PrintNightmare: Microsoft’s urgent warning about your PC, and your options.

Written By James

Today’s news was doubly bad for anyone using a PC with Microsoft Windows.

On the heels of a massive ransomware attack, Microsoft just announced to the world a major Windows vulnerability that makes using a PC feel like driving a car with a bomb in the trunk.

This new vulnerability earns its namesake Nightmare. It uses a hole in Microsoft Windows to allow someone to hack into your computer, access your information, and even create a new administrative user with full permission to do anything on your computer, including accessing all the devices on your network, all your applications and data. An admin on your computer doesn’t just have access to your webcam. An admin can access all the cameras in your home, and everything else you have access to.

If this is starting to feel like the movie Groundhog’s Day, you’re not alone. This is just the latest of an avalanche of Windows nightmares. Three months ago, hundreds of thousands of Microsoft Exchange users were targeted using four vulnerabilities that allowed the hackers to access email and calendar accounts. One month earlier, over 18,000 business and executive Microsoft users were exploited as part of an attack leveraging yet another very common IT support tool for Windows called Solarwinds. Today’s $71 million ransomware attack actually used Kaseya, another common IT support tool. And just one year earlier, the United States National Security Agency (NSA) told Microsoft about a major security flaw that could compromise even more Windows users.

Microsoft has a demonstrated track record of security failures. And “managed service providers” (aka MSPs), the outsourced IT vendors to small and medium size businesses, must be having a really, really bad day. But that’s another story we need to talk about in the next few days.

The bottom line: If you use Windows, you are exposing yourself to massive risk, loss of privacy, data loss, data theft, financial loss, damage to your businesses and reputation.

If this is unacceptable to you, here’s what to do about it:

First, it’s important to be mindful.

Recognize that any habits, attitudes and beliefs about technology that are older than a year are most likely obsolete and irrelevant. Which means if you’re still operating from habits, attitudes and beliefs about your favorite devices or the software you’re used to, you could be seriously missing out, falling behind, or worst case, in serious trouble waiting to happen. Here’s a perfect example:

Remember when people used to say “PCs are better at business, and Macs are for graphic artists”? Well, that’s clearly outdated by about 10 years. In 2015, IBM offered all 400,000 employees across the globe their choice of Mac or PC. In the first few months, over 90,000 switched to Mac, and it only took 5 full-time employees to do it. Even more interesting, by 2019 IBM identified that their Windows PC users had twice the number of support calls, and the cost of ownership for PC users was 3X more expensive than their Mac counterparts.

This doesn’t mean you want to react and buy a Mac. Which gets to the next point:

Next, think like an Executive.

When faced with new information, even in the face of horrible news, an executive’s objective isn’t to execute a predefined plan.

What leaders need during a crisis is not a predefined response plan but behaviors and mindsets that will prevent them from overreacting to yesterday’s developments and help them to look ahead.

- McKinsey & Company

(March 16, 2020 Gemma D’Auria and Aaron De Smet, Leadership in a crisis: Responding to the coronavirus outbreak and future challenges)

It’s somewhat ironic that the above quote is from a leadership article related to response to a virus.

By having an open mind, you won’t fall into the trap of limiting your options and inadvertently putting yourself in a Sisyphus situation.

It’s important to think about your long-term goals and objectives. For over 25 years, I have seen customers willing to pay, over and over, month after month, year after year, to fix “little” issues with Windows, like problems with email, printing, or viruses. When comparing a typical one-time service call fee to something more dramatic, like switching computers entirely, it’s tempting to pay for the quick fix. But remember, the same technology changes that make habits, attitudes and beliefs obsolete or irrelevant also makes the “break/fix” repair strategy just as irrelevant and obsolete. The threats and exploits coming out with increasing frequency also come with exponentially worse severity.

The next obvious question for any business owner, executive, or quite frankly anyone ask is: If the Microsoft platform has a track record this bad, not just for the past two years, but for decades, and if the risk to me is this great, what should I do?

Traditional IT departments respond by asking for “more resources.” Keep adding more walls around the castle. Dig more moats. Clearly this strategy no longer works either, as the very tools IT professionals use to manage the security of their networks - like Solarwinds and Kaseya - are the technologies being used by hackers to create the exploits.

Executing a well thought out plan of action.

If you are a Windows user, you have only two options.

First, you can respond accordingly to mitigate risk and increase your defenses.

It’s tempting to hire a traditional consultant. Someone technical, usually a geek or a nerd, to help apply the patches that Microsoft will be releasing soon.

But this is not the right approach.

This is not as easy as it sounds. In one of the articles linked above at the beginning of this article, a national news channel suggested “maybe rebooting your PC could start it updating.” Maybes do not count.

In fact, a few minutes ago,as I am writing this, I received a text from a Tech Concierge member. He asked me about today’s Microsoft news. Then he said that coincidentally, a kid from the university that both he and his wife work at had just stopped by their house regarding something unrelated, but that while he was there he had “fixed”their printer on his old PC. The student presumably re-enabled the print spooler on a Windows 7 computer that isn’t updated and cannot be updated because Windows is broken. In fact, we had just finished migrating all the data on that old PC to a new Mac, and we had agreed to not try repairing the old computer because fixing it would require erasing it. What the student had done was actually make the PC even more of a threat by fixing the very functionality that the Microsoft exploit depends on.

Important pro tip: When looking for the right resource, find a certified and qualified professional. Geeks, nerds, and “smart” kids who appears to be good with tech are about as competent with tech as the newscaster that told you ‘maybe rebooting will fix it.’

The only logical choice for someone who wishes to remain on Windows is to have an excellent backup strategy that includes both local and remote backup, acquire and update threat management software, and then run the prescribed Windows operating system updates and security patches as they become available.

But what if you’re tired of this runaround?

Second, if you are tired of this, you can switch seamlessly to a Mac.

Remember a few sentences back, the Tech Concierge member who had just finished migrating to a Mac? Well, in between the writing of this article, we spent about an hour together walking through his new software: All of this data was transferred. 100% of his files - decades of research and presentations and papers - opened flawlessly, even in Microsoft Office. Mac Mail, Calendar and Contacts all worked perfectly, but we still configured Microsoft Outlook on the same computer in case he wanted to use it for anything. Zoom, Microsoft Teams and Webex were all set up and tested. We verified his Calendar and Contacts and Mail all syncs flawlessly on his iPhone. Printing works. Everything was tested, and over the course of the last month he’s had about four hours of training to make him so confident on his Mac, switching away from the PC is simply like getting out of a Ford Focus and getting into a BMW.

And remember the PC with the broken Windows? Again, as I was writing this article, Microsoft released software updates including for Windows 7, which is no longer supported. The update didn’t work however, which was not a surprise, because it confirmed broken Windows that never allowed us to upgrade to Windows 10 without erasing the computer and starting over. That’s what triggered the switch to a new computer, and his trust and confidence in me is what triggered the switch to a Mac. While the student from his university applied a band-aid and actually fixed the software responsible for the security hole, I recommended not updating it today. Why? We want to have the old PC around as a reference point and for the unforeseen emergency in case he gets stuck tomorrow, his first day of using the Mac exclusively. Keep that old PC in hibernation, and just wake it up if you absolutely have to. In 30-60 days, or whenever the customer tells me he’s officially never looking back, we’ll securely erase that old computer and get it set up for recycling.

Some final notes.

There are some industries where software development is stagnant and mostly focused on reacting to Microsoft security updates and patches. These industries, including architecture and engineering, may have major platforms consisting of applications where the vendors have not caught up with hardware and operating system evolution. Revit and Lumion are still Windows only, as is Solidworks. In cases where your company has come to the conclusion that the benefits of running these apps over a Mac alternative makes good business sense, then you’ll have to have a strategy for managing Windows until such time that you decided to move away from it.

But you can still develop a multi-vendor strategy to reduce the risk and severity of running Microsoft products within your business. In one architecture business, I have migrated 30 years of client projects and all business administration to Google Workspace Enterprise, and everyone in the company, mostly architects running extremely high-end Windows-based design workstations, as well as a few Mac users, access everything via Google Drive for Desktop. We eliminated their two small business servers, including a Windows 2008 R2 server and a Windows 2012 R2 server. This not only reduced their risk, it also reduced their carbon footprint significantly. And the Principals and owners have high-end MacBook Pros, their business owner tool of choice.

Again, for most people, it’s either habits, attitudes or beliefs about Windows vs. Mac that keeps them from switching, and the most common belief system is that switching is disruptive or difficult. Done correctly, it’s neither.

So what’s holding you back? How many more Nightmare scenarios do you need before you switch?

If you would like to discuss your needs, we can schedule a one-on-one consultation. Please click here to submit a request.

UPDATE 2021-07-08:

Microsoft released a security patch separate from major system upgrades. It’s located here. Make sure to have a good backup of your system first, and if the update doesn’t apple (in 6 out of 7 cases within 3 hours of the update, it downloaded but wouldn’t install), you may have another problem with Windows that needs to be corrected. This is another catch-22 for Windows users: For all of the above reasons, deferred maintenance tends to result in frequently fragile and broken systems.

James

Father, husband, technologist, entrepreneur and aspiring flaneur. I love learning and teaching.

Previous

Vision Pro and Apple’s Vision
Next

The world’s best Apple-Authorized data recovery.