iPhone security best practices

 General, Phone  Comments Off on iPhone security best practices
Nov 202019
 

Forbes > How To Secure Your iPhone: 12 Experts Reveal 26 Essential Security Tips by Davey Winder, Senior Contributor, Cybersecurity (Nov 1, 2019)

Just because you’ve invested in a smartphone that isn’t exposed to quite the same degree of malware and exploit issues as an Android device, that doesn’t mean you can safely ignore good practice when it comes to iPhone security. This is why I’ve asked 12 security experts to share their knowledge as far as keeping your iPhone secure is concerned. Here are their 26 tips to help you do just that.

Summary list

I’ve marked with an asterisk (*) those tips in the article which are more technical and so may not be practical for the general user.

  1. Go truly random with your PIN
  2. One iPhone, different passwords
  3. Watch for fake apps
  4. Use a Password Manager *
  5. Enable two-factor authentication (2FA)
  6. Don’t use SMS for two-factor authentication (2FA) *
  7. Protect your SIM *
  8. Don’t get juice-jacked
  9. Be wary of permissions *
  10. Don’t auto-join Wi-Fi networks
  11. Wipe clean before selling
  12. Don’t jailbreak your iPhone or sideload apps *
  13. Check for unknown configuration profiles *
  14. Use fewer apps
  15. Use airplane mode
  16. Use biometric authentication
  17. Read app reviews
  18. Go stealthy *
  19. Roll your sleeves up *
  20. Businesses should look to their MAM for help *
  21. Prevent losing your iPhone turning into a security disaster
  22. Keep your apps updated
  23. Patch, patch and patch again
  24. Disable “Load Remote Images” in email settings *
  25. Enable USB restricted mode *
  26. Learn to spot the warning signs of phishing

Best Mac anti-virus program?

 Computer, Desktop, General, Research  Comments Off on Best Mac anti-virus program?
Nov 202019
 

MacWorld > Best antivirus for Mac: Protect yourself from malicious software by Glenn Fleishman, Senior Contributor, Macworld (Nov 12, 2019)

If you’re concerned about protection against malware on your Apple Mac computer, here’re some notes from MacWorld’s latest reviews.

Summary

  • Best overall antivirus software – Sophos Home Premium for Mac
  • Best free antivirus software – Avast Free Mac Security

In addition to visiting malicious websites, downloading known malicious software, and even running said malware, we also reference the most recent reports from two labs that regularly cover macOS malware: AV Comparatives and AV-TEST. These laboratories test AV software against sets of known malware as well as products that are grouped as potentially unwanted applications (like adware).

Finally, while we gave props for a lot of different features and behaviors, we marked products down if they lacked any or all of the following:

A nearly perfect score on macOS malware detection

Ransomware monitoring

Native browser plug-in or system-level Web proxy

A high score on Windows malware detection

Where appropriate, we noted privacy policy issues in individual reviews.

Listing

If you have specific requirements or just wish to see other options, below is a list of all the antivirus software we’ve reviewed. We’ll keep evaluating new and refreshed software on a regular basis, so be sure to come back to see what else we’ve put through the ringer.

  • Avast Security Pro for Mac
  • Sophos Home Premium for Mac
  • Kaspersky Internet Security for Mac 2020
  • Avast Free Mac Security
  • Avira Free Antivirus for Mac
  • Norton Security Deluxe (Mac)
  • Trend Micro Antivirus for Mac
  • Malwarebytes Premium
  • ESET Cyber Security Pro
  • Bitdefender Antivirus for Mac (version 6.2)
  • McAfee Total Protection for Mac
  • Intego Mac Internet Security X9
  • ProtectWorks Antivirus for Mac

Best antivirus protection for Windows 10

 Computer, Desktop, General, Notebook, Phone, Tablet  Comments Off on Best antivirus protection for Windows 10
Aug 042019
 

UPDATE OCTOBER 19, 2019: “The best antivirus protection of 2019 for Windows 10 – Your PC needs protection against malware, and free antivirus software may be enough. Here’s the best antivirus protection to get for Windows 10, and what’s worth paying extra for” by Clifford Colby (October 19, 2019). CNET’s “best” recommendations stand from last August (below).

I’ve previously noted PC World’s annual recommendations for PC anti-virus protection. Yesterday (August 3, 2019), Cnet posted their recommendations for Windows 10 PCs: “The best antivirus protection of 2019 for Windows 10 — Your PC needs protection against malware, and free antivirus software may be enough. Here’s the best antivirus protection to get for Windows 10, and what’s worth paying extra for.”

Quick summary:

  • Best free antivirus: Microsoft Defender.
  • Best subscription antivirus: Norton 360 Deluxe.
  • Best on-demand malware removal: Malwarebytes (free version) – paid version permits automatic scheduled scans as well as other features.

The Cnet article includes other tips for protecting your privacy and keeping your PC secure, as well as a summary of other PC anti-virus products (and discusses the situation regarding Kaspersky Lab’s product).

macOS 10.14 — mountains to the desert — High Sierra to Mojave

 Computer, Desktop, General, News, Notebook  Comments Off on macOS 10.14 — mountains to the desert — High Sierra to Mojave
Sep 252018
 

Today Apple officially released a new version of its macOS. The name of the new system — “Mojave” — celebrates the desert rather than the mountains of the High Sierra, and updates to version 10.14 from 10.13.6. Available on your Mac from the Apple Menu > App Store > Featured > Mac App Store, Apple touts Mojave as “simply powerful” with these highlights:

MacOS Mojave delivers new features inspired by its most powerful users, but designed for everyone. Stay focused on your work using Dark Mode. Organize your desktop using Stacks. Experience four new built-in apps. And discover new apps in the reimagined Mac App Store.

Dark Mode
• Experience a dramatic new look for your Mac that puts your content front and center while controls recede into the background.
• Enjoy new app designs that are easier on your eyes in dark environments.

Desktop
• View an ever-changing desktop picture with Dynamic Desktop.
• Automatically organize your desktop files by kind, date, or tag using Stacks.
• Capture stills and video of your screen using the new Screenshot utility.

Finder
• Find your files visually using large previews in Gallery View.
• See full metadata for all file types in the Preview pane.
• Rotate an image, create a PDF, and more — right in the Finder using Quick Actions.
• Mark up and sign PDFs, crop images, and trim audio and video files using Quick Look.

Continuity Camera
• Photograph an object or scan a document nearby using your iPhone, and it automatically appears on your Mac.

Mac App Store
• Browse handpicked apps in the new Discover, Create, Work, and Play tabs.
• Discover the perfect app and make the most of those you have with stories, curated collections, and videos.

iTunes
Search with lyrics to find a song using a few of the words you remember.
• Start a personalized station of any artist’s music from the enhanced artist pages.
• Enjoy the new Friends Mix, a playlist of songs your friends are listening to.

Safari
• Block Share and Like buttons, comment widgets, and embedded content from tracking you without your permission with enhanced Intelligent Tracking Prevention.
• Prevent websites from tracking your Mac using a simplified system profile that makes you more anonymous online.

Apple News
• Read Top Stories selected by Apple News editors, trending stories popular with readers, and a customized feed created just for you.
• Keep your favorite topics, channels, and saved stories up to date on your Mac and iOS devices.

Stocks
• Create a customized watchlist and view interactive charts that sync across your Mac and iOS devices.
• Browse business news driving the markets curated by Apple News editors.

Voice Memos
• Make audio recordings, listen to them as you work with other apps, or use them in a podcast, song, or video.
• Access audio clips from your iPhone on your Mac using iCloud.

Home
• Organize and control all of your HomeKit accessories from your desktop.
• Receive real-time notifications from your home devices while you work.

The free upgrade is a 5.70 GB download, and claims compatibility with OS X 10.8 or later.

To install macOS Mojave, your Mac needs at least 2GB of memory and 12.5GB of available storage space to upgrade—or up to 18.5GB of storage space when upgrading from OS X Yosemite or earlier.

There are many articles online about Mojave. Here’re 3 articles by MacWorld:

  • How to upgrade to macOS Mojave: Step-by-step instructions on upgrading to the latest Macintosh operating system
  • MacOS Mojave: Apple releases the latest version of its Macintosh operating system: Everything you need to know about the new Macintosh operating system
    • Mojave has three new apps that were originally iOS apps: Apple News, Stocks, and Voice Memos. There’s also a new Home app for managing internet-of-things devices.
    • Apple names macOS after California locations, a method adopted in 2014 with OS X Yosemite. In case you’re wondering, it’s pronounced “Mo-HA-vey.” Mojave is a national preserve in the area between Los Angeles and Las Vegas, Nevada.
  • 5 reasons why you should upgrade to macOS Mojave right now
    • It’s not a major revamp of the operating system (it’s been a while since the Mac has had one of those), but it does add new features that can help you be more productive with your Mac.
    • An OverSight-like feature is now built into Mojave that can alert you when an app wants to access the camera and mic, as well as iTunes device backups, Time Machine backups, your Mail database, your Message history, your Safari data, and other data.
    • Mojave makes Quick Look most robust, providing simple editing tools so you don’t even need to open an app. Now when you preview an image (select it and then press the space bar), you can click on the Quick Actions icon between the Rotate icon and the Open in Preview button, and a set of editing tools appears.

As with any macOS upgrade, best practices are to backup your current Mac’s hard drive (using Time Machine and/or SuperDuper) and do the installation when you’re not stressed and when you do not need to use your Mac for an hour or two. Then give yourself some time afterwards to acclimate to the new look of some things.

macOS theme

Google privacy settings — check how you’re tracked

 General  Comments Off on Google privacy settings — check how you’re tracked
Aug 282018
 

Another go at this topic, this time by PC World.

The Google ecosytem is impressive, with devices and services which we use on a daily basis. Lots of services: search, contacts, calendar, web browsing, etc. Google Assistant, the digital personal assistant (butler). Lots of Google apps on our Android-powered smartphones. Google programs on our notebook and desktop computers. Even Chromebooks. And smart speakers.

Paying for a smartphone which runs Android is one thing, but all those Google services generally are part of the “freemium” marketplace. So, is there a price to pay for all that convenience?

Well, of course. The price is that we give away information (data) about ourselves: personal data, what we do and how often, where we go, what we read and search for, what we buy, … So, “eyes wide open,” is there any way to check on how we’re being tracked and to limit that? Sort of.

This PC World article covers that “sort of” question regarding Google’s tracking: “Google Privacy Checkup FAQ: How to limit tracking and still use the apps you love” (August 22, 2018).

In response to an AP report that showed Android phones still tracked location even with Location History turned off, Google changed some of the verbiage on its privacy page to be clearer, but it doesn’t look like it’s going to change its tactics.

You might not know it, but you have a surprising amount of control over your Google account, as long as you know where to find all the switches. Here’s everything you need to know about Google’s privacy settings: where to find them, what you can turn off, and how it all affects your phone.

Recently when visiting the Google home page in a browser, there always was a nag to check my privacy settings. So, at least Google is encouraging more awareness about the settings.

[The Privacy Checkup] page is accessible on any device or the web, and it’s pretty easy to navigate. Near the top you’ll see a box called Review your privacy settings, which leads to the Privacy Checkup guide. Tap Get started to get an overview of your current settings. By default, everything will be turned on, but there are several layers that can be switched off (or paused, as Google labels it).

Read the full article, which discusses the different categories of settings, in each case answering these questions: What is it? How do I turn it off? Can I limit it (instead of turning it completely off)? How does it affect my phone? How do I get rid of old data?

  • Web & app activity
  • Location history
  • Device information
  • Voice & audio activity

The situation is just like having a close family member, best friend, or trusted butler — someone you find really helpful and rely on for personal assistance. The more that person knows about you — your preferences, tastes and habits and interests — the more fluid your interactions. In other words, you gain convenience by saving time (not needing to detail your requests each time) and energy (hey, you know what I like).

Just note that while there are ways of eliminating traces of your activity in a web browser (history, bookmarks, caches), other data is collected regardless.

Mute web page videos — Apple Safari Auto-Play settings

 Computer, General  Comments Off on Mute web page videos — Apple Safari Auto-Play settings
Jun 072018
 

Safari > Preferences > Websites > Auto-Play and audio for web site videos

The other day a client thought that her built-in (internal) Apple computer’s speakers weren’t working. Well, more specifically, on her favorite news site,  posted videos were playing without sound — muted. Her iMac recently had been upgraded to the latest macOS version. She’d noticed a new feature.

So, this is a new feature in the latest versions of Safari and other web browsers (like Chrome) which was introduced to reduce the annoyance and distraction of video ads and other video spots on web pages which autoplay on visiting those web pages. You have control over this setting in Safari.

You may override the default setting on a case by case basis by clicking on the audio icon for the particular video (using the playback control section in that video window) — to mute or un-mute and adjust volume.

Here’s more detail on how the feature works. When visiting a web site, the factory default setting in Safari is to “Stop Media with Sound” unless you change it. See the attached two screenshots.

In screenshot 1, with the desired web page (site) open, in Safari Preferences the web site setting for Auto-Play will be set to the default (Stop Media with Sound) as a “Currently Open Website.” If you elect to change the setting to Allow All Auto-Play, and close the settings window …

In screenshot 2, when you visit that site later, you’ll notice the Auto-Play setting for that site is now a “Configured Website” with your changed setting. That new behavior stays in place unless removed.

Screenshot Screenshot

GDPR privacy notifications — primrose path of default settings

 Computer, General, News  Comments Off on GDPR privacy notifications — primrose path of default settings
Jun 012018
 

I’ve been getting a lot of privacy policy update notifications in my email since last month. As part of terms and conditions for use of a product or service. All in response to the GDPR — General Data Protection Regulation, a European Union Regulation which was implemented on May 25, 2018. Many companies sell products and services globally; hence, the notices for those of us in the United States.

Wiki: According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

The lead-up to the effective date of the GDPR led to many companies and websites changing their privacy policies and features worldwide in order to comply with its requirements, and providing email and on-site notification of the changes, … This has been criticized for eventually leading to a form of fatigue among end-users over the excessive numbers of messages.

I’ve read some of these notices in full. And supplied my consent when requested. Tedious. Once you read a few, others are similar. Generally, the GDPR has facilitated clarification of all the ways our personal data is collected and used and especially shared. So, at face value, such transparency is a good thing.

This Washington Post article (May 25, 2018) “Why you’re getting flooded with privacy notifications in your email” summarizes what’s happening.

European Union regulators have always been much tougher on tech companies than their U.S. counterparts, for instance forcing them to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content.

But as this Washington Post article (June 1, 2018) “Hands off my data! 15 default privacy settings you should change right now” points out, compliance for the updated privacy policies has an insidious “buyer beware” side. In some cases, the GDPR changed nothing as far as your personal data. “The devil’s in the defaults.”

Say no to defaults. A clickable guide to fixing the complicated privacy settings from Facebook, Google, Amazon, Microsoft and Apple.

You’re not reading all those updated data policies flooding your inbox. You probably haven’t even looked for your privacy settings. And that’s exactly what Facebook, Google and other tech giants are counting on.

They tout we’re “in control” of our personal data, but know most of us won’t change the settings that let them grab it like cash in a game show wind machine. Call it the Rule of Defaults: 95 percent of people are too busy, or too confused, to change a darn thing.

Give me 15 minutes, and I can help you join the 5 percent who are actually in control. I dug through the privacy settings for the five biggest consumer tech companies and picked a few of the most egregious defaults you should consider changing. These links will take you directly to what to tap, click and toggle for Facebook, Google, Amazon, Microsoft and Apple.

Google has been saving a map of everywhere you go, if you turned on its Assistant when you set up an Android phone. Amazon makes your wish list public — and keeps recordings of all your conversations with Alexa. Facebook exposes to the public your friends list and all the pages you follow, and it lets marketers use your name in their Facebook ads. By default, Microsoft’s Cortana in Windows 10 gobbles up … pretty much your entire digital life.

I’ve increasingly noticed the tradeoff between convenience and personal privacy. For example, Google’s services can make finding things, navigating, and scheduling appointments rather seamless. A digital assistant, providing personalization (like having an amazing personal butler). But my digital footprint — comprehensive record of my contacts and times and places — is shopped and shared between apps and services in a somewhat spooky way.

Changing the defaults … mean you’ll get less personalization from some services, and might see some repeated ads. But these changes can curtail some of the creepy advertising fueled by your data, and, in some cases, stop these giant companies from collecting so much data about you in the first place. And that’s a good place to start.

Caller ID spoofing — electric company warning

 Computer, General, News  Comments Off on Caller ID spoofing — electric company warning
May 072017
 

I’ve written about this before: whether it’s at your front door or on your phone or on your computer, scammers use the same tricks. In this case, spoofing their identity. Southern California Edison send out this email notice last week.

***

Subject: Important message from SCE: Beware of caller ID spoofing

That ‘Southern California Edison’ phone call may not be legitimate.

For your security, never give out your personal information, such as your SCE account number, Social Security number, credit card information or PIN number.

We have recently experienced an increase in reports of caller ID spoofing, a practice in which special phone equipment falsifies information on your caller ID display. Calls may appear to be from SCE, when in reality the caller has no association with SCE and may try to sell you products, collect personal information or say your electric bill is past due when it’s not.

Common red flag warnings related to spoofed phone calls:

  • Calls were made multiple times per day
  • Callers asked about customer’s usage, meter or other personal information
  • Customers were provided recommendations for purchasing alternative energy products

Tips to help protect yourself from caller ID spoofing scammers:

  • SCE will not send solar representatives to your home, nor do we have solar companies contact anyone by phone.
  • SCE will never ask for credit card information, a prepaid card such as Green Dot or electric usage information over the phone.
  • Do not use a call back number provided until you confirm it is an SCE number listed on your bill or the Contact Us page on sce.com.

Please know that we take your privacy seriously and make every effort to protect your information. For additional red flag warnings and tips to protect yourself, please visit sce.com/scamalert.

If you believe you are the recipient of a spoofing call, contact SCE Information Governance at csinfogov@sce.com.

Sincerely,

Marc Ulrich
Vice President of Customer Programs & Services
Southern California Edison

***

We all need to be careful. The fact that these scams continue to occur is a sign that they work. Caller ID is not perfect but still can be useful.

Ad blocking — Heinlein, Friedman redux

 General  Comments Off on Ad blocking — Heinlein, Friedman redux
Oct 012015
 

Well, the game’s afoot. Are you using ad blocking?

PC World’s “The price of free: how Apple, Facebook, Microsoft and Google sell you to advertisers” article summaries how four major companies handle collection of personal data when you use their products and services.

Because the latest version of Windows is always asking for information in the guise of being helpful, it’s easy to think that Microsoft’s the poster child for the collective attack on your digital privacy. But it’s not.

Now that Apple’s iOS 9 supports ad blockers, are you going to try one on your iPhone? The Washington Post summaries some choices in their “Here’s how some of the top iOS 9 ad-blockers stack up” article.

From a consumer standpoint, it seems like a good deal — particularly on a smartphone, where even a small ad can take up a lot of screen space. Ditching ads makes sites load faster and easier to read. And blocking tracking software may give those worried about privacy some peace of mind.

And the Washington Post continues with a cautionary perspective in “How our love affair with ad-blocking risks giving Internet providers even more power.”

If you often feel that the content on webpages you visit is overwhelmed by ads, this article notes that:

The New York Times took a look at this Thursday. It found that for many online news sites, it takes longer to load the ads than the news content visitors are presumably there to see. On an LTE connection, the Huffington Post loaded in 5.2 seconds with all its ads, for example, but with an ad blocker, that time was cut to just 1.2 seconds.

So, what could go wrong with all of this? Re/code discusses the topic in “Ad Blockers: Unwitting Arbiters of Consumer Preference.”

Deploying ad blocking is not the fight consumers want. But neither the pay-for-access model nor the advertising-in-exchange-for-free-access model works well enough today. … Opting in to the advertising experience is also broken. Consumers en masse should not be expected to choose to view ads when blocking them is both easy and consequence-free. … It is a tragedy of the commons.

What about Heinlein and Friedman? See Wikipedia’s article titled “There ain’t no such thing as a free lunch.”