Starting March 1, 2018, programs that attempt to coerce users into paying for dubious protection or PC performance “optimization” will be removed automatically by Microsoft Windows Defender Antivirus and other Microsoft security products. I can think of several rogues that will be hopefully out of business soon. Here’s what you need to know…
Bringing Down the Hammer on Scammers
Microsoft has announced they are taking aim against programs like TotalAV, ScanGuard, PC Protect, and other “free security/performance checkup” scams.. Hallelujah! These programs are legion on the Internet, and like the three named above, many are often owned by the same devious company.
They dominate the top spots in search results by paying the most to place their ads there. (I wish Google would do more to police this.) Every day, thousands of people who are trying to find free help for real PC problems instead get sucked into vortexes of FUD – “Fear, Uncertainty, and Doubt” – and jerked around in expensive circles by con artists who follow a time-tested formula:
Offer a free “checkup” of a PC to find malware or causes of sluggish PC performance.
Display a spinning circle or “Please wait, finding problems that could cause disaster” messages
Show the victim screen after screen of alarming “warnings” about “infections” and “vulnerabilities” that actually don’t exist; the step above is just drama.
Pressure the victim to pay for the “premium” version of the useless software, which does not exist.
If the victim buys, tell him the problem that doesn’t exist is “fixed” but more problems remain.
Pressure the victim again for even more money for a bogus “fix” to problems that don’t exist.
Repeat steps 5 & 6 as long as they work.
Optimizing The Anti-Optimizer Strategy
Microsoft first set some mild standards for “cleaner and optimizer” programs in February, 2016. All such programs had to do was tell a user specifically what problems it proposed to fix, and the program got a pass from Microsoft security products. Look how well that “honor system” approach worked for everyone! But now, Microsoft is getting serious, and dropping the hammer on these scam programs.
Microsoft’s evaluation criteria is a document specifying unacceptable characteristics of programs scanned by Windows Defender and other Microsoft security programs. A new section spells out “Unwanted behaviors: coercive messaging” that will cause a program that exhibits it to be removed automatically from the user’s machine.
Even when victims say, “No, I won’t pay,” a fake cleaner/optimizer can still try to wring some money out of them by persuading or scaring them into answering a “short survey.” Ostensibly, the victim’s answers will only be used to help improve the “free” program.
But the deeper a victim goes into such surveys, the more personal and sensitive the questions become. You can easily be suckered into giving up bits of personal data that enable identity thieves to figure out the answers to your “secret” password recovery questions, or the actual passwords that you use, or the name of your bank, and other tools of ID theft.
Microsoft’s new “unwanted behaviors” include this sort of con, too. Programs that use such slimy tricks will be removed from PCs defended by Windows Defender beginning March 1.
Also on the “unwanted behaviors” list are programs that suggest they are the only way to fix a problem; programs that set a deadline for the user to take action; programs that require the victim to download a file (which is probably a Trojan or virus); or sign up for a newsletter (so your email address can be sold to spammers). Such programs will be deleted automatically starting March 1.
Have You Encountered Rogue Software?
You can help in this fight against the scammers. If you encounter what you think may be rogue software, report the problem to Microsoft. You can anonymously submit a program to Microsoft for analysis, and security researchers will analyze the file(s) to determine if they should be classified as malware. (Hmmm, this alone might be a good reason to download TotalAV.)
If you are running Windows 10, Windows Defender is included and enabled, unless you’ve installed a third-party security tool. I’ve been critical of Defender in the past, but it seems to have improved greatly, and has some compelling new features. (See UPDATE: Is Windows Defender Enough Security?)
Microsoft’s announcement says that the “rogue removal” feature will be included in “Windows Defender and other Microsoft security products,” but they didn’t go into any detail about what those other products are, or if this protection will be extended beyond Windows 10. As more information becomes available, I’ll update you.
I applaud Microsoft for taking direct action to protect Windows users from one of the most widespread threats online. I just wish they’d done it back in February, 2016, instead of setting easily circumvented, toothless rules.
So a common complaint we receive is definitely lag. This complaints kind of comes with the Second Life territory unfortunately, but there are some things that people can do to help reduce this.
Common Things:
Removing unnecessary scripts from items such as trees and landscaping – anything that is texture change via a menu – also has a DELETE option – which should be utilized once the objects are placed and as you build. Rez scripts should be removed after rezzing large scale items from rez boxes. Some common rez script names are as follows: Huge item, positioner, rez faux, ZeroRez, SD_LinkedPrimController, building all, buildingAligner Reciever, component – part, rez-free, component_MLS and link component. All of these are unnecessary once the build is placed into its final position. When and if we are called to the sim for lag issues and find these scripts running you will be contacted by our support staff. These actions are to keep our sims running to the best of their ability and ensure the quality of your living experience with us remains nothing but the best.
In crusing through my daily news feeds and follows I came across an article by Penny Patton that helps to describe modding your structures and objects to reduce lag, prims and make your sim run so much smoother! I also do alot of exactly what she does here when building my own land up. It helps so much with sim stress! Check the links below for the step by step guide & Make sure you hit follow on her blog!
“I realized that by setting the entire building to “no physics” and replacing the physics with an invisible shell of box prims set to “convex hull” I was able to save yet more land impact. This doesn’t always work, but it works often enough to give it a try and here it ended up saving me a tonne of Land Impact points…. This scrap house is covered in various unique corrugated metal panels. They’re not identical. Out of the box there’s like 6-12 different panels each with it’s own texture, spec map and normal map. All of which are 1024×1024. Each texture uses 4MB of memory on its own and it’s simple arithmetic to see how that adds up. What I did was remove every type of panel except 2. Then I copied the remaining 2 panels to replace each of the panels I removed. Not difficult, but a little tedious and time consuming. But worth it!
Reducing VRAM/Texture Use
VRAM/Texture Memory is less common knowledge in SL but I’ll try and summarize. Your graphics card has a set amount of memory to use rendering what you see in SL. All the textures you see have to be in that memory to be displayed, but so much more relies on that memory so you cannot max your card’s memory out on textures alone or you see massive framerate losses and “texture thrashing”. Texture thrashing is when you see textures going blurry and re-rezzing. You also have to download all these textures, which contributes to lag and slow rez times.
360MB might not sound like a lot of memory, but it’s only one building in an entire sim and then you throw avatars and their memory use into the mix. My videocard only has 2GB of VRAM. It’s a midrange card, a few years old. Newer, more expensive cards have up to around 8GB. Onboard graphics have very little, if any, dedicated memory.
Following so far? Ok, good! This scrap house is covered in various unique corrugated metal panels. They’re not identical. Out of the box there’s like 6-12 different panels each with it’s own texture, spec map and normal map. All of which are 1024×1024. Each texture uses 4MB of memory on its own and it’s simple arithmetic to see how that adds up.”
Windows Defender Security Center (“Defender” for short) is the latest name for the built-in suite of anti-malware and security features in Windows 10. Historically, Defender and its antecedents have been mediocre offerings. So mediocre, in fact, that multiple test labs rated it dead last in effectiveness. But recently, Microsoft has focused on making Defender a comprehensive, safe, and free choice for all your security needs. Let’s see how close it has come…
Will Windows Defender Defend You?
Windows Defender started life as an anti-spyware tool for Windows XP, Vista and Windows 7. It then morphed into Microsoft Security Essentials, which was billed as a full-blown antivirus program. It morphed again with the arrival of Windows 8 and 10, and was once again called Windows Defender. There are many alternatives I have written about in the past but lets take a closer look at the “New Defender”.
So why the change from Microsoft Security Essentials To Windows Defender Security Center? Microsoft’s answer for this failure or blessing was that MSE was a “baseline” upon which third-party developers were expected to improve. So two years later, Still NO Improvements to speak of..
But with Defender’s latest incarnation (part of the Windows 10 Fall Creators Update released in October 2017) things may have finally changed for the better. We do not have performance tests from independent labs like AV-TEST or AV-Comparatives yet. Those labs may be working on their next round of reports right now. But AV-Comparatives published a note on the Fall Creators Update version of Defender, noting some encouraging advances.
Exploit Guard, an extra layer of protection against exploitation of vulnerabilities, used to be available only in Enterprise editions of Win 10. Now it’s in the consumer versions, too, and it is enabled by default.
Exploit Guard includes four kinds of protection. Exploit protection is applied to operating system processes and to third-party apps. Attack Surface Reduction techniques minimize hacks via malware that exploits vulnerabilities in MS Office, JavaScript and other scripting languages, and email-based malware. Network protection extends the Smart Screen real-time online protection in the MS Edge browser to your Win 10 network, even if you are not running Edge. Controlled Folder Access helps protect key system and data files from being altered by malware or encrypted by ransomware. To see the nitty-gritty of Exploit Guard, type “Windows Defender” in the search box and open Windows Defender Security Center from the results. Then click on “app and browser control.” Scroll down to the “Exploit protection settings” link and click it. Do not turn off any of the features shown unless you understand what they are and have a good reason to disable them.
Oddly, one interesting new feature of Exploit Guard is turned off by default. “Controlled folder access” protects your files and folders against unauthorized alterations, such as the addition of malicious scripts to documents, or encryption by ransomware. I recommend enabling it; here’s how:
Open Defender, click on the icon labeled “Virus and threat protection,” then click on the link labeled “Virus and threat protection settings.” Scroll down to “Controlled folder access” and move the slider control to the “on” position. While you’re there, you can click the link labeled “Protected folders” to see exactly that. You can add a folder to be protected, too. Back up one page, return to “Controlled folder access,” and you will find another link to “Allow an app through Controlled folder access,” in case you ever need to give a new app permission to access files in a controlled folder.
Similar security features are part of the paid versions of several third-party security suites. Windows 10 now throws them in free of charge. The jury is still out on exactly how well they work, but Defender (at least in Windows 10) has definitely moved a long way in the right direction. But until we can get a sense of real security with Defender, I recommend Malewarebytes and a GOOD Anti-Virus such as Panda or a free version of Avast.
Coming Soon To Firestorm: Customized, Kickass Skies For Your Second Life
If you use Firestorm, the popular 3rd party viewer for Second Life, and enjoy shooting outdoor photos and machinima, you should connect with Stevie Davros. He’s creating what you’re looking at above: an alternative cloud system for use in Firestorm, which he plans to put on the Marketplace in March. The words “alternative cloud” don’t quite convey how vivid, jaw-dropping, and insanely cool these customized skies are, so you should watch that video and the one below: they totally transform the low-res, default skies of Second Life into something pretty profound.
“I have been a RL travel and landscape photog rather for decades,” Davros explains, “and skies are a fundamental part of what I photograph. In SL I was delighted with all the imagination and care taken in sim design and also the creativity on show, but was disappointed in how bland the skies looked compared to real life.” Firestorm developer Cinder Roxley added a feature that made it possible to swap the system skies with custom ones — and Davros’ photos and others made his system possible: “The TGA graphics files I have used are all extensively modified from numerous cloud photographs, some from my collection, some sourced from public internet weather images.”
His skies are not just taken from reality, however:
“[I’m also working on] fantasy clouds, hand painted clouds (including one sampled from Vincent van Gough’s brushstrokes), and some novelty and prop clouds.” (He created these cartoon clouds I blogged about recently.)
“The standard SL sky uses a TGA graphics file which is 512x512pixels and 263kb in size. Pretty low res, but it works. The largest I have created is 4096×4096 pixels and 67Mb in size, most however are 4096×4096 and 16.7Mb in size. The big files seem to have no performance impact, so I am unsure why a better default sky has not been introduced by the developers?” That’s a good question, because who cares how large the sky files are, if you download them beforehand, and they make your virtual world that much more awesome?
Emphasis on “your”, because, of course, only the user with Davros’ Firestorm feature can see these skies — which is just fine for photographic and machinima purposes.
“If you are just sitting indoors doing glam pics, like a lot of people enjoy doing, it will be of little interest,” as Davros puts it. “But for those who like to get out and about and explore SL beauty, it is for them. And yes, will make kickass machinima and photo blog imagery as this [above] shows.”
Second Life is a virtual world stereotypically thought to be steeped in cyber sex, but beyond that thin layer of prurience is a thriving community of artists creating everything from lavish Beverly Hills-style mansions to the eyeliner your avatar wears. Its economy is a staggering $500 million USD machine of virtual ecommerce, with many players making a real-world living by creating, marketing, and selling digital products. But those same creators are locked in a long battle against groups of cheaters who, using a series of exploits, are stealing their products and selling them for profit on Second Life’s official Marketplace. It’s potentially costing Second Life’s virtual artists tens of thousands of real dollars and highlights the nightmare of defending your intellectual property on the internet.
Second Life is unique in the MMO genre for many reasons. It’s not so much a game as it is a social space that players can customize however they like. Called ‘sims,’ these sandboxes are spaces that players fill with all manner of player-designed objects. Unlike other MMOs, however, these objects aren’t created using some in-game crafting system, but built with software like 3D Studio Max, Photoshop, and a lot more. Some players build mansions and throw elegant parties while others own retail stores that sell their hand-crafted apparel. And, yes, some just want to have cybersex.
Second Life’s creators were on track to take home $60 million USD collectively in 2017.
But it’s also unique in that, unlike most MMOs, players can exchange Second Life’s ingame currency (called Lindens) for US dollars. Peter Gray, who was Linden Lab’s senior director of global communication before leaving early this year, told me via email that Second Life’s creators were on track to take home $60 million USD collectively in 2017. It’s what’s led many players to turn Second Life into a full-time job. But for two years now, those same creators have also had to deal with the frustrating rise of ‘dupers’ or ‘copybotters’—players who illegally duplicate their items for profit using exploits.
Theft of a salesman
“It’s very much a big deal,” Oobleck Allagash tells me. He’s the owner of PocketGacha, an innovative HUD-based storefront that works with several designer brands in Second Life to sell their products. Since launching in August, PocketGacha has made “more than tens of millions of Linden” in sales from “tens of thousands” of customers. While many creators in Second Life were vaguely aware that duping was an issue, Allagash became a unifying voice in the community because PocketGacha’s backend system allowed him to track sold inventory across multiple brands and see how widespread the issue was becoming. It’s how he became aware that the Marketplace was frequently featuring items for sale at seemingly infinite quantities and exorbitantly low prices—both telltale signs that they had been duplicated.
A lot of artistry goes into Second Life’s virtual products.
Allagash tells me that, in Second Life, one of the most popular ways to shop is through games of ‘gacha’ or, as its traditionally known in Japan, ‘gashapon.‘ “It’s a game where you have a machine that you play, paying typically about 50 Linden [$0.25 USD] for each go, and you are given either a common item or, if you’re lucky, you’ll eventually get a rare item which is typically more robust in its design,” Allagash explains. “It can be a vehicle or a house, for example.” Some gachas might award makeup or articles of clothing in a complete outfit, while others, like the popular Kunst brand, offer meticulously crafted themed decor.
On the surface there’s little difference between gachas and the controversial loot boxes that are appearing in many games like Star Wars Battlefront 2, but there’s several key distinctions. For one, these items have tangible value. Each play is always rewarded with an item, and any you win can be resold on Second Life’s Marketplace for Lindens and then converted into US dollars. Secondly, the proceeds of these items goes to their respective creators, not Linden Lab (though it does collect a small transaction fee for items sold on the Marketplace). And for those who hate the gambling aspect of gacha games and loot boxes, many creators also offer a buyout price to purchase the set in full.
“It develops sort of a trading atmosphere where people will trade for commons and rares,” Allagash explains. “There’s a whole cottage industry that has developed in Second Life of people reselling a lot of these items that they get.”
In Second Life, some items are ‘copy’ items, which can be copied and pasted multiple times inside of a sim. Most gacha items are different. Called ‘transfers,’ they can only be placed in a simulation once, and if you sell it, it’s gone from you inventory. Like Magic: The Gathering, it’s a market valued by the scarcity of sought-after rare products, and Second Life’s dupers are undermining the whole thing.
“Some bad guys have figured out how to duplicate as many of these transfer items as they want,” Allagash says. “You can duplicate thousands of them, and they have real value on the reseller market.” While the exact exploit is a closely guarded secret, the general idea is that these dupers strategically “crash” a sim, which somehow allows them to create infinite duplicates of an item. Dupers can even duplicate in-game gift cards for various player-owned stores, letting them buy anything for free.
Buyer beware
According to several players I spoke with, it’s been a problem for years that Linden Lab only acknowledged in November after mounting pressure from the creator community. “Recently, we closed an exploit that fraudulent gacha re-sellers had used,” the company said in an update posted on November 2. “Our governance team can now catch them when they attempt the cheating method that we have already fixed.”
Second Life’s creators hoped it would be an end to duping. Inevitably, it wasn’t. I spoke with one creator who requested to remain anonymous. Their brand is one of the more popular in Second Life and it’s become a full-time job that earns them a healthy income. Days after launching a new product line after Linden Lab allegedly shut the exploit down, they found a suspicious listing on the Marketplace offering the entire product line in one bulk package for almost 1300 Lindens less than the competition.
I don’t even like to imagine [the damage to my business] most of the time.
Anonymous
Second Life’s Marketplace doesn’t let customers see metrics like units sold, so this creator and Allagash had to get creative. The maximum amount of quantity that can be purchased at one time is ten, so they began buying up stock to see how much this alleged duper had. It was an impossible amount. During my interview with Allagash, he demonstrated this by sharing his screen with me via Skype. I watched as he purchased almost 40 full sets of this creator’s product line from the alleged duper. He then showed me PocketGacha’s backend tracking system, which operates similarly to any retail store, to show how unlikely it was that one person could have potentially over a hundred copies of this particular item when only several hundred had been given away through the gacha game.
Making matters worse, this alleged duper was the most popular listing for these particular items on the Marketplace, effectively tanking their value. “The damage is huge,” the anonymous creator tells me. “I’m the one paying for the subscriptions for the programs to create my products, I’m paying for marketing, I’m paying for the cost of running the sims—everything to keep my business going. Then there’s the emotional and time investment into the work. The amount of time it takes to make a gacha release, for example, can lead to 16-hour days. I don’t even like to imagine [the damage to my business] most of the time. Over a day or two it might just be a hundred dollars maybe, but over years…”
A screen capture of one alleged duper selling items for well below their going rate.
One thing that isn’t clear is what these dupers hope to gain, but Allagash and the creator I spoke to both insist it has to be real-world money. “They’re clearly not just doing this to be able to have fun in Second Life. They’re making significant money,” Allagash tells me. Because Second Life’s virtual economy is susceptible to money laundering, Linden Lab has a strict process for withdrawing US dollars. Allagash says that if it’s possible these dupers have found ways to undermine the game, it’s plausible they might have found loopholes in withdrawing their money too.
Creators aren’t the only ones finding it hard to compete with dupers, either. As Allagash tells me, Second Life has a massive economy of professional resellers. These players gamble on gachas and then sell the items they receive to ultimately turn a profit themselves. It can be a very lucrative business, according to one reseller—until dupers get involved, that is. “When [dupers] steal designs to sell I no longer invest in a set, depriving the creator of money,” Sushnik Samas, a reseller, tells me. “The expected return on a copied set plummets. Others may not be quite as scientific as I am, but surely realize they are bleeding money and also stop playing a set giving the thief free reign on the copied virtual goods.”
A history of being duped
Wanting the perspective of someone whose livelihood wasn’t impacted by this, I reached out to Wagner James Au, a tech consultant and owner of the prominent Second Life and virtual reality blog, New World Notes. He tells me that, despite the outrage, the problem of duping is largely contained within the niche of gacha sellers. “For one thing, only a fraction of the total [Second Life] economy is based around the web-based Marketplace—most active SLers prefer to conduct many or most transactions in-world, since it’s a more seamless, immersive experience.”
This is just one more chapter in Second Life’s long history of intellectual copyright theft.
Au goes on to explain that this is just one more chapter in Second Life’s long history of intellectual copyright theft. Since 2006, players have frequently found their virtual products stolen and duplicated in a number of ways, which “inevitably (and usually belatedly), Linden Lab tamps down with some increased whack-a-mole against infringers, and the outrage is shunted elsewhere.”
But even Au agrees that while duping might not be killing Second Life, it’s still an issue. “Linden Lab has not been transparent or sufficiently responsive to duping issues like this, especially when many people’s literal livelihood depends on their responsiveness. The fact that the [Second Life] virtual economy as a whole is more or less doing well doesn’t change that.”
Speaking with Allagash and the others affected by this, Au’s statement echoes their frustrations: Dupers are to be expected, but Linden Lab needs to improve. The company employs measures to protect its creators’ rights chiefly through a DMCA filing process and an internal abuse reporting system. The problem, as Allagash tells me, is that neither of these systems is very efficient.
“The DMCA report is managed by an outside company will take this particular thing down faster than an abuse report,” Allagash tells me. “So what happens in this sort of spider web is that the DMCA report will take [the Marketplace listing] first, which is immediately helpful for that creator. But after the DMCA report takes it down, there’s no [evidence for the abuse report] and so Linden Labs does nothing. The person isn’t banned, there’s no punishment. They come right back and do it again.”
For the creators who are, in many ways, the lifeblood of Second Life, it’s immensely frustrating since both systems can take days or weeks to produce results. “I feel like they see the DMCA as the end-all to the problem,” the anonymous creator told me. “And in some sense, it is—the item is removed from sale. But the problem is that someone can just make a new account and upload the item again. It’s [Linden Lab’s] follow through with repeat offenders that is lacking, and it’s their unwillingness to comment or work with us on it that makes me feel not valued as a creator.”
Linden Lab, however, feels differently. “We take the protection of SL content creators and our community very seriously,” Peter Gray, who was Linden Lab’s senior director of global communications until departing the company during the writing of this story, told me via email. “We do not share metrics on account bans, but can confirm that we have permanently closed a number of accounts for this activity and are committed to vigorously pursuing any violation of our Terms of Service and Community Standards.”
“Unfortunately, it’s not uncommon for bad actors to move onto new methods. We are engaged in an ongoing pursuit of cheaters and continuously closing loopholes and working to protect our creator community,” Gray added.
When asked about the specific actions creators could take to protect their intellectual copyright, Gray said, “We follow the DMCA take down process as prescribed by the law. Abuse reports submitted by users are normally reviewed within 72 hours, although the process may take longer in some cases, depending on the type of report and information provided. We cannot comment on specific accounts, and therefore users who submit abuse reports are not notified about actions taken as a result of their reports. Unfortunately, that may lead some users to feel as if their reports may be ineffective, even when they actually result in account bans and other enforcement actions.”
But that’s not good enough for many of Second Life’s creators. While the MMO is often passed off as an aging game with a limited playerbase, CEO Ebbe Altberg told Motherboard in an interview in 2016 that 900,000 players still log in monthly. And for those who have turned their passion for it into a full-time job as a virtual designer, it’s easy to see how the continuing theft of their hard work is so damaging. “We just want our work to be protected,” the creator tells me. “In the age that we live in, it’s a basic right on the internet—I would hope.”
What will be the biggest security threats of 2018? Would it surprise you to learn that YOU might be on the list? Read on to learn about the threats to your privacy and security that are most likely to impact you in the coming year…
Are You Part of the Problem or the Solution?
Ransomware and “people” topped a survey of security pros’ predictions of the biggest cyber-security threats the world will face in 2018. But among the 72 respondents to research firm IDG’s question, there are more specific responses and a few threats that are less than obvious. The latter, I think, may be the more dangerous threats. Read on to learn more.
Ransomware is a proven money-maker for scammers. By encrypting the precious data of a corporation, organization or end user, ransomware inflicts immediate and severe pain. The promise of getting data back quickly by paying a ransom is keenly compelling. Additionally, ransomware and its attendant “victim relationship management” apps are now bundled into easy-to-use “Software-as-a-Service” sites that any aspiring blackmailer with a couple of hundred dollars can rent. So there will be exponentially more ransomware attacks launched in 2018.
The targets of ransomware are predicted to shift from low-value individuals and small businesses to major corporate and government systems. A crook can charge much more for the encryption key to bigger and more critical systems. Targeting key executives within a large organization with carefully crafted phishing emails is becoming a fine art among criminals.
That leads us into the “people” security risk, which IDG’s respondents cited 12 times to ransomware 11. There are many ways that human error can allow bad actors into a system whose hardware and software are well protected. You, faithful reader, may already know all about them. But the growing threat to you and your precious data is the staff of the online entities with which you do business.
Front-line employees are under ever-increasing pressure to produce more, leaving them virtually no time to think about whether they should click on the attachment to an angry “customer” complaint, or the link to a web page purportedly showing the cause for the complaint. Many of these staffers are unhappy, underpaid, and ripe to either cause their employers trouble or be recruited by bad actors in exchange for money.
Management, up to the C-level, doesn’t do enough to train staff in best security practices, enforce them, and demand that software systems prevent staffers from doing things that can let crooks in the door. Even IT staffers, who know better, fail to apply patches to software promptly.
An Ounce of Prevention…
In the recent Equifax data breach scandal, it was discovered that a directive to apply a simple patch that would have protected the credit histories of over 140 million Americans went ignored for at least two months. I surmise that the derelict IT employee was not irresponsibly negligent, but simply could not find time to apply the patch without “disrupting” normal business operations, which would have gotten him in trouble.
The insensitivity to security extends across supply chains. As firms become more closely integrated with their partners, a security vulnerability in one member of the group becomes a hazard to all members. Yet very little is being done by any given firm to vet the cyber-security of suppliers and large customers.
The oldest networked information systems, including critical utilities, financial services, and health care providers, are generally the most vulnerable to modern hacking threats. The industrial controls that govern the flows of water, electricity, and even street traffic were designed with only the crudest password protection, if any.
The Internet of Things is the fastest-growing “attack surface” for hackers on Earth. The makers of light bulbs, refrigerators, and coffee pots know nothing about cyber-security and don’t want to pay for pros who do. Even Amazon Key, the company’s latest “smart” innovation, allows delivery people to open the door to your home. But it launched with an easily-exploited flaw that would let a nefarious delivery driver walk off with the entire contents of a customer’s house.
“The Internet of things-connected world that surrounds each and every one of us is getting more complex, sharing more of our data in evermore opaque ways and getting less easy for the average user to understand, let alone to have any hope of controlling a perfect security storm,” wrote Nigel Harrison, CEO at Cyber Security Challenge UK, in his response to IDG’s survey.
Simply banning “smart” gadgets from your home is not a perfect defense, although it will reduce the attack surface your home network presents to bad actors. You have no choice about the software that the electric company uses in its smart meters, or the security practices of the public works department that controls water delivery and traffic signals, or the practices of 911 system administrators. You don’t even know what your car’s computer is doing under the hood, or how it can be hacked to kill you.
What you can do, and I urge you to do, is apply unrelenting pressure upon your government representatives and business partners – banks, Amazon, et. al. – to publicly demonstrate how they are acting to protect their systems upon which your livelihood and life increasingly depend.
Back to the YOU Part of the Security Picture
It never hurts to repeat a few personal security mantras. Below are some tips to other that will help you tighten up your own defenses, and ensure that “YOU” are not on the list of the most dangerous security problems in 2018.
You can help in this fight against the scammers. If you encounter what you think may be rogue software, report the problem to Microsoft. You can anonymously submit a program to Microsoft for analysis, and security researchers will analyze the file(s) to determine if they should be classified as malware. (Hmmm, this alone might be a good reason to download TotalAV.)
w throws them in free of charge. The jury is still out on exactly how well they work, but Defender (at least in Windows 10) has definitely moved a long way in the right direction. But until we can get a sense of real security with Defender, I recommend 
