CompuClever Blog

Facing the Truth – Facebook & Privacy

by

Feeling connected is fundamental to the human experience – feeling part of the whole.  What better way to do that then from the privacy of our home?  We pick and choose when and where and for how long we want to connect when using online social media.

In a previous article we examined Facebook and pointed out its allure.  We listed the aspects of this “free” service and we identified “Likes” and “Dislikes”.  Were we too quick to accept at face value, the company’s emphasis on the importance of privacy?

A Bit about Facebook

  • Facebook, launched in 2004, is the most popular online social media and social networking service. It is based in the U.S. and is the creation of Mark Zuckerberg and his fellow Harvard friends and roommates.
  • As of June 2017, Facebook reached 2 billion active users.
  • It is a giant in terms of net worth. According to Wikipedia, as of Mar 25, 2018, it is worth US$62.2 billion.
  • Recently the company has faced considerable scrutiny and public pressure in relation to hate speech, fake news, depictions of violence, and privacy.

Recent News

Facebook has been in the news multiple times of late.  With news related to privacy of data, we need to start with Aleksandr Kogan, a University of Cambridge professor, who created a survey filled out by 270,000 people.  In doing so, he was able to access the data of what was reported as more than 50 million Facebook users – recent news has been released whereby Facebook has admitted that upwards of 87 million people were affected by this breach.[1]

While Kogan gained access to this information using legitimate means, via proper channels governing all developers on Facebook, he violated rules related to passing the data to third parties which included Cambridge Analytica.

Zuckerberg was aware of this in 2015.  The action taken at that time was to ban Kogan’s app and demand legal certification from Kogan and others he shared it with.  According to Zuckerberg[2], Cambridge Analtyica completed certification and told Facebook that they actually hadn’t received raw Facebook data at all.  Furthermore, Cambridge Analytica deleted it and weren’t using it.

This reliance on certification turned out to be, as Zuckerberg admits, one of the biggest mistakes made.

Cambridge Analytica:  Is a British political consulting firm established in 2013, that combines data mining, data brokerage, and data analysis along with strategic communication.  They are in part owned by Robert Mercer and Alexander Nix has been the CEO however, this position was suspended after a Channel 4 news segment was broadcasted.  In this he was videotaped in an undercover, hidden camera video interview during which he spoke to someone he believed would use the firm in Sri Lanka for election persuasion purposes.  Nix speaks of creating sex scandals and using fake news to manipulate voters.

Cambridge Analytica has been involved in elections worldwide.  Their executives claim the company has worked in more than 200 elections around the world, including Nigeria, Kenya, the Czech Republic, India, and Argentina.

In 2016 they became involved in the 2016 Brexit referendum by supporting persuadable voters to vote for leaving the EU.  On 18 May 2017, the US Congress began investigation with their connection to Russian attempts to interfere with the 2016 U.S. presidential election.  Cambridge Analytica worked for Donald Trump’s political campaign but there is some question as to the level of involvement.[3]

Nix has made bold claims and it is uncertain if some statements have been embellished.  He was quoted as saying this in October, 2016:

Today in the United States we have somewhere close to four or five thousand data points on every individual … So we model the personality of every adult across the United States, some 230 million people. [4]

The Data

News reports point to unethical organizations making use of personal data made available by Facebook.  This begs the question: what data do they have on us and how can they use it?

Data In:

As soon as a user signs up, data and information is collected.  This includes all data – conversations, pictures, videos, and even documents sent via Messenger.  Does this surprise you?  Would you want to see what the information on you includes?

Should we be concerned?  If you use Facebook on your phone and your phone is an Android device, or you use Messenger to send attachments… it would be a good idea to take a closer look.

Users are discovering that they can request to have all of their Facebook data in a zip file.  Some are astonished to find that this data can include data on every call made and text sent.  There are users that are discovering that the data held by Facebook includes rental property lease forms, tenant ledger reports, bill statements, and screen shots of bank transfers.[5]


To download your information:

  1. Click the down-pointing triangle at the top right of any Facebook page and select Settings
  2. Click Download a copy of your Facebook data at the bottom of General Account Settings
  3. Click Start My Archive

In about 10 minutes Facebook processes the request and you’ll get an email and notification when the file is ready to download.

Data Out:

Likely no one is surprised to know that our personal data is being used and shared out to advertisers.  Facebook makes money on sharing out data to advertisers and to app developers.  The challenge is that there is no control of how the data is used once passed to these groups.

Indeed the most alarming aspect of Cambridge Analytica’s “breach” is that it wasn’t a breach at all. It happened almost entirely above board and in line with Facebook policy.[6]

World Response

Investigations are ramping up world-wide.

US:   Zuckerberg will testify before Congress.  On April 10, before a joint hearing of the Senate Commerce and Judiciary Committees and the next day before the House Energy and Commerce Committee.  The U.S. Federal Trade Commission are conducting separate investigations. [7]

This is a serious matter as stated by Senator Amy Klobuchar who serves on the Senate Judiciary Committee.  The senator will ask him to explain “what Facebook knew about misusing data from 50 million Americans in order to target political advertising and manipulate voters.” [8]

UK:   Damian Collins, chair for the Digital, Culture, Media and Sport Committee in the House of Commons, questions Facebook user data policies.  “Their answers have consistently understated this risk, and have also been misleading to the Committee,” Collins said. “I will be writing to Mark Zuckerberg asking that either he, or another senior executive from the company, appear to give evidence in front of the Committee as part our inquiry.” [9]

MPs on the digital, culture, media and sport committee have accused Facebook of misleading it in a previous evidence session and called for Mark Zuckerberg to appear before them to answer questions.  They have also recalled Nix. [10]

A U.K. parliamentary media committee summoned CEO Mark Zuckerberg to testify about how Facebook uses data.  U.K. Information Commissioner Elizabeth Denham is investigating how Cambridge Analytica got the data. [11]

Germany: After a meeting with its executives about the abuse of users’ data, the justice minister of Germany stated she wants closer oversight.

Australia: The Information and Privacy Commission has demanded that Facebook provide information on whether any Australian citizens were affected by unauthorized use of profile data. [12]

The Response:  Zuckerberg is set to testify next week before a U.S. congressional committee, and he said top executives at the company would be dispatched to other countries wanting to hold government hearings on the scandal. [13]

User Response

Zuckerberg has stated that the users affected by the misuse of personal data by Cambridge Analytica will be notified.  To date, this has not yet happened.  There are users that are going to delete Facebook as a result of this news and one of the questions we have posed has been: What is the best course of action with regard to Facebook and social media services?

We invite you to give this some thought and to check in with us next week for our Part 2 edition as we outline what Facebook is doing to correct this wrong and we identify the costs associated with what we thought was a “free” service.

We’ll provide out best practices and recommendations for being active on a social media service like Facebook.  However, we’ll leave it up to you to choose your level of exposure and if posting online personal information is worth the associated costs.

This concludes the first part of our Facebook and Privacy article.

We’ll pick it up next week.  Stay tuned!

[1] https://www.ctvnews.ca/
[2] https://www.wired.com/
[3] https://en.wikipedia.org/
[4] https://news.sky.com/
[5] http://www.nzherald.co.nz/
[6] http://money.cnn.com/2018/03/19/
[7] https://www.ctvnews.ca/
[8] http://money.cnn.com/2018/03/19/
[9] https://www.parliament.uk/business/committees/
[10] https://www.theguardian.com/uk-news/2018/mar/22/
[11] https://www.ctvnews.ca/business/
[12] https://www.theguardian.com/uk-news/2018/mar/22/
[13] http://www.metronews.ca/life/2018/04/04/

Spectre and Meltdown: Massive Security Holes Impacting All Mac and PC devices

by

Just as we start a new year, there are new computer vulnerabilities identified by researchers. The impact of these defects could be experienced by almost any computer worldwide! The implication – millions of devices could be vulnerable to hacking or, if patched, suffer some degradation in speed.

The identified flaws are in the very core of the computer hardware – the CPUs or also known as the processors.

About The Defect

The two newly identified defects have wide ranging impacts on devices from the phone you are carrying to the servers that send data to it as well as other mobile devices, laptops and desktops whether PC or Mac. The vulnerabilities enables hackers to access people’s personal information.

Google’s Project Zero team states that these flaws can enable hackers to gain passwords and other sensitive data from system memory.
The two flaws are known as Spectre and Meltdown.

Meltdown: Named this way because it melts security boundaries which are normally enforced by the hardware. This was found mostly in Intel processors (as far back as 1995). Also ARM has reported their processors are affected, but it is unclear at this time if AMD processors are affected. This vulnerability can be patched through an update. However, this fix could slow down computers as much as 30%.

Spectre: The name is derived from the root cause: speculative execution. It is not easy to fix – it requires a re-design of computer chips – so it is likely to haunt us for some time to come. This defect was found in Intel processors as well as AMD and ARM chips. While this flaw is harder to exploit for hackers, it is also more difficult to mitigate for users.

For more information on these we highly recommend going to: https://meltdownattack.com/

The Impact

Google engineers discovered these flaws and had kept the news a secret to enable time for fixes to be created and issued before other computer hackers could take advantage. However, Intel was forced to disclose as the story received coverage when a British tech website, The Register, uncovered it. This led to a drop in Intel’s stock.

These flaws have wide ranging impacts on all types of chip-based devices including cell phones, laptops and desktops – whether PC or Mac.

According to researchers:

“While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs,”[1]

News reports are emerging that any computer made over the last 20 years could be impacted and that fixing the issue could cause significant disruption around the world. So in a nutshell, it is almost certain that your PC is affected, especially if it uses an Intel based chip.

Companies such as Amazon state they are in the process of creating and distributing a fix for their services and devices. They made a statement: “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.”[2] They further stated that most of its infrastructure had now been made safe.

However, for older computers the update could be more difficult. Many devices have few updates as phone makers are slow to provide updates.

Risk Mitigation

It is not safe to work with sensitive information given there is a chance of leaking information if your device has a vulnerable processor and runs an unpatched operating system. This is applicable to personal computers and anyone using cloud infrastructure.

To deal with these defects you will need to update your software as patches become available.

Unfortunately, with older computers it may be harder to update. For many devices – especially those running Android – updates are few and far between since phone makers are often slow to provide their customers with new updates.

According to the Meltdown site:

There are patches against Meltdown for Linux , Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre.

The site goes on to explain that unlike usual malware, Meltdown and Spectre are hard to distinguish from regular benign applications. However, your Antivirus program may detect malware whichuses the attacks by comparing binaries after they become known.

We highly recommend that you ensure using a legitimate and effective Antivirus program such as: CompuClever Antivirus PLUS.

Brace for a Slowdown

To add salt to the wound, your device could be slower after you have made it safer from hacks. Hard to imagine – you fix your device and it actually results in a slowdown!

Intel says the average computer user won’t experience significant slowdowns after receiving the fix.

However, there are news reports[3] that state fixing these defects will slow performance – especially for devices more than five years old. And for companies that deal with considerable network traffic and processing power the slowdown could be even more severe. This includes cloud computing providers, systems that crunch data, and retailers that process consumer transactions.

Was there ever a time that having your PC running at peak performance was more critical?

Which brings us to our second recommendation: CompuClever PC TuneUp Pro – not only will you find areas of improved system performance you can also better manage security of sensitive data.

Moving Forward: There are reports[4] that point out that some experts are saying the affected processors will need to be replaced entirely in order to completely get rid of the risks created by these flaws. We can’t foresee newly designed chips replacing flawed ones in existing devices in the near future.

At present, there are no available processors that can replace the vulnerable ones and still provide the same kind of functionality. It will be years before new chips that can perform the same tasks safely and effectively, will be made available.

During the wait we need to take whatever measures we have that are at our disposal, to remain safe and to ensure the best performance we can manifest.

[1] https://meltdownattack.com/

[2] https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v1/

[3 & 4] http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html

Firewalls – First Line Filtration

by

If our PC could be considered a well-protected fortress, we would think of the firewall as an essential part of the moat and drawbridge system – it monitors and controls entry. Most of us associate firewalls with large network corporations and sophisticated security systems. You might, however, be surprised to find your PC and personal devices have security issues similar to large corporate networks. This is why firewall technology is built into your PC and offers the first line of protection from offensive web sites and potential hackers.

We’ll begin with a definition of what a firewall is and then move into some basic questions and answers.  After that we’re going to provide information for those that might want to beef up their firewall protection.

The Firewall Basics

Effectively a firewall is a filter.  It is designed to prevent dubious programs and Internet services from establishing a connection or gaining access to your computer.

Firewall Defined: A firewall is hardware or software technology designed to monitor and filter incoming and outgoing traffic to your PC.  It is a network security function that effectively acts as a barrier.  The data that passes through depends on the pre-determined set of rules which are configured in the firewall settings.

A Little Q and A

Now that we know basically what it is, we can answer some questions.

  1. Why do I need one?

A firewall tries to screen out incoming Internet streams of data from unwanted sources and it also prevents programs on your PC to access the Internet without authorization.  The purpose is to prevent unwanted and malicious programs from communicating to, or from, your computer.

  1. Who makes firewalls?

Microsoft includes a firewall with Windows – we’ll cover this in more detail below.  There are also a significant number of known makers of free and paid solutions.  The best known names would include Norton, McAfee, BitDefender, Kaspersky, as well as Zone Alarm, Webroot, and Comodo.  Some routers also have firewalls built into them.  While we are not recommending any specific option, selecting one of the manufacturers listed above should provide greater security.

  1. When do I need one?

Quite simply – you need a firewall when you connect to the Internet. This is why you should also consider a solution for your smart phone or mobile device.  Most malware programs these days attempt to get money from you and your mobile devices are also targets of malware attacks and cyber crime.

  1. Doesn’t Windows already come with a firewall?

Yes, it does, and it may be all you need.   It blocks unwanted connections and will prompt you if you want to allow a connection or not.  There is a list of programs to block and you can enter exceptions to identify programs you deem safe.

Windows Firewall is equipped to monitor traffic, but lacks in the area of program control.  Despite shortcomings, Windows Firewall may be all you need.   Other tools will provide additional functions such as the ability to create activity logs.  In this way you can review what was happening in terms of attempted connections so you can fine tune the security parameters.  The bottom line is that the Windows Firewall will suffice for most users and should not be regarded as providing insufficient security.

If you find surfing the net is slow, begin by optimizing the browsers and Windows configuration for accessing the Internet.  We recommend looking at the articles: Improve Internet Speed and Restore Browser Speed.  After this, if you are more certain that the firewall is affecting performance, you may want to replace it.  If your PC is encountering issues with viral infections then first look at your antivirus protection, and if you have a top notch AV solution and are still getting breaches, that too would be a reason for looking for a new firewall.

  1. Is a firewall all the protection I need?

In a previous article we covered some myths about antivirus protection and this came up.  We can review briefly here.  As we have described, firewalls can filter nefarious traffic.  However, they cannot protect your PC from files that contain a virus or Trojan.  The reason for this is that firewalls are not able to scan for infected files – you need an antivirus solution specific to this purpose.

Cyber criminals exploit potential security holes and look for ways to openly connect with your PC.  A firewall can minimize this risk and offer the first line of defense.  However, it is not sufficient in blocking the myriad of virus and malware threats that are prevalent.  Malware creators are very clever in disguising data and can even disable your firewall in an effort to steal private or personal data.

Antivirus Protection:In a nutshell… we are pleased to offer CompuClever Antivirus PLUS, an AV solution that delivers 100% protection against both known and unknown viruses, comparable to any first-tier antivirus software like Norton, Kaspersky, Bitdefender, and MacAfee.  As a matter of fact, an independent third-party lab test revealed that our antivirus product not only delivers a high level of protection, it also creates a very low impact to PC performance.

For more information about CompuClever Antivirus PLUS click here: Are You Well Protected?

Turning Windows Firewall On and Off

Microsoft states: “You only need one firewall app on your PC (in addition to the firewall that’s probably built into your network router).  Having more than one firewall app on your PC can cause conflicts and problems.” [1]  It is also good practice to NOT turn off a firewall unless you have another one turned on.

With these safe practices in mind, you can view the status of Windows Firewall and you can turn it off or on.  The easiest way to begin is to type “firewall” in the Search field located in the Start menu.  For more information and instructions specific to your operating system follow one of these links:

Windows 10  / Windows 8 / Windows 7 / Windows Vista / Windows XP

What to Consider if Seeking an Alternative

Here is our list to help you better decide on alternatives to the built-in firewall for Windows.

  1. You need to consider how accurately a firewall solution will identify threats to your system. You do not want it to miss threats but you also do not want it blackball safe and known programs.  No one wants an unending stream of warnings from their firewall for no valid reason.  The very best firewalls handle unknown programs by monitoring them closely for suspicious activity and signs of improper network activity behaviour.
  2. The fewer resources it requires the better. This will allow your system to run programs faster and dedicate resources to perform duties related to regular day-to-day activities.
  3. Supply only the functions you need. Some “suite” applications will include antivirus and performance tools.  If you already have these areas covered by other applications there is no need to pay for bloated software that is inadequate in these other areas.
  4. You will also need to know what kind of coverage you require in terms of the devices you are needing to protect (desktop, laptop, tablet, or phone), and if your solution will suffice.

Other Considerations

Now to finish off with some final points related to installing a new firewall solution.

Install Your Firewall 

There isn’t any one “right” place to install a firewall; it comes down to the devices you use and the programs you run.  If you are looking for a firewall for your business then the normal firewall is not what you need; you need what is known as a “Next Generation Firewall” or, “NGFW’.  These are more sophisticated and expensive, ranging from $500 to $80,000, and are beyond what we will discuss here.

Also, some routers have firewalls built right into them, meaning any system behind them does not need a firewall.  This is useful as it means that there is no performance loss for Windows as a result of a firewall performing checks on data streams.  However, if you have a portable device (like a laptop, tablet, or phone), then you need a firewall installed to the device that can be turned on whenever you connect to the Internet when away from home.

Common Problems

The most common problem in using a firewall is blocking a program you know is good.  When this happens you need to create an “exclusion” or “exception” (search the program help files for those terms).  Effectively, this provides you the ability to override what the firewall would normally do.  Firewalls are designed to run in the background so most people have little to no interaction with these programs once they are installed and exceptions are generated.

Summary

While we haven’t gone into detail about hardware and software firewall technologies and the various viral threats to firewalls, we have covered the basics.  Standard coverage should get you started and you have the option of customizing the onboard Windows Firewall.  As an alternative to Windows, you can follow our introductory guidelines for taking on an alternative firewall solution.  In either event, remember that an effective antivirus solution is part of your fortress of protection.

We would like to thank Richard from our Tech Support team for his first wave of research on this subject.  We will continue to provide story lines like this and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com

[1] http://windows.microsoft.com/en-US/windows-8/Windows-Firewall-from-start-to-finish