PDA

View Full Version : How safe is your software provider?


Pontius Navigator
9th Dec 2017, 07:21
Following on from How safe is your password and some peoples distrust of Gibson Research, how do you trust the people that provide your software?

Let's just accept that Microsoft is the major player and look at the others.

In early days I would try shareware as suggested by magazines. Potential damage was limited in the old DOS days. Slowly I narrowed my software to a few utilities. Some didn't make the transition to Windows. Some, like dBASE, Borland, Paintshop Pro, Next base, PC Tools, got swallowed up by bigger players. Today I rarely install new software but upgrade what I have.

How do you choose your critical software, banking, antivirus, backup, tools?

Mac the Knife
9th Dec 2017, 07:47
There is no practical way for ordinary users to scan downloaded software for vulnerabilities. Professionals use (usually very expensive, professional tools [though there is OpenVAS]).

All you can do is stick to well-established software/shareware/freeware downloaded from the author's website. Most will publish a pre-computed hash (SHA or MD5) so you can make sure that the software has not been tampered with. And you will of course scan your download with a reputable anti-virus and/or submit it to Virustotal - https://www.virustotal.com/#/home/upload for multi-engine scanning. (https://www.virustotal.com/#/home/upload)

Nothing beats having a recent (unplugged) full backup and system image THAT YOU HAVE TESTED!).

Mac :}

"Lets do it to them, before they do it to us" (Hill Street Blues)

Mike Flynn
9th Dec 2017, 07:50
I'll stick with Apple:ok:

gemma10
9th Dec 2017, 20:37
Let`s face it, the virus suppliers are only there to sell you more gimmicks and make more bucks. In the beginning of laptop use I used Norton, but it turned out they couldn`t block anything, so were dumped. NOD32 followed and all was well till they decdided one had to pay again to include a firewall. Avast freeware was good until the bloatware interfered with other programmes. Various others followed and now I use Avast freeware and even that is now permanently trying to upgrade me. I have absolutely no faith in any of them to provide me with a permanent reliable virus checker either free or otherwise. Only this week Avast informed me that I could get rid of another 900 Mb of junk by upgrading. Bloody wind up merchants. Distrust?? What other options do we have?

Pontius Navigator
9th Dec 2017, 21:05
Gemma and I discovered my backup provider seems to have a Middle Eastern origin, similarly an AV is Russian and my delete program is Israeli.

Jet II
9th Dec 2017, 22:04
Running Linux - about as safe as it can get.

Mac the Knife
10th Dec 2017, 06:35
"Running Linux - about as safe as it can get."

Not quite, most Linux distros are pretty safe, just by virtue of the OS design, but if you really want full-blown security you should run one of the hardened distros, or consider running a security auditing tool like Lynis - https://cisofy.com/lynis/ or an "once-off" USB-stick distro like Tails - https://tails.boum.org/

But all heightened security this comes at the price of convenience . . .

I run Mint and OSX (without an antivirus component) and Windows 10 (with Malwarebytes), check any downloads with VirusTotal - https://www.virustotal.com/ and use a beefed up HOSTS file - HostsMan for Windows, GasMask for OSX.

But as you say, Linux is fairly safe just as is . . .

Mac

:cool:

ExXB
10th Dec 2017, 07:10
I'll stick with Apple:ok:

:ok:

And Iíll stick with my Time machine backups, my data mirrored to the laptop, my bootable clone, my documents/music/photos backups; all to separate external HDs and my Backblaze backup to the cloud.

Belts, braces, ropes, etc. Likely overkill but I wonít be caught.

VP959
10th Dec 2017, 08:14
Another vote for Linux. I switched a while ago, and one of the major reasons was trust, specifically my increasing lack of trust in companies like Microsoft, Google, etc.

A well-regarded open source software package will have its source code massively peer reviewed on an on-going basis, by teams of people not commercially connected to it. The risk of there being malware in there is very much reduced, and the chance of any accidental malevolent bugs being found is very much increased, just because so many people are looking at it all the time.

I know that sitting here, running Linux Mint 18.2, the operating system is not sending any data at all to any advertising servers, "user experience programme" servers, etc, plus the operating system does not have the authority to access any of my personal files without my specific authorisation.

Compare that to, say, Windows 10, where by installing it you agree to allow Microsoft access to every single file on your machine, or any connected storages device, you allow Microsoft to send data back (using your internet bandwidth) to their servers continuously (and it does - just install something like Wireshark and look at the continuous stream of data packets sent to dozens of Microsoft-related servers all the time, in the background). What's more, you cannot turn all this data sharing off, only some of it, and even if you do turn some of it off, Microsoft will probably turn it all back on again at the next update.

It's long been the case that nothing is wholly secure, but it seems that people no longer worry about having their personal files and data used by others. Any free service on the web, like cloud storage, email or whatever, has to be paid for somehow, none of these companies provide the service as a charitable offering. All of them are really data sales companies, offering a seemingly free service to entice people to give them data they can correlate and sell. They are pretty good at hiding the fact that this is where their revenue stream comes from, with the possible exception of FB, that has acknowledged that the social network is not their product, it is just the service they offer to get hold of masses of personal data that they can correlate and make money from.

Mac the Knife
10th Dec 2017, 10:38
Well put VP959! Alas you are correct. I also dislike MS slurping up my habits/friends/location etc., not to speak of Google's spying.

I have disabled as much as I can in Win10 without crippling it, but what I dislike is that is you sign on as a Local account rather than an MS account half the stuff doesn't work! Plenty of places in SA have no/slow internet connectivity but everything is tuned for folks who have cheap, fast broadband.

Not to speak of the deeply hidden flawed MINIX variant on recent Intel CPUs that is their "Management Engine" and has access to everything! Last buy was was a Ryzen 5 1600 which is smooth as silk and hopefully free of such backdoors.

About to upgrade to Mint 18.3 - alas, it'll be a reinstall since the auto-upgrade didn't go so well (probably because of my extensive customisations . . .) - what an excellently balanced distro it is!

Forgot to mention Sandboxie - https://www.sandboxie.com/ - as a safety measure. Can sandbox any application - paid, but worth it.

And now Apple allows passwordless root logins in High Sierra (now fixed, after much fumbling)? Whatever happened to code review? Never been the same after Jobs popped off and Jony Ive stepped down (now coming back).

Mac :8

Edited to add: You seem to have it pretty well sewn up ExXB - what is your experience of Backblaze, if I may ask?

BlankBox
10th Dec 2017, 20:51
Let`s face it, the virus suppliers are only there to sell you more gimmicks and make more bucks. In the beginning of laptop use I used Norton, but it turned out they couldn`t block anything, so were dumped. NOD32 followed and all was well till they decdided one had to pay again to include a firewall. Avast freeware was good until the bloatware interfered with other programmes. Various others followed and now I use Avast freeware and even that is now permanently trying to upgrade me. I have absolutely no faith in any of them to provide me with a permanent reliable virus checker either free or otherwise. Only this week Avast informed me that I could get rid of another 900 Mb of junk by upgrading. Bloody wind up merchants. Distrust??
What other options do we have?

...try Bitdefender FREE

https://www.bitdefender.com/support/consumer/free-edition/

...top rated and NOT YAPPY... just sits there & does its job. :ok:

ExXB
11th Dec 2017, 07:09
Mac TK.

Backblaze? It just works.

To be honest I have never needed to re-upload any files from them, the few times I needed that my Time machine was enough. But after the initial upload, in the background, that took days to complete, it does its job without me noticing it.

One thing I like is that should disaster happen and my equipment is all stolen or destroyed they will send me a Hard Drive with my data on it. They say 24hours but I’d imagine customs would extend that. There is a cost, of course, but not as costly as having no data.

Re the OS X logon issue. Yes it is now fixed. If your files are encrypted using file vault they couldn’t be accessed this way. Sorta like condoms, one is protected if you use them, not if you don’t.

VP959
11th Dec 2017, 07:58
...try Bitdefender FREE

https://www.bitdefender.com/support/consumer/free-edition/

...top rated and NOT YAPPY... just sits there & does its job. :ok:


Ask yourself this question, if it's free, how is the company making money from it?

You say that it's not "yappy", so I presume it's not serving you adverts in order to generate revenue, which means that the company must be getting revenue from it's user base via some other mechanism.

In the past, some anti-virus companies have used free editions as a loss leader to tempt people to buy the full product, but companies like Avast soon found that model doesn't work well; people are happy to carry on using the free version even when they get constantly nagged to upgrade to a paid for version.

The answer seems to be in plain sight. In order to activate the "free" version you have to create an account with the company and sign in to it, so the reality is that they are probably offering the "free" product solely as a way of harvesting personal data. They will get a lot of information about you when you sign in. They will know the spec of the PC your using, the operating system, the screen resolution, the browser you are using, your IP address, your email address and most probably a great deal more about what is on your PC or device, because in order to work, any anti-virus software has to have low level access to every bit of data on the machine.

The chances are that the free version transmits reports back to the company - there may well be something in the terms and conditions that allude to this, often buried in pages of text.

I suspect that if you look at what this company is doing, in terms of generating revenue, virus protection isn't where the money is coming from, they may well be earning that from personal data they collect.

As the old saying goes, TANSTAFL, and that applies every bit as much to software as it does to the original practice of bars offering a free lunch in order to entice customers in to buy drinks.

ATNotts
11th Dec 2017, 08:05
...try Bitdefender FREE

https://www.bitdefender.com/support/consumer/free-edition/

...top rated and NOT YAPPY... just sits there & does its job. :ok:

I used to use the free version of Bitedefender, in the last couple of years I've paid an annual fee for the supposedly higher level of security that offers.

All I can say is that I was very satisfied with their free product, but honestly, I don't know what REAL benefits I am deriving from paying them. As a cynic I'm inclined to say, probably none.