samedi 31 octobre 2015

Online threats for October 2015, botnets and encryption malware still prevalent

Malware

Malware and viruses always seem to be in the news, and there isn't an end in sight. The latest threats are mostly platform agnostic, attacking the desktop. Email and mobile, as well as the dreaded encryption schemes designed to steal your money. The latter was in the news this week as the FBI claimed it recommends paying the criminals, something security firm Sophos, and just about everyone else, took exception to.

Now Dr. Web is releasing its report for the month of October, and there are few surprises. October was actually a less active month, which is good news, but threats stil lurk out there.

The threat of the month, according to Dr, Web, was a website hack that appeared in Google search results. It took users to a site for a popular Russian TV show. It did require certain conditions to operate, but when operating it opened a second browser window that could not be closed and executed a script that reported to the cybercrimminals.

"The extension detected by Dr.Web as Trojan.BPLug.1041 serves the purpose of injecting arbitrary content into webpages browsed by the user. Moreover, on all websites, the malicious program blocks third-party advertisements from any domains, except for those listed in the configuration file. If the user logs in to the Odnoklassniki (“Одноклассники”) social networking website", the security researchers report.

The most common malware ws Trojan,Siggen6.33552 which is built to install more mailicious programs on any computer it infects. This is followed by Trojan.Crossrider.42770.

As for email, users need to watch out for Trojan.Encoder.567. This encrypts files and demands money. Files included are pg, .jpeg, .doc, .docx, .xls, xlsx, .dbf, .1cd, .psd, .dwg, .xml, .zip, .rar, .db3, .pdf, .rtf, .7z, .kwm, .arj, .xlsm, .key, .cer, .accdb, .odt, .ppt, .mdb, .dt, .gsf, .ppsx, .pptx.

Overall botnet traffic remains steady, but Dr, Web reports that "cybercriminals controlling the Linux.BackDoor.Gates.5 botnet became considerably less active—in comparison with the previous month, the number of attacked IP addresses decreased by 33.29 per cent and was estimated 5,051". The most prevalent attacks took place in China, the US and France weren't far behind.

Finally we come to encryption malware, a sector that has grown more than 12 percent in October, rising to 1,471 requests received for decryption.

In other words, keep a close eye on everything you do online. Safe usage is possible, but it requires user vigilance.

Image Credit: lolloj/Shutterstock



Skype comes to Office Online and Office comes to Chrome

office_chrome_extension

Microsoft is promoting Skype more than ever before. Not content with desktop and mobile apps, now the company is bringing the voice and video messaging tool to its office suite. Starting with Office Online integration Skype messaging is now available in Word, Excel, PowerPoint, and OneNote Online, as well as Outlook.com.

This is a continuation of Microsoft's increased focus on the cloud, and a recognition of the important of communication for collaborative projects. There are times when simply being able to work on the same document with colleagues is not going to be enough, and this is where Skype integration comes into play.

Microsoft says that the addition of voice and view chat to Office Online brings "a natural, collaborative experience in which you can co-author and have a conversation using instant messaging or video calling right from within a document". Just as Google has done with Chrome, this is the latest move in Microsoft plan to turn the web browser into the ultimate destination. Skype arrives for people with a Microsoft account in November.

The company is not obsessed with it own Microsoft Edge browser, however. A new Chrome extension makes it easier than ever to create, view, and edit Office documents in Google's browser. Microsoft also announces that the footprint of Office for Android has been reduced by 40 percent, and Office apps are now ready for enterprise use with Android M support for Enterprise, and Android for Work compliance.



Tor Messenger Beta brings ultra-secure messaging to the masses

secure_message_keyboard

When talk turns to privacy and online anonymity, it isn’t long before Tor enters the discussion. The Tor browser has become famous for its use of .onion domains, making it easier for people to browse the web without fear of being snooped upon.

Now there is a new tool for the security-minded to play with. Tor Messenger Beta is -- as you would expect -- a chat tool that routes traffic through Tor. One thing it has in its favor right from the start is that this is not a weird proprietory app -- it can be used in conjunction with existing networks such as Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and more.

Available for OS X, Windows, and Linux, Tor Messenger Beta employs Off-the-Record (OTR) Messaging to keep communication secure. It is based on Mozilla's Instantbird thanks in part to the fact that there are close links between Tor and Firefox; it just made sense in a lot of ways. There have already been three alpha versions release, but this is the first public beta that is available for testing

The team behind the chat client says:

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.

Future builds will see the introduction of extra features such as sandboxing, encrypted file transfers, and OTR over Twitter DMs. If you fancy trying it out, grab the Tor Messenger Beta and see what you think.

Photo credit: Markus Mainka / Shutterstock



Amazon implements Apple TV veto

amazon_devices

True to its word, Amazon has made good on an earlier promise (or threat, depending on your point of view) not to sell Apple TV. In what will be widely regarded as an aggressive marketing move, the online retailer has cut out Apple TV like a cancer. The block on sales comes just as Apple launches its latest streaming device, and the sanctions also affect Google's Chromecast.

Previous links to such product now 404, but there are still a few accessories scattered through the store. But the ban does feel like a case of Amazon cutting off its nose to spite its face. While it does means that Amazon is able to take steps to fight the competition, it does so at the cost of hurting its customers.

If you're thinking about picking up an Apple TV, you're going to have to hit and Apple store or some other alternative. Of course Amazon is not admitting that the move has been done to help promote sales of its own Fire TV, instead citing customer confusion over potential compatibility issues some device may (or may not) have with Prime Video.

An email to merchants said:

It's important that the streaming media players we sell interact well with Prime Video in order to avoid customer confusion.

Of course, critics of the sale ban might suggest that Amazon could just do something to help improve compatibility by producing apps Prime apps for other device. Maybe that would be too simple...

Photo credit: Yeamake / Shutterstock



Disaster 411: Is your business prepared to fight back?

disaster recovery plan

On the heels of September’s National Preparedness Month, an effort sponsored by the U.S. Federal Emergency Management Agency (FEMA), Americans are being encouraged to take extra precautions to safeguard their homes, businesses, schools, and communities against disaster -- long before disaster strikes!

According to The National Federation of Independent Business, nearly one-third of small businesses will experience a natural disaster. Even more striking, 25 percent of businesses do not re-open after a natural disaster, and 43 percent do not re-open after catastrophic data loss, according to FEMA.

So are you doing enough to protect your business’ critical data? Data loss can happen when least expected -- whether from natural disaster, theft, fire, equipment failure, virus, or user error. What’s alarming is just how many small- and medium-sized businesses (SMBs) overlook the potential for data loss when it comes to disaster preparedness. A recent Ponemon Institute study showed that 62 percent of SMBs do not routinely back up their data.

The tragic reason that SMBs are particularly at risk for data loss is that the majority of them put off implementing backup and disaster recovery solutions until after they’ve experienced a disaster.

The takeaway: Disasters don’t discriminate in choosing when and where to strike, making businesses of all shapes and sizes equally vulnerable. So the time to act is now, long before a disaster strikes.

There are four key actions that SMBs can take now to prepare for disruptions and ensure the safety of their critical data in the event of either a momentary, localized outage or a worst-case catastrophic scenario.

1. Plan Ahead

Invest in preparedness now and quantify the value of the time and money that a disaster plan will save if disaster strikes your business. Determine what files and applications are critical to back up, such as emails, client records, virtual machines, point-of-sale (POS) systems, etc. Develop a comprehensive business continuity and disaster recovery (BCDR) plan that takes into account how business-critical it is to recover or replicate each system. Be sure to document the plan, specify what will be recovered and how it will be recovered. Having an agreed upon plan that is fully understood across an organization can mean the difference between making a full recovery post disaster and being forced to close your doors.

2. Understand the Types of Data Loss

Bear in mind that natural disasters aren’t the only threats to small businesses. User error, malware, equipment failure, and other incidents and events can bring small businesses to the brink. And it’s not a matter of "if" but "when" SMBs will face a situation that can put critical data at risk. Being proactive and anticipating events that can severely disrupt operations puts you in the best possible position to respond quickly and effectively.

3. Do a Test Run

Once you have a comprehensive BCDR plan in place, be sure to educate employees on their roles and responsibilities in the disaster recovery plan. Hold routine dry runs to test your plan and see what’s working and what areas might need improvement. Incorporate what you learn in the test run into the BCDR plan, and test it again. As with any plan, modifications are necessary sometimes, so test routinely and make adjustments as needed to ensure that your plan is always up to speed. A plan that is not tested often fails.

4. Invest In the Right Tools

Some SMBs lack the resources needed to support a disaster recovery plan. These small businesses need to proactively identify IT service providers that can provide such tools as local and offsite backup, hosted servers and applications, remote monitoring, and on-site support.

Managing the day-to-day operations of a business can be overwhelming in and of itself. But as data security, both physical and online, continues to grow in importance for SMBs, it’s imperative for businesses to take a proactive stance and protect themselves in advance of the threat of disaster. Formulating a data protection plan and investing in the appropriate resources now will be a lifesaver down the road, the ultimate benefit being to ensure longevity for your business.

Scott Graham is Vice President of IT and Operations at Intronis. He has more than 25 years of experience running IT organizations for high growth venture funded companies and larger publicly traded global organizations. Before joining Intronis, Scott served as the VP of IT for Consumer United, a venture funded brokerage house, where he led a complete transformation of all systems and infrastructure. Prior to Consumer United, he was the Managing Director for The First Marblehead Corporation, and held senior management roles at Avid Technology, Quantum Bridge and 3Com. For more information about Intronis, visit www.intronis.com, or follow on Twitter: @intronisinc.

Photo Credit: Olivier Le Moal/Shutterstock



vendredi 30 octobre 2015

The Microsoft Work and Play bundle is back and you should totally sign up

Migrating to Windows 10: Why and how you should do it

windows_10_purple

With Microsoft unveiling its latest operating system earlier this summer, many businesses are faced with a difficult choice about whether or not to take the plunge and migrate to Windows 10.

It’s a decision that shouldn’t be taken lightly, and it seems that many companies are hesitant about making the move. A recent survey found that 71 percent of businesses polled were looking to wait at least six months from its release date before migrating.

It’s no surprise, particularly with Microsoft’s somewhat turbulent history when it comes to new releases. Microsoft, however, appear to have learnt from past mistakes and Windows 10 promises to offer a more user-friendly experience, with the capabilities to function effortlessly across different platforms.

A Gateway to Cloud and User-Friendly IT

The first step in the upgrade process is to understand what benefits the new OS will provide. For fans of previous Microsoft operating systems, namely Windows 7 and 8.x, its latest release is nothing less than a natural progression. Combining the strengths of its predecessors, Windows 10 offers end users a host of benefits, which, in short, allow for a better and more productive user experience.

From an IT infrastructure perspective, Microsoft looks to overcome the shortcomings seen in Windows 8.x. For example, the system’s security has been greatly improved, and includes valuable features to safeguard corporate networks and data security, such as Device Guard and Windows Hello.

A major strength is that Windows 10 works across all platforms, helping to further streamline operations. As businesses continue to use consumer-grade devices, such as tablets and smartphones, on a day-to-day basis, Microsoft has ensured that performance isn’t compromised, creating an all-encompassing OS geared towards a more natural way of working. Windows 10 is consistent and secure across platforms, helping to improve operations for end users in the long-term.

The latest research from the Cloud Industry Forum (CIF) shows the overall cloud adoption rate in the UK now stands at 84 percent. With this figure set to rise, Windows 10 is built with this in mind, acting as a gateway to cloud innovation. Businesses seeking to reap the rewards of working in the cloud should look no further than Microsoft’s new OS, as it allows for increased flexibility, mobility and workplace collaboration.

Windows 8 was seen as a bridge too far for many users, as they were taken out of their comfort zone with a lack of OS familiarity. Because of this, many businesses, and indeed consumers, have waited for the next big thing to replace Windows 7.

Enterprise Migration -- What’s Involved?

For consumers, upgrading to Windows 10 is a simple transition, and automatically occurs in the backdrop if using Windows 7 or Windows 8.1. For businesses, however, the changeover poses a more complex challenge, although Microsoft has committed to making the process as pain free as possible with zero touch deployment.

One area that does require some thought, especially for businesses that rely on a range of applications, is compatibility and application testing. Although Microsoft has stated that all Windows 7 and 8.x apps will be compatible with the new system, issues relating to functionality may still arise, which need to be considered and planned for in advance.

The new system may present a learning curve for some, particularly those who are well accustomed to Windows 8.x. With fundamental changes, including where features are to be found, it may take them some time to get used to the new system. End user training could be useful for some, to ensure that they know how to get the most from Windows 10.

As a whole, however, the new OS is actually more intuitive, and, to an extent, very similar to Windows 7, which a lot of users will already be comfortable with.

How Long Will It Take to Migrate?

In our experience, Windows 10 migration is relatively straightforward, with the majority of time being spent on the planning and design phases. Migration, of course, does require a certain degree of upheaval, and, because of this, you need to get it right first time. End users are often reluctant to change, so need to witness, first hand, how the new system can help to enhance their working lives.

Timescales are dependent on each project’s requirements. Migration may take a matter of days, weeks or months, depending on the scale of the project and size of the enterprise. A business should allow for more time if they are looking to take advantage of cloud-based services.

How to Go About a Successful Migration

It‘s important for businesses to identify key stakeholders, as changing an OS can fundamentally alter working styles. Based on these stakeholders’ needs, a business can target the evangelist end users who can help influence the design of the new OS.

Before rolling out to a wider-audience, it is useful to test the new system on some early adopters, allowing them to evaluate it based on their needs, which can then be applied business-wide. Users should also be encouraged to take advantage of Windows 10’s cross platform compatibility, which will help to improve productivity and efficiency.

Windows 10: Worthy of the Hype?

With a continuous cycle of development, Windows 10 is more streamlined then ever, as Microsoft moves away from major upgrades to a release process based on ad-hoc, incremental updates. Through small and subtle changes, the end users’ experience is enhanced, as they find something new to improve performance. These incremental changes help keep things fresh and interesting, evolving the user experience for the better.

As enterprises continue to embrace the consumer model, technology is evolving from consumer-grade products, which are now used on a day-to-day basis and have the capabilities to function effectively within a business environment.

All indicators point favorably in the direction of Windows 10, as it makes its claim as the next big operating system.

With the adoption of cloud-based services, additional security, increased mobility and flexibility and a straightforward migration process, Windows 10 promises to improve the experience for both end users and businesses alike.

Colin Prime-Moore is chief technology officer at Ultima Business Solutions.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo credit: Anton Watman / Shutterstock



How to minimize the risks in cloud collaboration

Cloud risk

Gartner predicts that cloud office systems will account for 33 percent of the overall office market by 2017. This is a big step considering a few years ago collaboration in businesses typically involved emails, phone calls, and perhaps a few instant messages (IMs) exchanged within the company.

However, nowadays the arrival of cloud computing and all the remunerations that come with it have shaped the path for collaborative cloud-based services, reforming how businesses work over the internet. Many collaborative services target a specific business need, such as social networking, productivity apps, storage, or good old fashioned email.

However, whilst collaborative cloud-based services offer a whole range of benefits to businesses of all sizes, they also can pose a number of risks if not appropriately integrated into the corporate sphere. When using the messaging and conference call applications within the cloud, users need to be aware that the same rules associated with data privacy should also apply to this.

Companies need to ensure that the data transferred over these systems cannot be captured by someone trying to maliciously record the call or video, and that there is an audit trail on how this messaging is done within these interactive sessions, so it cannot be detained by unwanted users.

Even if employees are exchanging corporate messages privately, organizations need to make sure that there is a higher degree of security around the confidentiality of that data. This is simply because it could be severely compromising in a situation where cybercriminals hack into a corporate collaboration system and start to make private company details public.

This has been seen already in the infamous phone hackings of company voicemails, so it is imperative that organizations ensure there are appropriate security measures in place which are resilient, as well as Service Level Agreements (SLAs) which will provide a high degree of compensation if the systems are breached and the company is compromised.

The big question companies need to ask themselves is will the in-house IT department do a superior job at protecting the corporate collaboration system, or is this a responsibility which you place offsite with a cloud provider.

Nowadays, SMEs in particular are taking the view that this task is best managed off premise with a provider which they trust and pay to manage their cloud collaboration systems for them. This approach has many benefits, providing the company forms a relationship with a trustworthy vendor. It is imperative that before handing over the responsibility of managing and storing company data, organizations check the track record of their cloud provider and ensure that there have been no former breaches of confidentiality.

It is also wise for companies to try and understand the technology the provider utilizes in its own data centers, and the tools they use to make the service more secure. One of the key examples of this is to check if the sessions that run between the organizations and the service provider are encrypted. This means that the data, such as voice messages, are encrypted within a VPN (Virtual Private Network) and the resulting file that is used to record the call is also encrypted and can only be played back by authorized users.

Another risk which has emerged into the ever-connected world of business is Bring Your Own Device (BYOD). By enabling a BYOD program, enterprises permit employees access to corporate resources from anywhere in the world, however, securing these devices and supporting different mobile platforms can create complex issues for IT departments.

Companies need to lay down careful policies on the security required, how this data should be handled and how employees are expected to behave, including security awareness of the dangers of insecure networks and over-sharing in social networks.

One of the specific areas of concern to be addressed is the mobility of data and how to capitalize on the benefits while securing the company. Firstly, security policies must be revised to reflect the changes in working practices. It’s no longer possible for IT departments to defend the traditional network perimeter. Instead, they must apply a security wrapper around every employee, so that they are protected wherever they work and whatever device they use.

As well as a focus on technology, organizations need to better educate their employees. It’s essential that employers understand the risks involved with using mobile devices and communicate this effectively with employees.

They also need to put in place robust security processes to reduce the risk of any data breaches or leaks occurring. This means deploying anti-malware apps, controlling the applications that employees have access to, and also being able to block access to, and where necessary, erase sensitive data stored on a lost device.

The relatively recent purchase of AirWatch by VMWare shows how enterprise software vendors are adding additional functionality to compliment the services already offered by the mobile device operating systems, and in this way providing additional levels of control.

Nigel Moulton, EMEA CTO at VCE.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Image Credit: Creativa Images / Shutterstock



Microsoft experiments with making it easier for pirates to upgrade to Windows 10

piracy_mouse

Many people have been upset by Microsoft's attitude to Windows 10 upgrades. Not content with secretly downloading the setup files, there have been numerous reports of forced upgrades to Windows 10, and confusion about the upgrade process. Yesterday, Terry Myerson penned a blog post explaining how upgrading to Windows 10 will be made easier.

This is something that has been written about across the web, but the focus has been on how Windows 10 will made an optional update through Windows Update, how rollback will be possible, and how to kill upgrade notifications if you're simply not interested. What has not been talked about much is Myerson's revelation that it will be made easier for pirates to upgrade to Windows 10.

It has long been known that Windows 10 would be a free upgrade for anyone with a genuine copy of Windows 7 or Windows 8.1. But in his blog post, Myerson says that Microsoft has been intrigued by the "creative efforts which non-Genuine customers have gone to, to initiate the upgrade process on Windows 7 and Windows 8.1". Perhaps what is more surprising is "how many have purchased Genuine Windows 10 activation through the Windows 10 store".

Microsoft may be celebrating 110 million installations (or whatever number you fancy plucking out of the air), but the company is hungry for more. While not going as far as allowing non-genuine users to upgrade free of charge, things are being made as easy as possible.

[...] we are going to start an experiment soon in the United States, which we will then evaluate before extending to other countries, to ease the upgrade of non-Genuine Windows 7 and Windows 8.1. We'll offer a one-click opportunity to get Genuine via the Windows Store or by entering an activation code purchased elsewhere. If this turns into a path for most customers to get Genuine, we will expand the experiment. We’d like to welcome as many of these customers as possible to the legitimate Windows ecosystem.

Photo credit: oriori / Shutterstock



The security implications of a cyber-insurance policy

Insurance

The recent cyber-attack on TalkTalk has reinforced a common perception that cyber-attacks are the work of shadowy figures operating from bedrooms or basements, attempting to mimic the work of James Bond’s arch rival, Spectre. The reality -- and a lesser known fact -- is that the majority of attacks (55 percent) involve insiders.

These insider-inspired attacks may not grab the headlines in the same way as attacks by 15 year-olds do -- in fact for obvious reputational reasons, they rarely make the newspapers at all -- but they do give the IT departments of the organizations that have suffered the attack just as big a headache.

So spending time building stronger internal defences would be time well spent. Unfortunately, the results of a survey that my company has just carried out would appear to show that this is not the case and that these IT departments could well be putting their own organizations at considerable risk.

For a growing number of companies, that risk could now have been shared with an insurance company, by taking out a cyber insurance policy. Cyber insurance is growing fast (global gross written premiums grew from $850 million in 2012 to $2.5 billion in 2014) and on the face of it, has significant appeal for senior management.

After all, transferring risk in exchange for a premium makes good commercial sense -- and has done ever since the Lloyds coffee house owners of the 17th Century changed their business focus. The ideal form of cyber risk management, then, is achieving the right balance between internal IT security measures and the transfer of some risk to an insurance company.

Achieving that balance could then allow the senior management to sleep more easily at night. But the stringent conditions surrounding these policies means that these insurance companies may not pay out, leaving the IT department with a serious amount of explaining to do.

Let’s consider just three aspects our our research which may give IT departments cause for thought and, hopefully, then action.

One of the questions we asked our survey respondents was when "considering purchasing cyber-insurance do you anticipate that this will require a change to your existing IT security policy?" Most (41 percent) felt they would not, whilst 32 percent said they didn’t know, thereby putting the majority of our respondents directly on a collision course with the insurance company.

This finding alarmed us and here’s why. This stance assumes that the company’s IT security policy is already of a sufficiently high standard so as to satisfy an insurance company. But cyber insurance policies are still relatively new, ergo, insurance companies have set the bar very very high.

We think that it’s essential that the IT Department understands precisely what the policy conditions are and then audits its current IT security policy so as to determine if it would pass the fitness test.

The second element that worried us was the insufficient amount of attention being paid to security updates. Nearly half our respondents thought it would be either quite difficult (43 percent) or very difficult (10 percent) to "identify whether... security software fails to make critical updates".

In the event of a cyber-attack triggering a claim on the policy, this is one of the first areas that the insurance company will look at and, in those circumstances, it seems that our unlucky 43 percent would have some explaining to do.

The third area of our research concerned the IT Departments’ -- some might say -- lackadaisical attitude toward staff access.

Fifty percent of the sample felt that it would be either "difficult" or "very difficult" to identify whether any ex-employees still had access via accounts to resources on their network. The same percentage thought the same about ex-third party providers accessing their network and an even bigger proportion (55 percent) thought the same about ex-contractors accessing their networks.

Of these three groups, former staff represents the greatest threat. Research shows that 88 percent of insider attacks came from permanent staff; seven percent from contractors and only five percent from agency contractors. So, not knowing which of your former employees still had access to your network seemed a mighty big security lapse to us, and one that the cyber insurance company would want to bring to the attention of senior management too when turning down the insurance claim.

So what can the IT department do about this state of affairs? Our recommendations are as follows:

  • If your company is considering taking out a cyber-insurance policy, get involved in the decision making process. (This seems obvious, but nearly a fifth --n14 percent -- of our respondents didn’t know that their company was considering buying one!)
  • Make sure that you have a clear understanding about the limitations of your existing technology and how that may affect your cover
  • Make sure that regular and automated security activities (updates, patches, signatures, etc) exist
  • Maximize your own visibility. If you suffer a breach, the insurance company will want to attribute the source and the more data you have the easier your job will be
  • Know your access control weaknesses. Most cyber insurance policies assume you have complete control and that you have visibility of every user who has access to your infrastructure

The insurance industry is catching on to cyber insurance fast. And why not? National governments are even threatening to make it compulsory, thereby accelerating its take up.

Like their counterparts which offer residential customers reduced premiums if they can prove that they have invested in upgrading their household security systems, so these insurance companies will reward those organizations whose IT Departments can prove that they have taken the equivalent security steps within their organizations.

And as the highest chance of a cyber-attack will likely come from a former employee, then that’s where these new security policies should start too.

Chris Pace, Head of Product Marketing at Wallix UK.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Image Credit: FuzzBones/Shutterstock



Following criticism, Facebook introduces changes to 'real names' policy

hello_my_name_is

Unlike many other social networks, Facebook has long required its users to display their real names. Over the last couple of years there have been many vocal complaints from various types of user who feel victimized by this: drag queens, transgender and LGBT communities, and Native American users, for instance.

As well as users directly affected by the policy, privacy groups such as the Electronic Frontier Foundation have campaigned for Facebook to have a rethink. And it seems that the social network has listened. Facebook's Alex Schultz has written an open letter which, while not announcing the end of the real names policy, introduces a couple of key changes that will please many people.

It's important to note that real names are not going anywhere; Facebook regards them as a valuable tool in fighting trolling and bullying -- "we know this policy helps make Facebook safe". Facebook's own research suggests that users who have opted to hide behind a fake name are significantly more likely to be engaged in harassment and other unwanted activities. Today, two important changes are to be ushered in.

Firstly, in a bid to reduce the number of people who have to verify that they are using their real name, the onus will be shifted to anyone reporting a profile about why they are doing so. It is hoped that this will help to reduce the number of malicious reports that are filed.

Secondly, for those people that Facebook does require to provide more information, things will be made easier. Starting in December, users will be able to provide extra details and give context to explain their reasons for using a particular name. It will also be possible to prove one's identity without using a government-issued ID card.

In the letter, Schultz clarifies Facebook's position on real names:

We do not require people to use their legal names on Facebook. Instead, we ask people to use the name that other people know them by. We also appreciate that identity and names are deeply personal matters and can vary significantly across cultures, and we want to be sensitive to these issues.

For anyone looking to fight for their right to use a particular name, Facebook promises that more personalized help will be made available. While today's announcement goes some way to meeting the demands that have been made of Facebook, the real names policy remains in place. With this in mind, it is unlikely that campaigns for its abolishment will quiet down.

Photo credit: Gustavo Frazao / Shutterstock



Best Windows apps this week (Halloween Edition)

halloween

One-hundred and fifty-two in a series. Welcome to this week's overview of the best apps and games released for Windows 8.x/10 in the past seven days.

This week saw the release of several promising applications and only some games such as MapFactor GPS Navigation, a free GPS navigation application or the USA Today sports application.

The title "app of the week" was not awarded this week.

As always, if I missed an app or game that has been released this week that you believe is particularly good, let me know in the comments below or notify me via email instead.

Discounts This Week

Red Stripe Deals are back. Microsoft added them to the new Windows 10 Store. You find them listed under Collections when you open the store.

Best app of the week

none this week

Other apps

Crazy Halloween

halloween

Combine Halloween-themed items in this match-3 game. It features 200 challenging puzzle levels and six game modes to keep you entertained.

Apart from reaching a target score, you are asked to crush all pumpkins in a level, to collect jellies, or help ghosts find peace.

The mechanics are identical to other match-3 type of games. Combine Halloween items by swapping positions of two items on the map to match at least three identical items which are then removed from it.

MapFactor GPS Navigation

mapfactor

MapFactor Navigator is a free GPS navigation application for Windows that uses OpenStreetMaps data by default.

Maps are downloaded to the local system which means that an Internet connection is not required to use the app for navigation after the initial download of the map data.

It is optionally possible to download TomTom GPS navigation maps as part of a paid upgrade. Doing so adds additional information such as lane warnings, motorway signs or truck restrictions to the maps.

Pirates of Everseas

pirates

Create a pirate stronghold in this empire building game. As is the case with all of these games, you start with little resources which allow you to expand your empire gradually.

Construct buildings and weapons, build powerful ships and send them out to fight monsters, explore wrecks or attack rival islands.

Grover Podcast

podcast

The application provides you with the means to manage podcasts on Windows.

You can use it to search for podcasts, subscribe to them, and to listen to them using the app.

In addition to that, you may download podcasts to the local system for offline access, and synchronize podcasts between devices.

Podcasts can be played with normal speed or at 1.5 or 2 times the actual speed.

USA Today Sports

usa-today

The application has a strong focus on sports popular in the US which you will notice right away on start.

That's to be expected on the other hand and if you are interested in Baseball, Basketball, Hockey or Football, then you will certainly find the app useful in this regard.

USA Today Sports does cover other sports such as soccer, tennis or golf as well.

It features live event notifications, trending topics, an animated gif section and scores among other things.

Trucking 3D Construction Delivery Simulator

trucking

Trucking 3D is a parking simulation game in which you pick up and deliver construction materials.

In most levels, you are asked to pick up construction material and deliver it.

Different trucks, materials to pick up and scenarios are provided that make the game more enjoyable.

In some missions for instance you are asked to follow a lead truck while you may complete side-quests in others for extra points.

Newsmator

Newsmator is a feed reading application that ships with a selection of feeds from popular newspapers and options to add custom RSS feeds to it.

The main menu lists articles from all feeds that you have added to the application. You may read articles right away or save them to the read later list instead.

Other features include a history to re-read articles, and an option to add articles to the favorites for safe keeping.

Try Windows 10

try-windows10

This is a training application for new Windows 10 users that offers videos for a number of "how-to" topics.

Topics include getting apps, managing photos, browsing the web or personalizing the PC.

Some topics offer more than one video. The browse the web topic for instance lists "search the web quickly" and "read articles distraction-free" as topics.

YuppTV - Live TV, Catch-up, Movies

yupp

The subscription-based service lets you watch South Asian TV channels from anywhere in the world.

It offers live TV, options to replay shows of the past ten days, and access to a selection of movies.

ZUUS Universal

zuus

ZUUS calls itself the "Pandora of music videos". It offers more than 500 channels of non-stop music videos that you can watch for free using the application.

You may tune in to programmed playlists, festivals, or watch music by artists or genres you are interested in.

Halloween Special

Here is a short selection of apps and games for Halloween.

Notable updates

Shazaam has been rebuild for Windows 10. It features Cortana support, a new song page offering lyrics, videos and recommendations, a news feed based on artists that you have discovered using the application, a new lyrics play mode to sing along, and improved accuracy when detecting songs.