Windows 10 adoption rises with Steam users: 25 percent have jumped to the new OS

    Windows 10 hit a milestone in the PC gaming world last month: The operating system is now installed on more than a quarter of all computers running Steam.

Valve’s monthly Steam hardware and software survey shows that 26.63 percent of users were running 64-bit Windows 10 in October. Another 1.01 percent were running “Windows 10,” which presumably refers to the 32-bit version, for a grand total of 27.64 percent. The survey was first spotted by WinBeta.

With these results, Windows 10 is putting more distance between itself and Windows 8/8.1, which combined account for 20.52 percent of Steam installations. Windows 7 remained the clear favorite, with a 44.42 percent share. As a whole, Windows still accounted for 95.39 percent of Steam installations, though it declined last month by 0.32 percent, almost entirely at the expense of Mac OS X.

The Windows 10 adoption rate among Steam users appears to be far ahead of that for the general population, at least according to some third-party metrics. For October, NetApplications recently estimated 7.94 percent share for Windows 10 devices that accessed the Internet, while StatCounter’s pageview-based metrics came up with 9 percent. In all cases, adoption is slowing. Among Steam users, Windows 10 installs increased by just three percentage points last month, compared to eight percentage points the month prior.

Adoption from PC gamers could get a boost in the months ahead, as more games launch with DirectX 12 support. The graphics technology promises to make PC games run much faster, but it runs only on Windows 10. Microsoft is also planning to get more aggressive with upgrades next year, reclassifying Windows 10 as a “Recommended” install so it downloads automatically on more machines.

The story behind the story: Microsoft has traditionally treated PC gaming as an afterthought, but that’s starting to change with Windows 10. Between DirectX 12, deeper ties to the Xbox One , and PC ports of some first-party games such as Halo Wars, Microsoft is hoping gamers will have lots of reasons to upgrade.

Dropbox woos large businesses with new Enterprise offering

  The new service adds features on top of the existing Dropbox   Business plan

            Large enterprises have a new Dropbox product tailored for them that the company unveiled at its user conference in San Francisco on Wednesday.

Dropbox Enterprise is built on the foundation of Dropbox Business, the company’s product aimed at organizations. Companies that buy it will get access to all of the features in Dropbox’s business-facing offering, plus special capabilities like the ability to prevent people with certain email address domains from using them with a Dropbox personal account.

When companies set up the service’s account capture feature, any employees with personal Dropbox accounts that are set up to use a company email address will have their syncing halted until they choose to either bring those accounts under the company umbrella or change the identity they use for the accounts to a personal email.

While administrators will get to see how many users have opted to keep their accounts personal, they won’t know which specific users opted out of joining the Dropbox Enterprise umbrella. That could prove problematic for systems administrators who want to make sure that those users haven’t exfiltrated company data using Dropbox.

Companies that buy Dropbox Enterprise will also get access to new insight tools that provide a graph of how members of an organization work together (and with outside organizations) as measured by the files that they share through Dropbox. Using those tools, administrators can evaluate whether people are working together the way they want them to, and also track sharing outside their organization to make sure nothing problematic is going on.

It’s similar to Microsoft’s Delve Organizational Analytics service for Office 365 users, which the tech giant has yet to make generally available to users of its collaboration suite. Microsoft’s service offers deeper insights into how people are working based on information it’s able to glean from the Office Graph API and also lets individual users see how their work habits compare to those of their co-workers.

Dropbox Business and Dropbox Enterprise customers will be able to sign contracts with the company to provide HIPAA-compliant storage for their files. That’s key for regulated healthcare businesses that need those storage controls in order to keep in line with laws governing the way they work.

In addition, IT administrators managing Dropbox Enterprise or Dropbox Business can now get access to beta versions of new security features including Suspended User State, which makes it possible to lock a user out of an account without having to delete the files in it. That’s a powerful tool for locking ex-employees (or soon to be ex-employees) away from sensitive customer data while still allowing access to it further on.

It will be interesting to see if the new offering drives additional interest in Dropbox’s offering from the large businesses that it’s targeted to. The company is competing against some heavy hitters in the tech industry, including Microsoft and Google. At the moment, there are more than 150,000 organizations using Dropbox Business at least in some small deployment, so that's a start. 

Gartner: Internet of things will change cyber security forever

  Analysts to explore cyber security trends during the    Gartner     Security & Risk Management Summit,    September 1-2, in Mumbai.

   Over 20 percent of enterprises will have digital security services devoted to protecting business initiatives using devices and services in the Internet of Things (IoT) by year end 2017, according to Gartner, Inc.

Gartner defines digital security as the risk-driven expansion and extension of current security risk practices that protect digital assets of all forms in the digital business and ensures that relationships among those assets can be trusted.

“The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns. This is especially true as billions of things begin transporting data,” said Ganesh Ramamoorthy, research vice president at Gartner.

“The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning.”

In an IoT world, information is the "fuel" that is used to change the physical state of environments through devices that are not general-purpose computers but, instead, devices and services that are designed for specific purposes.

As such, the IoT is at a conspicuous inflection point for IT security, and the chief information security officer (CISO) will be on the front lines of its emerging and complex governance and management.

The IoT is redrawing the lines of IT responsibilities for the enterprise. IoT objects possess the ability to change the state of the environment around them, or even their own state (for example, by raising the temperature of a room automatically once a sensor has determined it is too cold, or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient's medical records).

“Governance, management and operations of security functions will need to be significant to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes - but on a much larger scale and in greater breadth,” said Mr. Ramamoorthy.

Further said, “IT will learn much from its operational technology (OT) predecessors in handling this new environment.”

Although an IoT device may seem new and unique, a hybrid of old and new technology infrastructure enables the services that the device consumes to perform. Securing the IoT will force most enterprises to use old and new technologies from all eras to secure devices and services that are integrated via specific business use cases.

A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases. What constitutes an IoT object is still up for interpretation, so securing the IoT is a "moving target."

“Ultimately, the requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” Mr. Ramamoorthy said. “However CISOs will find that, even though there may be complexity that is introduced by the scale of the IoT use case, the core principles of data, application, network, systems and hardware security are still applicable.”

Encyrption ban banished from draft UK surveillance bill

A threatened ban on encryption has been banished from a draft bill on surveillance powers in the U.K. -- but the government plans to explicitly allow bulk surveillance of Internet traffic by security and intelligence agencies.

U.K. Home Secretary Theresa May began by listing the things the draft bill did not contain as she introduced it in Parliament on Wednesday.

"It will not include powers to force U.K. companies to capture and retain third-party Internet traffic from companies based overseas. It will not compel overseas communications service providers to meet our domestic data retention requirements for communications data. It will not ban encryption or do anything to undermine the security of people's data," she said.

But she does want police and the security and intelligence services to have the right to track Internet communications in the same way they do phone calls.

"It cannot be right that police could find an abducted child if the suspects were using mobile phones to conduct their crime, but if they were using social media or communications apps they would be out of reach," she said.

How police will be able to do that if companies such as Apple retain the right to offer end-to-end encrypted communications remains to be seen. The devil, as several Members of Parliament remarked in responses to May's statement, is in the details.

The new proposal is not a return to the draft communications data bill of 2012, May said. That was heavily criticized for containing the kinds of measures she ruled out Wednesday

, and ultimately blocked by the ruling Conservative Party's coalition partners at the time, the Liberal Democrats.

Draft bills are proposals for legislation that have not yet been debated in one of the two houses of Parliament.

Before those debates begin, May's text will first be examined by a joint committee of the two houses to get it into a form that will encounter less opposition than did its predecessor. The main opposition party, Labour, has already welcomed Wednesday's proposals -- in principle at least.

May intends to have the bill passed into law by Dec. 31, 2016, when previous legislation enabling government surveillance of communications expires.

The new draft frames the abilities of the police and security and intelligence services to acquire and retain communications data, to intercept the contents of communications, and to interfere with equipment so as to obtain data covertly from computers.

It also regulates the bulk use of these powers by the intelligence and security services, May said.

One measure likely to attract criticism is the requirement on ISPs to retain 12 months' worth of "Internet connection records" showing which communications services customers have used.

This is not a record of every web page visited, May said: "If someone has visited a social media website it will only show they have accessed that site, not the pages they visited or what they said. It is simply the modern equivalent of an itemized phone bill."

That comparison "was a bit crass," said Mike Weston, CEO of data science consultancy Profusion. "It's more useful and more intrusive. You can tell quite a lot more about what people are looking at online than you can from an itemized phone bill."

But May said there would be further restrictions on what could be stored: Law enforcement agencies will not be allowed to determine whether someone had visited a news website or a mental health website, only whether they had visited a social media website or a communications service, she said.

However, in certain cases the police will be allowed to determine whether someone has visited a particular IP address -- which will allow them in many cases to determine which website they visited.

In preparing the legislation, the government had consulted with ISPs in the U.K. and in the U.S., May said. Whether they are happy with the cost of capturing and storing all that traffic data for the government is unclear.

"There are suggestions that the cost to businesses could be £245 million over ten years," said Weston.

Boasting of the draft bill's provisions for transparency regarding the activities of the security and intelligence services, May said: "There remain some powers that successive governments have considered too sensitive to disclose for fear of revealing our capabilities to those who mean us harm."

But rather than proposing to finally lift the veil on those powers, she plans to give the agencies explicit permission to obtain data in bulk, putting an end to accusations that they conduct such operations illegally.

She proposed regrouping existing surveillance supervisory powers and handing them to a new Investigatory Powers Commissioner who will hold the intelligence agencies to account, and putting a "double lock" on the authorization of interception warrants by requiring approval from government ministers and from a panel of judicial commissioners.

One of the companies that already knows most about our browsing habits, Google, did not respond to a request for comment. Another, Facebook, said it is reviewing the bill and will follow its progress through Parliament

Newly-discovered Android malware impossible to remove

   Security researchers have come across a new kind of Android malware, which purports to be a well-known app but then exposes your phone to root attacks  and is virtually impossible to remove.

The new malware has been found in software available on third-party app stores. The apps in question use code from official software that you can download from Google Play like Facebook and Twitter, reports Ars Technica, so they initially seem innocuous and even provide the exact same functionality.

             But in fact they're injected with malicious code, which allows them to gain root access to the OS. In turn, a series of exploits are installed on the device as system applications, which makes them incredibly hard for most people to remove.

Mercifully, the three types of observed malware, known as Shedun, Shuanet, and ShiftyBug, don't seems to do much other than display ads at the moment. But their OS privileges mean that they could in theory be exploited to gain access to your private data.

The spread of the malware seems to have been automated: the team's already seen over 20,000 of the modified apps, notably in the US, Germany, Iran, Russia, India, Jamaica, Sudan, Brazil, Mexico, and Indonesia. There are currently no signs that the malware has made its way to the official Play Store. So, for now, it just pays to be careful if you go downloading apps from third-party stores.

Latest Windows 10 Insider build signals release of first update is imminent

Omits watermark identifying build 10586, just as it did last summer in run-up to launch

Microsoft today shipped a new Windows 10 build to its Insider testers, a refresh focused on bug fixes and improvements that contains a clue that signaled the first update for most users since July is imminent.

Thursday's build, labeled 10586, is the successor to version 10565, which Microsoft issued more than three weeks ago.

Build 10586 is a polish on last month's Insider update, and introduces no new features, hinting that it is among the last before Microsoft gives the code the green light for mass distribution.

"This build is really focused on bug fixes and general improvements," wrote Gabriel Aul, engineering general manager for Microsoft's OS group, in a post to a company blog today. "We've been loving this build in our internal rings as it is very fast and smooth, and makes a great daily driver."

While Aul's word choice pointed to build 10586 as the release candidate for Microsoft's first-ever update to Windows 10, a more significant cue was the omission of an on-screen watermark, which has appeared on earlier builds to mark not only the build number, but that it the code was for evaluation only.

Build 10586 has no such watermark.

Microsoft scrubbed the watermark from Windows 10 previews in the summer as it pushed towards launch. When it paused Insider build deliveries July 13 -- with Aul saying then that the company was "very close" to finalizing the OS -- it wiped off the watermark. Only after the July 29 launch, and the resumption of Insider builds to testers on Aug. 18, did the watermark return on preview program participants' PCs.

Rumors have circulated for the last week or more that Microsoft would issue Windows 10's first update, code named "Threshold 2," in the first few days of November. When that stretch came and went, the chatter shifted to pegging Nov. 10, which is also Microsoft's Patch Tuesday for the month.

Unlike with Windows 10's debut, Microsoft has not revealed a release date for the update ahead of time, nor said what nomenclature it will use to identify this update and others in the future.

In some places, Microsoft has tapped the initial Windows 10 build as "July 2015."

If build 10586 does become the release candidate for the update, it will be a milestone for Microsoft: The company has committed to generating multiple refreshes of the OS annually -- two to three times a year -- and this will be the first to automatically deploy to most consumers and many small businesses via the "Current Branch," one of three post-preview tracks the company will maintain for Windows 10.

Microsoft finally ties the knot with Red Hat for Linux on Azure

In a move many consider long overdue, Microsoft and Red Hat announced a new partnership through which Microsoft will offer Red Hat Enterprise Linux as the preferred choice for enterprise Linux workloads on Azure.

Azure will become a Red Hat Certified Cloud and Service Provider sometime in the next few weeks, making it possible at last for Red Hat Cloud Access subscribers to bring their own virtual machine images to run on Microsoft's cloud platform.

Microsoft has long offered Azure support for other Linux distributions, but Red Hat's key enterprise offering has been conspicuously absent.

"When I first heard the news, I wanted the title of the announcement to be, 'Hell has frozen over,'" quipped Gary Chen, a research manager with IDC. "I never thought it would really happen, but it finally did."

Through the new partnership, Azure customers will also be able to take advantage of Red Hat’s application platform, including the JBoss Enterprise Application Platform, JBoss Web Server and Gluster Storage along with OpenShift, its platform-as-a-service (PaaS) offering.

A "pay as you go" service called Red Hat On-Demand will offer RHEL images through the Azure Marketplace with support from Red Hat.

Developers will have access to .NET technologies across Red Hat offerings, including Red Hat OpenShift and Red Hat Enterprise Linux, with joint backing from Microsoft and Red Hat. RHEL will be the primary development and reference operating system for .NET Core on Linux, the companies said.

The companies will also offer unified workload management across hybrid cloud deployments. On the support front, meanwhile, a new enterprise-focused joint offering arriving in the next few weeks will be delivered by support personnel from each company co-located on-site.

The announcement has been a long time coming, said Elias Khnaser, a research director with Gartner.

"Microsoft should have done this 18 months ago," Khnaser said.

Still, the news is "a testament to Microsoft’s ability to rise above product competitiveness and be open, especially when it comes to Azure," he added. "Until now, clients that wanted to use Red Hat workloads on Azure needed to get a special support note from Red Hat, so this is definitely good news for clients that want to use Azure."

It will also benefit clients that use Microsoft Hyper-V but "may have avoided it in the past for Red Hat workloads," he said.

It's not a major game-changer for Azure in its battle with Amazon Web Services, Khnaser said, "but it is definitely a welcome step in the right direction."

AWS has long worked well with most of the major Linux vendors, but Microsoft "has a long history with Red Hat and Linux," IDC's Chen pointed out.

That history hasn't always been amicable. Not so very long ago, Microsoft CEO Steve Ballmer referred to Linux as a "cancer" in the technology world. 

The resulting lack of support for RHEL was negatively affecting Microsoft's cloud business, Chen said. "It was a big hole."

More recently, current Microsoft CEO Satya Nadella has sung a very different tune.

Overall, the move underscores not just the competitiveness that currently dominates the cloud arena, Chen said, but also the recent transformation of Microsoft.

"If this doesn't show that this is a new Microsoft," Chen said, "I don't know what would."