Archives for June 2024

“In the year then of our Lord, 1348, there happened at Florence, the finest city in all Italy, a most terrible plague …”  The Decameron.

The computer plague of our time is malware. Malware is software intentionally designed to damage digital devices and their data. A wide variety of malware exists including viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware. It’s estimated that there are more than one billion malware programs lurking on the Internet. Security experts detect more than half a million new pieces of malware every day.

In light of this threat, you MUST install anti-malware software on any device running the Microsoft Windows, macOS or Android operating systems. The next post will cover iOS. Anti-malware software prevents, detects, and removes malicious software from your desktops, laptops, tablets and phones. And you MUST configure your anti-malware software to update its malware signatures regularly. Malware signatures are used to identify malicious software and their activities. Malware constantly changes and out-of-date anti-malware software will not protect you.

Most major malware products are U.S. based, and I’m sure they’re logging usage. All will have strong encryption and independent third party audit of their effectiveness. Some other essential features are:

• Comprehensive detection and removal of malware of all sorts.
• A host-based firewall that protects your devices by filtering network traffic and blocking outsiders from gaining unauthorized access to your devices and data. Firewalls can also prevent malicious software from reaching your device, defeating malicious software before it gets a chance to install and operate.
• An intrusion protection system (IPS) that continuously monitors network traffic entering and leaving your devices, watching for potentially suspicious traffic, and taking action to interrupt suspect traffic from continuing.
• Anti-spam protection integrated with your email. Spam is unsolicited and annoying email messages that try to lure you into buying something, sending money, or clicking on a link or attachment. Spam may be unwanted advertising. It may also be a scam.
• Anti-phishing protection with white-listing and black-listing support. Phishing emails attempt to trick you into revealing sensitive information like passwords, account numbers, or social security numbers. A whitelist identifies safe sites. A blacklist identifies known malicious sites.
• Multi-device support. Applications should be available for all common operating systems and devices.
• Free technical support if your device becomes infected with malware. This is a significant benefit. Malware can be quite difficult to remove once it’s burrowed into your system.
• A strong reputation in the marketplace with excellent customer support.

Many products provide malware protection within security suites that also offer a password manager, virtual private network (VPN) services, and cloud backup services. I rarely recommend these additional services. There are better options. Security suites may also offer dark web and credit monitoring services which, if available at no additional cost, are worth a look.

The next post reviews recommended security suites.

Information provided in this post is subject to the disclaimer in the first post of this series.

How can you protect your devices from evil malware? If you’re running Windows 10 or 11, Microsoft Defender Antivirus comes free with the operating system and provides basic services. These services include strong anti-malware protection, a host-based firewall, anti-phishing protection, and parental controls. While there are stronger commercial security suites available for purchase, if your budget is limited, Microsoft Defender Antivirus provides an essential measure of protection.

In the post, “Show Me the Money,” I highlighted the need to understand the business model for products and services, and that anti-malware software required a significant ongoing investment to keep ahead of evolving threats. So why would I recommend Microsoft Defender Antivirus given that it’s free? And why would Microsoft continue to invest in it when it generates no direct revenue?

The short and slightly cynical answer is that running Windows without anti-malware software is like walking around with a “Kick Me” sign taped to your back. The Windows operating system is insecure. And if your customers are constantly getting hacked, this creates brand and market risk, so Microsoft wisely invests in Defender Antivirus.

For macOS and Android, I can’t make a similar argument and don’t recommend free anti-malware products.

I recommend two strong commercial security suites: Norton 360 Standard, and Bitdefender Total Security. Both meet the criteria in the prior post, and have products for Windows, macOS, Android and iOS. Their pricing is similar, around $99 per year. They normally offer a significant discount for the first year. Yes, this is a little pricey, but they offer excellent protection. I regret to inform you that both companies will aggressively try to upsell you on other products. This seems to be a feature of this market segment.

The link to Norton 360 Standard: https://us.norton.com/products/norton-360-standard

The link to Bitdefender Total Security: https://www.bitdefender.com/solutions/total-security.html

A brief word on anti-malware protection for iOS. iOS is inherently more secure than other operating systems. Each app runs in its own “sandbox” and has no ability to tamper with operating systems files, or the files and data of other apps. If you purchase a commercial security suite which comes with an app for iOS, I would install it. Just know that it provides limited value. This is not to suggest that no action is required to improve the security configuration of your iOS devices. I will address this is a later post.

Next, we’ll see how Alice and Bob met their anti-malware needs.

Information provided in this post is subject to the disclaimer in the first post of this series.

Alice has a Windows 10 PC to support her personal IT consulting business and a MacBook Pro for personal use. She carries an iPhone for both personal and business calls. After reviewing the security suites on the market, she selected Norton 360 Standard to protect all of her devices. While other great products were available, she’d used Norton products for many years (remember Norton Utilities?) and had confidence in the company. An annual subscription cost less than a nice dinner out with her significant other (which was not Bob, in case you were wondering).

She installed the software on both her PC and her Mac and configured them to automatically update the malware signature files and the software itself. She downloaded the app to her iPhone. While it didn’t appear to do much, it was available, and she’d paid for it. After reviewing the bundled VPN service, cloud backup service and password manager, she went with other products. While the services were good, as an IT consultant she was a hard grader, and she felt there were better offerings available. And she’d already selected Carbonite for cloud backup.

Bob has a Windows 10 PC and an Android phone and took a more parsimonious approach. He would not spend one nickel unless he had to. He enabled Windows Defender on his Windows 10 PC and that was good enough for him. And he only used his Android phone for phone calls. Wi-Fi and Bluetooth connectivity were both turned off, so he saw no need to add anti-malware software on the phone. Alice rolled her eyes at this approach, but there was no arguing with Bob.

Now that you’ve done some research and reviewed Alice’s and Bob’s anti-malware strategy, it’s time for you to choose your own if you have not already done so. Anti-malware protection is a MUST.

Information provided in this post is subject to the disclaimer in the first post of this series.

“I’m pretty open book. I’m also the kind of person that will say, ‘That’s none of your business.’” Ice T

Social media platforms are powerful tools for connecting, sharing content, conducting business, and disseminating news. Billions of people post personal information on social networking sites including Facebook, TikTok, Instagram, Snapchat, YouTube, Twitter/X, and LinkedIn. Social networking companies harvest sensitive data about individuals’ activities, interests, personal characteristics, political views, purchasing habits, and online behaviors.

Social networking sites also collect data about you from third parties. For instance, using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that 186,892 companies sent data about them to the social network. On average, each participant had their data sent to Facebook by 2,230 companies.

You should assume that anything you post on a social networking site may become public information. It’s “open book.” It’s up to you to decide how much information you choose to share, and what you choose not to share, because it’s “none of your business.”

In practice, what gets shared is hard to control. But don’t let the fact that it’s hard to control, and that privacy policies may change and site security protections may fail, deter you from managing your privacy permissions on social networking sites. The specifics vary by site. Here are a few things to think about:

• Many social networking sites have tools to audit or review your privacy settings. I recommend you take full advantage of these tools and limit the amount of information you share and with whom.
• Avoid sharing data that’s prized by identity thieves, including your age, birthday, place of birth, home address and phone number.
• Exercise caution when using third-party applications offered through social media sites. They likely have separate privacy policies governing the use and exploitation of your data.
• Use caution when receiving a friend request from someone you don’t know. This is a common tactic for fraudsters. It’s best to reject such requests. If you choose to accept them, limit the amount of personal data you share.
• When you post photos online, they may contain hidden information called “Exif” data that includes when and where the photo was taken. If you prefer not to share this information, there are several approaches that I will consider in a later post. The simplest way to exclude the data is to take a screenshot of the photo using your phone. Screenshots typically don’t include the same Exif data that the camera on your phone captures.
• Respect the rights of friends and family when posting on social network sites. They may prefer not to have their photos or personal information shared. Privacy is a team sport. We’re all in it together.

I recommend you review the privacy settings on the sites that you use. Here are some links for common social networking sites to point you in the right direction:

• Facebook Privacy Checkup: https://www.facebook.com/help/443357099140264
• TikTok Account Privacy Settings: https://support.tiktok.com/en/account-and-privacy/account-privacy-settings
• Instagram Privacy Settings: https://help.instagram.com/196883487377501
• Snapchat Privacy Settings: https://help.snapchat.com/hc/en-us/articles/7012343074580-How-do-I-change-my-privacy-settings-on-Snapchat
• YouTube (Google) Privacy Checkup: https://myaccount.google.com/privacycheckup
• Twitter/X Ads and Data Privacy: https://help.twitter.com/en/safety-and-security#ads-and-data-privacy
• LinkedIn Privacy Settings: https://www.linkedin.com/help/linkedin/answer/a1337839/managing-your-account-and-privacy-settings-overview?lang=en

As we proceed forward, the recommendations in this blog also provide protection against invasive collection of your data by social media companies. We’ll discuss virtual private networks (VPNs), private web browsers, web search, text messaging, and email. I will also suggest some privacy focused alternatives to the major social networking sites.

Remember, when you post data on a social networking site, you are the product. That’s their business model. Choose what you share wisely.

Information provided in this post is subject to the disclaimer in the first post of this series.

“The hacker didn’t succeed through sophistication. Rather, he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.” The Cuckoo’s Egg.

Clifford Stoll, in his 1989 book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, described his hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory. It started with a 75 cents error in computer usage accounts. One take-away from this early story of computer hacking is that Dr. Evil and his minions more often succeed through trial and error than brilliance. They walk through an unlocked door.

This brings us to the need to encrypt the internal disks on your digital devices. If you fail to do so, and your device is lost or stolen, your data is there for the taking. I very strongly recommend that you enable Full Disk Encryption (FDE) on all your devices. Don’t leave the door unlocked.

For Microsoft Windows, many versions of the operating system come with Bitlocker. It’s well integrated, easy to enable and provides strong protection. If it’s not already enabled, follow the instructions at: https://support.microsoft.com/en-us/windows/device-encryption-in-windows-ad5dcf4b-dbe0-2331-228f-7925c2a3012d .

Make sure you keep a copy of the Bitlocker recovery key in your Password Manager or Microsoft account. See: https://support.microsoft.com/en-us/windows/back-up-your-bitlocker-recovery-key-e63607b4-77fb-4ad3-8022-d6dc428fbd0d .

If Bitlocker is not available on your version of Windows, consider upgrading to Windows Professional. If this is prohibitively expensive, encrypt your drive using VeraCrypt. Make sure you generate a Rescue Disk image. You can find instructions on the website at: https://www.veracrypt.fr/en/Home.html

For macOS, the operating system includes FileVault. Make sure it’s turned on and save the recovery key in your password manager or iCloud. You can find instructions at: https://support.apple.com/guide/mac-help/protect-data-on-your-mac-with-filevault-mh11785/mac .

Full Disk Encryption for iOS is enabled by default and you can’t disable it.

If you set up a lockscreen, Android devices will encrypt your data. See: https://www.androidauthority.com/how-to-encrypt-android-device-326700/

Caution: To keep a sophisticated hacker from stealing your data if they get their hands on your device, the device needs to be powered down. If your device is stolen while it’s on or in sleep mode, Dr. Evil can bypass your screen lock and defeat disk encryption.

Our friend Alice, being a responsible IT professional, enabled Bitlocker on her business PC and FileVault on her MacBook. She knew her iPhone was encrypted by default. She saved the Bitlocker and FileVault recovery keys in her password manager.

Bob encrypted all three disks on his PC with VeraCrypt and created Rescue Disks. He kept the Rescue Disks in his sock drawer. He set a lockscreen on his Android phone to encrypt the internal drive.

Easy peasy!

***

I hope you’ve now implemented your strategy for backup and recovery, password management, anti-malware protection and full disk encryption. If you’ve done so, congratulations! Your security posture has surely improved. We’ve also discussed freezing your credit report, strategies for not getting scammed, and the hazards of social networking.

At this juncture, I repeat a caveat from the second post. Take one step at a time. Don’t change everything at once. Work with a new product or process until you get used to it, and before you make another significant change. You may find it useful to write down what you changed just in case you want to return to a prior configuration.

In the next several posts, I discuss additional actions you can take to improve your privacy. Onward!

Information provided in this post is subject to the disclaimer in the first post of this series.

“If you’re out of date, you’re out of luck.” Anonymous.

The operating systems on the devices you use, as well as the application that run on them, get regular updates. Many of these updates close security vulnerabilities. Dr. Evil and his minions are constantly seeking ways to hack into your devices. They’re looking for an “unlocked door.” I strongly recommend you enabled automatic updates for your operating systems and applications.

Your operating systems should have automatic updates enabled by default. I recommend you double-check this to make sure. Here are some brief instructions:

• Windows 10: From the Start menu, go to “Settings > Update & Security > Windows Update”. Ensure that you have enabled automatic updates. There are other options to consider, in particular, “active hours.” Set this to the time during the day when you don’t want your system to restart.
• Windows 11: Click the Windows icon and then go to “Settings > Windows Update.” Ensure that you have enabled automatic updates. Then select “Advanced options.” Setup “active hours” to make sure your system does not restart during working hours.
• macOS: Open “System Preferences > Software Update” and click the “Advanced” button. Check all the boxes.
• Android: Open “Settings > System > Advanced > System Update.” Make sure it’s turned on.
• iOS: Open “Settings > General > Software Update.” Turn on “Automatic Updates.”

Configuring your applications to update automatically is a bit more complicated. Check each application to see if there’s an option to enable automatic updates (there may not be). If there is, turn it on. If you installed the application from the official app store for the device, you can configure the app store to perform automatic updates. Here are some brief instructions:

• Microsoft Store app: Click the three-dot icon in the top-right corner, select “Settings”, and toggle on “Update apps automatically”.
• Mac App Store: Open “System Preferences > Software Update,” and click the “Advanced” button. Select the option to “Install app updates from the App Store.”
• Google Play: Open the Google Play Store app and then tap “Menu > Settings > Auto-update apps.”
• iOS App Store: Open “Settings > App Store” and enable “App Updates”.

Don’t leave the door unlocked. Make sure you keep your software up-to-date. If you’re out of date, you’re out of luck.

Information provided in this post is subject to the disclaimer in the first post of this series.