Transform Your Wireshark Workflow with Brim on Linux

Wireshark Is Great, But . . .

Wireshark is a wonderful piece of open-source software. It’s used by amateurs and professionals alike worldwide to investigate networking issues. It captures the data packets that travel down the wires or through the ether of your network. Once you’ve captured your traffic, Wireshark allows you to filter and search through the data, trace conversations between network devices, and much more.

As great as Wireshark is, though, it does have one issue. Network data capture files (called network traces or packet captures), can get very large, very quickly. This is especially true if the issue you’re trying to investigate is complex or sporadic, or the network is large and busy.

The larger the packet capture (or PCAP), the more laggy Wireshark becomes. Just opening and loading a very large (anything over 1 GB) trace can take so long, you’d think Wireshark had keeled over and given up the ghost.

Working with files of that size is a real pain. Every time you perform a search or change a filter, you have to wait for the effects to be applied to the data and updated on the screen. Each delay disrupts your concentration, which can hinder your progress.

Brim is the remedy for these woes. It acts as an interactive preprocessor and front-end for Wireshark. When you want to see the granular level Wireshark can provide, Brim instantly opens it for you exactly on those packets.

If you do a lot of network capture and packet analysis, Brim will revolutionize your workflow.

Installing Brim

Brim is very new, so it hasn’t yet made its way into the software repositories of the Linux distributions. However, on the Brim download page, you’ll find DEB and RPM package files, so installing it on Ubuntu or Fedora is simple enough.

If you use another distribution, you can download the source code from GitHub and build the application yourself.

Brim uses zq, a command-line tool for Zeek logs, so you’ll also need to download a ZIP file containing the zq binaries.

Installing Brim on Ubuntu

If you’re using Ubuntu, you’ll need to download the DEB package file and zq Linux ZIP file. Double-click the downloaded DEB package file, and the Ubuntu Software application will open. The Brim license is mistakenly listed as “Proprietary”—it uses the BSD 3-Clause License.

Click “Install.”

Click "Install."

When the installation is complete, double-click the zq ZIP file to launch the Archive Manager application. The ZIP file will contain a single directory; drag and drop it from the “Archive Manager” to a location on your computer, like the “Downloads” directory.

We type the following to create a location for the zq binaries:

sudo mkdir /opt/zeek

sudo mkdir /opt/zeek in a terminal window.

We need to copy the binaries from the extracted directory to the location we just created. Substitute the path and name of the extracted directory on your machine in the following command:

sudo cp Downloads/zq-v0.20.0.linux-amd64/* /opt/Zeek

sudo cp Downloads/zq-v0.20.0.linux-amd64/* /opt/Zeek in a terminal window.

We need to add that location to the path, so we’ll edit the BASHRC file:

sudo gedit .bashrc

sudo gedit .bashrc in a terminal window.

The gedit editor will open. Scroll to the bottom of the file, and then type this line:

export PATH=$PATH:/opt/zeek

The BASHRC file in the gedit editor with the line export PATH=$PATH:/opt/zeek.

Save your changes and close the editor.

Installing Brim on Fedora

To install Brim on Fedora, download the RPM package file (instead of the DEB), and then follow the same steps we covered for the Ubuntu installation above.

Interestingly, when the RPM file opens in Fedora, it’s correctly identified as having an open-source license, rather than a proprietary one.

Launching Brim

Click “Show Applications” in the dock or press Super+A. Type “brim” in the Search box, and then click “Brim” when it appears.

Type "brim" in the Search box.

Brim launches and displays its main window. You can click “Choose Files” to open a file browser, or drag and drop a PCAP file in the area surrounded by the red rectangle.

The Brim main window after startup.

Brim uses a tabbed display, and you can have multiple tabs open simultaneously. To open a new tab, click the plus sign (+) at the top, and then select another PCAP.

Brim Basics

Brim loads and indexes the selected file. The index is one of the reasons Brim is so fast. The main window contains a histogram of packet volumes over time, and a list of network “flows.”

The Brim main window with a PCAP file loaded.

A PCAP file holds a time-ordered stream of network packets for a great many network connections. The data packets for the various connections are intermingled because some of them will have been opened concurrently. The packets for each network “conversation” are interspersed with the packets of other conversations.

Wireshark displays the network stream packet by packet, while Brim uses a concept called “flows.” A flow is a complete network interchange (or conversation) between two devices. Each flow type is categorized, color coded, and labeled by flow type. You’ll see flows labeled “dns,” “ssh,” “https,” “ssl,” and many more.

If you scroll the flow summary display left or right, many more columns will be displayed. You can also adjust the time period to display the subset of information you want to see. Below are a few ways you can view data:

  • Click a bar in the histogram to zoom in on the network activity within it.
  • Click and drag to highlight a range of the histogram display and zoom in. Brim will then display the data from the highlighted section.
  • You can also specify exact periods in the “Date” and “Time” fields.

Brim can display two side panes: one on the left, and one on the right. These can be hidden or remain visible. The pane on the left shows a search history and list of open PCAPs, called spaces. Press Ctrl+[ to toggle the left pane on or off.

The "Spaces" pane in Brim.

The pane on the right contains detailed information about the highlighted flow. Press Ctrl+] to toggle the right pane on or off.

A highlighted "Fields" pane on Brim.

Click “Conn” in the “UID Correlation” list to open a connection diagram for the highlighted flow.

Click "Conn."

In the main window, you can also highlight a flow, and then click the Wireshark icon. This launches Wireshark with the packets for the highlighted flow displayed.

Click the Wireshark icon in the Brim main window.

Wireshark opens, displaying the packets of interest.

Packets selected from Brim displayed in Wireshark.

Filtering in Brim

Searching and filtering in Brim are flexible and comprehensive, but you don’t have to learn a new filtering language if you don’t want to. You can build a syntactically correct filter in Brim by clicking fields in the summary window, and then selecting options from a menu.

For example, in the image below, we right-clicked a “dns” field. We’re then going to select “Filter = Value” from the context menu.

A context menu in the summary window.

The following things then occur:

  • The text _path = "dns" is added to the search bar.
  • That filter is applied to the PCAP file, so it will only display flows that are Domain Name Service (DNS) flows.
  • The filter text is also added to the search history in the left pane.

A summary screen filtered by DNS.

We can add further clauses to the search term using the same technique. We’ll right-click the IP address field (containing “192.168.1.26”) in the “Id.orig_h” column, and then select “Filter = Value” from the context menu.

This adds the additional clause as an AND clause. The display is now filtered to show DNS flows that originated from that IP address (192.168.1.26).

A summary screen filtered by flow type and IP address.

The new filter term is added to the search history in the left pane. You can hop between searches by clicking the items in the search history list.

The destination IP address for most of our filtered data is 81.139.56.100. To see which DNS flows were sent to different IP addresses, we right-click “81.139.56.100” in the “Id_resp_h” column, and then select “Filter != Value” from the context menu.

Summary screen with a search filter containing an "!=" clause.

Only one DNS flow that originated from 192.168.1.26 wasn’t sent to 81.139.56.100, and we’ve located it without having to type anything to create our filter.

Pinning Filter Clauses

When we right-click an “HTTP” flow and select “Filter = Value” from the context menu, the summary pane will display only HTTP flows. We can then click the Pin icon next to the HTTP filter clause.

Click the Pin icon.

The HTTP clause is now pinned in place, and any other filters or search terms we use will be executed with the HTTP clause prepended to them.

If we type “GET” in the search bar, the search will be restricted to flows that have already been filtered by the pinned clause. You can pin as many filter clauses as necessary.

"GET" in the Search box.

To search for POST packets in the HTTP flows, we simply clear the search bar, type “POST,” and then press Enter.

"POST" in the Search box executed with the pinned "HTTP" clause.

Scrolling sideways reveals the ID of the remote host.

The remote "Host" column in the Brim summary screen.

All the search and filter terms are added to the “History” list. To reapply any filter, just click it.

The auto-populated "History" list.

You can also search for a remote host by name.

Searching for "trustwave.com" in Brim.

Editing Search Terms

If you want to search for something, but don’t see a flow of that type, you can click any flow and edit the entry in the search bar.

For example, we know there must be at least one SSH flow in the PCAP file because we used rsync to send some files to another computer, but we can’t see it.

So, we’ll right-click another flow, select “Filter = Value” from the context menu, and then edit the search bar to say “ssh” instead of “dns.”

We press Enter to search for SSH flows and find there’s only one.

An SSH flow in the summary window.

Pressing Ctrl+] opens the right pane, which shows the details for this flow. If a file was transferred during a flow, the MD5, SHA1, and SHA256 hashes appear.

Right-click any of these, and then select “VirusTotal Lookup” from the context menu to open your browser at the VirusTotal website and pass in the hash for checking.

VirusTotal stores the hashes of known malware and other malicious files. If you’re unsure whether a file is safe, this is an easy way to check, even if you no longer have access to the file.

The hash context menu options.

If the file is benign, you’ll see the screen shown in the image below.

A "No Matches Found" response from the VirusTotal site.

[mai mult...]

How to Stop iTunes from Opening Automatically on Windows 10

iTunes Logo on a Blue Background

Have you ever wanted to charge your iPhone or iPad using a cable hooked to your Windows 10 PC, but every time you plug it in, iTunes starts up? It can get annoying pretty quickly. Here’s how to fix it.

The culprit is a small Apple program that runs in the background called “iTunes Helper.” This program gets installed when you install iTunes, and it detects when an Apple device is plugged into a USB port and opens iTunes automatically. To prevent this from happening, we need to disable iTunes Helper. Here’s how.

First, right-click the Windows 10 taskbar at the bottom of the screen, and select “Task Manager” from the menu that pops up.

Right-click on the taskbar and select "Task Manager."

In Task Manager, click “More Details” at the bottom of the window.

In Task Manager, click "More details."

After the Task Manager window expands, click the “Startup” tab.

In Task Manager, click the "Startup" tab.

In the “Startup” tab, locate the entry called “iTunes Helper,” and click it once to select it. Then click the “Disable” button in the lower-right corner of the window.

(You will also see another entry in the list called “iTunes Mobile Device Helper,” but leave it alone. Disabling “iTunes Mobile Device Helper” will prevent iTunes from being able to sync with your Apple mobile devices.)

In Task Manager Startup tab, disable "iTunes Helper."

After that, close Task Manager and either sign out and sign back in, or restart your PC. The next time your plug in your iPhone, iTunes will not appear.

Want to skip the restart or log out? You can also just end the iTunes Helper process. Click over to the “Processes” tab, locate “iTunesHelper” in the list, right-click it, and select “End Task.”

End iTunes Helper task in Task Manager.

[mai mult...]

How to Disable Store App Update Notifications on Windows 10

By default, Windows 10 displays notification pop-ups when the Store automatically installs app updates. You’ll see a notification saying an app “Just got updated, check it out.” If you’d rather not see those, here’s how to turn them off.

For example, we saw this notification when Windows 10 automatically updated “Gaming Services,” a background service. There’s no way to “check out” a background service—unless you want to fire up a game from Xbox Game Pass for PC—so we decided to just disable these.

A Store notification on Windows 10 saying an app "Just got updated, check it out."

The Store’s notification options are located in the “Settings” app. To launch it, open the “Start” menu and click the “Settings” icon at the left side of the screen, or press Windows+i.

Clicking the "System" icon in Windows 10 Settings.

In the “Settings” window, head to System > Notifications & Actions. Scroll down to the “Get Notifications From These Senders” section.

Look for the “Microsoft Store” option in the list. If the Store sent you a recent notification, you will see it at the top of the list is sorted by “Most Recent.” Click the “On” switch to turn it to “Off.” The Store won’t show you update notifications anymore.

Disabling Microsoft Store notifications in the Settings app.

That’s it. We still recommend you leave the Store’s automatic updates enabled for security reasons, as Microsoft now sometimes issues security updates through the store.

However, you don’t need the Store notifying you when it installs these updates.

(Also, if you do disable automatic updates, you won’t see notifications when updates are available. We’ve only seen the Store send notifications after installing an update—not when a notification is available—so these notifications won’t help you manually install updates.)

[mai mult...]

How to Set an App Time Limit on iPhone and iPad

Screen Time Settings

With the arrival of iOS 12, Apple made a big song and dance about digital wellbeing. The App Limits feature that came with it lets lock apps after a given amount of time. Here’s how it works.

App Limits is precisely what it sounds like; it limits the amount of time you can spend using a particular app. You specify the apps (or whole categories of apps) and iOS will refuse to launch them when you’ve reached the allotted time. It’s great for limiting how much time children spend on apps like YouTube, for example, but can also help you if you struggle setting limits on things like your social media addiction.

By the way, even after you reach an App Limit, you can override it by entering a passcode. That means you will never be locked out of your apps completely (unless you don’t know the code), but setting the limit still might be enough to give you pause when opening Instagram for the millionth time at 3 am.

How to Set an App Limit for a Specific App

To kick things off, open the Settings app and then tap “Screen Time.”

Tap Screen Time

You’ll see a graph at the top of the next screen. Either tap the graph or the “All Devices” option directly above it.

Tap All Devices

Scroll down to the list of apps you’ve been using and then tap the app for which you want to set a new limit.

Tap the app you want to limit

Tap the “Add Limit” button at the bottom of the screen.

Tap Add Limit

Finally, set a time limit by scrolling the hours and minutes. If you’d like to set a limit for different days of the week, tap “Customize Days.”

Select a time limit

Tap “Add” to apply the changes and set the app limit.

Tap Add

How to Set an App Limit for a Whole Category of Apps

Again, the process starts in the Settings app. Tap “Screen Time” to view all settings related to digital wellbeing.

Tap Screen Time

Next, tap “App Limits.”

Tap App Limits

Tap “Add Limit.”

Tapp Add Limit

Tap to select any categories for which you want to create a new limit and then tap “Next” to continue.

Select categories, tap Next

Select the time limit you would like to apply and again, if you want to set different limits for specific days, tap “Customize Days.” Tap “Back” when complete.

Select a time limit

You’re all set, and you can set additional limits if you want, too.

[mai mult...]

How to Stop Your Google Home From Recording All Your Conversations

Google Home Hub with a Microphone in front of it.

Google may be storing everything you say to your Google Home and keeping the recordings forever, just as Alexa does. Google recently changed the default behavior not to keep the recordings. But that change only affected new users—not existing ones.

Google Home Records What You Say

Google voice recordings showing the"favorite this photo" and "but will do even better scientific"
The second result is a false positive. A TV character said: “Ok people, we’ll do even better! Scientific!”

Your Google Home spends most of its time listening for its wake words, “Hey Google” or “OK Google.” The device then records everything you say after the wake word and sends it to Google’s servers for parsing. Google needs to store these recordings temporarily. But Google may be storing what you say forever.

As the Washington Post points out, keeping the recordings forever used to be the default behavior, but it isn’t anymore. Google now makes you opt-in to sending the company your voice recordings. However, Google only made the change for new users and not existing users. If your account previously sent voice recordings to Google, it will keep doing so until you turn it off.

We’ve covered before why companies keep your data like this, but it’s pretty straight forward. Artificial Intelligence isn’t very intelligent, and as far as voice assistants have come, they still miss the mark frequently. As Amazon does for Alexa, Google employs humans to listen to your commands, compare them to what the Assistant thought it heard, and how it responded. Google uses this process to improve its results or learn what features users want implemented that don’t exist yet.

Trying to improve Google assistant is a good thing, but changing the default behavior from opt-out to opt-in is even better. Google is way ahead of Amazon on this front—with Alexa the default is still to record and worse yet, you can’t opt out at all.

How to Stop Google From Collecting Voice Recordings

Voice & Audio Activity dialog with box around toggle

If you’re an existing user working under the old defaults, the good news is you can tell Google to stop collecting your voice recordings. The even better news is it’s incredibly easy to do.

To stop this, go to Google’s Activity Controls website. Scroll to “Voice & Audio Activity” and toggle it off. You will see a warning that states Google devices may not understand you when you say “Hey Google,” but we think it’s old warning text. In our testing, commands still work.

Click the “Pause” option at the bottom of the warning.

Warning dialog with box around pause option.

You’ll need to repeat this process with every Google account you’ve connected to your Google Home. This setting applies to every device you can say “Hey Google” to, from your phone to a Nest Home Hub (formerly known as a Google Home Hub) to a Lenovo smart display.

How to Delete All Your Voice Recordings

Now that you’ve turned voice collection off, you can delete what Google already has. Just click on “Manage Activity” beneath the toggle on the Activity Controls website.

Voice & Audio activity dialog with box around Manage Activity

Click “Delete activity by” in the upper left corner of the page.

Voice activity dialog with arrow pointing to "Delete activity by"

Choose which recordings you want to delete. To delete everything, click the box under “Delete by Date” and select “All Time.”

Delete by topic or product dialog with arrows pointing to today dropdown and all time option

Finally, click “Delete” to delete the selected recordings.

Delete by topic or product dialog with arrow pointing to delete option.

It’s great that Google enabled a more privacy-sensitive option for new users. We wish Google had made the change retroactive, however. Hopefully, Amazon follows in stride and gives everyone similar controls in the future.

[mai mult...]

Why You Shouldn’t Use Your ISP’s Default DNS Server

Your computers, phones, and other devices normally use the Domain Name System (DNS) server with which the router is configured. Unfortunately, this is often the one provided by your Internet Service Provider (ISP). These lack privacy features and also might be slower than some alternatives.

DNS was designed nearly 40 years ago, and it hasn’t evolved much since. It’s entirely unencrypted. This means it offers the same level of protection against nosy third parties as unsecured HTTP traffic, which is not much at all. Even if you use HTTPS, any third party in the middle of your traffic can see the websites to which you’re connecting (but not the contents of your visit). For example, on a public Wi-Fi network, the operator of that network could monitor which websites you visit.

The solution to this issue is DNS over HTTPS (DoH). This new protocol simply encrypts the contents of a DNS query so third parties can’t sniff it out. Major DNS providers, like Cloudflare, OpenDNS, and Google Public DNS, already support it. However, Chrome and Firefox are also in the process of rolling it out.

Aside from the privacy improvements, DoH prevents any tampering with DNS queries in transit. It’s just a more secure protocol, and everyone should use it.

However, even if you enable DoH in your browser, it’s up to the DNS provider to implement it. Most home network connections are configured by default to use the ISP’s DNS servers, which probably don’t support DoH. If you haven’t changed it manually, this is probably the case with your browser and operating system.

There are some exceptions, though. In the U.S., Mozilla Firefox is automatically enabling DNS over HTTPS and using Cloudflare’s DNS servers. Comcast’s DNS servers support DoH and work with Google Chrome and Microsoft Edge.

Generally, though, the only way to really get DoH is to use a different DNS service.

Your ISP Can Log Your Browsing History

If you care at all about privacy online, using your ISP’s DNS server is a massive problem. Every request sent can be logged and tells your ISP which websites you browse, down to the hostnames and subdomains. Browsing history like this is the kind of valuable data off of which many companies make huge profits.

Many ISPs, including Comcast, claim they don’t log customer data. However, Comcast actively lobbied against DoH. Although U.S. ISPs claim they don’t collect data, (and even though it’s legal to do so), it would be very easy to implement since they control the DNS servers you use. The FTC was concerned enough to investigate whether ISPs are doing this. Laws and regulations in other countries vary, so it’s up to you whether you trust your ISP.

It’s worth noting that Comcast has adopted DoH, but this doesn’t protect your privacy when it comes to the company monitoring your DNS queries. DoH secures the connection between you and the DNS provider, but, in this case, Comcast is the DNS provider and, therefore, can still see the queries.

Of course, DNS isn’t the only way ISPs track you. They can also see the IP addresses you connect to, regardless of which DNS server you use. They can glean a lot of information about your browsing habits this way. Changing DNS servers won’t stop your ISP from tracking, but it will make it a little harder.

Using a virtual private network (VPN) for your daily browsing is the only real way to prevent your ISP from seeing what you’re connecting to online. You can check out our guide on VPNs to learn more about them.

Third-Party DNS Servers Might Be Faster, Too

In addition to privacy concerns, DNS services provided by ISPs can be slower than Google or Cloudflare. This isn’t always the case, as your ISP will generally be closer to you than a third party, but many people get faster speeds with a third-party DNS server. It’s usually just a difference of milliseconds, though, which might not matter much to you.

Which Public DNS Server Should You Use?

If you want to switch to a public DNS server, you have a few options. The most common is Google’s Public DNS, which use the addresses 8.8.8.8 and 8.8.4.4.

If you trust Google less than your ISP, you can also use CloudFlare’s DNS, which claims to be the fastest and takes a privacy-first stance. The main address for it is 1.1.1.1, with an alternate of 1.0.0.1.

Lastly, you can also use OpenDNS, from Cisco. You can find the addresses for that here.

How to Change Your DNS Settings

The best way to change your DNS settings is at the router level. If you change your DNS server on your router, this change will apply to every device on your home network.

To get started, type either 192.168.1.1 or 10.0.0.1 to log in to your router.

A router "Login" page.

The exact location of the DNS setting varies depending on which router you have. However, it should be somewhere in the network settings.

For example, on a Verizon router, it’s under My Network > Network Connections > Broadband > Edit. Once there, you can change the address manually and replace your ISP’s automatic servers.

router DNs settings

If you have any trouble finding it, just do a Google search for your router model to find out where this setting is.

If you’re in a situation in which you can’t change the DNS settings on the router (like a college dorm or another location where you don’t control the Wi-Fi), you can still change the settings for your specific device. We’ll show you how to change these settings on a Mac and Windows machine (go here to find out how to change these on an Android phone or iPhone).

On a Windows machine, open “Control Panel” from the Start menu, and then navigate to the “Network and Sharing Center.” In the sidebar, click “Change Adapter Settings.”

You should see a list of your network devices on both Ethernet and Wi-Fi. If you want to change the settings for both, you’ll have to repeat the following instructions for each device.

Right-click the first device for which you want to change the DNS settings, and then click “Properties.”

Click "Change Adapter Settings," right-click the device for which you want to change the settings, and then click "Properties."

Select “Internet Protocol Version 4” from the list.

Select "Internet Protocol Version 4."

In the dialog box that appears, select the radio button next to “Use the Following DNS Server Addresses,” type your preferred DNS server addresses, and then click “OK.”

Type the DNS server addresses, and then click "OK."

On a Mac, you’ll find this option in “System Preferences” under “Network.” Click “Wi-Fi” or “Ethernet,” and then click “Advanced” at the bottom of the menu.

Click "Wi-Fi," and then click "Advanced."

Under the “DNS” tab, you can modify the DNS settings for your device. Click the plus (+) or minus (-) signs at the bottom to add or remove servers.

DNS tab

How to Enable DNS Over HTTPS (DoH)

If you want to enable DoH on your browser, you can do so on Chrome, Firefox, and Microsoft Edge.

On Chrome, go to chrome://flags/#dns-over-https, and then select “Enabled” from the drop-down menu. Relaunch Chrome for the changes to take effect.

Select "Enabled" from the drop-down menu.

In Firefox, the option is a bit buried. Open the menu and go to Options > General. Scroll down and click “Settings” at the bottom. Select the checkbox next to the “Enable DNS over HTTPS” option. You can also select a DNS provider manually here if you prefer.

Select the "Enable DNS over HTTPS" option.

[mai mult...]

How to Add Exclusions in Windows Defender on Windows 10

Windows Defender, integrated into Windows 10, runs in the background and scans your files for malware. To improve performance for tasks like compiling code or running virtual machines, you can add an exclusion and Windows Defender will never scan those files. Exclusions can also help if you’re running into false positives where Windows Defender marks legitimate files as malware.

First, we need to launch Windows Security to change some settings. Open the Start menu and type “Windows Security.” Then, select the “Windows Security” app.

Launch Windows Security from Start menu in Windows 10

In Windows Security, navigate to “Virus & Threat Protection.” Then, click “Manage Settings.”

Click manage settings in Windows Security on Windows 10

In “Virus & Threat Protection Settings,” scroll down to the very bottom of the page, and click “Add or Remove Exclusions.”

Select add or remove exclusions to Windows Defender in Windows 10

On the Exclusions page, you can add or remove files that you want to exclude from Windows Defender scans. To add an exclusion, click the “Add An Exclusion” button beside the large plus symbol (+).

Click Add an exclusion in Windows Security Settings for Windows 10

A small menu will pop up allowing you to define your exclusion by File, Folder, File type, or Process.

Exclusion types menu in Windows Security for Windows 10

What you choose depends on what type of exclusion you are trying to make. Here’s what each choice does.

  • File: If you select this, a box will pop up allowing you to browse your computer to select a single file that will be excluded from future scans. Select the file you’d like, then click “Open.”
  • Folder: Like the File option, this will let your browse your computer for a specific folder to exclude from scans. The folder’s contents and subfolders will be excluded as well.
  • File type: A box will pop up asking you to enter a file extension (e.g., “.MID”) representing the file type that you’d like to exclude. All files of that type will be excluded from future scans. This one is dangerous because you might accidentally exclude a large class of potentially hazardous files, such as PDF or DOC files.
  • Process: A pop-up will ask you to enter the name of a process (a running program, i.e., “explorer.exe”) to exclude from scans. If a certain program you know is safe keeps getting flagged by Defender, you can enter it here.

Select one of these options and make the necessary selections in the pop-up dialog that follows.

Selecting a file to exclude from Windows Defender scans in Windows Security Settings for Windows 10

Once you add an exclusion, it will show up in a list on the Exclusions page.

A list of Windows Defender scan exclusions in Windows 10

If you’d like to remove an exclusion you’ve already defined, hover your mouse cursor over the item until the downward-pointing carat arrow appears, then click the “Remove” button that pops up.

Removing an exclusion from Windows Defender scan settings in Windows 10

When you’re all done, close Windows Security and your settings will be saved. The next time your system does a Defender scan, the items you added to the exclusions list will no longer cause trouble.

[mai mult...]

Do You Need Anti-Ransomware Software for Your PC?

Unlike other types of malware, you can’t just clean up ransomware and go on with your day. A run-of-the-mill virus won’t destroy all your data and backups. That’s why ransomware is a hazard you need to prepare for in advance.

“If you weren’t running ransomware protection,” said Adam Kujawa, director of Malwarebytes Labs. “If you haven’t secured your backups in advance, then you really are out of luck.”

Are You at Risk?

Sure, a ransomware attack can be bad, but not all hazards carry the same level of risk. For example, a killer asteroid strike is a known hazard. Should we spend trillions of dollars building a defense against a threat that only occurs once every 100 million years? Not necessarily, because the risk of actual impact is pretty low.  So, when it comes to ransomware, you have to consider what your level of risk is for permanent data loss.

Part of your risk assessment is considering how prepared you are for an attack. There are several things you can do to make your data relatively safe. Because ransomware can and will encrypt any files it finds on your PC or a connected network, choose a backup solution that doesn’t make your files easily accessible.

One such solution is “air gapping” your backup drive, which means it isn’t connected to your PC or network constantly. Another option is a backup tool that uses versioning, so you can restore versions of your files that predate any catastrophe. If you have a secure, isolated backup, a ransomware attack might be inconvenient, but you can shake it off without too much difficulty.

Combined with common-sense precautions, like not clicking links you don’t trust, this is all fairly standard computer hygiene. There are also some easy ways you can add ransomware protection to your PC without installing yet another security program. Your existing antivirus package might already offer some protection. For example, if you use Windows Defender, Windows 10’s default antivirus, it has some built-in ransomware protection, but it’s turned off by default.

If you enable Windows Defender’s “Controlled Folder Access” ransomware protection, the software will protect common folders, like Documents and Pictures, from unauthorized changes. If a ransomware app can’t access your Documents folder, it can’t encrypt your files—game, set, match! There are also free apps, like Trend Micro’s RansomBuster, that work the same way.

The "Ransomeware Protection" menu in Windows Defender.

Unfortunately, this approach isn’t foolproof and can be annoying in practice. Many programs legitimately need to access your document folders routinely, so you might have to field a lot of permission popups.

Ransomware Is Still a Serious Threat

Some experts think the heat isn’t on home computers. Criminals tend to focus their efforts on victims with deep pockets. Check Point’s just-published Cyber Security Report 2020 agrees with that assessment:

“In 2019, we saw an escalation of sophisticated and targeted ransomware exploits. Specific industries were heavily victimized, including state and local government and healthcare organizations.”

Headlines in 2019 were filled with stories about these attacks, including successful assaults on more than 70 state and local governments. If you’re not a bank or city government, you might have less to worry about from ransomware in 2020 than you did several years ago, as current ransomware attacks are more targeted.

Additionally, a 2019 study on ransomware trends by RecordedFuture noted the overall number of ransomware campaigns might be steadily climbing, but “the truth is that most of these campaigns are ineffective and die out quickly.”

This is good news for your home computer—especially if you don’t want to run yet another cybersecurity app. However, we’re not out of the woods quite yet.

The "Active Protection" menu in the Acronis True Image ransomware software.

All of this means you might be relatively safe in the short-term, but it’s still a good idea to protect yourself with some ransomware prevention software. While home computers were relatively defenseless for several years, there are now many anti-ransomware packages you can choose from—both free and paid.

Even standard antivirus packages now routinely offer some level of anti-ransomware protection. However, many of these (and most free packages) rely on the same technology traditional antivirus programs do. They detect the signatures of known software to recognize malware. The downside of this approach, of course, is that it leaves you vulnerable to zero-day infections.

In contrast, most stand-alone ransomware packages, like Acronis Ransomware Protection, Check Point ZoneAlarm Anti-Ransomware, and Malwarebytes Anti-Ransomware Beta, detect malware by its behavior. These programs monitor the activity of apps and quarantine processes that take suspicious actions, like generating an encryption key or starting to encrypt files. This makes these programs dramatically more effective at stopping ransomware in its tracks, whether it’s a known strain, a brand-new threat, or a hybrid (both a virus and ransomware) malware. And yeah, that’s a new thing to worry about.

The ZoneAlarm Anti-Ransomware software.

“We’re seeing more malware families adopting ransomware capabilities,” said Kujawa. “Where previously it might’ve just stolen some information, now, once it does that, it might ransom your system and ask you for money.”

Whichever method you choose to protect your PC and data, just remember: When it comes to ransomware, prevention and preparation are critical. And the problem will probably only get worse. As Kujawa lamented: “Ransomware is the nightmare of my career.”

[mai mult...]

How to Protect Your Smarthome from Attack

Smart home security and protection symbol.

Every new device you introduce into your smarthome is another device that can be attacked. You can secure your smarthome with simple steps like locking down your router and taking proper care of the gadgets in your smarthome.

Modern wireless wi-fi router close up
Most smarthome devices require access to the internet to work correctly. While not all devices connect directly to the internet (like z-wave bulbs), those that don’t typically connect to a hub or other device to gain internet access. So in many ways, the single most significant point of vulnerability is your router.

And securing your router should be your first step. You should change your default admin password used access the router. Update the router’s firmware if it’s out of date, and enable encryption. Always use a complicated password unique to your Wi-Fi router. With a standard (not-Mesh) router, you can accomplish all of this from the router’s web interface. All you need is to find your router’s IP address. Mesh routers, on the other hand, don’t have a web interface. You’ll make the changes from an app.

If your router’s manufacturer isn’t offering new firmware anymore, you should consider replacing it. While we usually say most people don’t need a Mesh router for their homes, smarthomes do benefit from them. You gain better coverage for all your Wi-Fi devices, and most Mesh routers automatically update the firmware and offer additional protection services as a subscription.

Use Unique Passwords for Every Device
Dashlane interface, showing password health.
Password managers aren’t just for websites; they have other useful features too. Dashlane

Many smarthome devices require a password when you set them up. Usually, that involves downloading an app and creating a user account. In some cases, like Z-wave light bulbs, you’ll create a single account for a Hub to use with several devices.

Every device you create an account for should have a unique, complicated password. If you reuse passwords across services and smarthome devices, you run the risk of a single compromised unit leading to additional points of vulnerabilities across your home. If you don’t already, consider using a password manager. Services like LastPass or Dashlane can help you create and keep track of long and complicated passwords. You might think password managers are only for saving website credentials, but you can save any kind of password in them. Additionally, you can store secure notes, files, bookmarks, and more in a password manager.

Turn on Two-Factor Authentication Wherever Available

An open padlock with key inserted.

Two-factor authentication is an extra layer of security beyond the simple password. With two-factor authentication, after you provide your password, you then give additional proof of identity. Typically that comes in the form of a code, either randomly generated by a phone app or sent to you through a text or phone call.

Unfortunately, offering two-factor authentication isn’t very common in smarthome devices, but that’s starting to change. Nest and Wyze both offer two-factor authentication now. Security cameras are the devices most likely to have two-factor authentication, and you should absolutely use it with them. As one couple found out, rather than try to break through your router, an attacker may have an easier time using stolen credentials to log into the accounts associated with your smarthome devices. Two-step authentication can help prevent that from happening. Check the apps associated with your smart devices wherever possible turn it on. We recommend pairing two-factor authentication with an authenticator app, like Google Authenticator for iOS and Android.

Update Firmware on All Your Devices Regularly

Just like your router, you should update the firmware for all your smarthome devices regularly. Firmware is essentially the software built into your hardware—it determines the features and capabilities of your hardware. Manufacturers regularly find problems and patch them, and often add new features along the way.

Generally, you can update most smarthome devices through an app. That includes Z-wave and ZigBee gadgets you connect to a smart hub. You’ll check the smart hub’s app for those updates. If the manufacturer no longer supports a smarthome device you have installed, you should replace it as soon as possible. If you aren’t sure, check the manufacturer’s website.

Buy Only From Reputable, Well-Known Companies
An amazon search results showing over 20 smart plugs.
If you search Amazon for smart plugs, you’ll find dozens of options from dozens of manufacturers. Some you may have heard of, many will likely be entirely unfamiliar. It can be tempting to go with the cheapest option that promises the features you want, but you should investigate the company first.

Most smarthome device you introduce into your home communicate with servers in the cloud. The question is: “who owns those servers?” When you’re looking at a recently released product from an unknown manufacturer, there’s no way to know for sure where it communicates until someone tests it. Unless you’re a security researcher who enjoys the challenge, you probably shouldn’t be the guinea pig.

And besides that, the biggest problem with smarthomes is that your devices might stop working. The company can go under, disappear, or decide to move on to a newer product and end support.
Sticking with a large well-known company doesn’t guarantee that won’t happen, as seen when Lowe’s killed off Iris. But what you do get is a track record to examine. By looking over the company history, you can see how viable it is, and whether or not the company supports its products for mere months or years.

And with an established history, you can even see what a company handles failure. Wyze, the maker of some of the least expensive smarthome products you can ask for, ran into an issue where camera feed traffic went through servers in China. The company explained what happened, why it happened, and how it was going to fix it.

You may not like that it happened at all, but at least you know so you can make an informed decision on whether or not to buy the product, and that’s the point. If you found a product from a new manufacturer, try to find reviews from multiple sites. If all you can find is Amazon reviews, check Fakespot to see if the reviews are real. Try to find any history you can before making the purchase. If you can’t find established history and real reviews, skip the gadget.

Don’t Access Your Smarthome from Public Wi-Fi

Just like you shouldn’t check your bank account from public Wi-Fi, avoid accessing your smarthome from public Wi-Fi. Even if you’re certain you are a legitimate Wi-Fi network, you’re potentially exposing the devices in your home to anyone listening in. It’s best not to do anything sensitive on public Wi-Fi networks. If you need remote access to your home, either use a device with LTE (like your phone) or consider setting up a personal Virtual Private Network (VPN) to connect safely.

[mai mult...]

How iOS 13’s “Silence Unknown Callers” Will Stop Phone Spam

The Silence Unknown Callers Toggle in Settings App

iOS 13 has a new feature that might just save you from all spam and robocalls. The new Silence Unknown Callers feature will mute all calls coming from a number that’s not in your contact list.

Stopping the Endless Stream of Spam Calls

Silence Unknown Callers is a simple toggle that will automatically block unknown numbers from calling you. Your contacts and people you’ve interacted with will still be able to call you, but you won’t be bothered by incoming calls from anyone else.

This feature is one of the biggest reasons we’re excited for iOS 13 when Apple releases it sometime in fall 2019.

How Silence Unknown Callers Works

The Silence Unknown Callers feature is quite a blunt instrument—it’s a simple toggle in Settings. Once enabled, any call you receive from an unknown number will be silenced. If Siri Intelligence finds the number in the Mail, Messages, or Contacts app, the call will come through.

You can think of it as iOS automatically hitting the Decline button for you. You’ll still get a Missed Call notification, and you’ll find the number in the Recents list in the Phone app.

If you have voicemail enabled, the call will automatically go to the voicemail. This is where the visual voicemail feature will come in handy (availability and charges depend on your carrier).

When you go to the “Voicemail” tab in the Phone app, you’ll be able to listen or read the transcript of the voicemail (as you can see in the screenshot below).

Reading a transcript of a spam voicemail

If the message is important, you can choose to call them back. If not, delete the voicemail, and if needed, block the number.

In our testing, we found that if you call the number back, any subsequent calls you get from the number won’t be silenced automatically.

How to Enable Silence Unknown Callers

This feature isn’t enabled by default. To enable it after upgrading to iOS 13, open the Settings app and go to the “Phone” section.

Scroll to the bottom of the page and tap on the toggle next to “Silence Unknown Callers” to enable the feature.

Turn on Silence Unknown Callers Feature in Settings

How to Ensure You Won’t Miss Important Calls

What Silence Known Callers feature lacks is nuance and control. If you want to be sure you’ll get incoming calls from someone, add the person’s phone number to your contacts. That’s all you can do to control it.

Unlike the Do Not Disturb feature, a call won’t come through after repeated attempts. With this feature enabled, your iPhone won’t ring even if someone calls you six times in a row.

If you’re concerned you might miss an important or emergency call coming from a payphone or a hospital, then you should not enable this feature.

However, you will still get voicemails from unknown callers. As long as you’re checking your voicemails, you won’t miss anything important.

How to Check Voicemail for Missed Calls

Some of those unknown calls may be important, and hopefully, those important callers will leave a voicemail for you. You can check voicemails from your missed calls from the Phone app.

If you have voicemail enabled, open the Phone app and go to the “Voicemail” tab. If you haven’t enabled it yet, you can do it from this screen.

Tap on the Voicemail tab in Phone app to view voicemails

You’ll see voicemails from callers at the top. Tap on a voicemail from the list or select the corresponding “i” button to expand the voicemail.

Tap on I button next to voicemail to see transcription

Tap on the “Play” button to listen to the message. If you have the Visual Voicemail feature enabled, you’ll see a snippet of the transcribed text below the number. Tap on the box to expand the text.

Tap on Play button to listen to a voicemail

Alternatives to Silence Unknown Callers

If silently blocking most phone numbers in the world sounds too aggressive to you, you have some alternatives that can silence spam calls.

While it’s not the exact same thing, you can set up the Do Not Disturb (DND) feature only to allow calls from Favorites. DND also has an option to allow repeated calls. This means that a second call from the same number within three minutes won’t be silenced.

You can also use a spam blocker app like Hiya to automatically block spam and robocalls, but it’s not a complete fix. The success rate of the app will depend on its database of spam callers, which is never fully complete. While it might not block all spam calls, it should get most of them.

[mai mult...]