Tech News Weekly: Issue 33
Windows end of support, F-Droid, security updates and privacy improvements
News
Operating Systems
Several Microsoft Windows will reach end of support / servicing this year. We already witnessed the end of Windows 7 and 8 / 8.1.
Next month, Windows 10 Home and Pro version 21H2 will reach end of servicing. Users may upgrade to version 22H2, the last version of Windows 10 that Microsoft plans to release. Microsoft will auto-upgrade Windows 10 version 21H2 devices to 22H2 automatically.
In October 2023, Windows 11 Home and Pro version 21H2 will reach end of servicing. Users may upgrade to version 22H2, or version 23H2, which will be released around the same time. Windows Server 2012 and 2012 R2 are reaching end of support in October as well.
Microsoft is preparing to launch the next Moments update for Windows 11 version 22H2. The third Moments update will introduce several new features, many of which are minor.
Highlights are the expanding of Live Captions to other languages, new Access Key shortcuts in File Explorer, support for multi-kiosk mode, and the ability to create kernel memory dumps in Task Manager.
Windows 10 version 22H2 may be the last version of Windows 10, but the operating system will still get smaller feature updates as part of the monthly cumulative updates. It remains to be seen for how long these smaller updates will be released though, considering that the operating system reaches end of servicing in October 2025.
Microsoft has updated the Weather app of Windows again and removed the MSN News component and most ads from it. The company launched the new version recently and it did include the news component and ads in prominent locations. Pushing MSN news into products appears to remain a focus though for Microsoft.
Microsoft is investigating a new issue that affects VPN speeds on Windows 11. Devices on which the April 2023 optional updates were installed were hit first (KB5025305), and the issue was not fixed when the May 2023 cumulative updates were released for the operating system. The issue appears limited to L2TP/IPsec VPN connections. Microsoft engineers are working on a resolution. For now, uninstallation of the updates seems to be the only option, albeit not a good one, as it will also remove the security updates released in May 2023.
Mobile
Browser
Google has released a security update for its Chrome web browser. It is available for all desktop versions, including Extended Stable. The update addresses 12 different security issues, including one critically rated. Google is not aware of any exploits targeting the vulnerabilities at this point.
Brave Browser is soon getting a new privacy feature that the developers call Forgetful Browsing. It addresses privacy issues related to first-party cookies. Some first party cookies are useful, as they store session information so that users do not have to sign-in again on each visit.
Others do not serve any purpose, and Brave’s new feature allows users of the browser to set it to delete these cookies and site data automatically. There is an option to make this the global default, and only allow some sites to keep these first-party cookies and site data.
The feature will be launched in Brave 1.53. Nightly users may enable it by loading chrome://flags/#brave-forget-first-party-storage and setting the preference to Enabled.
Mozilla released Firefox 113.0.1 this week to address three non-security issues in the browser, including a video playback issue in fullscreen and a color issue on Windows devices.
Microsoft plans to make a bid to make its Bing Search engine the default on Firefox; this would affect Google as it would lose access to millions of searches per day.
Privacy and Security
Microsoft is scanning ZIP archives uploaded to its cloud services. This week, it was confirmed that Microsoft is also trying to look into password protected ZIP archives by using a list of common passwords, and using information linked to the archive, such as filenames or messages, as well to discover passwords.
Twitter rolled out encrypted direct messages this week, but only for paying subscribers or users affiliated with organizations. Lots of limitations currently, but Elon Musk promised that the feature will be improved in the future.
Tutanota, best known for its privacy-first email service, revealed its plans for the year and beyond. The company plans to create a new product, which it calls a “post-quantum secure drive solution for securely storing and sharing data online”. It is also looking into changing its brand name and launching new subscription plans.
Software Releases and Updates
Winaero Tweaker 1.52 improves compatibility with the 22H2 versions of Windows 10 and 11.
Gaming and Entertainment
Valve’s Steam platform will drop support for Google Analytics in the coming months. The company announced the change this week and plans to integrate some of the data reporting features natively into Steam instead to provide developers with aggregate information.
Steam is also getting a new feature, called Steam game trials, which allow users to play certain games for 90 minutes to demo them. The first game that offers this is the remake of Dead Space.
Google is testing anti-ad-blocking on YouTube currently that displays a prompt when the algorithm detects a content blocker. The prompt can only be exited if the content blocker is disabled or YouTube Premium is bought.
Certain instructions for content blockers may allow users to bypass the prompt entirely.
Other
Google plans to delete inactive personal customer accounts starting December 2023. The company defines an inactive account as one that has not been used for at least 2 years.
Google has dropped the waitlist for its Bard AI service. It is now available in most regions and countries. A notable exception is the EU, as it is not available there (unless a VPN is used with an access point outside the EU).
Customers will be notified multiple times about the potential deletion of the account. To avoid the inactive status, Google customers may want to sign-in to their account occasionally. Sending or receiving emails, using third-party programs like Thunderbird, and several other options are also possible to avoid the deletion.
HP has started to block third-party printer ink again in its printers, according to reports. Use of these prevents HP printers from printing. If you want a recommendation, I have enjoyed using Brother laser printers for a long time, and they work flawlessly and without these issues.
Mozilla Thunderbird’s donations have increased by over 100% in 2022. The team is doing very well financially and has major plans for 2023 and beyond (Android client, new major version, work begins on iOS version).
Article(s)
Millions of Android devices are infected with malware before they leave the factory
At Black Hat Asia, a team of Trend Micro security researchers claimed that millions of Android devices are infected with malware before they leave the factories.
One of the most effective ways of infecting Android devices is to do so before they even make it into the hands of customers. First spotted by The Register, operations may have been going on since at least 2017.
Cyber criminals infect Android devices, mostly mobile phones but also other devices powered by Android, including smartwatches or TVs. Most have in common that they are on the cheaper side and that their manufacturers outsource production or part of production to OEMs (original equipment manufacturers).
The outsourcing opens up possibilities to add malicious code to products. Third-party threat actors may infiltrate the supply chain to add malware to products.
Trend Micro's research into the matter revealed that cyber criminals have "infected millions of Android devices this way. Infected devices are turned into "mobile proxies", which may be used for a number of purposes, including the "stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud" according to Trend Micro.
The researchers suggest that infections started as the prices for mobile phone firmware started to drop. Firmware distributors would make less and less and some started to explore other revenue generating options.
Some started to ship with plugins, which could be activated remotely for a wide range of criminal activities. Access to plugins was sold then on underground markets.
The Register describes that one type of plugin, called proxy plugins, allowed for the renting of device access for a limited time. Criminals who bought access would be able to use the device for activities during that time. Other plugins would attempt to steal Facebook cookies to harvest a user's activity on Facebook.
Trend Micro's scans locate most of the infected devices in Southeast Asia and Eastern Europe, but devices exist in other regions as well. They claim that at least one million infected devices exist. The cyber criminals claim that they have more than 8 million devices under their control.
The team of researchers found malware on devices of 10 different vendors, but it believes that dozens more may be affected by this. They suggest that customers rely on major phone brands to avoid purchasing Android devices with infections.
Experienced users might analyze network traffic of their devices to find out if they communicate with unknown servers, even while the device is idle.
Tech in less than 150 words
F-Droid
F-Droid is a third-party marketplaces for Android apps that are free and open source. Android users need to allow the installation from unknown sources to install F-Droid on their devices.
The app store lists several applications that are not found on Google Play due to Play Store policies. This includes NewPipe, a great YouTube client that supports downloading and blocks ads.
The official F-Droid website supports a search to find particular apps or games. The app store has fewer apps and games listed as Google Play, but that does not mean that you can’t install high quality apps or games from F-Droid.