there will be a few motivated to move a bit earlier if only because of the one-year free upgrade deadline. There are fewer barriers to moving with Windows 10, including in-place upgrades and no new Internet Explorer [IE] version to wrestle with, so while enterprises will take a bit longer than consumers to get started, both should be a lot higher with Windows 10."


    When will enterprises begin adopting Windows 10 in force? 

    "Companies never do anything quickly, so aside from some aggressive early adopters, most organizations will use 2016 as a time to study the new OS and potentially run some pilots," Kleynhans said. "Real roll-outs might start in late 2016, but are more likely to really kick off in 2017."


    What's Windows 10's biggest draw for enterprises? 

    "Two things: security and lighter-weight management," said Kleynhans. "There are a number of security enhancements, from biometric log-ins to hardware-enabled protection for parts of the OS, that will be compelling to enterprises.

    "Similarly, the ability to use a store for provisioning users, enabling a self-service model, and potentially opening options for BYOD will be attractive.

    "In the short term most companies are looking at Windows 10 as providing them access to 2-in-1 devices that users find intriguing, without having to figure out Windows 8 or deal with some of its enterprise shortcomings. But regardless of any goodness in the product, the biggest driver will ultimately be Windows 7's end-of-life."


    What in Windows 10 -- or about it -- will be the biggest inhibitor to adoption by enterprise? 

    "Probably inertia," said Kleynhans. "For the most part, hardware and software compatibility isn't a big blocker, although official ISV [independent software vendor] support may be, especially in regulated industries. But doing a large-scale Windows migration is a major project. While it is nice to say that this is the last one enterprises will have to do, they still have to do this one.


    "Like any major project, it will take budgeting of time and resources. It will be disruptive. There are also things to learn and integrate into existing processes, such as the new servicing model, selecting a branch, and changes in how they manage things in order to keep current and supported."

    [Computerworld couldn't resist a follow-up question about Kleynhans' reference to "the last one enterprises will have to do," asking him if that would, in fact, be the case. "I think Microsoft believes that," Kleynhans answered. "That's the plan of record. But things change. In 10 years, who know what will happen?"]


    Will enterprises accept Windows 10's new patching and update schemes, or will they reflexively lock down devices with LTSB (long-term servicing branch) and just treat Windows 10 as they now do Window 7? 

    "Some enterprises will undoubtedly try to fall back to the LTSB because it will seem safe and familiar," agreed Kleynhans. "But I suspect that they will quickly discover that the limitations make it unsuitable for a large portion of their users.

    "Once they address the new update cadence for some users, it will be straightforward to extend it to a larger group, lessening the appeal of the LTSB. We will probably see some companies start with the majority of their users on LTSB, but quickly shift towards only those who really need it. By 2019 it is likely that LTSB will be a small percentage of users, less than 10%."


    Will Windows 10 measurably help Microsoft in mobile?

    "Well, it couldn't hurt," countered Kleynhans. "But it really is a big question whether it will draw developers to the platform with the kind of apps that are being developed for iOS and Android.

    "The only thing that truly solves the problem is market share. If a developer perceives the entire Windows 10 ecosystem as a target, the market share number will look pretty good. However, it is likely that most phone developers will continue to focus solely on the Windows smartphone number, and that will dampen their interest."

    What about Microsoft's Universal app strategy? Will that have an impact? "Microsoft certainly hopes it will," said Kleynhans. "But any impact will be a relatively slow build. It will be one more option in a broad collection of options for developers, even if they only focus on the PC: Should I develop a Web app, should I write a traditional Windows app, keep building .NET?

    "I think developers targeting PCs will settle on a combination of Web and Universal apps, but that is likely to be 2018 or later, when a critical mass of Windows 10 devices is in businesses.

    "Universal Windows apps are most immediately compelling to businesses looking at building something that needs to be accessed on a tablet and a PC, or potentially a 2-in-1. So it will help Windows 10 gain a stronger foothold in vertical business applications with a mobility component.

    "In the short term, there may also be some success with games. People like casual games as a simple distraction, even on PCs, so that will be a reasonably good target."

    Will there be a repeat of the scramble to get off Windows XP as Windows 7 nears retirement in January 2020? "There is a lot more awareness of the end-of-life of Windows 7 than there was of Windows XP's," Kleynhans said. "It is still fresh in the minds of a lot of companies, and so you are seeing it pop up on long-range road maps.

    "Generally, companies will plan to be more proactive and will have great intentions about avoiding the mad dash to the finish line in 2019, but the realities of business, and human nature, will cause plans to slip. I expect it will be less of a scramble, but it will still be a scramble."

    Will Microsoft be able to continue to charge for the OS or will it revert to a support model for revenue? "Microsoft will continue to charge for Windows," Kleynhans asserted. "The real question is whether users perceive that they are paying for Windows.

    "The vast majority of users will get Windows as part of the device and the cost will be buried in the device, like the cost of the screen or battery. Unless you are building your own PCs, it won't be visible. Users will get all the updates on that device for free so they won't perceive that they ever pay for Windows.

    "Enterprises, on the other hand, will be gradually coaxed towards a Software Assurance model with flexibility, deeper support, and additional management and security capabilities being the carrots offered over traditional volume licensing. This will look much more like a subscription model."

    In hindsight, several of Microsoft's moves in 2014 now seem to be preliminary steps toward Windows 10, including the requirement that businesses migrate to Windows 8.1 Update within four months, and the deprecation of most IE editions other than IE11. Were these part of a master plan, or was Microsoft simply trying things?" "It's probably best to think of this as more an evolutionary process than a detailed master plan," said Kleynhans. "Obviously, there was always a plan to get people off older versions of IE. The specific timing, though, was in place before the details of Windows 10 were locked down.

    "I look at the updates for Windows 8.1 as being tweaking and testing towards a goal of faster updates, rather than long-term steps in a grand scheme. Remember there was a regime change in Windows, and Microsoft for that matter, right in the middle of all of this, and what we are seeing now is the output of the new leaders, tempered with some marketplace realities."