|
I guess it's better for this HP Stream I have (with a 16GB drive).OSI bean dip posted:Please tell me how cloud-based anti-virus is different from traditional anti-virus. http://www.pandasecurity.com/usa/homeusers/solutions/free-antivirus/ LIGHT Panda Antivirus protects while you browse, play or work online, and you won´t even notice it's there. It is extremely light as all the work is done in the cloud. EASY This is a truly 'install and forget' solution. You won't have to worry about updates, or complex settings and decisions ever again. It works for you. SECURE It delivers maximum and fast protection against the latest viruses, thanks to cloud-scanning from the Collective Intelligence servers. There's no need for massive signature files on your PC or daily updates.
|
# ¿ Jul 30, 2015 17:50 |
|
|
# ¿ Apr 28, 2024 17:36 |
|
Yep. "Traditional" boo, "cloud" yay!
|
# ¿ Jul 30, 2015 18:06 |
|
Any opinions on the encryption implementation in 7zip? I like to create encrypted archives of my vital files and just scatter them to different cloud services and on flash drives I carry around. Like if I'm on Google Drive, I'll just put up an encrypted 7z of my documents directory in case of disaster, fire, theft, etc. If I'm carrying a new flash drive, I'll toss one on there. Copy one to a folder on my work PC. Leave a flash drive in a junk drawer at my parents' house. Stuff like that. Let's also assume my password's really good and I change it every few months, and keep 'em all in Keepass and that end is all taken care of.
|
# ¿ Oct 31, 2015 21:28 |
|
OSI bean dip posted:For file encryption, rely on 7-Zip for now as it will do the job. This is what I'm leaning toward. I kinda figured that 7zip won't get a whole lot of attention from the security community and I'm risking something by using it, but I have a feeling the more exploitable vulnerabilities have more to do with the creation of the archive, or accessing it, rather than the archive itself. And you shouldn't be accessing personal files on an untrusted system anyway. I'm using VeraCrypt for container or partition encryption, with the hope that it has been inheriting the community scrutiny once due TrueCrypt. But here I'm mostly interested in file encryption, that I can quickly right-click and archive with rather than create a container, predict the size I'll need, and need admin rights somewhere to access (not that I'd ever access personal data on a device I don't have admin rights on, but you never know). Didn't know that Dropbox handled large files in a graceful way that would be conducive to encrypted container use, that's a good possibility as well. That said, is there an encrypted notepad you guys tend to like, or does it make the most sense to just use a favored file encryption software for that? Just to keep private notes in case a flash drive is lost or stolen, not defy the government. I've been using fsekrit (http://f0dder.dcmembers.com/fsekrit.index.php).
|
# ¿ Nov 1, 2015 03:28 |
|
Dylan16807 posted:7-Zip's method of hashing the password a bunch and then using AES-CBC on the entire file is not completely ideal in terms of tamper-resistance, but in terms of keeping people out of your data it's solid, straightforward, and there is so much less code for bugs to hide in. Yeah, if it were available and simple, I'd like stuff that would defeat the NSA, but defeating casual-to-moderate theft or snooping is good enough for these files. Realistically, this is stuff that could be gotten to with a search warrant or careful application of a pipe wrench to my face, not that anyone would be interested in doing either to get at my old work files and terrible poems I wrote in my teens. Thanks for the recommendation on CherryTree, though I'm looking for something dead simple that just makes encrypted text files and is convenient to use and runs on a flash drive with no runtime installation necessary. The other file encryption software I sometimes use from a flash drive is the (old) dscrypt (http://members.ozemail.com.au/~nulifetv/freezip/freeware/) and AxCrypt2Go (http://www.axantum.com/AxCrypt/Downloads.aspx). No need to install, but also not as heavily scrutinized as TrueCrypt or VeraCrypt. Mostly I'm back on VeraCrypt after initially getting spooked by the TrueCrypt's endgame. edit: another option I just thought of for encrypted notes (hierarchical and others) and other organize-y things is EssentialPIM. (http://www.essentialpim.com/pc-version/features#security) doctorfrog fucked around with this message at 05:15 on Nov 1, 2015 |
# ¿ Nov 1, 2015 05:05 |
|
OSI bean dip posted:Updated the OP a bit to clean it up and also added some details on FDE. This doesn't invalidate all concern about VeraCrypt perhaps inheriting any unknown TrueCrypt bugs, but the two issues you cite with TrueCrypt's FDE are marked as fixed (or at least addressed) in VeraCrypt 1.15: https://veracrypt.codeplex.com/wikipage?title=Release%20Notes
|
# ¿ Nov 4, 2015 21:13 |
|
Khablam posted:I took the original 'warning' as blowing smoke at the ex project, and some general advice that there will one day be published vulnerabilities, which won't be touched. Again, the vulnerabilities of TC referred to in the OP have been addressed by VC. VeraCrypt's a project in motion, at least, and you can always convert your TC containters/partitions into VC ones (I think) or even just access them with VC. You're basically right to regard this or any privacy solution with a critical eyeball, and all such software gets old and obsolete with time. Personally I'd go with an open source project that seems to have legs over a Microsoft solution, but I also really value the cross-platform and portable support that VeraCrypt has. On per-file encryption solutions, I've also used dscrypt (http://members.ozemail.com.au/~nulifetv/freezip/freeware/) and Axcrypt (http://www.axantum.com/AxCrypt/), and unless they're vulnerable in ways I'm not aware of they should be ok alternatives to 7zip. dscrypt: Good: simple executable good for flash drives, open source, simple to use, runs fine in Wine. Has a CLI version if you're a wiz with batch files or something. Bad: doesn't recurse directories, doesn't make self-decrypting files, last updated 2009, doesn't recognize when it's encrypted something already, so you can re-encrypt something you've already encrypted, meaning you now have to decrypt it twice. Axcrypt: Good: actively developed, system-integrated with Windows, open/edit/save without manually decrypting/reencrypting. Optionally caches passwords, recurses directories. Has a portable version. Bad: uses user temp directory to store temporarily decrypted files, where they can become stranded if something unexpected occurs, mass-en/de/crypting takes a long time, installer offers poo poo you don't want (open the installer with 7zip and extract the "real" installer first) I was using Axcrypt a bunch after ditching TrueCrypt and it was such a pain in the rear end for heavy office use I re-embraced the TrueCrypt model with VeraCrypt. Honestly what I really oughta be doing is using an FDE solution but I'm so scared something will happen (lose my password in my brains, get a corrupted Keepass database or partition) and all my files will be unreadable garbage, even though I guess that's just as likely if I never encrypt anything at all.
|
# ¿ Nov 7, 2015 23:12 |
|
My experience with Secunia PSI was that it was so slow it wasn't worth using. It would take forever to respond to just clicking around on the interface. PatchMyPC worked pretty well for me for a while, but anyone feel free to shoot it down immediately if it's not really good. These days I just use Ninite and avoid apps that aren't integrated with it, or try to find ones in the PortableApps catalog, since those'll update as well. Grumble time, since MS started its "let's make it difficult not to upgrade to 10" campaign, I find that I now have to check each new patch they roll out to make sure it isn't installing something I didn't ask for and don't want. So I'm checking ghacks.net and windowssecrets.com every patch Tuesday. I don't think I've read a tech blog since the early aughts. I've been using WSUS Offline to install patches in the hopes that their administrative focus steers them away from this kind of nonsense. (edit: yes I am a cane-waving luddite running Win7) I guess if the OS provider is rolling out stuff you don't like it's technically not a security risk, but it somehow feels the same to me: actions beyond your control, without your leave. doctorfrog fucked around with this message at 21:48 on Nov 12, 2015 |
# ¿ Nov 12, 2015 21:45 |
|
Khablam posted:Your worst-case scenario is you get a taskbar icon saying you are compatible. There's no forced updates. A small number of people auto-updated on launch day who had reserved their copy, but this was a bug. Maybe this is enough to make your ludditeness rage you out but there's no real cause for concern. I'm not really angry about it, I just don't like it. So I grumble. That icon's done more than sit there, and some users have had it, and its attending services, come back even after removal. This, plus telemetry--something "harmless" but still, something I didn't ask for and don't want--and a rumored future push to make the Windows 10 upgrade a higher level update, means I feel like I have to comb through all their patches just in case. There may be a difference in philosophy here also. I view the PC as a sort of digital house that I own. All my stuff is on there, work, play, family photos, stuff I've written, etc. I do all my work on PC. I prefer to have a level of control over this house of stuff that maybe you don't feel you need. I also have an HP Stream laptop running Win 8.1, a cheap but decent machine, with a tiny SSD. I haven't a clue what W10's storage demands will be, or how it will perform on it. This is all stuff that's my problem, but I view these as practical concerns.
|
# ¿ Nov 14, 2015 20:32 |
|
John Lightning posted:Anyone else get a Malware warning from Windows 10 when trying to install the latest version of Keepass v2.31? The website says to ignore it and Malwarebytes didn't get any hits when scanning it so I assume Windows is just being dumb or something right now. W8 seemed to complain about the same thing. Not sure what the beef was, and it didn't seem to come with any weird stuff from Sourceforge (which reportedly started packing adware into stale project downloads).
|
# ¿ Jan 11, 2016 02:35 |
|
Speaking of crazy persons: http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2 Is there anything to this alarming/alarmist piece? Even if you didn't know John McAffee wrote it?
|
# ¿ Feb 29, 2016 01:21 |
|
Just generally speaking, is it likely possible to remotely switch on a webcam (either permanently soldered to a laptop screen or connected to a desktop PC via USB) and not also switch on the little light that says it's activated? I realize this is asking for a few assumptions about a very wide range of products, and may be stupid, so you may also think of it as me asking whether you personally put black tape over your webcams when not using them.
|
# ¿ Jun 12, 2016 01:39 |
|
Doesn't that just bring me back. Not at all security related, but I once made use of both Wizmo (https://www.grc.com/wizmo/wizmo.htm) and Trouble In Paradise (https://www.grc.com/tip/clickdeath.htm). The latter was regarding Zip drives and the infamous "click of death."
|
# ¿ Aug 29, 2016 07:02 |
|
Latest build of KeePass has a "hey idiot" sheet you can print out and write your password on, and keep someplace secure. Something you'd keep with your will, that kinda thing.
|
# ¿ Nov 8, 2017 19:05 |
|
|
# ¿ Apr 28, 2024 17:36 |
|
Here's your runic password generator https://watabou.itch.io/rune-generator To use it, scratch your password into your skin with a fingernail, and hold it up to the webcam. Your unique skin texture and password will open your computer-thing. Please use the disposable sloughing pad to remove the password from your skin after use, for added security.
|
# ¿ Mar 12, 2021 23:49 |