Latest trending topics being covered on ZDNet including Reviews, Tech Industry, Security, Hardware, Apple, and Windows. ![]()
Able to Foil Basic Safeguards of Privacy on Web. The N. S. A. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.“For the past decade, N. S. A. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”When the British analysts, who often work side by side with N. S. A. Clapper Jr., wrote in his budget request for the current year. In recent months, the documents disclosed by Mr. Snowden have described the N. S. A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects. The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e- mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2. Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say. Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N. S. A. They say the agency is working at cross- purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications. Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth- generation, or 4. G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e- mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4. G network. For at least three years, one document says, GCHQ, almost certainly in collaboration with the N. S. A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2. 01. 2, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. Green, a cryptography researcher at Johns Hopkins University. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.“The intelligence community has worried about . They focus on GCHQ but include thousands from or about the N. S. A. Intelligence officials asked The Times and Pro. Publica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools. The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question- and- answer session on The Guardian’s Web site in June.“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N. S. A. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of an American Civil War battle. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 1. Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO . It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources. Ties to Internet Companies. When the N. S. A. Over the last 2. 0 years, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to a Web address. Because strong encryption can be so effective, classified N. S. A. Snowden, the N. S. A. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments. In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times. The 2. 01. 3 N. S. A. Clapper Jr., the director of national intelligence. Credit. Susan Walsh/Associated Press Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests. N. S. A. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it. How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N. S. A. One goal in the agency’s 2. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2. National Institute of Standards and Technology and later by the International Organization for Standardization, which has 1. Classified N. S. A. The N. S. A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products to the agency with the goal of improving American cybersecurity. But a top- secret N. S. A. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N. S. A. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global technology edge. By 1. 99. 6, the White House backed down. But soon the N. S. A. Zimmermann introduced the Zfone, an encrypted phone technology, N. S. A. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum. But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N. S. A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying. Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more about the government’s requests for cooperation. One e- mail encryption company, Lavabit, closed rather than comply with the agency’s demands for customer information; another, Silent Circle, ended its e- mail service rather than face such demands. In effect, facing the N. S. A.’s relentless advance, the companies surrendered. Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. What Security Software Do You Recommend?//What security software should I use? What anti- virus is the best? How about a firewall? And what about spyware? Should I use one of the all- in- one packages that claim to do everything? Is there anything else I need? As you might imagine, I get questions like this all the time. As a result, I do have recommendations for security software and techniques to stay safe in various articles all over Ask Leo! To make your life a little easier, here’s a short version that sums it all up. The short- short version. Most home and small- business users who don’t want to think about it too much should simply: Get a router, even if you have only one computer. This will be your primary firewall. Use Windows Defender, already installed in Windows 8, 8. Microsoft Security Essentials for earlier versions of Windows. This will be your anti- virus, anti- spyware, and malware scanner. Turn on Windows Update to keep your computer as up- to- date as possible. Turn on Windows Firewall when you travel; perhaps just leave it on all the time. That’s it. Good basic protection in four steps with only one download. Basic security software: Windows Defender. Windows Defender comes pre- installed in recent versions of Windows. It does a fine job of detecting malware, does so without adversely impacting system performance, and does so without nagging you for renewals, upgrades, or up- sells. It just does its job quietly in the background . As a result, every so often I get push- back – often angry push- back – that Windows Defender remains my primary recommendation. There are several reasons I stick to that position. No anti- malware tool will stop all malware. Malware can and does slip by even today’s highest rated packages.“Highest rated” changes, depending on the date, the test, and who’s doing the testing. There is no single, clear, consistent winner. Regardless of how the data is presented, the differences among detection rates across most current anti- malware tools is relatively small compared to other factors. There are also some very practical reasons I continue to prefer Windows Defender. It’s free. It’s already installed in Windows 8 and later – there’s nothing you have to do. In practice, it rarely impacts system performance. It integrates with Windows Update to keep itself up- to- date. It has no additional agenda: it’s not going to pester you with renewals, upgrades to more powerful versions, or up- sells to tools you just don’t need. It’s not perfect, but no security tool is. Thus my recommendation stands. Windows Defender remains a solid, free anti- virus and anti- spyware package with minimal system impact, and should be appropriate for almost anyone. Alternatives and additions. On the other hand, I fully recognize that Windows Defender might not be the right solution for everyone. No single product is. This is where I run into some difficulty trying to make recommendations. The landscape keeps changing. Tools that were once clearly free, have on more than one occasion, moved to promoting their paid product so heavily that the free version virtually disappears. People download and install programs thinking they are truly free only to discover, instead, a free trial, or a free download (if you want to keep it past a certain length of time you’re required to hand over money). Some programs have become as much self- promotion tools as they are anti- malware tools, bombarding you with sales pitches and upgrade offers to the point of getting in the way of your work. Things keep changing. So to the extent that I mention specific tools below, caveat emptor – “let the buyer beware”. I can’t honestly predict that the tools will remain recommendation- worthy. Malwarebytes Anti- Malware has evolved over the years from a tool that defied categorization – not really anti- virus, not really anti- spyware, but still catching things that other tools did not – to a full- featured anti- malware package. What’s important is that it continues to have a very good track record of removing troublesome malware that other packages sometimes miss. Spybot Search and Destroy is one of the longest running and highly regarded anti- spyware tools out there. Like Malwarebytes, it has also expanded to be a more fully- featured anti- malware tool. I used it for many years myself back in its anti- spyware days. AVG, Avira, and Avast, or the “three AV’s”, as I like to call them, are three other free solutions that I’ve recommended over the years. Caveats with all. I need to reiterate some important points. I’m referring to the FREE version of each of these tools, not the “Free Trial”. In several cases they are two completely different downloads. A “free trial” is just that – a trial, typically of a more fully- featured product. Unless you know otherwise, the truly FREE version of these tools would be my recommendation. Regardless of which you download, you are still likely to be faced with upgrade and up- sell offers to a more fully featured version, or even an ongoing subscription. Unless or until you know you want this, always decline. Speaking of declining: when installing any of these products, always choose custom installation – never the default. You may well get toolbars and other unrelated software you simply don’t need or want. Consider using Ninite to install these tools – all are available there. Offline scanner. If your machine becomes infected with malware of some sort, there’s a good chance that you won’t be able to actually download anything, because the malware will prevent it. That means you won’t be able to download the latest update of your anti- malware tools, or perhaps be able to run them at all. When that happens, you need an offline malware scanner. An offline scanner is simply a complete anti- virus and anti- spyware scanning tool that you download and burn to CD or DVD, or place on a USB memory stick, using another computer. You then boot the infected machine from the media you created and run the scanner. The infected Windows doesn’t run at all and the scanner can check, change, or repair more than the a normal scanner could. I recommend Windows Defender Offline for this purpose. Unfortunately, it’s not something you download and keep ready to use. In order to make sure you’re running the most recent update of the tool and its database of malware, it’s important to download it when you need it. What else? Firewall. For home and business use, I recommend the use of any good NAT router as a firewall. They don’t have to be expensive, and are one of the simplest approaches to keeping your computer safe from network- based threats. If all the computers on the local network side of the router can be trusted, there’s no need for an additional software firewall. When traveling, or if you don’t trust the kids’ computer connected to the same network as your own, I recommend turning on the built- in Windows Firewall. In recent versions of Windows, it’s likely already on by default. There’s often no harm in leaving it on, but it can occasionally get in the way of some local machine- to- machine activities like sharing files and folders. I strongly recommend you back up regularly. In fact, I can’t stress this enough. I hear about could be completely avoided simply by having up- to- date backups. Macrium Reflect and Ease. US Todo are the backup tools I currently use and recommend. More on backing up here: How Do I Back Up My Computer? Stay up- to- date. Keep your computer – Windows as well as all the applications you run – as up- to- date as possible. That means being sure that Windows Update is running. More on that in this article: How do I Make Sure that Windows is Up- To- Date? The vast majority of computer infections we hear about are due to individuals who have not kept their operating system or applications up- to- date with the latest available patches. And finally, Internet Safety: 8 Steps to Keeping Your Computer Safe on the Internet has even more tips for keeping your computer safe. Download (right- click, Save- As) (Duration: 9: 5. MB)Subscribe: Apple Podcasts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |