Zoom 5 Moves Toward Security

Zoom has become quite popular, had some security issues early on, and now has addressed those in release #5. The following article has summarized the improvements.

Jim Hamm

Comment from John R Carter Sr:

It should be noted that Mac Users should NEVER accept an update for the Zoom client from ANY source other than zoom.us. A bug was found last April that allowed third party pranksters to take control of a Mac computer by installing a bogus Zoom app.

Zoom developers have made their service more secure. We review what’s changed.

Technologies can develop very rapidly, especially those in the spotlight. One such case is Zoom, whose developers have, as promised, given the app a data-protection makeover. As a result, version 5.0 has changed a lot from precoronavirus Zoom.

The change in security focus quickly bore fruit. Previously, large companies and institutions turned their noses up at Zoom, but it now has the seal of approval of New York’s attorney general and is back in NYC schools, and version 5 brings with it some useful features.

Conveniently located security settings

Starting with Zoom 5, all settings for managing conference participants appear in one place. Security does not supersede convenience.

Here you can restrict user rights, block access to meetings to keep out uninvited guests, add watermarks to screenshots and audio recordings in case someone decides to publish them, and so on. Click on the shield icon in the conference menu to open the security settings.

Anti-troll protection

A number of new settings stop invasions by anonymous trolls. First, passwords and the Waiting Room feature, which requires a host’s permission to join a conference, are now enabled by default. Second, you can now prevent participants from renaming themselves.

Owners of paid accounts can also require members to supply information about themselves: name, e-mail address, and the like. And with a business account, you can block unauthorized users or those with a certain type of e-mail address domain (for example, public instead of corporate) from connecting.

Data routing

Zoom’s approach to data routing has also changed. Now your video call will not be routed by mistake to a Chinese or other foreign server. If for some reason the conversation has to remain inside your home country, then you have nothing to worry about: Free conferences will stay in the domestic region, and paid subscribers, as of April 18, can choose which countries their information goes through.

In addition, all conference participants can now see which data center they are connected to by clicking the “i” icon within the upper left corner of the screen. So, if your data is routed somewhere else, you can find out about it and complain to the developer.

Screen sharing security

The old Zoom always showed previews of chat messages in notifications. That could lead to an awkward situation if, say, someone wrote you a personal message during screen sharing. Now, during free conferences the service does not display notifications at all and does not show chat when screen sharing, even if it is open.

Updated encryption

The developers have upgraded the encryption algorithm as well. First, Zoom now uses longer (and hence more reliable) encryption keys. Second, the integrity of transmitted data is now checked — a protection measure against intruders who might corrupt or alter an encrypted message without deciphering it.

If you like such esoteric details (and who doesn’t?), you’ll be interested to learn that Galois/Counter Mode now handles the integrity check. In addition to being more secure, GCM is considered less demanding on resources, so better encryption doesn’t mean sacrificing computer performance.

End-to-end encryption

Lastly, users will soon be able to communicate without anyone — outsiders or Zoom employees — being able to eavesdrop. The service plans to add end-to-end encryption of video calls, for which purpose it has even acquired Keybase, a company specializing in secure messengers and apps for data exchange.

At first, Zoom planned to provide maximum-level privacy to paid subscribers only. But the news that it was going to leave free users without end-to-end encryption provoked a lot of criticism: Zoom was accused of collaborating with intelligence agencies, or at least of leaving the door open for them.

Those accusations conveniently ignore an important point: Practically none of Zoom’s competitors provide e2e, either. End-to end encrypted video calls are available only in instant messengers with limited video call capability or in high-cost business tools that offer it only on request and clearly not free.

Developers have good reason not to love end-to-end video encryption, which is incompatible with many useful features including the ability to record conferences in the cloud, broadcast them on YouTube, or join meetings by phone — anything that requires management through a server. In terms of convenience, most users are better off without it.

That said, on June 17, Zoom announced that end-to-end encryption would be made available to all, including those who use the service free. It won’t happen overnight though, the company plans to start early beta testing in July.

No time to relax

All in all, Zoom 5 is far more secure than past iterations. Its developers have approached security in a very responsible manner, promptly fixing most of the issues that surfaced during the lockdown period.

However, that doesn’t mean that you can take your eye off the ball. Is your conference open or closed? Is recording allowed or not? The developers can’t answer these and some other questions for everyone. So you need to configure conference calls according to your own requirements. Thankfully, Zoom now has more settings to help you get it right.

Second, absolute security does not exist. For example, two vulnerabilities were discovered in the relatively recent Zoom 4.6.10. One of them allowed a malicious chat message to execute arbitrary code on the Zoom server. That bug was fixed before the release of version 5.

The second vulnerability was related to the integration of the chat feature with online GIF repository GIPHY. The bug allowed arbitrary files to be downloaded to conference participants’ computers instead of animated images. The developers temporarily disabled the vulnerable function, and they promise to return it as soon as the problem is fixed.

So far, no horrors have been found in Zoom 5, but that doesn’t mean there aren’t any. As long as the service remains in the spotlight, there will be no shortage of people trying to find its soft spots. Therefore, if you use Zoom, be sure to keep an eye out for updates and install them immediately.


Apple Shifting Away from Intel Chips on their Computers

“The Apple just announced the fact that they are shifting away from Intel chips for their computers and replacing them with their own ARM chips that are in all the iPhones, iPads and Watches. So, am I going out to buy the new computers based on the ARM chips? My past experience says no. Here is why:

I have bought a new Apple laptop computer every 2-3 years since 1992. One of them was based on a PowerPC G4 chip. I bought it just before the G5 chip was announced which had tremendous problems, and the reason why Apple went to Intel. So, I waited till the first Intel based laptop came out and bought it immediately! It had a LARGE number of problems which were not solved for over a year. It was another year beyond that before Apple successfully married all of its hardware and software. I was also a beta user of the “new MacOS ten” when it arrived in 2010. It was also a couple years before it was stable.

Given my experience with new architecture, I am not going to run out and buy the new ARM based computers. Not if my current one is running fine. If my current one needs to be replaced, I will still wait till all the reviews of the new ones are in, and the applications I need to run are stable on the new platforms. In my mind, given my experience with Apple, that means 1-2 years after release of the new computers.”

Frank Croft

Google Chrome Flaw Results in 32 Million Malware Downloads

An article in the New York Post draws attention to a Google Chrome security flaw that results in 32 million malware downloads. Read the article in the link below.

Frank Croft

https://nypost.com/2020/06/18/google-chrome-flaw-results-in-32-million-malware-downloads/

John Carter commented:

The issue is not with the browser as much as it is with the extensions from third party vendors. Now, it should be Google’s primary objective to vet all extensions that they put in their Google App Store. But how many of the faulty extensions came from other places? There’s really no detail about which extensions were involved and where they came from. For me, this is mostly fear-mongering.

Printing from an iPhone or iPad

FYI and possible interest, here is an article with tips on how to print from an iPhone, iPad, or even an 

Android device. At home, this hasn't been an issue for us, for if we need to print something, we just grab a laptop computer and use this to print over our wifi network to our old Brother printer.

But just to see if/how one of these methods might work for us, I plan to give one a try -- probably

starting with my iPad.

Jim Hamm

https://gizbuyerguide.com/6-ways-to-print-from-a-smartphone-or-tablet-complete-guide/

Google Just Gave Millions Of Users A Reason To Quit Chrome

If you use the Chrome Browser, here's an article from Forbes you may want to read:


https://www.forbes.com/sites/gordonkelly/2020/05/26/google-chrome-critical-security-vulnerability-warning-firefox-update-chrome-browser/

While I haven't read of any security issues using Chrome, if this is a concern to you, the author mentions a safer browser is Firefox. And while not mentioned, Safari is built on a different programming platform and would be safer also.

For years I've used the Chrome Browser, and like it, but recently I've also been using the Brave Browser, just to try it out. It's fine, and I'll continue to use both, and just remain aware of the issues with Chrome.

Jim Hamm

How to Keep your Mac Running Smoothly

Keeping your Mac running smoothly (by no means a complete treatise)

I know of nothing on a Mac that needs tweaking other than to empty the trash, delete duplicate files and photos, clean out the Downloads folder, and delete all old email messages - all of which you need to do on your own, and regularly.

If you want to have something to automatically clean up your computer, then either ONYX (free, requires some manual process) or CleanMyMac X (pay, one-click does it all) can do that much better than I can and in much less time. But not even these apps will clean out your Downloads folder, clean up your email, and find duplicate files and photos. For that, unfortunately you are on your own. There are apps for finding duplicate files and photos. But even those apps require a bit of manual tedium to finish what they find unless you don’t care what they think are duplicates and delete for you.

So, tips for cleaning out the Downloads folder:

  • Delete any file ending in .dmg, .pkg, .dll, .exe, or .msi (And why on earth did you download a .exe or .msi file? That’s for Windows only.)

  • If the file ends in .zip or .gz, then it is a compressed package possibly containing several files. It may contain photos, documents, or be an application in compressed format. Double-click on it to uncompress it. It will create a folder or file by the same name. Examine the contents of the folder. If you want to keep the contents, move the folder to another place on the computer. If you don’t need it, delete the folder. Delete the .zip or .gz file regardless.

  • If the file ends in .ttf, it is a font file. If you don’t know what to do with a font file, delete it.

  • Some files may have a number in parentheses before the last period in the filename - that means it is a duplicate. Delete it. It’s time to figure out why you are downloading the same file over and over.

  • For any file that is an image or a document, you need to decide if you want to keep it and move the file to an appropriate folder - like Pictures for images, Movies, for videos, and Documents for everything else.

  • Delete everything else that you haven’t moved to a better place for safe-keeping.

  • Use the spacebar to get an instant preview of a file. If you don’t know what it is for or you know you don’t need it, delete it.

Organizing your files, photos, and stuff:

  • How to organize pictures, videos, and documents only matters to type A personalities. With the search feature in Finder, it’s easy to find anything anywhere on your computer. And with the Group feature in Finder, it’s easy to sort items in a folder by any of several methods to make finding something easier.

  • However, it can make your computer seem to run faster if do organize things in folders and subfolders. Having everything in one folder does make a computer run slower than it should. And even having thousands of items in a single folder can slow things down. So, for the sake of keeping your computer running fast, organize everything by kind and purpose, delete stuff you don’t need anymore, and archive everything else on a separate drive that you need for legal and tax purposes.

For e-mail, that’s another story. I manage my e-mail on a daily basis so there’s no real work for me to clean up anything. But I am a pack rat, and I do keep hundreds of old messages efficiently organized in mailboxes where they are easy to forget about and also easy to find. And by saving messages in separate mailboxes, I keep the number of messages in my Inbox fairly small - just the stuff I need to pay attention to and deal with. I’ve sometimes have had to find a message from as far back as four years, and with the search function in Mail I don’t even have to remember which folder I put it in.

Oh, did I forget to mention that owning a computer is like owning a business?


John R Carter Sr

Message from a Reader

Our Webmaster received an email from someone who read the post on VPNs in our PMUG newsletter.  Below is his message:

I read your excellent post on VPNs here: pmug.us/blog/category/VPN and I saw that you recommended comparitech.com/vpn/
Before I purchased my VPN, I read a lot of different reviews, looking for something real and unbiased, and I realized that most websites are profiting from their reviews, and they base their reviews on which VPN will make them the most money.
I came to this site, https://www.thatoneprivacysite.net/, and I was thrilled to see that they were writing honest reviews and not profiting from which VPN their readers purchased (I didn't think this was even possible in 2020!).
I recommend that you share this page with your readers and give them the opportunity to receive a recommendation from a website that isn't relying on money from the products they are reviewing, but rather donations from its readers.

Adobe Flash

Shamelessly borrowed from the PC club newsletter, and worth sharing here:

If you're still using Adobe Flash for anything, just stop doing it right now! It's out of date and has been corrupted enough to be totally useless. Seriously, any Flash update you see offered these days will have enough malware in it to stop the Coronavirus dead in its tracks. Link

John R Carter Sr

Browser Trivia

Here's just a bit of browser trivia for your possible interest. Out of every 100 people using a browser, here's the estimated usage by type, as published by Computerworld. For some years Firefox has been declining, and possibly will continue to do so, and there's a good chance Chrome will pick up its share. Microsoft's Edge browser, is, for all intents and purposes, the same as Chrome. Microsoft knew when to jump aboard a winner.  And, as I recall, Safari's usage is very close to the percent of Macs in use as a percent of total computers in use.

When I'm on my Mac I think the Safari browser is fine, but rarely use it. Usually I use Chrome or, more recently, the new Brave browser. Its got some features I like.

Chrome........69

Edge..............8

Firefox............7

Int Explorer.....6

Safari..............4

Opera.............1

Other..............5

Jim Hamm

Thoughts on Backing up a MacBook Air

Recently I fired up my MacBook Air, and it faithfully reminded me that I've been derelict in my duties, and haven't backed up to Time Machine in 20 days. Can't have that, so I plugged in an external drive and cranked TM up. Two hours later it was done. Hmmm! Had that much changed in 20 days on my Mac, I wondered? Anyway, this reminded me of another backup duty. About two or three months ago I did a clone of the entire SSD on my Air to another external drive using the program Super Duper. Plugged in this external drive and did a 'smart backup' of the SSD using Super Duper. Twenty minutes later it was done. Hmmm! Smart Backup only captures items that have changed since I did the last backup. When it was done I had, again, a bootable, 100% clone of everything on the SSD -- just in case the drive should ever fail.

I wondered why Apple's engineers hadn't designed Time Machine to use the same approach. Would be a lot quicker doing a backup. Then, I thought, perhaps they were thinking of a desktop Mac (which was the original design concept), where one can leave an external drive plugged in all the time, and Time Machine turned on all the time. But this concept doesn't work so well with a laptop. It's a bit of a hassle to grab an external drive, plug it in to my laptop, and do a backup. I've been using a Mac for slightly over 20 years and have never used Time Machine once to retrieve a lost document or photo or whatever. Not once. Also, in the same time frame, I've never used Super Duper to recover a dead optical drive or SSD. And for this, I'm happy. Buying the program Super Duper is kinda like buying a life insurance policy. You may be glad you did, but you're in no hurry to use it.

Jim Hamm

The Eclectic Light Company

For your possible perusal, here is an unusual and enjoyable website, that I don't know quite what to make of it.

It encompasses discussing Mac problem solving to Macs to Art and Painting and more. Quite eclectic, one might say. You can scroll through the various headings, click them, and see what is offered. The following link, for example, lists a variety of old paintings, which I enjoyed looking at. https://eclecticlight.co/2019/12/30/the-best-of-2019s-paintings-and-articles-1/

Go ahead and browse for awhile, click on the different headings, and see what you think.

Jim Hamm