Migrating to Windows 10 – Now, later, or never?

Migrations bring about change in the lives of technology end-users, whether desired or not.  Often, the IT-support team receives undeserved blame for issues with a new operating system; although, they can help smooth the way by testing core software applications and devices for compatibility before upgrading.

So, here you are with new computers that ship with multiple versions of Windows; which to deploy?  You know there are going to be compatibility issues; there always are.  (Our current VPN client does not yet work with Windows 10 and I have heard of issues with Google’s Chrome on Windows 10.)  Also, there are individuals within your organization who will have trouble adapting to a new user environment.

These are the issues you will need to address when migrating to Windows 10:

  • Equipment compatibility
  • Application compatibility
  • User acceptance

Equipment compatibility

Equipment-compatibility issues exist because Windows has always been everything to everyone:  Windows supports most any printer, scanner, fax, camera, or device as long as the manufacturer conforms to Microsoft specifications, which might include creating a Windows device driver (a small application designed to translate instructions between the device and the operating system) to enable all features.

Likewise, your desktop or notebook computer might not be compatible with Windows 10; you will need (at a minimum):

  • 1GHz processor
  • 1Gb of RAM for 32-bit deployment or 2Gb for 64-bit deployment
  • 20Gb of disk space
  • DirectX9 display with 800×600 display

Please see the Windows 10 specifications for details.

Applications compatibility

Software applications must also conform to Microsoft specifications; however, updating applications to work with a new operating system takes time and effort.  So, older, legacy applications not built to current-day Windows standards can be slow to comply, particularly those from smaller developers, who might not have the resources necessary to make them compatible.  These developers might suggest: “Don’t upgrade now” or “Use XP Compatibility mode”, but usually offer no specific timetable or long-term work-around.

Cloud-based applications have an advantage over most legacy applications; they are likely browser-dependent (and operating-system independent) and are updated continually.  However, you can run into compatibility issues with different browser versions and even different browsers.

User acceptance

An often under-appreciated issue is the changes to the user interface, particularly its look-and-feel; Microsoft received significant criticism with Windows 8.x and the fundamental changes in how it interacts with the end-users.

 

Migration techniques

The safe method, one that many organizations adopt, is to delay migration until:

  • All computers are known to have sufficient resources to run Windows 10.
  • Hardware compatibility issues are identified and resolved, either through updates or hardware replacement.
  • All applications are tested and compatibility issues are either resolved, the application is replaced, or a work-around is established.
  • Training is budgeted and approved.
  • Proper planning is completed to ensure a smooth transition.

However, organizations with limited budgets might not be able to invest fully in this process; they likely need to add a computer or two, right now.

For those already using Windows 8.x:

  • Applications and device drivers that work with Windows 8.x will likely work with Windows 10 (since the underlying framework is similar in both editions).
  • You can use the Windows 8.1 Upgrade Assistant to help identify application- compatibility issues with Windows 8.1, which will also be an issue with Windows 10.

Unfortunately, there is no substitute for testing; put in the time and do it right!

Often, it can be more effective to replace an aging printer (or similar device) than to try and make it work with a new version of Windows; the time to research, locate, install new device drivers (if they exist), test, and then update all migrated workstations can easily exceed the cost of deploying a new, modern device (with more features and greater functionality).

Training is necessary:  Group sessions to introduce the basics and answer questions are effective in getting things started.  Follow-up, small-group training or individual hand-holding can alleviate fears and improve productivity.

For training, Microsoft offers these free, Windows 10 training resources:

Now, later, or never

Basically, if you use Windows-based applications, you main options are:

  • Upgrade to Windows 10 without charge by July 29, 2016
  • Leave Windows-desktop entirely
  • Don’t change anything, ever

Microsoft is allowing anyone with a qualified and genuine copy of Windows 7 or Windows 8/8.1 to upgrade to Windows 10 for free through July 29, 2016.  So, you can upgrade your existing equipment without licensing fees once you have completed compatibility testing, training, etc.

The second option, leave Windows, suggests one of two courses of action:

  • Switch to a non-Microsoft-dependent application.
  • Use a virtual environment to provide Windows-based applications. You can deploy these applications through a virtual server, either on-premise or remotely (i.e.:  via Bryley’s Hosted Cloud Server) that can provide access to your Windows-based application by running it on an older, Windows-based operating system.

The last option is extreme; it can work for a number of years, particularly if you are not replacing desktop computers, but will eventually require a change.  Basically, you are avoiding the inevitable.

We have begun the planning and application testing for our Windows 10 rollout; I’ll update our progress in future issues.

Visit How to upgrade to Windows 10 from Windows 8.1 by Ed Tittle in the February 12th edition of CIO and Preston Gralla’s article: Excited about the imminent release of Windows 10? You might want to wait in the July 21st issue of ComputerWorld.

Bryley Basics: Free anti-malware plug-in for WordPress

Intel Security’s McAfee group now offers a free McAfee SECURE certification plug-in for WordPress-based websites.  This plug-in protects WordPress websites from unwanted malware while site-visitors can verify a site’s integrity by right-clicking on the McAfee SECURE logo (shown below).

McAfee Secure Icon

The free version covers the first 500 site-visitors each month; a paid version (about $80 per month) accommodates more than 500 visitors and allows for some different themes for the trust-mark itself.

James Wheeler, our Internet Marketing Associate, installed the plug-in in May; at first, it did not initially deploy the trust-mark properly, but has since been working reliably at Bryley.com since early June.

Livingstones participate as judges at the STEM Expo at Marlboro High School

The June 12th STEM (Science, Technology, Engineering and Mathematics) Expo at Marlboro High School featured interdisciplinary-team research projects on “Going Green at Marlborough High School” (9th graders) and “How to Reach and Colonize Mars” (10th graders).  These research projects were the culmination of a semester of intense, independent, original research.

About 40 professionals from different companies, including Cathy and Gavin Livingstone of Bryley Systems, judged these works based on understanding, originality, and presentation.

Microsoft Windows 10

Microsoft is releasing Windows 10 on July 29th.  It is available as a free upgrade to licensed users of Windows 7 and Windows 8.1 through the Get Windows 10 (GWX) application which is part of Windows Updates.  (Note: Some companies, including Bryley Systems, are temporarily blocking this update to permit a controlled migration to Windows 10.)

To minimize bandwidth and processing disruptions, those who reserve now for this 3Gb upgrade periodically receive parts of it until the entire upgrade is downloaded and ready for installation on 7/29/2015.

Windows 10 will run most Windows XP applications.  The Windows 10 Home Edition will likely sell at $119; the Pro edition at $199.

View the article from Mark Hachman at PCWorld It’s official: Microsoft says you can download the final version of Windows 10 on July 29

Recommended Practices: IT security cheat-sheet

This is a multi-part series on recommended IT practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

All organizations are at risk of a breach in IT security, whether externally (by a party outside the organization’s computer network) or internally (by a person connected to the organization’s computer network); studies show that even small companies are targeted externally, primarily because they are more vulnerable than larger organizations who can dedicate resources to combat external threats.

Organizations take great efforts to secure their data; they have firewalls, spam blockers, anti-malware applications, intrusion detection, etc.  However, the greatest threat comes from within:  End-users often inadvertently introduce malware (via web browsing or email-attachment clicking), which can spread across the network or attack confidential data.

Effective IT security requires a layered approach; it is comprised of multiple solutions at different points-of-entry and areas of concern.  It must be setup properly, but must also be continually monitored and then updated as appropriate.  Security should be periodically reviewed by an IT expert and, if budget permits, tested to ensure what is expected is what is received.

Effective IT security also requires ongoing training for all users and monitoring and enforcement of usage policies.

For an overview on IT security, I recommend viewing Derrick Hughes’ Ten ways to prevent a data breach and secure your small business in The Globe and Mail.

Here is our checklist, organized by security concern:

1.) Computer network:

  • Deploy, update, and monitor stand-alone firewall(s) between all external networks (IE: Internet) and the organization’s network.
  • Deploy, update, and monitor an email/spam-protection capability.
  • Deploy, update, and monitor an event-log management capability.
  • Deploy, update, and monitor intrusion-prevention/detection capability.
  • Lock-down wireless access points.

The first line-of-defense from external threats is a professional-grade, stand-alone firewall configured to refuse unwanted traffic from external sources while permitting only desirable connections.  It should be supplemented with email/spam protection; either as a Cloud-based service or via an internal appliance.  Event-log management and intrusion prevention/detection are also available either as a service or appliance; both are recommended, but budget versus benefits must be considered.

Enable Service Set Identifier (SSID) for internal-use wireless access points.

2.) Servers, their operating systems, and their applications:

  • Test and then install all recommended security patches/firmware updates.
  • Manage operating system and application security-updates continually.
  • Deploy, update, and monitor anti-malware application on all servers.
  • Monitor continuously and review periodically for anomalies.

Servers, whether in-house or Cloud-based, contain not only valuable data, but also end-user information (usernames, passwords, profiles, etc.) that can be manipulated and used to infiltrate.  They, their operating systems, and server-based applications, must be aggressively patched, protected through anti-malware, and monitored continuously.

Anomalies in performance and event logs can highlight potential security risks; both should be reviewed periodically.

3.) Data:

  • Identify at-risk data and its location; keep only what you need.
  • Outsource payment processing to a reliable, third-party partner.
  • Verify security of vendors and partners with access to your data.
  • Where performance permits; encrypt data at-rest and in-motion.
  • Deploy an encrypted backup solution with onsite and offsite storage.

Company data should be classified as to its value and stored accordingly.  It is best always encrypted, although many organizations might not have the processing power to permit such.

Rather than process payments onsite, many third-party vendors provide this service, but they should be verified before engaging.

Data backups should be encrypted and follow the 3-2-1 rule for reliability:

  • Three copies of important data
  • Two different media types
  • One copy offsite

4.) End-user devices, operating systems, and applications:

  • Manage operating system and application security-updates continually.
  • Deploy, monitor, and update anti-malware app(s) on all end-user devices.
  • Test and install security-required firmware updates to end-user devices.

End-user devices are a primary target; they are difficult to secure and change continually.  However, end-user tools also share some blame:  Karen A. Frenkel of CIO Insight writes in “How Malware Bypasses Detection Tools” that 81% of IT professionals believe that web-browser-initiated malware can remain undetected by security tools and that the primary attack vector is an insecure web browser.

End-user devices, their operating systems and their applications must also be aggressively patched, protected through anti-malware, and monitored continuously.

Occasionally, a manufacturer will issue an alert for a security-required update to an end-user device, which should be applied as soon as possible.

5.) Usage:

  • Lock-down user rights to restrict data access to as-needed basis.
  • Require complex passwords with forced, periodic changes.
  • Enforce periodic time-outs when computer is left unattended.
  • Separate social-media browsing from financial-data handling.
  • Require two-factor authentication for all online transactions.
  • Create end-user policy detailing appropriate Internet use.
  • Create end-user policy on how-to protect sensitive data.
  • Enable web-monitoring capability to enforce policies.
  • Protect email via encryption (as needed).

Data should be restricted, preferably by need-to-know.  (Crypto Locker can initially only attack data available to the end-user introducing this virus.)  Complex passwords with periodic changes can restrict untrusted access while forced time-outs keep private information from unwanted eyes.

Setup a separate login account or device for access to financial-data.  All online financial transactions must have two-factor authentication.

Policies should exist to inform end-users; they can be enforced through web-monitoring solutions.

Sensitive emails should be encrypted (via a service or appliance) while sensitive documents can be transferred via a secure FTP site.

6.) Training:

  • Define an organization’s best practices for IT security.
  • Demonstrate how to spot an unwanted ad while browsing.
  • Train users how to verify a website link (before clicking it).
  • Show how to verify an email attachment (before opening it).
  • Train users to check the address of an email’s sender/source.

Data breaches occur due to the inadvertent introduction of malware, sometimes through the failure to comply with policies designed to limit inappropriate behavior, but often through a lack of IT-security knowledge and training.

50% of corporate employees do not consider IT security to be their responsibility; Millennials are at greater risk than Baby Boomers due to their use of company devices for personal use (64%) and willingness to change default settings (35%).  (These findings are highlighted in Karen A. Frenkel’s of CIO InsightsMillennials Pose a Greater Security Risk”.)

The more training, the better.  Initial training should be acknowledged by the recipient and then tested for knowledge gained.  Security training should be repeated periodically; preferably at least annually.

7.) Maintain a Written Information Security Plan (WISP):

  • Assign a responsible person.
  • Define and announce the WISP.
  • Review WISP periodically (at least annually).
  • Document changes to WISP when they occur.
  • Periodically test, assess, and rework policies and procedures.

The Commonwealth of Massachusetts, under statute 201 CMR 17.00, requires a WISP for all organizations that hold personal information on any Massachusetts resident.  The WISP must be assigned to an Information Security Manager, periodically reviewed, and changes must be documented.  All WISP policies and procedures must be periodically tested, assessed, and reworked as needed to ensure maximum, ongoing protection.

Visit Bryley Systems’ 201 CMR 17.00 Seminar.

Roy Pacitto achieves 20 years at Bryley Systems

Yes, Roy Pacitto, Director of Business Development, has made it through 20 years.

Roy started with Bryley Systems on May 22nd, 1995.  He initially provided service dispatch and management, but quickly moved to business development, where, over the years, he has transformed this group into a tightly-knit team.

Congratulations, Roy:  We’re looking forward to another 20!

IMG_20150520_115805_829

IMG_20150520_120239_205

Winner of our monthly Service-Ticket Survey drawing

Monthly, we select a winner from all respondents to our service-ticket surveys.  Congratulations to DG of FCI, our survey-response winner from last month.

Our winner received a $10 gift certificate, compliments of Bryley Systems.

Selecting a Macintosh computer

Yes, the business world still thrives on Microsoft Windows; it remains the most-compatible platform for business-oriented applications.  However, we do have Mac users and they occasionally seek our advice.  Well, thanks to Laurie Lake of Macs at Work, a business partner of Bryley Systems located in Shrewsbury, MA, we can share these tips for selecting a Macintosh computer.

Basic steps in the decision process:

  • Define your preference – mobile or desktop
  • Make your choice and buy accordingly

Define your preference – mobile or desktop

Mobile workers will want a MacBook; Apple’s alternative to the Intel-branded Ultrabook, the MacBook is a sleek (13.1 mm), light (2.03 lbs.), mobile computer with an Intel processor, a 12” or a 13” Retina display, a 9-hour batters, and a full-size keyboard that can easily fit in a small carry-bag.  Prices start at $1,299.

The MacBook Air is a less-expensive, slightly heavier (2.38 lbs. to 3.48 lbs.) version with either an 11” (from $899) or 13” (from $1,199) display.  The processors are slightly faster than a comparable MacBook and storage can configure up to 1Tb, which is exclusively flash-based; electronic rather than mechanical.

The MacBook Pro comes with a 13” (from $999) or a 15” (from $1,999) Retina display powered by high-end graphics; it also has significant processing power (Intel dual-core and quad-core processors) with greater flash-based storage and the advanced, OS X Yosemite operating system.

If you are desk-bound and desire a larger display, a mouse, and a full-size keyboard with numeric keypad, you might consider an iMac.

iMacs come with quad-core processors and max-out with 3Tb of storage; the base units are of three basic types (measured by display size):

  • iMAC 21.5-inch (from $1,099)
  • iMac 27-inch (from $1,799)
  • iMac 27-inch with Retina (from $1,999)

All come equipped with at least a 500Gb hard drive, wireless keyboard, and mouse or trackpad.

Make your choice and buy accordingly

If you spend most of your time on the road, a MacBook variation makes a lot of sense.  If your eyes are strong and you wish to minimize weight in your travel bag, get the 11” MacBook Air with the 9-hour battery.  If you need a larger display with greater processing and can accept the extra weight, go with the 15” MacBook Pro.

For office-bound users; get the most you can afford in your budget.  Always buy the largest display, the most Random Access Memory (RAM) and the greatest amount of storage that you can justify; with computing, more is generally better.

Please view the article by Roman Loyola of Macworld Which Mac Should I Buy? and the article by Jesus Vigo of TechRepublic Apple’s MacBook lineup:  Which works better for business?

Alternatives:  Choose a PC or an Ultrabook

We have visited this topic repeatedly over the years, but here are two suggestions:

Firewall Trade-Up program for existing clients

We are offering a trade-up program to existing clients; we will rebate the cost of your current firewall plus provide low, fixed-price installation of a new Cisco ASA firewall/VPN appliance.

For details, please contact our Business Development team at 978.562.6077 option 2.  Or, email ITExperts@Bryley.com.

Bryley Basics: Microsoft Windows is not as vulnerable as Apple OS or Linux

Due to their size and complexity, it is difficult to completely secure a computer operating system, which leaves them vulnerable to attack.  With the number of reported hackings, most might consider Microsoft Windows to be extremely vulnerable, but Windows actually ranked less vulnerable than Apple Mac OS X, Apple iOS, and Linux.

This ranking was made by GFI Software in 2014, which reviewed popular operating systems and the number and rating of reported vulnerabilities.  GFI reported these top-5 results:

  1. Apple Mac OS X – 147 vulnerabilities; 64 High, 64 Medium, and 16 Low
  2. Apple iOS – 127 vulnerabilities; 32 High, 72 Medium, and 23 Low
  3. Linux – 119 vulnerabilities; 24 High, 74 Medium, and 12 Low
  4. Microsoft Windows Server 2008 – 38 vulnerabilities; 26 High and 12 Medium
  5. Microsoft Windows 7 – 36 vulnerabilities; 25 High and 11 Medium

Microsoft’s Internet Explorer, however, was ranked as the most-vulnerable application followed by Google Chrome, Mozilla Firefox, Adobe Flash Player, and Oracle’s Java.

See the article from Swati Khandelwal of The Hacker NewsWindows?  NO, Linux and Mac OS X Most Vulnerable Operating System in 2014.