Just like medical journals, it seems like every new day brings some new report or another on the “state” of technology. Some reports are “nothing is secure, and you can never be secure“, while others take a more alarmist “secure everything” approach. I’m always sceptical when I hear of these things. They’re flashy, push people’s buttons, and generally feel like squeeze pages for a larger sales tactic. In fact, the first thing they should disclose is what they sell. At CWL we provide technology support services, so this topic is one that I’m acutely interested in. That said, there are often good things to glean from even the worst.
The most important line users cross with any software is the point of running (or installation). This is usually where you have a need to fulfill (like play video), and a software title in mind (like VLC media Player). But, since you’re a cautious user who doesn’t assume a virus scanner is perfect, and you don’t wish to be infected by malicious software – you want to be proactive about protecting yourself. What do you, then? Here are some proven strategies to help ensure you stay safe.
You may have seen this before. People you know are calling agitated saying you’ve been hacked. Checking your mail client, You’re SHOCKED to see that your email account has been sending out messages with malicious links. You even recall seeing the very same message sometime in the past. You now know your email account has been compromised. But, how could this happen? How are they gaining access to my account? How to I keep this from happening to me? I’ll answer these questions and more. To keep from these scams, you’ll need keen eye, and a good idea of how these things work.
Bad design can creep into any process, whether small or the much larger Twitter. I was thrust upon this when I (rather innocently) changed my phone number – but forgot to turn off Twitter’s “login verification” process first. There is no way I could have known, but my specific use case of Twitter, coupled with a phone number change, locked me out. After much consternation, I understood Twitter’s two-step process is broken.
I’m a big fan of KeePass. It’s a great tool for keeping and generating passwords in a small, encrypted, local database. While I generally gush about how amazing this tool is – I’m perplexed as to why there isn’t a great version of this tool on OS X. It doesn’t make sense that an operating system so powerful is so woefully underserved in this regard. As a daily OS X user, you too may wonder what the hell is up with KeePass on OS X, so let’s take a look.
The anti-virus (AV) application is dead, right? This often bloated, resource intensive application has to scan every single file on a computer; but still misses that one malicious application that brings your network to its knees. What are we to do now that viruses have become so sophisticated and agile? Change the way we approach security, or tell everyone that anti-virus software is just misunderstood?
For those that trumpet AV software, like David Harley of Eset, those in the media and technology industry are simply lost on the value that anti-virus software provides. In a paper released on the company’s We Live Security blog, Harley goes about crushing all arguments for AV obsolescence in favor of level-headed acceptance of failure – because, “perhaps that’s inevitable”. The fact is, every once in a while, a testing site or company comes along with a provocative report saying anti-virus software doesn’t work.
If you use passwords, you should store them securely somehow. This generally saves you from losing something, and should help you improve the strength of passwords you already use on websites. I’m a big fan of the powerful tool named Keepass, but always on the lookout for new and interesting tools that might help us improve password storage and use. This search lead me to Bluepass, a new tool (like Keepass) that intends to have cross-platform support and a new syncing feature for your data. Bluepass is currently in its early stages and looking for support.
News of Microsoft’s anti-virus product failing to receive a certification for effectiveness has been circulating on the Internet. The outfit running the tests is AV-TEST and they consider themselves the “Independent IT-Security Institute”. In previous certification tests, Microsoft’s anti-malware application scored high enough to be certified, but starting in September, the tool started failing the tests. On January 16th, Microsoft responded in a blog that vaguely attacked AV-TEST for poor testing methodology. Of course, AV-TEST responded to that. This is what seems like a tipping point, as many have started to seriously question the effectiveness of locally installed Virus Scanning applications. This idea of depending on virus scanning applications has been on my mind, and I wanted to flesh it out.
Recently, I’ve noticed a number of sites popping up with tools to make passwords more secure. The idea is that you go to the site, enter a few details, and the site generates a more secure password for that site. This allows you to have passwords that can be looked up, never stored anywhere and different for every site you use. As you’re probably aware, we like the password management tool Keepass for storing passwords – but what if you didn’t have to store them? What if you could easily remember a few phrases and generate unique passwords for each site you use based on those simple details? Beyond the safety of the service, it’s certainly an interesting idea.