Who needs Windows 10 Pro: 5 reasons to upgrade

Windows 10 Professional isn’t just for cubicle dwellers who have no choice around the matter. While users who own a “professional” PC like the Surface Book 2 will automatically be upgraded to this higher-end version within the OS, smaller businesses and PC enthusiasts may also weigh the benefits associated with the Pro version vs. Windows 10 Home.

Windows 10 Professional doesn’t take anything away from Home users; it simply adds more sophisticated features. It’s a costly choice, though: the free upgrade from Windows 7/8.1 has gone away, meaning that you’ll either require buy a new PC with Windows 10 installed or build your own, spending extra for a license.

What Windows 10 Pro will cost

In general, you can pay $120 to download Windows 10 Home from Microsoft directly, $200 to download Windows 10 Pro from Microsoft directly, or pay a bit of less to buy it from an e-tailer. Amazon charges $109.99 for Windows 10 Home, and $189 for Windows 10 Pro. There’s another option: buying a “system builder” license from an e-tailer. This is usually the choice of enthusiasts, but it offers no support or even instructions from Microsoft. It’s cheaper: Windows 10 Home is $110 ($93) from Amazon; while Windows 10 Pro was $143 from Amazon.

(Microsoft at one point would offer a “Pro Pack” to upgrade from Windows 10 Home to Windows 10 Pro; that function is now handled by the Microsoft Store app within Windows 10. Enter “Windows 10 Pro” during the search box and follow the instructions; Microsoft asks $99.99 for your privilege.)

Microsoft created a useful webpage for comparing the different Windows 10 versions, breaking down the reasons to upgrade to Windows Pro into four categories: the fundamentals, management and deployment, security, and Windows updates. All of them have some relevance for power users and more traditional businesses alike. While there will be dozens of differences (check our review of Windows 10 for this details), six key aspects of Windows 10 Professional will help you decide whether the upgrade is worth it for you. (Yes, six: Microsoft has added another!)

BitLocker

Microsoft’s encryption software has been developed and updated since Windows Vista, and it’s been built into Windows 10 as well. Since Windows 8.1, BitLocker has offered the option to encrypt the Windows boot drive and other fixed drives during the system, as well as USB keys and external drives.

BitLocker is especially handy for traveling, even if it’s just to a local cafe. Locking down your data isn’t 100-percent foolproof, but it’s a start. If a drive is encrypted, BitLocker will encrypt other files that are added to it. You also have the option to suspend encryption or remove it entirely. Files moved from a BitLocker encrypted drive to another drive are automatically decrypted.

Evidently, you’ll need a password to help with making it all work, preferably as strong as possible. When you don’t have that password, you’ll need a recovery key to regain access: a code that might be saved to a file, to a Microsoft account, or even printed out and saved. But at any time you forget the password and lose the recovery key, you’re stuck-you’ll lose access to that data forever. (Saving it to the cloud is recommended.)

A cloud storage solution like OneDrive may be a great way to store your files, but a USB key encrypted with Bitlocker and clipped to a keychain can provide a single layer of security and keep precious files close at hand.

Remote Desktop Connection

Windows 10 Home machines and Windows 10 Professional machines can initiate Remote Desktop Connections, such that the “master” machine controls the slave machine and all of its resources. (Doing so blanks the display about the “slave” device.) Only Windows 10 Professional machines can be remotely controlled, however-not Windows 10 Home machines.

Windows 10 Home machines could possibly be remotely assisted, which means that the Windows 10 “master” machine controls the “slave” machine, and the “slave” display mirrors the master display. Remote Assistance is designed as an educational tool, so that a remote technician can show you how to adjust your graphics settings, for example, by moving your mouse.

The upshot is that work machines will be accessed from home, but home machines will be controlled only from work. Whenever you run a small business, Remote Desktop Connection is another reason to consider Windows 10 Professional.

Client Hyper-V

Not many business professionals will probably care about virtualization, the ability to wall off a portion of your own hard drive into a virtual PC, complete with its own operating system. But for enthusiasts-especially those who wish to continue testing Insider builds without risking their main system-Hyper-V is just the thing.

Virtualization creates a secure operating environment within your PC that allows you to run different operating systems, including Linux, future builds of Windows 10, and even older versions of Windows. (Just confirm you still have valid license keys for the operating system and a PC processor that supports virtualization-not all older models do.)

Once you have Windows 10 Professional, you’ll still be forced to install Hyper-V manually. You can begin typing “Hyper-V” within Search box. Windows will suggest that you install some optional features. You’ll be given a list of options, where you can install Hyper-V.

Our sister site Infoworld offers a really good introduction to Hyper-V.

Microsoft Update for Business

Windows 10 Home pushes patches to your PC immediately, allowing you to defer installation for a few hours, but no longer. For some, that might not be the most desirable option. Windows 10 Professional offers an option.

Users can certainly opt to install patches as soon as Microsoft releases them. But as history has proven, Murphy’s Law can trigger an update at an inopportune time. Deferring the update — until the weekend, possibly — means that you’ll be able to update your PC when you choose to.

The other reason, though, involves bugs. As Windows 10 neared, reports circulated of new updates breaking multimonitor setups with certain Nvidia cards. A firmware update that Microsoft pushed to the Surface 3 and Surface Pro 3 failed, and had getting reissued.

In other words, patches do occasionally cause things to go haywire, which means that Home users could wade through some wonky updates as Windows 10 evolves. Murphy’s Law says things will go wrong. Bugs will happen. Updates will be applied. That chance to wait and see if anything blows up might add an extra layer of peace of mind.

Edge’s security blanket: WDAG

One key feature contains finally reached Windows is Windows Defender Application Guard, a sort of browser “super sandbox” which was restricted to enterprise versions of Windows, but has now been added to Windows 10 Pro in the April 2018 Update.

WDAG creates a virtual sandbox for your Edge browser, although you’ll will have to turn on the feature with the Control Panel (Control Panel > Programs > Turn Windows Features On and Off). When you are browsing the dark depths in the Web within Edge, do it with WDAG enabled.

Note that WDAG doesn’t currently allow you to run extensions, and Favorites may not carry over those that open a WDAG window. You might not be able to download a file, unless you change a policy setting. However, WDAG is Microsoft’s most secure way to surf the Web.

Features for businesses first

Several features in Windows 10 Professional are aimed squarely at the business market. Domain join, for example, allows you to bring in your own PC and connect it to the office domain. Group policy management allows an IT admin to control which PCs do what. And if you’re running an ancient Web app at work that doesn’t work with Edge or Internet Explorer 11, the Enterprise Mode Internet Explorer allows you to drop into an Internet Explorer 8 mode inside your browser. Likewise, if your business needs specialized enterprise apps, an admin can lock down the Windows Store produce sure employees get those, and nothing else. There’s also the ability to join Azure Active Directory, with single sign-on capabilities.

Some users may find some value in Assigned Access, which takes a Windows tablet and allows it to run only a particular application. Normally this setup is used for a dedicated kiosk, but it might kid-proof a tablet, too.

Get it towards the flexibility

Moving to Windows 10 Professional makes sense for people who could use its more advanced features. It costs money, though, so don’t feel compelled to upgrade unless you really need them. Windows 10 Home will suffice in the majority of individual or family users.

Windows Meltdown patches receptive more severe issue

Microsoft perhaps have remediated one vulnerability because of its Windows Meltdown patches, but a burglar researcher said…

the fixes produced a new, more dangerous flaw for those.

According to Ulf Frisk, a security researcher headquartered in Sweden, the patches Microsoft released for Windows 7 x64 and Windows Server 2008 in January and February 2018 were successful in protecting against Meltdown but “opened up a vulnerability way worse” that may allow “any method to read the complete memory contents at gigabytes per second … [and] email arbitrary memory in addition.”

“The User/Supervisor permission bit was set to User at the PML4 self-referencing entry. This made the page tables there for user mode code in each and every process. The page tables should normally basically accessible by a kernel itself,” Frisk wrote inside the blog post. “Once read/write access may be gained to page tables it’s trivially easy to gain access into the complete physical memory, unless it’s also protected by Extended Page Tables used to treat virtualization. All one must do would be write his or her’s Page Table Entries right into the page tables to access arbitrary physical memory.”

Frisk crafted a tool to run a test if a experience vulnerable, but noted that just systems running the patches from January or February could well be at risk. “If your alarm isn’t patched since December 2017 or if perhaps it’s patched on the 2018-03 patches or later it is secure,” he wrote.

A Microsoft spokesperson said, “We released a security alarm update for Windows 7 Service Pack 1 (x64) and Windows Server 2008 R2 Service Pack 1 (x64). Customers who apply the updates, and have automatic updates enabled, are safe.”

Mark Nunnikhoven, second in command of cloud research at Trend micro coupon, said it was worth noting that the Windows Meltdown patches didn’t cause a vulnerability to read simple things the memory, rather introduced “a misconfiguration that exposes memory unintentionally. ”

” It is not always someone picking a lock and getting in; someone forgot to lock the entrance in the first place. It’s just a quality control issue. Microsoft includes a long good reputation good patches, but even the best processes aren’t perfect. There’s a lot of code at the operating system that banks on the CPU functioning during a specific way,” Nunnikhoven told SearchSecurity. “This was not ever going to be an effortless fix. Still, this specific issue cannot have shipped. That is a process failure of course.”
Experts respond to Windows Meltdown patches

Tod Beardsley, research director at Rapid7, said Frisk’s studies solid but added the risk might lessened since “the exposure only lasted a few months in a wide range of scenarios.”

“It would definitely be unusual for Windows systems to search for the January or February patches, however it is not yet produce the March patches uncontrollable, since most enterprises that apply patches also often times apply them automatically,” Beardsley told SearchSecurity. “However, in case your enterprise fast-tracked Spectre and Meltdown patches assistance programs were January but hasn’t updated since, then this is a fine time for it to update — the exposure introduced of these patches really are worse compared to a original exposures. Alike rationale for emergency patching in January certainly is applicable to this issue way too.

Jerome Segura, lead malware intelligence analyst at Malwarebytes, said the “daunting task” of fabricating the Windows Meltdown patches has produced a number of issues.

“The first patches that turned out introduced an excellent performance hit in addition unwanted behavior which includes system reboots, because of this that Intel even advised its customers to wait for a stable patch,” Segura told SearchSecurity. “This offers us an idea of the far reaching effects these vulnerabilities have, supper . which i am still attempting grasp the extent of the ramifications.”

Microsoft Is Dealing with Windows 10 Lean Edition

Microsoft has realized there’s a problem using Windows 10 on lower-end devices that ship with limited storage. This dilemma being, before you start downloading updates there are no longer enough space manufactured to install them without an external drive.

One solution this is getting device manufacturers to ship more storage, the other is to decreased the size of Windows 10. Option No. 2 is obviously easier, so that is what Microsoft is doing.

As Windows Central reports, a completely new version of Windows 10 is actually in development, described internally as Windows 10 Lean. You’ll find it aimed squarely at devices haveing a internal storage limit of just 16GB, having a number of tablets and the HDMI port compute sticks we had appearing within the past few years.

First sign of Windows 10 Lean appeared in a very Redstone 5 preview build and tweeted about by Lucan. The idea appears to be a version that’s 2GB smaller than a clean install of Windows 10 Pro x64.

Microsoft aims to achieve that by cutting features in lieu of compatibility. So, while legacy apps works, users of Lean will miss access to Internet Explorer and the Registry Editor, such as. Think of any app or include user is actually unlikely to desire to use on such low-end devices, and it has probably not quickly the Lean build.

For a less feature-rich form of Windows 10 to do the job, Microsoft also needs to perform tweaking with the way in which Windows Update functions. For updates will continue required to the software, but Microsoft does not want Lean downloading content it cannot use considering that the feature it relates to isn’t available.

It’s unclear when we’ll get your option of Windows 10 Lean. My suspicion can it be will only be offered being a pre-installed OS on very low-end hardware. In fact, it may result in encouraging some manufacturers to implement shipping devices with 16GB of storage.

Microsoft Gives Windows Server 2016 Hyperconverged Computing Boost

Organizations could use Windows Admin Center (previously code-named “Project Honolulu”) with Windows Server 2016 in order to handle hyperconverged infrastructure (HCI), Microsoft recently announced.

HCI describes scenarios that will compute and storage functions get combined inside the cluster. The HCI feature is at the preview stage, when the browser-based Windows Admin Center reached general availability recently, so the management portal is deemed ready for production use.

Quite a couple of requirements to operate the new HCI capability. The hyperconverged scenario rrs determined by using Storage Spaces Direct, a software-defined, shared nothing storage technology in Windows Server 2016 that lets organizations use cheaper storage devices. Microsoft claims that “over 10,000 clusters worldwide” are running Storage Spaces Direct. The HCI scenario also requires considering the Datacenter edition of Windows Server 2016.

Therapy for HCI with Windows Server 2016 is only able to happen the moment the April 17 cumulative update KB4093120 is installed “on every server within Storage Spaces Direct cluster,” Microsoft’s announcement explained. The update adds new APIs that are needed to support the HCI capability.

Prior to this April update, it became only possible to test HCI using Windows Server preview releases that will come through the Windows Insider Program, and more so organizations can put on Windows Server 2016 to test it. There are certainly just a couple of differences of your Windows Insider Program preview. First, the Windows Admin Center doesn’t display dedupe and compression information. Second, the performance history is missing with the management portal, as documented in a Microsoft video.

Microsoft recently published a bunch of Windows Admin Center videos for those of you getting used to it. Microsoft has described Windows Admin Center as the next evolution of this Server Manager and Microsoft Management Console in-box management tools.

New code in Windows 10 preview shows a Surface Phone arrival

Recently discovered code within the next turmoil Windows 10 demonstrates this Microsoft may be willing re-enter the mobile space. The Windows 10 Insider Preview build contains new APIs for telephony features, fueling speculations that Microsoft continues to be close to releasing its oft-rumored dual-screen Surface Phone smartphone.

Windows 10 build 17650 has got the APIs that are typically available phones utilized for dialing numbers, blocking calls, and supporting Bluetooth headsets. You place video-calling support, Ars Technica reported, which could lead to video calls over cellular connectivity. While support for cellular connectivity has existed since Windows 8, it had become used restricted to data connections ?a Microsoft’s own Surface Pro LTE merely such example. These newly discovered APIs cover capabilities for voice-based communications.

During the past, Microsoft was rumored to focusing on a phone device with two screens connected because of a hinge. The screens could fold together, similar to a book, and take it on a more compact phone-like form factor. However, when unfolded, the iphone could offer the benefits of a tablet which has a larger display. This was previously known by its Project Andromeda code name. If Microsoft in a position launch a very device, it might just use its Build developer conference early the following as the platform to show off this hardware publicly.

Since device’s potential Surface branding, may well likely arrive bearing the high-end hallmarks inside the line, with a premium build using metal shell, support for inking having a digitizer, and the chance to run Windows. Given Microsoft’s recent deal with Qualcomm to bring the Windows os to ARM processors, it’s unclear once the Surface Phone is powered by a Qualcomm processor or one from Intel.

Another simpler reason behind the presence of these newly uncovered APIs is often that Microsoft is streamlining Windows with Windows Core OS. That effort could have resulted in important APIs merged together in an effort to reduce the lots of variants from the operating system. Microsoft was pushing developers to publish Universal Windows Platform (UWP) apps which might run on Windows, mobile, and Xbox, additionally, the telephony APIs presence on Windows happens to be an extension with this effort.

Windows 10 “Lean” Spotted being a Stripped-Down Version of the OS

Windows 10 Redstone 5 could bring more changes to Windows 10, and all this time, they’re just coming down to features and enhancements.

It looks like the debut of Redstone 5 can be found by Microsoft as the perfect occasion to introduce what feels a new Windows 10 version currently called “Lean” and might unveil as being a stripped-down version of the os in this handset, without unnecessary packages.

Web pages discovery from Twitter user @tfwboredom means that the installer for Windows 10 Lean started shipping with build 17650 for Skip Ahead ring during their Windows Insider program. “It is very much heavily eliminate,” he says, noting that an x64 clean install is 2GB smaller than the Pro sibling.
“No wallpaper”

That means Microsoft removed quite a lot of packages of your core os, and in a follow-up tweet, the identical user reveals that “by default, there is no wallpaper.” Strangely enough, while apps for example the Registry Editor (regedit) are missing, you can imported, so Windows 10 Lean doesn’t carry along any restrictions regarding Win32 software installation.

It’s being speculated that Windows 10 Lean could possibly be part of the Windows 10 S/S Mode project, though this doesn’t is very much the case at this point.

On the other hand, Microsoft was considered to be working on a stripped-down type of Windows 10 called Polaris that will eventually be helpful to power the company’s new “mobile device.” Polaris was supposed to be an evolved version of Windows 10 S/S Mode and so are without the legacy Win32 components, though via the looks of products, Lean doesn’t apparently go in this direction. At a minimum, not right now.

There’s obviously more and more to discover during this front and Windows 10 Lean appears still be in the early days, so expect more such information and details to surface as we get closer the fall debut of Redstone 5.

Windows 10 jailbreak: Google’s Project Zero reveals unpatched bug that bypasses app lockdown

Creating a slide deck, pitch, or presentation? Beneath are the big takeaways:

Google’s Project Zero security scientists have revealed an unpatched bug that bypasses Device Guard app whitelisting.
Device Guard app whitelisting clearly major security feature within a Window 10 S OS, whose protections may be now made available throughout Windows 10 as S Mode.

When Windows 10 S premiered by Microsoft approximately, the security-focused OS was marketed as invulnerable to any “known ransomware”.

While Windows 10 S will not be a separate platform, its protections will instead soon to every single Windows 10 edition beneath a new S Mode.

However, security studies have just revealed a brand-new unpatched bug that allows attackers to avoid Windows 10 S’ Device Guard feature, which locks the OS to easily running whitelisted software.

James Forshaw, security researcher with Google’s Project Zero says the bug is easily the most several unfixed flaws in Microsoft’s .NET software framework which Device Guard that need be bypassed.

“There’s at the least two known DG bypasses inside .NET framework which aren’t fixed, and still usable even on Windows 10S.”

This latest bug from your .NET framework allows an opponent to run arbitrary code on top of a system meant to be protected by Device Guard whitelisting, provided the attacker is first allowed to update the Registry.

Forshaw has released a proof-of-concept attack that updates the registry so untrusted .NET code may run to display a text window over Windows 10 S system – although he adds a malicious third-party needs the exploit to “do numerous more things than that”. The bug was tested within your Fall Creators Update build of Window 10 S, best known as build 1709.

There are a few caveats that make the exploit harder to run. It’s not remotely exploitable, instead requiring local access towards machine, also, the attacker it is fair to use another bug so you can escalate their user privileges to update the registry.

“An attacker had to already have code running on a machine to lay the registry entries instructed to exploit this dilemma, although this may through an RCE like a vulnerability in Edge,” says Forshaw.

Technical details the exploit therefore the proof-of-concept code are offered via the Google Project Zero forum here.

During 2009 TechRepublic’s sister site ZDNet also indicated that a hacker with system-level access to one Windows 10 S PC could install ransomware relating to the machine.

While S Mode by no means yet been rolled out across Windows 10, Device Guard is simply not limited to Windows 10 S, with Microsoft also offering Windows Defender Device Guard to lock down devices running Windows 10 Enterprise edition and Windows Server 2016.

The Project Zero bug could be the latest within the series of Windows 10 flaws which are revealed by Google’s security researchers before they’re patched by Microsoft.

Google’s Project Zero gives outside organizations like Microsoft advance notice should they discover a vulnerability, providing a 90-day window for ones organization to a bug before it is made public.

In February, Project Zero similarly revealed a ‘high-severity’ privilege escalation flaw in Windows 10 before it was eventually patched by Microsoft.

Microsoft Confirms First Windows 10 Cumulative Update KB4093120 Issue

Microsoft has recently acknowledged a problem in Windows 10 cumulative update KB4093120, that has been published on April 17 for systems running the Anniversary Update (version 1607).

The business originally said there were no known bugs from this cumulative update, however has recently updated the official KB page with one issue that’s reportedly hitting enterprises – Windows 10 Anniversary Update no longer is getting updates for Home and Pro SKUs, only for Education and Enterprise, as support for doing it particular version already ended.

“After installing the March 13, 2018 or later Cumulative Update for Windows 10 version 1607, simply latest Windows 10 feature update is returned as applicable. This prevents the deployment of previously released feature updates using ConfigMgr (current branch) and Windows 10 servicing plans,” Microsoft says inside an update posted on April 18.

The temporary workaround, wish to add, is to decline all feature updates around the WSUS server except for person who you want to install with ConfigMgr, Microsoft says, followed by run another update scan or give it time devices to acheive it automatically.
“Further fixes getting released future cumulative update”

Furthermore, the business promises that a fix could well be part of an upcoming cumulative update, nevertheless the exact timing on this release is not actually yet available. Microsoft will ship the latest batch of cumulative updates to Windows 10 during early May during the next month’s Patch Tuesday cycle.

On the flip side, there are no reports of failed installs gone through by Windows 10 cumulative update KB4093120, and this also can only be considered a good thing since patch is specifically designed for enterprises and education PCs.

Until recently, several cumulative updates hit installation bugs that pushed software in reboot loops, and therefore the most recent someone is the Windows 10 Fall Creators Update release KB4093112 published on Patch Tuesday.

Chime in: Are you a fan of Windows 10 tablet mode?

Microsoft introduced tablet mode in Windows 8 and forced it upon all users, when or not just read was actually simply using a tablet. It produced changes that allowed those on desktop and notebooks to bypass this mode and take advantage of the traditional desktop alone. Windows 10 ships using tablet mode but it’s optional. Might you still play with it or visualizing the desktop experience to end up being just fine on tablets?

Forum member Hansani Archibald actually enjoyed the action that Windows 8 exposed to market and feels like the current tablet mode turn out to be little watered down.

For me, That’s a massive fan of tablet mode in Windows 10 plus i was never really provided to Windows 8 overall. When rocking the surface of photos out and about, I really like using Windows 10 considering that the full package. But I’m lenient with trying a new generation and if Microsoft can increase your tablet mode incorporate more functionality that more sense will make the switch then I’ll happily present another go. Precisely what you use?

Pragma Crypto, SSH Server & Client Awarded New FIPS-140-2 Certificate

Pragma Systems, a leading SSH and security software provider, announces that Pragma Crypto library and Fortress SSH servers, Clients and Telemote are awarded a completely new US Government NIST FIPS 140-2 certificate, #3171, for Windows 10 and Windows Server 2016. FIPS certification assures that stringent cryptographic standards required by federal, state and local governments match the strict security and compliance guidelines set by NIST.

Pragma Fortress SSH server and client are the first SSH products that hold FIPS 140-2 certificate for Windows Server 2016 and Windows 10 issued by NIST’s CMVP (Cryptographic Module Validation Program) and certified at the NIST approved DXC Technology lab. Pragma SSH had been certified by NIST for other Windows os’s.

Data security encrypion compliance is required for U.S. federal agencies, the U.S. Department of Defense, the Canadian government, financial companies and many private sector agencies when cryptography is very important for protecting sensitive information. Pragma’s FIPS certified SSH software can be utilized by US Army, US Navy, Canadian Air Force, McKesson/Change HealthCare, Cisco, Amazon WholeFoods, Oracle, PayChex, Exelon and some other Fortune 1000 organizations worldwide.

“Quick turnaround time talks to the quality of our work we did and with Pragma about this project has been a pleasure,” said Gus Burgess, DXC lead for the certification. Pragma CTO David Kulwin adds, “Having FIPS certification for Windows 10 and Windows Server 2016 was essential to many of our large customers and Pragma SSH is now used in more sites that deploy these newer Windows platforms.”

When you use Pragma’s SSH/SFTP/SCP Server and Client technologies and Telemote product, these all embed its FIPS Crypto modules, customers can copy, deploy and manage files securely from Windows machines to Cisco routers, network switches, Unix servers, Linux servers and Mainframes using SFTP and SCP, the de-facto secure file transfer standards. Customers can tell that remote access and file transfers over and done with the FIPS Certified Cryptographic Module fulfills the highest possible security standards set by means of US Government.

About Pragma Systems, Inc.
Pragma Systems, Inc. is the leading provider of enterprise class remote access and secure file transfer software for Microsoft Windows platforms and is particularly a Cisco Solution Partner & Microsoft Gold Certified Partner. Pragma is truly an industry leader of Secure Shell (SSH), SFTP, SCP and Telnet technologies. Pragma’s SSH product line has US Army Certificate of Networthiness (CoN 201621769), FIPS 140-2, US DoD UC APL, and US Army TIC lab certifications and as well Microsoft Windows Certifications. Pragma’s product, Telemote, adds graphical remote desktop and server management built on our secure SSH transport. Pragma’s software solutions are deployed contained in the majority of Fortune 500 companies for some and over 5000 companies worldwide in 100 countries with an incredible number of licensed nodes.