STEVE CASSIDY
Steve reveals one big takeaway from a global security briefing, explains why you need to be wary of Discord and solves two VM problems
Steve reveals one big takeaway from a global security briefing, explains why you need to be wary of Discord and solves two VM problems.
Idon’t think I’m cut out for the cybersecurity industry. If you put me in a security presentation, I’ll be squirming in my seat, biting my lip, desperate to ask some questions and jump the rail tracks of death by PowerPoint. The security business loves to list things: this turns what could be punchy, short, relevant bursts of information into agonisingly detailed lists of malware names and the “krew” behind each one.
Is it of practical interest to know all those names when they’re all made up in the ephemeral world of online chatrooms and forums? Not when the headline that drew me to this particular talk was “nation-state cyberattacks”. FireEye makes security hardware and software, so of course it wants you to feel under threat – but it’s of no use to the small business operator to know the names of several hundred bits of malware.
What we really need to know is: which risks should we pay attention to first?
Based on the FireEye presentations, I don’t think Mr Putin is after our VAT returns. This part of the speechifying was useful to me from my intolerant perspective because I instinctively trust those who tell me not to worry about a threat that’s grabbing headlines over those who tell me the sky is falling and action is required. Ransomware news is especially hard to turn to practical use, because the main defence is human, not technical
It was interesting to see the “market” of malware loosely divided by national stereotypes – it seems the Iranians, for example, want to deface websites, whereas the Chinese like trade and industrial secrets. Once again, however, I found myself wondering just what was useful to me or you in this kind of observation, when the very first slide on the matter of nation-state intrusion says that human-factor penetrations are the main method of entry. Translated from security speak: someone in the company (or government department) lets the bad guys in. No need to try and make head or tail of each security product’s endless feature-comparison tables: it turns out that having a good cathartic rant at the sales pool is probably more effective.
“What we really need to know is: which risks should we pay attention to first?”
Discord and online chat
It’s no good just grumping away about the online communications
revolution the pandemic has brought upon us. Like most people, I was doing fine with a spread of Skype, Lifesize, WhatsApp, SMS messaging and even email. However, the social mood was very much against older products as the lockdown wore on and it’s bad form not to have a solid product to recommend when people ask. And that’s tricky if you’re like me and inclined to find fault all around.
I was quite interested by Discord ( discord.com), ), mostly due to earlier exposure to Slack a at
PC Pro HQ. Discord looked to me to have a lot of the look and feel of Slack, with added audio and video and a handy way to either use public servers or set up your own Discord host. The interface is for gamers, which has its pros and cons, but the way that new users would grab the app and run with it was all the recommendation I needed. When people asked me for my solution to the flakiness of Zoom or the strange bait-and-switch duo of Skype versus Teams, I’d propose Discord.
That came to an abrupt halt in midJuly, when I had the creepy feeling that our household’s stream of adverts on social media was starting to follow topics that we had only discussed verbally, not by typing. That’s an eclectic selection this year: my partner has been down at Churchill’s statue, which has provided her with many urban legends, new campaigns and even musical genres (from Somalia, in that case).
I know what you’re thinking.
There are probably more conspiracy theories about audio snooping in the home than there are about the Moon landing, and most rigorous tests of the common home speakers show that there’s no correlation between advert output and conversation input. That doesn’t cut much ice with a partner fresh back from defending a statue, so rather than have another lockdown disagreement, I went round the machines trying to figure out who or what might have been listening. And found that when you install Discord, it turns everything on. Absolutely everything. Put your headset down by the laptop and the microphone stays open.
This is, at the very least, bad form. Having developers assume that everything ought to be open is an altogether new cause for distrust.
And, if you assume that the normal audio-process architecture involves throwing hrowing the raw waveforms aveforms up to a cloud-based ud-based (and potentially very large) speech-recognition system, it’s hardly surprising that turning all the voice stages off makes your home PC run better.
Are they really listening, though? Is it even possible that there are subjects with words so rarely spoken, and so incredibly dangerous, revealing or subversive, that a mass upload system like this might actually give the world’s spies something of value? I strongly doubt it. If anyone really wants to listen, it’s more likely to be a supermarket chain trying to sell washing-up liquid than some vast intelligence network.
Second-generation virtualisations
If there’s one job well suited to lockdown, it’s figuring out what to do with all your VMs. I don’t mean those run in fleets of millions in cyberspace by corporations and hackers alike: I mean that mess of experimental XP images cluttering up your USB drives, or all the different Linux distros you once managed to pack into a RAID array in an oversized workstation.
The orphans, in other words.
It’s not my job to stoke up platform wars arguments, but I have to be brutally honest here: Windows really does do the best job of maintaining your overall portfolio of VMs. You don’t need to be using Hyper-V for the Desktop, either. Both VMware Workstation and VirtualBox have a better relationship with your VMs under Windows.
Two lockdown frustrations backed up my findings. One was a tad childish: I wanted to bump my Linux laptop fleet up to Ubuntu 20.04, which was released in the quietest period of the pandemic. I had paid a lot of attention to building my machines, and had taken the various advices on tweaking and tuning as found on the well laid-out web help resources such as Ask Ubuntu. In particular, the advice to set the temp folder to prevent the running of any executables deposited there by fair means, or foul, seemed wise to me, so I gingerly extended my command-line interface skills by setting that attribute. Which, it turns out, stops the Ubuntu 20.04 live updater from operating at all.
That’s wholly understandable, because the only way to have a clickable downloadable updater is to let it loose on an area of disk that has open file create and run rights. The problem for Linux here is that
is a whole separate partition. In Windows, there are a few places where full access rights are given to downloaded resources; places such as Internet Explorer’s
“Windows really does do the best job of maintaining your portfolio of VMs”