Windows 10 New Default Settings May Open Back Doors. Or not.

Like 67 million others in the first week of release, I have upgraded to Windows 10. It was a painless transition which held no real drama – it just worked. I was, however, interested to discover the defaults that the new Microsoft operating system ships with.

The new Microsoft defaults could potentially compromise the security and stability of medical practices and facilities, or indeed of any organization that uses computers.

As many of you know, I author technical blogs for several multinational companies, one of which is the VSS Medical Group, a group of companies specializing in medical software. So what? Well, the product range includes hospital and practice management systems called EHR’s that hold vast amounts of patient health and treatment data, along with associated personal health information (PHI). That prompted me to write this piece, which has already gone out across North America and Canada to all our subscribers.

In a nutshell, then, this is what you need to know.

Windows-10Windows 10 introduces automatic updating by default. Updates will occur when Microsoft says they will. This is good, in that any zero day patches for serious issues will be rolled out automatically, protecting the entire Windows using population even while they sleep. That is pretty amazing. It could be problematic, however, if Microsoft decides to reboot all your office computers during the working day. Imagine a power outage. Same result. In a hospital, that could even be fatal.

You can override this new default and set your own schedule, and I will show you how to do this further on.

This version of Windows also introduces peer-to-peer updates. Yes, just like BitTorrent. Up until now all updates have come from the dedicated servers at Microsoft. This new default really changes this playing field. Here’s how it works now.

Rather than all updates downloading from Microsoft, they are now by default pulled from and shared with the strongest connection offering the fastest available download source. That source could be your other PC’s, or a computer down the block. Conversely, others can get their updates from your PC. Note that.

This is fantastic news if, as in our home here at Gyst Towers, there are a half dozen computers scattered around. Rather than each computer having to download massive individual updates, any update is only downloaded once, to the first PC. The rest of the computers on the networks then share that update among themselves, saving huge amounts of extra download time and bandwidth. Pretty neat.

This will be advantageous in a medical practice (or any organization) with multiple computers on their own internal network. However, it is in principal no different than having a virus: A software patch that spreads automatically across your network and updates all your computers without your knowledge. You may find this to be of concern. I do. And I know many IT administrators that are already losing sleep over this. Because bad guys are good at finding holes.

The update system has been extensively tested by Microsoft and is undoubtedly robust and secure. But. Bad guys find new ways into secured computer systems every day. From that, it is not a huge leap to foresee a malicious update finding its way into computers through this new update system. If such a thing happens the results could, no, would be catastrophic. Review the data breach headlines for 2015. Of course, it may never happen. But…it could.

Fortunately, this default too can be changed. Here’s how.

Click your snazzy new Start Button (hooray!) and then Settings. Click ‘Update & security’. If not selected, click the Windows Update tab over on the left. Then back in the centre choose Advanced options. This is where you set how your updates are installed.

I suggest setting this to ‘Notify to schedule restart’. This will notify you when an update is available and let you avoid those automatic midday restarts mentioned earlier. You can schedule a more convenient time, say during the evening when the office is closed. Note well, you are now responsible for your own updates. Keep an eye out for notifications or you could miss an important one.

Next, look a little further down the same screen to find ‘Choose how updates are delivered’. Click that to turn on or off ‘Updates from more than one place’. After reading the provided explanation of the benefits of this new system, you will want to turn this OFF if you are paranoid. Frankly, you should be if you are handling medical data and PHI. HIPAA will be proud of you. Even if you are not, you may want to close this potential loophole. Doing this will ensure all your updates come from Microsoft and only from Microsoft. If you have a network of computers, you can instead leave this set to ON, and click the radio button which says ‘PC’s on my local network’. That offers the best of both worlds: You only download from Microsoft, but your computers will share each update between themselves.

The new defaults are now modified and you can go about your day.

Windows-10I have found Windows 10 to be solid, extremely fast, reliable and a pleasure to use. The upgrade was amazingly smooth and went without a hitch. This was an absolutely phenomenal achievement for any company. Microsoft effectively upgraded the whole world overnight, and did it with nary a noticeable hitch. Kudos to them. With the small exception of these new default settings and the concerns they raise, I can whole-heartedly say the experience has, for me, been exceptional. I am enjoying the new features immensely.

P.S. – I have spoken with some people that have expressed concern that the Windows 10 upgrade would affect some of their web or cloud-based services. Be reassured. The upgrade only affects your own computer(s). Cloud solution are unaffected, as your provider is the one hosting the service and all your data. You simply log in via your web interface as before: No change to any files or way of working. Business as usual. Nice.


Leave a Reply

Your email address will not be published. Required fields are marked *