TPM 2.0 and Win 11- Part  2

TPM 2.0 and Win 11- Part 2

In what has to be one of the most out of character moves ever, Microsoft recently released a registry hack to install Win 11 on a system that does not meet the minimum hardware requirements set by Microsoft. Why would they do that? It’s a good question that I do not know the answer to, but if allowed to speculate, I have a hypothesis or 2. To get there, let’s go back the beginning of the Win 11 adventure.

  • October 2019– Microsoft announces the development of a dual screen friendly version of Win 10 named Win 10x. MS’s primary stated reason for the new OS was to allow Windows to run on dual screen PCs and laptops with external monitors. For those of us who have been using multiple monitor configurations on Win machines for years, this made very little sense.
  • May 2021– Microsoft announces it will no longer be developing Win 10x. The project was put on indefinite hold. Following on the heels of that year’s continued global cancellation of civil liberties and in person human contact, this cancelation went mostly unnoticed.
  • June 2021– Microsoft announces that it is nearly ready to release Win 11, which came as a bit of a surprise since this was the first mention of the new OS. Also, MS had claimed 10 was going to be the last OS they would release. It was envisioned as an evolving platform and held true to that for about 6 years.
  • June 2021 additional– Microsoft sets the minimum system requirements to an arbitrary standard that would negate the ability to run Win 11 on nearly 90% of the factory built PCs* currently in use, 99% of gaming systems**, and 100% of virtual machines***. Even I had to pick up new equipment to install the dev and beta versions from the Windows Insider Program.
  • October 2021– Win 11 is officially released. Almost immediately, followed by about a half a dozen published ways to bypass those requirement during install and/or regular operation. The simplest of which is to replace a single Win11 registry key with the Win 10 version of the same key.
  • October 2021 additional– Microsoft publishes the Win 10 key to bypass their own requirements, without mentioning that it is simply the key from Win 10.

Hypothesis #1– Not to sound like a conspiracy theorist (mostly because the process by which MS releases and names its operating systems does not qualify as a conspiracy), I think it is fairly safe to say that Win 11 is Win10x with a new desktop style and very little else in the way of new anything. Microsoft has always built their new OS on top of the previous OS and all the core administrative functions, going back to XP, are readily available in Win 11. This release is, however,  quite a few less shiny new  bells and whistles than usual. My only guess is that the OS was intended to enforce an equipment upgrade across the globe, but they reasoned that the registry key bypass was too much of a tell of their tactics,  so they tried to get ahead of it by publishing it in a way that didn’t involving the public noticing the Win 10 & 11 similarities.

Hypothesis #2– They realized that they had limited their new OS’s adoption to about 10% of existing systems* by excluding anything older than a few years, most gaming systems, and virtual machines. This bypass does not help gaming** or virtual*** machines, but it does expand their potential Win 11 customer base to include factory built machines within the last 3 years.

Whichever hypothesis is correct (it is most likely a combination of #2 plus a few other reasons), this seems like a continuation of corporate America’s unwritten policy of cost cutting by skipping in house funded product testing in favor of a general rollout to the public of a beta level product. The results of which could, theoretically, be the cause the historically frequent cascade of OS release problems and their immediate patching with less than optimal fixes, which we’ve experienced  with every major Win OS rollout in the last 20 years. Sounds similar to something else Gates has been rolling out lately, doesn’t it?

  • Best Practices****
    My advice? Simple. Never be an early adopter of Gates inspired technology. It has rarely been rigorously tested or even proven to be a benefit to anyone until the first few service packs or patches have been released.

*TPM 2.0 has only recently been added to and put into use in production model PCs.
**Gamers rarely add security hardware to their self built systems.
***Virtual machines are just that. Virtual. Therefore they do not have hardware TPM’s installed.
****The best thing about Best Practices is that there are always so many to choose from.

Q: How to Configure VPN for IoT Devices?

Q: How to Configure VPN for IoT Devices?

A: VPN was initially designed to be used by computers. As such, there are software and network drivers to install and configure. The problem with IoT devices (Internet of Things, such as wireless thermostats, webcams, remote doorbells, wireless garage door openers, etc.) is that with almost no exceptions, developers have not included an option to add 3rd-party software and drivers. So by themselves, IoT devices cannot be secured.

BUT…

What if we were to do the following:

  • Create an encrypted wi-fi for the IoT device to communicate on between your router and the IoT device.
  • Enable VPN on the router, so that IoT data is encrypted between your router and your VPN provider.

Doing so makes it exceptionally difficult for your IoT data stream to be intercepted and harvested. No more threat of bad actors snooping on your home or business webcam, or remotely unlocking your digital door locks.

What Can We Do?

Encrypted Wi-Fi

The first step is to ensure your Wi-Fi router is configured properly for secure, encrypted networking.

The current encryption protocol of choice is called WPA3. Unfortunately, it has only been a standard for a year. There are few routers available to support it, and fewer IoT devices supporting it. However, I strongly recommend upgrading to a modem capable of WPA3 so that it is available as you upgrade your networkable devices.

My preference is for the ASUS brand of what are called Wi-Fi 6 or 6e routers. These are much faster than the previous generation, and support WPA3 and WPA2. I will use screenshots from the ASUS GT-AXE11000.

  1. Open the router control panel.
  2. From the sidebar select Wireless.
  3. Scroll down to the Wi-Fi channel you want to use for your IoT devices.
  4. Tap the Authentication Method. You will see a pop-up menu of all the available encryption options.
  5. Select WPA3-Personal, then configure the password.
  6. Save your changes.
  7. Test your IoT devices, computers, tablets, and mobile phones to determine if they can connect to WPA3.
  8. If all connect, we have rainbows and unicorns. If some devices cannot connect, you may need to change your Authentication Method to WPA2/WPA3.
  9. NOTE: Under no circumstances should you need to use WPA. This is a recipe for disaster. WPA has been broken, and any kid with 10 minutes of internet search will find the way to do it. Although WPA2 has also been broken, it is a more complex process.

Configure Your Router for VPN

The next step is to configure your router to connect to the internet via VPN. In this strategy, all traffic leaving the router is encrypted.

NOTE: Many mid-grade routers lack the ability to add VPN. This is a great time to invest in a modern, high-quality router that can add VPN, uses WPA3, and supports Wi-Fi 6.

  1. Subscribe to a quality VPN provider. I personally use NordVPN. 
  2. From your VPN provider website, download their opvn file. This is the driver to be added to your router.
  3. Open your routers control panel page.
  4. From the sidebar, select VPN.
  5. From the tabs, select Fusion VPN.
  6. Under the Server List section, tap Add Server.
  7. In the Add Server window, select OpenVPN tab.
  8. Enter your VPN subscription username and password.

  9. Tap the Choose File button, then locate and select the opvn file downloaded in step 2.
  10. Tap the Upload button to upload the opvn file to your router.
  11. Tap the OK button.
  12. Returning to the main VPN page, in the Exceptions List area, tap the Add Exceptions.
  13. In the Create New Policy page, from the Client Name field, tap the drop down arrow to see all devices connected to your router.
  14. Select one that you wish to be protected by VPN.
  15. In the Connection Name field, select the name of the VPN policy you created in step 8.
  16. Tap the OK button.
  17. Repeat steps 12-16 for every other device to be protected by VPN.

Yes, there are a lot of steps, but they are all easy, and the entire process may take under 10 minutes – AND you get to secure all your devices with VPN.

Q: Is It Still Safe to Use Tor?

Q: Is It Still Safe to Use Tor?

A: Get 100 consultants in a room, end up with 100 opinions.

A bit of background information for those not familiar with Tor. Tor was created by the US Navy as a method to create secure, anonymous internet communications. It was soon after released from restricted government use for use by anyone.

The way Tor works is it is a network – called the “Onion Network” – that consists of three gateways that anyone using Tor must pass through. This includes an entry node, middle node, and exit node. All traffic over Tor is encrypted, and because the exit node knows nothing about user data from the entry node, the data is well anonymized. The user needs to use a browser that understands how to use the Onion Network. The officially recognized browser for use is called the Tor Browser.

From my perspective, I can’t recommend the use of Tor at this point. My reasons are:

  • Due to the need to pass through 3 separate nodes, with encryption/decryption occurring at each, there is a huge latency (delay) introduced. This may slow down your internet work by as much as 4-10x.
  • The US government (and probably many other governments) have their own nodes in play. If you control a node, you have access to the decrypted data.
  • For the past few years a rogue player has installed around 900 nodes – out of a total of 9,000-10,000 total nodes. This one bad actor controls up to 10% of all nodes. Given that when using Tor you have to pass through 3 nodes, chances are around 30-35% your data will pass through one of theirs.
  • The entire Tor node system is volunteer, and from all reports, poorly managed and supervised. I can very well see that at least 50% of all nodes are controlled by bad actors.

What to Do

Instead of relying on Tor, I very strongly recommend the 24/7 use of a quality Virtual Private Network service (VPN). With VPN, all of your internet traffic is encrypted as it exits your device, where it travels to the VPN provider, is decrypted, and sent on its way. This prevents harvesting of your data by someone snooping on your Ethernet, Wi-Fi, or cellular connection, your Internet Service Provider (ISP), and anyone else up to the VPN provider. And since your data stream is intermingled with potentially thousands of other users as it leaves the VPN provider, it is impossible to isolate your data.

In addition, when using a quality VPN, your internet traffic is only slightly impacted by the encryption/decryption process – in fact, many users report their internet speed increases when using VPN, as a quality VPN can block some unwanted traffic from hitting you.

There are thousands of VPN providers available. Perhaps the majority are not quality providers and should not be trusted. My go-to vendor of choice is NordVPN at https://nordvpn.com

TPM 2.0 and Windows 11- Part 1

TPM 2.0 and Windows 11- Part 1

With the roll out of Windows 11, the term TPM 2.0 has been introduced to the general public. What is it exactly? Fundamentally, it is a platform integrity and security device. Beyond that, it depends on who you ask.

For the basics, the TPM (Trusted Platform Module) development has been governed by the TCG (Trusted Computing Group) which is a non-profit (quite lucrative Think Tank) offspring (spawn) of the IT industry (Big Tech). The TCG board is made up of technology manufacturer executives and sadly, has no one from the EFF (Electronic Frontiers Foundation) or any similar consumer advocacy organization, which means caveat emptor as usual. There is a good amount of info to cover about what that means, but for today we will just be discussing what, in a perfect world, the TPM 2.0 was intended to be.

Why was the TPM created?

From Wikipedia– “The primary scope of TPM is to ensure the integrity of a platform. In this context, “integrity” means “behave as intended”, and a “platform” is any computer device regardless of its operating system. This is to ensure that the boot process starts from a trusted combination of hardware and software, and continues until the operating system has fully booted and applications are running.

When TPM is used, the firmware and the operating system are responsible for ensuring integrity.”

Functions-

Encryption– random number generator plus cryptographic capabilities.
Remote attestation*– Device fingerprinting and recognition.
Digital Rights Management– Ensures all media, software, etc. are legitimate and of course, paid for.

What it does not do- Protect your system or data. Although this is being marketed as a consumer protection upgrade, it is merely a corporate profit upgrade. Which is not inherently a bad thing, but they should be honest about it. In the next few posts, we’ll be going over the different hardware and software devices which can be used as TPM 2.0 and in a later installment we’ll go over all the myriad ways one can install, bypass or simply fake this level of compliance. Guess which methods are the cheapest and easiest..

Coming Next Week- Why  did Microsoft do an about face on the minimum requirements for Win 11? I have a theory…

*Yes, a topical search of this subject will produce an overwhelming number of papers and articles lauding the privacy and security of the TPM 2.0 and the inherent goodness of remote attestation, but please realize that these were written by corporations, for the benefit of those corporations.

Author’s vaguely connected tangent-  And this would be an opportune moment to mention that “By Corporations, for Corporations” is a caveat that must be considered when reading, viewing, or downloading any data nowadays. We are rarely presented with any information that is not in the form of an advertisement. Newspapers are owned by the very entities they used to drag across their pages. Medical studies are announced by press release, not peer review. As Howard Zinn said, “The news is what they hide from us. All we have ever seen was advertising.”

So, always ask this question when experiencing prepared information-  Is it BCFC?  (Yes, it sounds like a county jail, which is fitting because it has about as much to offer the average human in the way of personal benefit and assistance as a county jail.)

Back to the subject- When one does a less cursory look into the uses of remote attestation, one will find truly dystopian headlines such as-

Sounds legit, right?  To sum it up, although there are dozens of RA protocols made by different companies, they all fundamentally function by sending some or all of the exact and most likely, unique, hardware and/or software configuration running on your system and can therefor be used to track you anywhere you go, regardless of VPN,  Tor, or any other identity obfuscation techniques you may be using.  With this technology, you are literally starting every internet action with an SSL Handshake which proclaims, accurately, exactly what you running. This can easily be tracked as a single entity with database of past actions. If that database is connected to any other entities’ attestation database,  (Note that there are only a few mega corporations owning everything nowadays) it quickly becomes the complete digital representation of you.   Translates to- knowing exactly who you are and what you are doing at any time online and will be used to predict and manipulate your actions in the future.

What can be done about this? Um… Well,  I’m still working on that. Please comment with any ideas you may have. This discussion is definitely open and your input will help.

Q: Is It Still Safe to Use Tor?

Q: How Does Our Privacy Get Violated When You Are Told It’s Secure?

A: I can’t speak to your particular issue as I don’t have the specifics, but let me address this more generally.

When you leave your home for vacation and lock the front door, is your home now “secure”? Not if you left the back door unlocked.

When you leave your home for vacation and lock all doors and windows, is your home now “secure”? Not if someone can toss a rock through a window for access.

When you leave your home for vacation, lock all doors and windows, set the alarm, activate the security cameras, notify the police, stop mail delivery, and everything else we have been told to do, is your home now “secure”? Well, a rock through a window, ski masks on the criminals, and smash-and-grab burglary say “no”.

Does this mean it is useless to lock all doors and windows, set up security alarms and security cams? Not at all. Each of us can only do the best that we can to help stave off an attack, making us look like a poor choice as a target.

But back to internet privacy.

All it takes is one small leak for some level of privacy to be lost. A Facebook post showing that you are on vacation will let criminals know your home is not occupied. That MySpace post from 15 years ago where you posted video from a wild party may well be found by the HR department of the company you are trying to get a job. The letter to the editor of your local newspaper  where you made negative comments about <some-type-of> people. Yup. You can bet that will come back to haunt you.

So very much of what we do is part of the public record. For under $100 one can purchase a full search of the public record to know most of what there is to know about you. This used to cost thousands of dollars and a private detective.

Then we have the daily breaches of major websites. Check out https://haveibeenpwned.com. This provides a listing of the largest and most recent site breaches. In the example below (from November 17, 2021), I can see that IDC Games was recently breached, releasing almost 4 million user records. If you are included in this database, your info with IDC Games is now in someones hands. if they placed it on the dark web, it may be available to anyone with a few dollars to spare.

What To Do

  • Get a copy of your credit report from each of the credit reporting agencies in your country. In the US, there are three. If you find any inaccuracy, work with the agencies to remove the information.
  • Check the security and privacy settings of all your social media accounts. Most importantly, verify that ONLY your friends have access to your information, and go through your friend list, kicking out anyone who is not a “real” friend. Go through all of your postings. If any posts show you at less than your best self, delete them.
  • Keep your computer, tablet, and phone systems up to date. Out of date systems are far more vulnerable.
  • Install a quality anti-malware utility. I always recommend Bitdefender.
  • Use VPN at all times to encrypt your data coming and going to the Internet. I’m fond of NordVPN.
  • Be mindful of phishing attacks. These are usually emails that appear to be from a legitimate source, but are actually not, asking for personal information.
  • NEVER post anything on the Internet you wouldn’t want to see on the front page of the news. Because at some point in time, it MAY end up on someone’s front page.

Care to go deeper, with step-by-step DIY guidance just like the cybersecurity professionals use? Visit https://thepracticalparanoid.com.

Q: Can a Firewall Prevent Phishing?

Q: Can a Firewall Prevent Phishing?

A: Short answer: No.

Phishing is an attempt to gather information from someone while posing as someone or something else. For example, receiving an email that appears to be from your bank, asking for you to confirm your social security number.

As most phishing comes in the form of email or web page, the only way that a firewall could prevent this is to configure the firewall to block all incoming email and access to web sites.

In the case of phishing, the solution is user awareness:

  • Install quality anti-malware software. My recommendation is Bitdefender.
  • Configure your devices for automatic updates, and verify weekly they are up to date.
  • Protect your accounts with multi-factor authentication.
  • Maintain daily local and off-site backups.
  • If you are asked for information, verify the source of the request

The Federal Trade Commission has more information on phishing at https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Remember that phishing is just one very small part of maintaining your cyber hygiene. To help ensure your security and privacy, cover all of your vulnerabilities. The very best DIY book to guide your though can be found in our Practical Paranoia Security Essentials series.

 

Q: Which is the most secure browser, Brave, Chrome, or Firefox?

Q: Which is the most secure browser, Brave, Chrome, or Firefox?

A: Great question! Few people ever give thought to the browser they are using, and just grab the one in front of them.

Let’s start with the 800 pound gorilla in the room–Chrome.

Google created an open source browser called Chromium. There are dozens of browser available that are based on Chromium, Chrome is one of them. So Google started with open source code, and then added their own proprietary code to make Chrome. Chrome is one of the most full-featured browsers available. The bad news is that it comes configured to feed everything you do on the web to Google as part of its data harvesting. Even if you install all the right extensions to improve the security and privacy of Chrome, there is no way to stop all of its harvesting of your data.

Brave is also based on Chromium. The big difference between Brave and Chrome is that Brave ships with almost all security settings properly configured to help ensure a secure and private internet experience. Brave has been one of my three favorite secure browsers from the day it was released. Because it is based on Chromium, it can use almost every extension that is available to Chrome. Unfortunately, because the underlying framework is Chromium, there may be no way to completely prevent Brave from sending some of your data to Google.

Firefox is not based on Chromium. This is huge. Of all the major browsers in the current market, it is the only major player to do so. This plus being open source helps to make Firefox very secure (no secret data harvesting to Google). Although there are many extensions to expand the functionality of Firefox, it cannot use Chrome extensions.

So, which is the most secure? Out of the box, Brave is far more secure than Firefox. However, if you are willing to install maybe three extensions and manually configure the preference settings, I think the nod may go to Firefox.

Q: Is It Still Safe to Use Tor?

Q: Why do I need to Change Passwords so Often?

A: Actually, changing passwords on a routine basis is very old school, and is no longer mentioned in any US government cybersecurity guidelines.

What was found is that the more often people are forced to change their passwords, the sloppier they became with password creation – making passwords that were easier and easier to hack.

The current guidelines are to:

  1. All passwords should be strong. That definition changes by which authority you ask – typically 8 or 16 (and sometimes more).
  2. Every site and service should have its own unique strong password.
  3. Passwords should be securely stored. Having passwords written on a post-it note on the bottom of ones keyboard does not meet the criteria. This is where the power of a quality password manager (PM) comes in. A PM will automatically create very strong passwords, store them encrypted form on your device. The better ones will allow you to share your passwords among all of your browsers and devices. My favorite – Bitwarden – also serves as your 2-Factor Authentication software.
  4. Whenever possible, use 2-Factor Authentication.
  5. You only need to change your password when it may have been compromised. A good place to check this out is https://haveibeenpwned.com.
Android Phones Constantly Snoop On Their Users

Android Phones Constantly Snoop On Their Users

As reported in a study released 20211006 by University of Edinburgh, UK and Trinity College, Dublin, Ireland, despite the public discontent over data harvesting by big tech, it is (of course) worse than any of us thought.

The researchers found that Android devices, with the notable exception of /e/OS devices, even just out of the box with no other installations and sitting idle, these devices harvest great amounts of user info to the OS developer and third parties such as Facebook, LinkedIn, Microsoft, and Google.

Of greater concern is that this data collection offers no opt-out. Many of the apps cannot be uninstalled. Android users are powerless to stop this harvesting. To make matters worse, it was found that for some system apps such as mini.analytics (Xiaomi), Heytap (Realme), and iCloud (Huawei), the encrypted data stream can be decoded, making your data vulnerable to main-in-the-middle attacks.

Think resetting your  Google advertising identifier will clear up the situation? Nope. The data-collection system easily re-links your old ID with new ID.

Then you just have to love the response Google provided: “While we appreciate the work of the researchers, we disagree that this behavior is unexpected–this is how modern smartphones work. As explained in our Google Play Services Help Center article (and I know every one of you has read this), this data is essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds.”

Grrrrrrr.

What You Can Do About It

The first option is to grin and bear it. This may be a reasonable position to take. After all, it is little ol’ you against a multi-trillion dollar industry. Might as well let the fricken’ blood suckers take all of my personal data and let me get on with my life.

Or, you can make life a little more difficult for them.

I’m fond of the life lessons story about two hikers out in the woods that come across a hungry grizzly bear. Hiker A asks Hiker B “how fast do you have to run to escape a grizzly.”  Hiker B replies “just a little faster than you!”

Going the Android route simply makes it literally effortless for big tech to harvest your data.

Going the Apple route makes it more difficult. Apple has been taking strong steps to block some – not all – of the harvesting of your data. And it looks like with each update they are closing off more avenues to your private life.

Replacing your Android device with an Apple iPhone will go a very long way to helping secure your cybersecurity and internet privacy.

If you are interested in other ways to maintain your freedom, we have the very best, easiest, and most comprehensive DIY books available. Visit https://thepracticalparanoid.com

Your Location Data is Part of a $12 Billion Market

Your Location Data is Part of a $12 Billion Market

Something few of us pay any attention to is the location data that our mobile device is collecting and sharing. Literally every single step you take is recorded, archived, and sold. Based on your location data, your gender, income, political leanings, education, pregnancy status, and more can be inferred. Once this information has been sold, it can be used not only for marketing, but to spoon feed you targeted news and alerts.

It has been used to discover who attends political meetings and rallies, Planned Parenthood, or Burger King. Most recently, the data location of those who downloaded a Muslim prayer app have been targeted by the US government, and a Catholic news outlet used data location to out a priest who frequented gay bars.

If you think there isn’t a target painted on your back (or the soles of your shoes), then why is location data – including YOUR location – currently a $12 billion yearly industry?

Visit https://themarkup.org/privacy/2021/09/30/theres-a-multibillion-dollar-market-for-your-phones-location-data for a great review.

It is Time For a New Router

It is Time For a New Router

Q: When is it a good time to replace my current router with a new unit?

A: NOW! (Really)

What is a Router?

A router is a hardware network device that allows other devices (such as computers, tablets, mobile phones, printers, smart watches, smart doorbells, webcams, etc.) to connect to your local area network (LAN), and then trough the router, communicate with each other (such as sending a file to be printed, or opening a file on the server), and connect to the internet.

As the router is the hub of all of your network activity, a failure or hack at the router means a catastrophic failure of your network and all devices, and a potential hack of all your devices.

Why Replace My Router Now?

Network technologies have changed significantly in just the past few years. If your router is more than 2 years old, it very likely is no longer considered highly secure. This puts ALL of your data from ALL of your devices at risk.

In addition, many of the latest routers include additional security software to help monitor your devices and network for breaches. Earlier routers pretty much let data in and out without any examination.

At the enterprise level (large businesses) Cisco, Jupiter, HP are among the go-to providers of networking equipment. These units have always had security software built-in. They also typically have upgrade options to ensure your always have the latest and greatest features available to you.

This is why these units cost upwards of 5x the cost of prosumer models.

For the purposes of this blog, I’ll not discuss the enterprise, as it is a rarified field demanding one-on-one discussions for your particular environment.

But, for the home user and the small and medium-sized business, prosumer routers can have excellent performance and features, at very affordable prices.

Wi-Fi Encryption

Earlier wi-fi router models used WPA2 for their encryption protocol. Ratified in 2004, this was considered fairly secure. However, it could be hacked. Which is one of the reasons it was replaced in 2018 with WPA3 encryption. Routers with WPA3 capability started shipping in 2019.

Note: If you have older devices (computers, tablets, etc.), they also may be capable of using WPA2, but not WPA3. This makes your older device a security vulnerability. And if you don’t replace the older device, you will need to enable WPA2 on your router for the older device to use the network. This immediately makes the entire network vulnerable.

How to Enable WPA3

For almost all routers, enabling WPA3 is not much more than a tap. For this example, I’m using my favorite prosumer router, the ASUS GT-AXE11000.

  1. Open a web browser to the control panel of your router.
  2. Navigate to the Wi-Fi settings.
  3. Select WPA3-Personal.
  4. Save.
  5. The router may restart to initialize the new encryption.

ASUS WPA3

If you don’t see the option for WPA3, it is time to replace your router with a current model.

Network Security

All consumer-grade, and most prosumer-grade routers lack significant network security beyond a rudimentary firewall. One of the reasons I love the ASUS line is the higher-end models include very good network security.

Here you can see how it protects the network by:

  • Self-analysis, pointing the administrator to configurations that my not be fully secure.
  • Logging the malicious sites users or malware have attempted to access and have been blocked.
  • Two-Way IPS blocks attempts malicious packets from reaching your router or network devices.
  • Infected Device Prevention and Blocking prevents infected devices from releasing your sensitive information.ASUS Network Security

Replacing Your Old Router With New

Older routers were pretty much a plug-and-play device, and any user could set it up.

The only downside to the newer security-conscious devices is they do require some reading to do the job right. And even then, I recommend hiring an IT professional to spend the hour or two to properly install and configure. In the case of the ASUS, there are over 100 settings that require attention.

Another Bonus With Your Upgrade–Speed

Although security is the main reason to upgrade your router, there is a bonus available – better performance and speed.

Older routers will typically max out on their wi-fi speed at 300, 600, perhaps 1000 mbs. In addition, they are limited to the 2.4 GHz and 5 GHz channels. The 2.4 GHz channel is overly crowded – sharing bandwidth with microwave ovens, garage door openers, wireless phones, bluetooth devices, and almost any other wireless device. Think of driving in Los Angeles freeway traffic. The posted speed limit may be 65 mph, but with bumper-to-bumper traffic, everyone is going 15 mph.

Newer routers will still have the legacy 2.4 GHz and 5 GHZ to support older devices, but may now include the 6 GHz channel. As this is newly opened, few devices use it, so it is just you and a few other cars on the freeway.

Q: Is It Still Safe to Use Tor?

Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

A: If you use a credit card to pay for the service, and have forgotten your password, it is routine to use your credit card number to validate your identity.

To help secure your online activities:

  • Use strong passwords, with 15 or more characters.
  • Use unique passwords, a different password for every site and service.
  • Use a password manager to create strong passwords and to store your passwords. I’m fond of Bitwarden.
  • Whenever possible, enable two-factor authentication, sometimes called multi-factor authentication. One of the reasons I recommend Bitwarden is that it can act as your 2FA utility.
Q: Can a person remotely control my phone with just my number or email without a password? Is there an app for them to do it?

Q: Can a person remotely control my phone with just my number or email without a password? Is there an app for them to do it?

A: If we are talking state actors, like CIA? Sure it can and has been done. The Pegasus malware has been in the news lately for doing just that. if you are talking hackers or high-level organized crime? There has been no evidence of it ever done.

But, now that we have proof of concept (Pegasus), it is sure to happen sooner rather than later.

The good news is that, at least as of now, it is extraordinarily expensive to design such a tool. This is what has limited release to only very high value targets. And as soon as it was discovered, OS updates were released to block it.

Q: Which is the most secure browser, Brave, Chrome, or Firefox?

Q: Why is Security So important to Apple?

A: Just an educated guess here…

Every business, to be successful, must differentiate themselves from the competition.

An obvious differentiator to use is security and privacy. MS has a long history of paying little attention to security and privacy. This makes it easy for a competitor – particularly one with a history of having better security and privacy (Apple) to fill that niche.

Now with that differentiator in place, a potential buyer needs to make a decision as to what product to buy. They can weigh price, features, availability, stability, appearance, performance, compatibility, AND security and privacy.

If security and privacy are more important to the buyer than other issues, they will likely go with Apple.

Q: Is It Still Safe to Use Tor?

Q: What is the best anti-virus software to use with Firefox, and why?

A: Antivirus software typically works with your operating system. But there are a few that are specifically designed for use with browsers. As such, they are browser plug-ins or extensions. Such antivirus tools can block access to malicious websites or downloading malicious files.

My favorite is Bitdefender Trafficlight.

Keep in mind that you still need an antivirus for system protection. Again, my preference is Bitdefender antivirus.

Q: How do I hide browsing history from a network administrator?

Q: How do I hide browsing history from a network administrator?

A: You don’t. That is why they are the administrator and you are not! In any organization I support, attempting such action would be considered a breach of computer policy, with termination as the likely result.

If the user enables private browsing mode on their browser, there will be no browsing history on the computer. However, this doesn’t stop browsing history from being recorded by the office router. This cannot be bypassed. The Internet Service Provider will maintain a browsing log. This can be bypassed by using Virtual Private Network (VPN). The DNS provider will also maintain a log. This can be bypassed by switching to a DNS provider that does not maintain logs.

Keep in mind that using VPN or switching DNS provider is very easy for the administrator to spot.

Q: Can a MacBook last 10 years?

Q: Can a MacBook last 10 years?

A: Physically, easy. I suspect the majority of computers can physically outlive their owner.

Realistically, no. Apple (as well as Microsoft and other vendors) will continue to provide system updates for 5–7 years. Once your computer is too old to receive system and application updates, it is HIGHLY vulnerable to malware and breach.

This puts useful lifespan to around 5–7 years.

An unasked question is is it worth it to keep a computer 10 years?

If the computer is used in a business or otherwise make money, I don’t see a way for an older computer to be profitable, or “worth” keeping around. Around 15 years back I created a program that calculated the cost/benefit of a computer versus purchasing a new computer. I used this to provide hard numbers to clients. In almost every case, if the current computer was two years or older, it was the more responsible choice to replace it with a new computer. In addition to getting a new sparkly, the company almost completely eliminates technical support costs, has little to no support-related downtime, no need to pay for extended warranty, and the user can be more productive.

If the computer is not used for business or make money, and the user doesn’t mind operating in the slow lane, as long as the computer receives OS and app updates, go for it.

Q: Is It Still Safe to Use Tor?

Q: How do I protect a Google Doc?

A: A google doc is just an html file, like a web page. Primary protection is in the form of permissions protection. Be specific who has access, and what permissions they have.

Second, having a viable backup is critical to protect against corruption, change, or deletion. For this, you need a cloud backup of your document. There are several internet providers that specialize in this, such as Backupify and SpinBackup. Yup, you will be using an internet service to backup your internet files! A local backup will be of little use.

Another option is to download your Google docs in either .pdf or Microsoft Office format.

Q: Which is the most secure browser, Brave, Chrome, or Firefox?

Q: What is the best way to back up your data and keep it safe?

A: It is vital to back up all of your data in case the original becomes damaged, corrupt, or deleted. To protect your data you must have AT LEAST one local and one remote backup.

A local backup is typically saved to an external hard disk drive or flash drive. You will need a drive with at least four times the capacity of the data to be backed up. This is to allow for growth as your files are edited and additional files are created. The drive needs to be encrypted. This can be done with Time Machine or Disk Utility (macOS), or Bitlocker (Windows).

The remote backup can be a drive like the local backup, but stored off-site. In many cases a better alternative is to use online backup. This can be done with Google Drive, Microsoft OneDrive, or one of the dozens of commercial internet backup tools.

Q: Is It Still Safe to Use Tor?

Q: How Do I Know if My Personal Information Has Been Hacked?

ANSWER: A bit of background information is probably in order.

  1. It is almost certain that much of what you think of as personal information is already “out there” and readily available to marketing groups, criminal hackers, advertisers, and other miscreants. Organizations such as social media, Google, your Internet Service Provider, and all major websites track your online activities. Over time, this accumulation of data creates a near perfect personal profile. This profile is sold to marketing groups and others. There isn’t a thing you can do about this – other than to be wise with how you interact with social media, and to operate with as much anonymity and security as you can whenever connected to the internet.
  2. Some of your personal information comes from breaches of websites where you have freely provided your information. For example, health providers, banks, credit card companies, social media, etc. You can check for such breaches at https://haveibeenpwned.com. If you find a breach, again, not much you can do about it, but it is time to change your password for the site.
  3. Almost nobody practices wise cybersecurity and internet privacy. A recent study found that the majority of adults use the same one or two passwords for everything. 85% of high school kids use the same password for everything, with almost 50% freely sharing their passwords with friends. There are some standards to put into practice:
    1. Use a different password for EVERY site and service.
    2. Passwords should be a minimum of 15 characters in length. Complexity doesn’t matter – length matters.
    3. Don’t write down passwords. Instead, use a quality password manager (I’m fond of Bitwarden) to store passwords in an encrypted database.
    4. Use multi-factor or two-factor authentication whenever it is available. For sites such as health care, banking, credit card, financials – if they don’t offer multi-factor authentication, change to another provider that does. This indicates they don’t care about security and privacy.
    5. Don’t share your passwords with anyone.
    6. Don’t use a non-private domain email. For example mary@google.com. Instead, spend a few dollars to set up your own private domain email, for example marc@maryxsmith.com, and make sure you have a quality email provider as your host. I recommend Proton Mail, Google, and Microsoft. Once you have this, ask your provide for help setting up your SPF, DKIM, and DMARC records. This will help prevent getting spam and help prevent your account being used to spam others.
    7. Contact the three major credit reporting organizations to get copies of your credit at least yearly. Review for any errors, and then get them resolved.

Oh, did I mention to be smart about your cybersecurity and internet privacy? Did your eyes roll to the back of your head when you read that? It is actually quite quick and easy, once you know the How! Interested in the how? Have I got a book or two for you: Practical Paranoia Security Essentials.