In a little more than one year from now, Microsoft will end support for Windows 10. The operating system has been on sale for nine years. It currently accounts for approximately 65% of desktop market share.

As I have written, the security and hardware requirements for Windows 11 mean I cannot upgrade most older computers, and you will need to purchase a new computer. Some new computers may require additional memory. In all cases, I will contact you after I run a detailed Windows 11 readiness check and schedule a preliminary review of your requirements before next year’s deadline.

Now, if you see a screen like the one below, please stop what you are doing. Please DO NOT CLICK the Get it button, and call me. You should NOT see this screen — unless Microsoft changes the code in the background in the upcoming months. If you do see this screen, something is wrong, and I would like to learn what it is and how to correct it.

Thanks, and safe computing!

Microsoft has been the subject of many jokes about the security of its Windows operating system for decades. Some criticism is warranted; however, the Redmond, Washington-based organization has maintained a steady cadence of stating they will improve Windows and deliver something that approximates the management objective.

All that increased security in Windows made resolving the problem that the failed definition files CrowdStrike released much more difficult. Let me explain.

CrowdStrike offers a security product called Falcon. Its job is to protect an enterprise computer from being taken over by malicious software. One set of files deployed globally on July 18, 2024, were corrupt. When Windows performed normal operations, several elements failed, and the operating system gave up, resulting in what is known in the IT industry as a BSOD – or Blue Screen of Death.

The instructions CrowdStrike eventually provided to systems administrators after they recognized the problem was to boot the failed computer into Safe Mode, delete the bad files, and reboot the computer. That way, when the computer resumed regular operation, it would obtain a clean set of files from CrowdStrike and behave normally.

So, what’s the big deal? These steps — at least at first glance — seem elementary. Well, there are some problems with this approach.

Safe Mode

Microsoft introduced Safe Mode as a mechanism to let people resolve problems in a stripped-down form of the operating system. When you start Windows in Safe Mode, the operating system does not load start-up programs or third-party applications and drivers. Only the most essential device drivers and files necessary to run the operating system are activated.

You could access Safe Mode shortly after starting your computer by repeatedly pressing the F8 key. This process worked for generations of operating systems, from Windows 95 through Windows 7.

The mechanism to access Safe Mode changed, starting with Windows 8 and continuing with Windows 10 and 11, which Microsoft touts as more secure operating systems. Most people need to access Safe Mode because the operating system won’t start properly, so the fact that Microsoft provides two very different ways to access it from within Windows indicates that someone wasn’t thinking about actual problems faced by the masses.

To access Safe Mode from a “cold start” means turning on the computer and immediately holding down the power button so the start-up is interrupted and the computer shuts down. Do these steps two more times, and you should see a pop-up with the words Startup Repair. You then must select Advanced Options, Troubleshoot, Advanced Options, Start Up Settings, Restart, and then choose from the available Safe Mode options.

It seems as if Microsoft developers designed this process to prevent anyone from accessing Safe Mode. And yes, that means that technicians had to jump through these hoops just to get started to fix the CrowdStrike problem.

But that wasn’t all that stood in the way of quickly resolving the issue.

BitLocker

BitLocker is a Windows security feature that will encrypt the contents of the hard drive on which the operating system is installed. This advanced functionality mitigates unauthorized access to a computer’s operating system drive. By password-encrypting a computer’s operating system drive, you can keep your files (and personal information) secure and protected from unwanted access.

When you activate BitLocker, Windows creates a recovery key for your hard drive so that each time you start your computer, you must provide a PIN to gain access. In an enterprise environment, that recovery key is stored in the site’s Windows Server Active Directory. And therein lies the problem.

To gain access to any device with a BSOD, a technician requires the 16-digit BitLocker key. The problem is that most of those keys are securely stored in Windows Servers, which were likely unavailable because they also experienced a BSOD. Even after technicians restored those servers, a corporate environment has hundreds or thousands of computers, and no script can automate the entry of a device’s BitLocker key – the work must be done manually.

And that is why the CrowdStrike problem was so challenging and time-consuming to resolve. The requirement to increase Windows’ security prevented a simple fix. Teams of IT specialists worked throughout the weekend to attempt to recover their company’s computers by repeatedly — and manually — going to Safe Boot, entering the BitLocker key, deleting files, and rebooting.

Several pundits have commented that CrowdStrike Falcon’s use of definition files is no better than Norton Antivirus and its signature files. As many of you know, I have stressed the need for a more thorough and heuristic approach to computer security, and using definition files is not the way to handle this.

I am incredibly proud that my choice of security vendor, SentinelOne, does not use any form of definition file. For years, it has been fantastic at keeping all my clients’ computers and servers safe. Having dodged a significant bullet, I don’t want to jinx things by saying nothing bad will ever happen. Ultimately, we all want a secure Windows operating experience and do not have to go through an unexpected nightmare.

Thanks, and safe computing!

US government officials have placed a deadline of September 29, 2024, for all users of Kaspersky software to find an alternative before a ban occurs.

Here’s why this is important. Kaspersky uses signature files to identify threats. In 100 days, they will no longer be updated. As bad actors continue to evolve their threats, the software will not be able to keep up. In effect, it will become useless. Computer users running Kaspersky antivirus will no longer be protected.

As a Managed Services Provider, I have never suggested or promoted using Kaspersky as an antivirus or internet security product. I recognize it comes preinstalled on many computers sold by big box stores (e.g., Staples, Best Buy). Starting a subscription to a product that came with your computer is much easier than figuring out a new or different one.

However, the latest generation of threat protection doesn’t use signature files. It uses artificial intelligence to recognize valid programs from rogue software. These security products view the totality of your computer’s operations to determine if something unusual is occurring (like encrypting files or contacting a foreign command and control center) and stop that activity.

As you know, I have evaluated many security products over the years and rely on SentinelOne and Huntress as the most practical combination to protect computers in a home and business environment. These products take unique approaches to identify and eliminate threats without using old-fashioned signature updates. SentinelOne uses the activity of known programs to identify those operating in an aberrant or unsafe manner. Similarly, Huntress will quash any activity that appears to be suspicious.

If you know anyone who has Kaspersky installed on a home computer, I suggest you tell them to take the following actions:

  • Access your Kaspersky portal and stop auto-renewal and auto-payment on your credit card.
  • Uninstall the Kaspersky software using the Windows Control Panel > Programs > Uninstall a program function. This action should automatically re-enable Microsoft’s built-in Defender application.
  • Go to the Windows Security Center, ensure Microsoft Defender is activated and updated, and scan your computer. Defender, while it uses signature updates, gets those automatically from Microsoft.

If you know of any small business owners that have Kaspersky installed on their office computers, please ask them to get in touch with me immediately. When they sign up for a SentinelOne and Huntress subscription between now and September 29, I will waive the $95 implementation fee!

Thanks, and safe computing!

In mid-March 2024 I landed in a quandary.  There are 18 months until Microsoft ends support for Windows 10 in October 2025.  Until now, I have planned to migrate my clients’ computers to Windows 11 because that is a standard industry approach.

In addition, Microsoft stated that Office 2016 and 2019 would also go out of support in October 2025.  Without a long-term replacement (e.g., Office 2024), Microsoft has forced me to consider establishing a Microsoft 365 subscription for every client requiring any Office application because there is no alternative.

Well, call me gob-smacked when I learned that Microsoft is planning a Windows 12 announcement by mid-2025 and the probability of a non-subscription version of Office 2024 before the end of this year.

Unfortunately, I did not obtain this information directly from Redmond-based Microsoft.  Instead, I read about these offerings in various blog posts and Reddit forums.  And – I’ve got to admit – that is NOT how I want to operate my business.

I will convey what I know about this situation as clearly as possible.

In October 2025, Windows 10 will no longer receive any further updates, and I will no longer support computers with that operating system.  If I can upgrade your computer’s Windows 10 operating system to Windows 11, I will discuss the implications of performing that upgrade with you.  If your computer cannot run Windows 11 (mainly because it is too old), I will discuss replacing it with new hardware, possibly a new monitor, and even a new printer.

In the past, I was strict about replacing your computers when they reached the end of their five-year warranty.  However, I have been lax about upgrading your hardware for the past few years.  Because of the pandemic’s effect on the global supply chain and the resulting lack of computer components, I give most clients an extra year’s grace on replacement.  Sometimes, I let things go out for a full seven years.  But, as I have regrettably learned, when a computer breaks now — and is required immediately — getting a replacement when you don’t have a warranty can cost more than six times the cost of an extended warranty.

Microsoft isn’t planning to announce Windows 12 until mid-2025; therefore, I will not consider that option for any client.  As I see it, this will be an offering I could only recommend well into 2026 — after I put it through at least six months of testing on my lab computer.

As far as Microsoft Office is concerned, I will have to hold my breath, and I hope you will join me on a small adventure.  The retail price of the home user version of Office 2021 is $150, and the retail price of the business edition is $250.  A one-year subscription to Microsoft 365 is $70 for home users and $150 (at a minimum) for business users.  I’m asking you to throw that money away in October 2025 and then purchase the Office 2024 version.  According to all accounts, the price for each version will be approximately 10% higher.

Of course, I would prefer you to spend a one-time charge for up to five (or more) years of software use than to subscribe to an annual reliance.  However, if you must purchase a new Windows 11 computer, I will work with you to obtain a solution that best fits your needs and keeps your expenses within reason.

If you do not have a fierce requirement for a Microsoft product, I will point out that the free LibreOffice product suite will let you work with your Office files with close to 100% fidelity.  I will also let you know there is a learning curve, so if you don’t like change, stay with what works for you.

Thanks, and safe computing!

We are coming up to the end of 2023. During the past year, only one product has been released in the computing environment that I think will change our future: ChatGPT, the artificial intelligence (AI) bot released by OpenAI. It is now in its fourth iteration from its original release in November of 2022. Yes, you can prank ChatGPT by asking repetitive questions. Yes, it still has hallucinations and will give incorrect answers. Yes, you are only now getting recent data in responses (rather than the outdated original data set). And yet, people are using it in myriad ways.

Microsoft has already spent $13 billion to provide OpenAI with the resources needed to build the product. I believe that amount will likely double in the next two years. Satya Nadella, CEO of Microsoft, is “all in” on AI because he knows the more you and I use bots to help us operate our computers, the fewer people will be required to do more work. If someone can document a process and then have the AI read all the documentation associated with a topic (e.g., how to fix the problem when your computer can’t print on your wireless printer), then you don’t need a human being at a call center in India or the Philippines.

You can have a computer user open a Windows 11 CoPilot application, type their question, and engage in a question-and-answer session. The cloud-based software will walk that person through all the known steps to fix the problem. Am I worried about my job because of this? No, because despite the computer-provided hand-holding, sometimes you need a human being who has experienced “real world” problems to ask questions no one asked the AI bot. As I have seen in many demonstrations, when ChatGPT doesn’t know an answer, it cannot even say, “I don’t know,” so it provides incorrect or misleading information. That is a significant problem that still consumes the minds of the data scientists who build these models. And it is why I think we are far from having AI “take over” things.

In the same way, businesses will create AI-based products for more and more fields. Do you need an insurance quote? Of course, the preliminary questions and responses you receive will be from an AI bot. You’ve all seen the silly commercials for “Limu Emu and Doug.” After all, Liberty Mutual extols the virtues of customizing insurance so “you only pay for what you need.” How do you think they are going to handle that soon? It is simple: they will develop an AI bot to work with you. For instance, you’re a young married couple in Livingston, NJ. You own an $875,000 house with 25 years on your mortgage. You have two kids (ages 9 and 6) and lease a Tesla Model 3 and a Toyota RAV 4. Liberty Mutual will have loaded all of the ISO (Insurance Services Office) documents into their LLM (large language model) and all the appropriate New Jersey amendments. One, two, three, and you’ll have your quote. I’m not sure you will need an insurance broker until the end of the chat session (and probably only as a matter of law — which the insurance companies will try to change). Of course, a human being may find a different rate structure based on their industry knowledge — but who will you ask to qualify which one is appropriate, correct, or even valid?

Likewise, calls you would make to your primary care physician about your existing health conditions might soon be answered by a “MedChat” AI bot. Need help from Spectrum or Verizon for a problem with your TV, phone, or internet? First stop an AI bot. (I didn’t think anything could be more annoying than the IVR Spectrum has now — but that will change.) Do you need to get a mortgage from your bank? Yes, there’s going to be a bot for that. The list of applications with generalized artificial intelligence will be extensive and pervasive, so much so that some speculate that AI modeling and development will become a $63 billion industry in the next year, growing into the trillions within a decade. And what about those people who looked forward to getting call center jobs to raise themselves out of poverty? They will need to pursue completely different career paths. There is no “next level” for many of these people because building the bots is so complex they won’t have the skills necessary to get hired.

Let’s take a moment to discuss what AI will do in the education field. It isn’t going to be pretty. That’s because what you “feed” the artificial intelligence engine is what provides the basis of responses. Currently, in the United States, high school history textbooks in California contain vastly different explanations of events than those in Texas. This linked article from the New York Times is a few years old but depicts the massive “disconnect” in the study of US history. Guess what? Those same divergent viewpoints will arrive in AI history bots. Will we have a uniformly educated America? No, in fact, it will become even more divergent (and undoubtedly more strident) because some communities will not accept any artificial intelligence software in their educational system.

Two years from now, Windows 10 will go out of service. Microsoft claims that CoPilot applications will be available for Office 365 users for an extra $30 per month. Redmond has designed these apps to help businesses by reading through emails, Word documents, Excel spreadsheets, and PowerPoint presentations. The AI bots will perform data mining of a company’s internal resources to provide additional insight and — they hope — business opportunities and streamline business deals. As an aside, I upgraded my laptop to the latest version of Windows 11 23H2 and saw that CoPilot is in beta mode on my Taskbar. I will report the results of testing in a few months. Having seen this latest change, I realize that all new Windows 11 computers require more memory than I had planned (i.e., 16 GB of RAM instead of 8 GB).

For all we know, Windows 12 will be a cloud-based AI-based agent that allows you to run Windows in any browser on any platform you want. The monthly subscription will probably put off mass adoption — because we know that the folks at Redmond are greedy. But after a while, with appropriate discounts, mass uptake will undoubtedly occur. Then, you can use an AI bot to browse your email, view websites recommended by your reading profile, and work with documents that “understand” who you are.

Yep, that’s pretty freakin’ scary stuff. I’m going to continue to guide you through this huge transition.

Thanks, and safe computing!

Password managers are programs that let you store an ever-growing list of online credentials in a safe location. These programs remove the need to record this information insecurely, such as by emailing them and writing Post-it Notes.

Many security experts advise clients to use these programs as part of best security practices because they also let you create strong and unique passwords for each online account you have. Additionally, some programs alert you if you duplicate a password across different accounts and can notify you if your password has appeared in a known data breach.

However, if your program’s secure vault is compromised, it potentially puts every one of your online accounts at risk of compromise. This issue drew my attention following last year’s extensive LastPass breach incident.

In 2022, there were multiple breaches at LastPass. In addition to putting the response and actions of LastPass under the spotlight, the incidents have raised questions over the safety of storing multiple login credentials on password managers altogether.

LastPass announced in late August 2022 that “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.” This enabled the attacker to take portions of source code and some proprietary LastPass technical information.

After conducting an investigation and forensic review, LastPass said it found no further evidence of activity from the threat actor. The unauthorized access was limited to its development system, which is “physically separated” from its production environment.

At the end of November, they made another announcement that an unauthorized party had gained access to a third-party cloud storage device. This new breach was enabled by the information gained by the attacker during the original August incident.

And a few days before Christmas, the firm informed users that attackers had accessed encrypted customer data (username, password, and notes) and unencrypted data (the website addresses of customers’ online accounts).

Do I believe you should keep your LastPass account following this last episode? No, but the damage has already been done. There is a high likelihood that your account may have been compromised. But if you want to continue to use LastPass, there are three things you must do to continue using the service.

  • First, you must strengthen your master password and ensure it is unique, long, and complex.
  • Second, as an extra security precaution, you should change the passwords for the websites you have stored in the service.
  • Third, you should be on the lookout for targeted phishing attempts in the coming months, with the attackers accessing your unencrypted contact information and websites.

I have reviewed these services over the years and have not found one I have felt entirely comfortable using – and I have not only my accounts to manage but many of my client’s accounts. I hate to say it, but the safest and most secure way of managing your passwords is to use a notebook and write them down.

If you use a document or spreadsheet and your computer is ever compromised, you will lose that information, and bad actors will use it against you.

What is the best way to implement this Luddite approach? Have one page per account, and write the name and website address at the top. Have a one-line entry per password, preferably with the date you first used it. If you must change a password, cross out that line, and write a new one along with the date, you created it.

The more complex we have made our lives by thinking that computers would make things easier for us, the more I think we need to use simple methods to maintain our security.

In 2017, there was a security breach at the credit reporting firm, Equifax. This breach was significant news at the time, and by 2019 the company agreed to a $425 million settlement of several class action lawsuits. They offered credit monitoring or a cash award of up to $125. At the time, I recommended the former.

In the closing days of December 2022, Equifax began to issue those cash awards. Many people found the amount they received laughable (e.g., most claimed to receive less than $10). However, scammers immediately went on the alert and into action. The website DomainTools.com reported several new domain names, which closely resembled the legitimate one, had been registered in just a few days. The valid website name is equifaxbreachsettlement.com. Fake versions include equifaxbreechsettlement.com, equifaxbreachsettlementbreach.com, and equifaxsettlements.co.

If you get an email notification about payment, do not click on the link in the email. It would be best if you went directly to the legitimate website and manually entered the keycode shown in your email. These instructions also apply if you get a letter in the mail.

Of course, because everyone’s information was made publicly available, scammers know who you are. If you get an email that seems slightly off and want to learn if it is “real,” please forward it to me for verification. Doing so is not an intrusion on my time. I would much rather spend a minute or two to review the contents of an email, than spend several hours — or days — working to restore your stolen identity.

Thanks, and safe computing!

Last began with more than 100 ships, loaded with goods, lined up outside the ports of Los Angeles. Now there is no backlog. I was looking forward to a new year with some semblance of normalcy in the supply chain for computer-related goods. Unfortunately, that looks like it might not happen.

China was locked down with its zero-Covid initiative and still managed to produce products to keep the supply of goods up and running. Now the government has eliminated that constraint, and people are staying home anyway. Many more are getting sick. Based on recent news articles, the country is prepared for hundreds of thousands of citizens to die. This disastrous result will place many computer equipment manufacturers in the same awful position they were in at the start of the pandemic three years ago.

Lenovo has not announced any planned price increases, but they rarely do. They adjust pricing at the distributor level when they provide their available supply list. I expect to see price jumps on the equipment I usually offer to home users and small business clients by mid-year. I also expect to see the same unavailability of monitors and computers as I did early last year. My advice is if your computers are coming up for replacement, get moving on that project sooner rather than later.

A lack of products will also affect the pricing of items that are still available. SonicWall has increased the price of hardware and software three times in the past two years. They have — for now — indicated they plan to hold the line. Still, I don’t think it will be far-fetched to believe that if they cannot get the necessary components for their firewalls, especially chips, they will increase hardware prices to what they feel is essential to keep moving forward. As a result, a higher price will affect anyone needing a new firewall.

Microsoft is proud of its software and cloud services, generating $25 billion in 2022. The price for Microsoft 365 (most commonly known as Office) will be increasing in 2023 for most business subscriptions. Following an enormous backlash from partners when Microsoft announced a price increase early in 2022, the company offered “discounts” through the end of the year. The cost of Azure, the data center cloud service, will likely increase later in 2023 to account for price spikes for the hardware required in their data centers — mostly solid-state disk drives.

Oddly enough, one of the latest offerings from the world of Artificial Intelligence, ChatGPT, will either wreak havoc for programmers or be a savior. This unique software can provide programming solutions when presented with a mere suggestion of a problem. Companies will still need skilled programmers to complete a full-fledged project. But with the starting point provided by an AI engine, many companies will be willing to reduce their staffing costs by employing this new technology just to hold the line on increasing software costs.

Another feature of ChatGPT is that it can respond to standard English language questions. I foresee customer service help desks will use this functionality before the end of the first quarter to answer commonly asked questions before routing a phone call (or chat session) to a human being. High school English teachers have recently realized the answers to essay questions cannot be reviewed by “did they cheat” software, because ChatGPT responses can be edited to approach grade level equivalency. Only the consistent use of proper grammar and punctuation reveals a software program, rather than an 11th grader, did the work.

With the price of a bitcoin reaching record-level lows, many computer industry pundits believe there will be a decrease in ransomware attempts. I am skeptical and don’t think so. In the past, most cybercriminals requested payment in bitcoin — especially when the price was approaching a record level near $66,000. However, the cyber-currency is now hovering around $16,000, dropping from over $50,000 at the start of 2022. So, in addition to asking for bitcoin to return data, bad actors also threaten to release the data they hold to the public. In some cases, various compliance regulations govern this information, which puts the owners (the victims) in more jeopardy than usual. Kyle Hanslovan, CEO of Huntress Labs, confirmed my thinking in a recent interview with CRN magazine when he said:

With the economy changing, there is no doubt that folks have to get paid. Threat actors have to make money somehow. We‘re noticing, even in some places, they’re holding the data for ransom, but they‘re not actually encrypting. They’re skipping that part and just only holding for extortion, or threatening to maybe call a regulator or threatening like, ‘I’m going to call your customer and show them I have your data.’ So there [are] still other ways even by not using ransomware to still hold data theoretically for ransom. For me, it‘s not going anywhere. It’s such a great source of income for them; it‘s clearly not going away in 2023.

Thanks, and safe computing!

One aspect of my business that never ceases to amaze me is how hardware and software vendors can make sudden changes that affect vast numbers of clients and end-users with little notice. The two I write about this month are significant; however, they are not representative of the entire industry.

Intuit

Intuit is the maker of QuickBooks, the accounting software many individuals and businesses use to manage their finances. There are three desktop versions of QuickBooks: Pro, Premier, and Enterprise. In 2001, Intuit released a cloud-based version of QuickBooks, which purported to match the desktop versions. Often heated discussions on various forums show this effort has fallen short of expectations for those who are used to the desktop product.

Intuit has had a strict support policy for QuickBooks. It states that support for the current product is valid for three years from when it was issued. For example, Intuit released QuickBooks 2022 in September 2021. It will receive support until the fall of 2024, which means Intuit will publish updates and fix problems with its code during those three years. Anyone who purchases the product can call Intuit’s QuickBooks Support to resolve problems with installation and program errors. Help for how to use QuickBooks is relegated to website forums and accountants. After three years elapse, add-ons to QuickBooks will no longer function. These include Payroll Services, Online Backup, and Online Banking.

For the Pro and Premier versions, you used to be able to go to the Intuit website, Amazon, or a big-box store and purchase the software. You’d either get the CD/DVD and a license key or the license key along with a download link. That software purchase gave you three years of support. The Enterprise version was always an annual subscription.

Last year Intuit changed how you can purchase the product. They have implemented a subscription service for the Pro and Premier versions. (I predicted this more than a year ago for some of my clients.) You must buy the product every year if you wish to continue to use it. To make matters just a little bit worse, you can no longer purchase the Pro version from the Intuit website by clicking a Buy Now button. Intuit removed that option this year. You must call the Sales phone number at the top of the page.

As I learned last month, when you call, the sales agent, using a script, will push you to choose QuickBooks Online. If you say no to that option, they will attempt to get you to upgrade to the Premier version. And if you continue to say no, the sales agent is tasked to offer you additional for-fee options to the Pro version (e.g., Payroll Services, Online Backup, and Online Banking). All in all, not a pleasant buyer’s experience, certainly not one conducive to further purchases – except now, everyone who uses QuickBooks is a captive for a higher priced, not necessarily better, product every year.

Microsoft

Most people probably know Microsoft makes Office primarily consisting of Word, Excel, and Outlook. You might also know that Microsoft has made Office available as a cloud-based offering – in many forms and with different names – since 2010.

Over time, Office was installed from diskettes (6 in 1990), CDs, DVDs, and – most recently – using a license key and a download link. These are known as perpetual licenses. They are valid for as long as you use the computer on which you installed the program. For several years, Microsoft hinted there would come a day when they would stop issuing those product versions. That day is now more visible and inevitable. Last month one of my colleagues reminded me that Office 2013 is going out of support in April 2023. While I wasn’t surprised that a ten-year-old product was ending, what surprised me was the end dates for Office 2016 and 2019. Look a look at the chart below.

OfferingStartMainstream EndExtended End
2013Jan 9, 2013Apr 10, 2018Apr 11, 2023
2016Sep 22, 2015Oct 13, 2020Oct 14, 2025
2019Sep 24, 2018Oct 13, 2023Oct 14, 2025
2021Oct 5, 2021Oct 13, 2026Not applicable

Please note that the last day of support for Windows 10 is also October 14, 2025.

What is someone with a perpetual “Home and Student” or “Home and Business” version of Office supposed to do? The only solution is to purchase a subscription to the appropriate cloud product, as follows:

Consumer (Student):Microsoft 365 Personal$69.99 per year
Business:Microsoft 365 Apps for business$99.00 per year

I will distinguish between an individual purchasing a “Microsoft 365 Personal” or “Microsoft 365 Apps for business” subscription on the Microsoft website versus a business subscribing its staff to Microsoft 365 Business Standard or Business Premium via my Microsoft partner program, NCE. Individuals must create a Microsoft Account (a unique-to-Microsoft email address) to purchase the license because Microsoft will save your credit card information. I can provide subscriptions for businesses through NCE that get are included on their monthly bills.

While it is going to be relatively easy to create a FirstName.LastName@Outlook.com email address for individuals (unless your name is Bob Smith), Business accounts – for actual businesses – must go through NCE to ensure the default “onmicrosoft.com” administrator account gets created. After that, it requires several administrator steps to link the business’ legal website name to the product.

By October 14, 2025, Microsoft will (most likely) require a Microsoft Account to access any new Windows 11 computer. If so, then you must use the same email address for Office!

I can’t say I’m looking forward to these changes because if they are difficult for me to adjust to, they will probably play some havoc for the clients I support.

Thanks, and safe computing!

In this particular “scammers” edition of Sun Spots, I will share a few recent emails from clients asking about the validity of the contents. I also want to direct your attention to a feature-length article from Wired magazine’s March 2022 issue that contains a third-party discussion of what happens when someone is an unwitting victim of a phone call.

One client forwarded me an email about urgent warning about his Norton anti-virus license.

He uses AOL, which doesn’t let you see “behind” the email address unless you explicitly look for it; fortunately, Outlook does. But this is such a piss poor example of fraud it isn’t even funny.

The email return address is justforconsumers.com, which doesn’t resemble Norton at all! The links in the email route to http://aoolldearbox.bond, which is not a secure website. Worse yet, if you click any link, you are re-directed to a website hosted by aquaticbees.com (definitely not Norton). That page has a warning about an increase in “Malware and Viruses.” Click on any of the links on that page, and I’m certain your computer would be flooded by tons of the stuff they “warn” you about.

And, of course, he has SentinelOne with his SPF+ subscription, not Norton!

This email is fraudulent; it should be marked as “spam” and then deleted.

Another client returned from a recent vacation to find an email with the subject, “Your order has been confirmed.”

Attached was a PDF file that resembled an Amazon invoice indicating that a payment of $769.99 had been received for a “SAMSUNG 55-Inch Class QLED 4K UHD Dual LED Smart TV with Alexa built-in.”

It also included the following information:

If you want to cancel or modify this purchase and want to claim your money back. Please call us Immediately to our Billing Department : +1- 877-542-2099

Let’s forget, for a moment, the atrocious grammar and punctuation. Let’s ignore the email address that isn’t from Amazon.com. This email and invoice features one of the more insidious scamming aspects. It requires you to call them to ask for assistance. The moment you do that, you are an active (unwitting) participant, and — if you are not careful — will be providing con artists and thieves with your personal information. I cannot stress how important it is to DELETE garbage like this immediately!

This leads me to the Wired article: They Were ‘Calling to Help.’ Then They Stole Thousands. Take the time to read this, and if you have any questions afterward, please let me know.

Thanks, and safe computing!