Malware, viruses, hacks, and anything else that may compromise your identity online, computer, or digital device.
Security and Privacy
Mark wants to know if it's safe to use Kaspersky antivirus software. Leo says that Kaspersky is a great AVS utility, but it has fallen under a cloud of concern because the Russians may have used the software as a spying tool. The US Gov't has banned the use of it as a result. So it's probably best to err on the side of caution and avoid it.
If you need an AVS, Leo recommends using Windows Defender. It's free and comes with Windows 10.
The caller wants to know if backing up data to DropBox is secure? He's worried that backup companies have access to his sensitive data. Leo says he can encrypt the data, and he alone has the keys to that. So if he loses it, he's out of luck. DropBox will accept secure encrypted data. If he's looking for a cloud-based encryption backup option, SpiderOak is an option, though it's a bit clunky. VeraCrypt is another.
Neil bought a Helm email server on Leo's advice. He also bought a domain through Hover to use with it. This is a home email service, and the idea is that you put your email on a server that runs in your own house instead of trusting a service like Google to handle it. Neil is wondering how to back the device up. Leo says one of the things he gets for $99 per year is that Helm backs it up over the internet. What's cool is that the contents of the email on the local server is encrypted with a key that only Neil has access to. Helm even provides a secure USB key to decrypt the backups.
Brian travels a lot and would like to have a travel router to protect him from an open and unsecured internet. Leo says he uses one when he travels and it not only works as a firewall, but it also turns into a wireless hotspot for multiple devices. He uses one from TinyHardwareFirewall.com.
John is finding that when he goes to a website, he gets an additional window open with an advertisement. Leo says that's called a browser hijack and it's usually caused by an extension he doesn't recognize. John should look in his browser settings and extensions, and then see if there's anything in there he doesn't recognize. Chances are, there is.
Laverne made a secondary Yubico key on her network. She wants to know if her Galaxy Note 9 Android phone will unlock via NFC since it has a chip. But she gets an error message. Is it the key, or the phone? Leo suspects the phone isn't seeing the code as it needs to. She could try the YubiKey app that is available through the Google Play store.
Ron does some things online where his wife and he have separate passwords, and some where they share passwords. Is there a password manager for that? Leo says that it's called shared passwords and almost every password manager supports that. Basically, you send an invite and share it over as long as they are using the same password manager. LastPass has a Family Password manager. One Password is also a good one.
Sam is thinking of getting an Alexa or Google Assistant to control his door locks and is worried about security and privacy. Leo says that all assistants are roughly the same. They listen for a keyword. And there's no evidence that either Amazon or Google are spying on you. Schlage makes one that is dedicated and doesn't need the assistant, so it has a directly line which can be more secure. But any iOT device can get hacked. Bottom line is, that no door lock is perfect. It's a deterrent, a suggestion. But if the bad guy wants to get in, he can.
Jim got an email from Google that stated he had put in a request to terminate his account, which is something he never asked for. Leo suspects this is a phishing attempt. He should hover over the URL for the link they offer to contact them and see if it's legit. Chances are, it isn't.
Yesterday's story about Collection #1 - a package of hacked email passwords, is actually now reported to be a few years old, so the damage is not as great as previously believed. But Leo still says that it's a wise idea to go to HaveIBeenPwned.com/passwords and see if your account has been hacked. And then change your password. In fact, it may be a good idea to change it anyway, and turn on 2 factor authentication while you're at it.