![NewsLinks - Powered by NZCity](/news/nimages/tit-newslinks.gif)
Internet Newslinks - Page: 13
| PC World - 18 Jun (PC World)VPNs, when managed properly, are a great way to protect your privacy and keep your online activities hidden from prying eyes. But not all VPN services maintain the same security standards or take the exact same approach to user privacy.
How does your VPN handle your data? When the police or governments come knocking, what does your VPN do? The history of law enforcement subpoenas of VPN logs is murky to say the least. Major VPNs can get hundreds of data requests per year, but what they turn over is not so straightforward. I’ll try to clear the water and help you understand how your data is being handled and how safe it truly is.
VPN warrants and data request handling
VPN providers typically receive two different kinds of data requests, those regarding copyright violations through a DMCA (Digital Millennium Copyright Act) request or requests from law enforcement or government authorities following up on other possible illegal activity.
By far the most common are DMCA requests, which can oftentimes range in the tens of thousands per month. Law enforcement requests are much less common and may range on average from a few per week to one per day for the largest VPN companies.
Our best overall Pick for VPNs
ExpressVPN
Read our review
We can get a more accurate glimpse of these numbers by looking at each VPN provider’s transparency report (more on those later) posted on their website. Our top pick, ExpressVPN, states that in the period from July to December 2023, they received 194 total “Government and/or police requests” and 152,653 DMCA requests. Another extremely popular service, NordVPN, reports 81 total “inquiries from government institutions” from January to April 2024 and an astounding 2,421,053 DMCA requests — clearly NordVPN is the people’s choice for illegally pirating material. For what it’s worth, both companies state that none of these requests resulted in the disclosure of user information.
Other popular services such as Private Internet Access (PIA), CyberGhost, ProtonVPN, and Surfshark also post this data on their websites. PIA received 161 total “government demands for user data ” in the first four months of 2024, while Cyberghost and ProtonVPN received a fraction of these across all of 2023, a total of three and 60 respectively. Surfshark has unfortunately not updated their transparency report since 2021, but as an interesting aside, they used to break down which specific companies and countries had submitted data requests — a third of which came solely from the U.S.
Surfshark’s 2021 annual report shows a heat map of data requests from each country’s government.
Surfshark’s 2021 annual report shows a heat map of data requests from each country’s government.Surfshark
Surfshark’s 2021 annual report shows a heat map of data requests from each country’s government.Surfshark
Surfshark
Most VPN providers claim to have a no-logs policy. What this means is that they do not collect and store user data transmitted through their network. In a perfect world, no data about where you go online, what you download, or what your search for is recorded. Whether or not a VPN lives up to these standards is an issue that warrants its own separate discussion.
Even with these no-log promises, it doesn’t stop law enforcement or other authorities from attempting to subpoena that data when it thinks an illegal activity has been committed over a VPN’s servers. And when they come calling, there isn’t much a VPN can do to stop them.
In 2016, U.S.-based IPVanish was served with a Department of Homeland Security “summons for records” requesting user data about a suspected felony. After initially claiming they had no information to give, the company subsequently turned over some data on that user to the government.
A Top vpn with great features
Private Internet Access
Read our review
Best Prices Today:
$11.95 at Private Internet Access
Other documented instances include a data request in 2016 to PIA and a 2017 request for logs from PureVPN, both by the FBI. PIA remained true to their no-logs word by proving they had nothing to give the authorities, while PureVPN went on to secretly work with the FBI to provide an IP address of a user leading to an arrest.
There are also instances where more extreme measures were taken against VPNs. In 2017, ExpressVPN famously had its servers seized by the Turkish authorities. No data was obtained as a result, further bolstering ExpressVPN’s no-logs claims.
While it’s undoubtedly crucial that authorities receive the help they need to capture dangerous criminals, the extent to which VPNs can assist varies widely.
How do you know if your VPN has received a data request from the authorities
The history of law enforcement warrants, subpoenas, and data requests is intentionally opaque. On the one hand, law enforcement doesn’t want to tip their hand to the very people they may be trying to find. On the other, VPNs have an incentive not to disclose these warrants as they could potentially drive paying users away from the service.
However, in recent years we’ve seen VPNs turn a corner towards more transparency. Placing user trust as their highest priority, major VPN services are becoming more open about data requests.
Gone are the days of hush-hush data seizures. Nowadays, VPNs often employ clever tricks to alert users to requests. Such things as warrant canaries can sidestep gag orders and publishing regular transparency reports detail all data requests over a given time period. These are a welcomed change for many in the user-trust VPN business where privacy is the many selling point.
Warrant canaries
Warrant canaries are intended to alert users to when the VPN service has received a warrant or serious data request from authorities. Typically, a warrant will place a gag order on the company from disclosing the issue or alerting users. Warrant canaries are an attempt to subvert these gag orders.
The way that warrant canaries work is simple. Every few days or so, the VPN service will publish a note stating that the company has not received notices from authorities. If and when a warrant is then received, this will trigger the regular notices to stop updating, indicating to users that something isn’t right and to temporarily proceed in using the VPN with caution.
Transparency reports
A more recent trend for many of the top VPN providers is to switch from warrant canaries to regular transparency reports — usually posted monthly or quarterly. VPN services claim transparency reports can provide details and clarity that are lacking in warrant canaries. The drawback here is that warrant canaries potentially inform users as soon as there is a request from authorities whereas transparency reports will only inform users a month, sometimes many months, after the fact.
ExpressVPN’s 2024 transparency report lists how many data requests it received, their origins, and if any data was provided.
ExpressVPN’s 2024 transparency report lists how many data requests it received, their origins, and if any data was provided.
ExpressVPN
ExpressVPN’s 2024 transparency report lists how many data requests it received, their origins, and if any data was provided.
ExpressVPN
ExpressVPN
Transparency reports will usually display details such as the total number of government and/or law enforcement requests as well as DMCA requests from production companies and law firms. Oftentimes the VPN will also disclose if any of the requests resulted in the disclosure of user-related data.
How to choose a safer VPN
So what does all of this mean for you? Well, it’s a clear sign that choosing the right VPN for your privacy needs is paramount. You don’t want to choose a VPN thinking you know how they’re handling your private data and then come to find out that behind the scenes they’ve been doing something different the whole time.
The fundamental problem with even the best VPN, is that you can only truly take them at their word. All the independent audits and transparency reports in the world are still not enough to completely verify what the VPN is actually doing with your data from moment to moment. This may not be a huge concern for the average user looking to stream out-of-area Netflix, but for journalists, political dissidents, and other high-risk individuals it could be a matter of life or death.
If your main reason for choosing a VPN is privacy, then you’ll want to look for one with a strict no-logs policy. This means checking the company’s Privacy Policy (usually found on their website) for what data they do and do not collect.
Next you’ll want to check to see if that company has completed any independent security audits. These are audits by third parties of a VPN’s servers to confirm that they have no vulnerabilities and verify their no-logs policy claim. Better yet, look for a VPN provider who goes through regular (bi-yearly or yearly) audits to make sure they’re continuing to follow up on their promises.
You’ll also want to look for a VPN that is headquartered in a privacy-friendly country, out of the reach of international intelligence sharing agreements and data retention laws. The company should own its own servers (rather than renting them from a third-party), and those servers should be RAM-only to ensure your data is never stored beyond server reboots.
Additionally, a little research about a VPN provider’s history will help you better understand their privacy track record. The incident in 2017 with ExpressVPN is a great example. The Turkish authorities came up empty-handed, further bolstering the company’s no-logs reputation. No VPN is perfect, but by taking these safety measures you can feel more confident that your data remains as private as possible.
See PCWorld’s list of the best VPN services for our recommendations.
VPN Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 17 Jun (PC World)Your antivirus will protect you from many online threats, but no antivirus is perfect. Truth is, your PC can still be hacked even if you’re using reputable security software with a solid track record.
When we talk about your computer possibly being “hacked,” that’s exactly what we mean: a cybercriminal has gained access to your PC and compromised it in some way.
The hacker in question may be a criminal organization that’s installing malware on millions of PCs (e.g., to spy on you and steal your credit card numbers), or the hacker may be an individual using a remote access Trojan (RAT) to personally spy on you through your webcam.
Here some common warning signs that your PC might’ve been hacked, exposing your personal data and system resources.
Is something fishy? Run an antivirus scan
First things first: If you’re concerned that your computer has a virus or another type of malware, you should run a scan with an antivirus program—ideally one of our recommended antivirus software picks.
You should also consider using the free Norton Power Eraser (or a similar tool). Tools like this will reboot your PC into a special scanning environment outside of Windows so they can spot and remove malware like rootkits that normally evade detection.
Perhaps you’ve already run a scan. If your scan didn’t find anything wrong but you’re still concerned, I recommend getting a second opinion.
Beyond that, let’s dig into the actual signs you may have a problem with viruses, worms, rootkits, keyloggers, Trojans, crypto-miners, ransomware, or other dangerous malware on your Windows computer.
More like this: What to know about ransomware before it’s too late
1. Antivirus warnings and other messages
Chris Hoffman / IDG
Chris Hoffman / IDG
Chris Hoffman / IDG
Warnings from your antivirus—whether that’s the Windows Defender antivirus built into Windows itself or another antivirus you’ve installed—can be a sign that an attacker has gained access to your PC.
If you see lots of notices about a virus or other malware being detected, that’s a real sign that something is wrong. Even if your antivirus continues to insist that the malware was removed, if it keeps happening over and over, you should be suspicious.
It’s possible that your antivirus is only doing a partial cleanup. Whoever has hacked your system may have a foothold on your system that your antivirus software isn’t catching.
Meanwhile, strange messages saying that your antivirus is disabled are also a problem. An attacker who hacked your PC may have disabled your antivirus to stop it from getting in the way.
2. Webcam light mysteriously on
If your computer’s webcam light is ever on and you don’t know why, that’s a big problem and you should find out why. If you can’t pin down the cause, a hacker may be involved.
If someone is using a remote access Trojan (RAT) or some other kind of malware that spies on you through your webcam, you’ll usually see a webcam light indicating the camera is in use. (Some laptops and PCs don’t have webcam lights, but they may still show you that your webcam is in use with a system tray icon.)
You may be able to see which application is using your webcam from your PC’s Settings app, but, unfortunately, malware can hide from this list.
It’s also possible that you’ve left a video conferencing app running in the background, of course—and that’s also something you’ll want to know about! Here’s a guide for taking control of your webcam privacy.
3. Unusually slow performance
If your computer was hacked and malware is running on it, you may see slow performance. Applications may take a long time to open, web pages may take a long time to load, and things may just feel sluggish.
This can happen if a lot of malware is running on your PC or if you have a specific type of malware that’s draining your system resources. For example, crypto-mining malware may use all your CPU and GPU resources to mine cryptocurrency, slowing everything to a crawl.
You can dig into the Windows Task Manager to see exactly what’s consuming resources, but Windows has a lot of legitimate background processes that could be using lots of system resources. For example, things can slow down while installing updates.
So, if performance seems low and your computer is crunching away on something in the background, it may not necessarily mean you have malware—but it’s definitely worth looking into.
4. Computer freezes and application crashes
Chris Hoffman / IDG
Chris Hoffman / IDG
Chris Hoffman / IDG
If Windows keeps freezing or your apps keep crashing, that’s another sign that something isn’t quite right.
Malware that digs deep into the Windows operating system may install drivers or interfere with the Windows kernel, which can cause system instability in the form of blue screens, crashes, and freezes. It may also interfere with the applications you use, causing them to crash.
This isn’t foolproof evidence of your computer being hacked, though. Blue screens can be caused by hardware problems and application crashes can be due to the application itself. But if you can’t figure out the root cause, malware should be on your radar.
5. Strange applications and popups
If you’re getting a lot of weird popups (like browser popups) or other weird, unexpected applications showing up, that could be a sign someone with access to your PC—or just malware running in the background—is installing that junk on your PC.
Of course, even this isn’t a way to know for sure. PCs often come with a lot of manufacturer-installed applications you may not recognize, and some applications you use may create popups.
Popups of a text-mode Command Prompt window quickly appearing and vanishing should be suspicious, but some legitimate applications create popups like this one when they install updates.
6. Changes to browser home page, search engine, or extensions
Adware, spyware, and other “junkware” (junk software) have historically been known to take over web browsers.
When they do, these nasty forms of malware may change your browser home page and default search engine to capture more advertising revenue. They may also install browser extensions to spy on your web activity, capture information, and insert more ads into web pages.
If your browser has strange changes like these, that’s a sign your computer may be compromised in some way. You can reset your browser, but it’s also a good idea to run a deeper scan to root out the malware.
7. Odd emails being sent and received, password changes, and more
Hacks aren’t just about access to your computer. Hackers also want access to your various online accounts.
One of the most common ways accounts are “hacked” doesn’t even involve hacking a computer at all. The attacker may discover a password you use—possibly a password that you re-use everywhere, which ended up leaked in a data breach somewhere.
Then, the attacker uses your username and password combination to see if they can gain access to your other accounts. If the service allows the attacker in with your leaked credentials, they’ve essentially hacked your account. That’s why re-using passwords is so dangerous and why enabling two-factor authentication is so helpful.
If you see strange emails being sent and received, or if your account passwords are suddenly reset, it could be the result of a hack. Someone with access to your computer (or someone who knows your passwords) may have gained remote access to your accounts.
If malware scans come up clear and your computer seems secure but you still see strange things like this, it’s a good idea to change your passwords just in case.
Be on alert and trust your gut
Chris Hoffman / IDG
Chris Hoffman / IDG
Chris Hoffman / IDG
To be clear, this isn’t an exhaustive list. There may be other warning signs of hacks and/or malware. What’s even scarier is that a particularly well-executed hack may not leave any signs at all.
A sophisticated attacker doesn’t want to be noticed at all. They want to quietly spy on you and steal important data, and they’re going to do their best to ensure their hack doesn’t affect your PC in any noticeable way so they can remain undetected. That’s a big difference from the bog-standard malware that will be happy to waste your PC’s resources just to mine some cryptocurrency.
Ultimately, the best answer is to trust your gut. If something seems wrong, run scans with the various antivirus programs we recommend.
If nothing comes up and you’re still concerned, consider resetting your PC. This is basically like reinstalling Windows—you’ll get a “factory default” setup and you can set everything up again. This process will remove any malware or other hacker tools that could be lurking on your system, but you’ll have to reinstall the programs you use and set things up again afterward. Still, that’s a small price for peace of mind.
Want more PC advice? Subscribe to my free Windows Intelligence newsletter to get all the latest tips, tricks, and news sent straight to your email inbox.
Antivirus, Security Software and Services Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 17 Jun (PC World)Humans are terrible at passwords. Simply put, we suck at creating them, we can never remember them, and we share them way too freely. Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. And if you think you have good reasons not to use a password manager, here is why you’re wrong.
The best password managers relieve you of the burden of two of these problems—having to create and then memorize unique, complex logins on your own. Sharing your passwords is on you. Plus, these applications protect your passwords by encrypting your login info in a virtual vault—either locally or in the cloud—only allowing access with a single master password. So, if you’re looking to step up your security game, a password manager is one of the best ways to do it. And sure, web browsers are starting to offer password management features, but they’re not yet good enough.
PROMOTIONRoboForm Premium: Just $0.99/Month!
Secure your passwords with RoboForm Premium—now only $0.99/month, a massive 60% off! Exclusive to PCWorld readers. Offer ends soon. Grab it today!
$11.90/yr at RoboForm
All of our top picks for password mangers support a variety of operating systems such as Windows, Mac OS, Android, and iOS, as well as the major browsers. And all will let you sync your data across multiple devices, though you may have to pay extra for that privilege. Once you’ve found the right password manager for your needs, head over to our guide on mastering your password manager to make sure you’re getting the most from your software.
Update June 14, 2024: Invested deeply in Apple’s ecosystem? Its password management is about to get a major upgrade, as per a recent announcement at WWDC. You can read more about the Passwords app on our sister site, Macworld.
Dashlane – Best password manager overall
Pros
Analyzes and rates the strength of your passwords
Supports auto-filling web forms with personal profiles
VPN and Dark Web scanning available with paid plan
Cons
Expensive premium tiers
Free plan limited to one device
Best Prices Today:
$4.99 at Dashlane
Dashlane has always been a close contender with LastPass, so after the latter’s big data breach, it’s great to know that users still have Dashlane. A full-service password manager, Dashlane offers easy access to your logins, secure notes, payment data, and other information, all through its elegantly designed web portal or via one of its browser extensions for Firefox, Chrome, Edge, Opera, or Safari. Most importantly, its password game is strong, making it easy to generate and store complex, unique passwords and safely keep sensitive payment and personal data at your fingertips. With autofill deployed, Dashlane doesn’t just ensure you use best password practices, but that doing so is practically effortless.
Dashlane is free for a single device, but if you want syncing across multiple devices you’ll need a paid plan: The Advanced plan costs $33 annually or $2.75 per month, and adds dark web monitoring, to alert you whether your personal data is being used nefariously. The Premium account subscription costs $59.88 per year or $4.99 per month and includes all the features of the previous tiers and adds a VPN. The Friends and Family plan extends Premium plans to up to 10 accounts for $89.88 per year or $7.49 per month. These prices are a little higher than some of the competitors (indeed, that was one of LastPass’s small advantages), but Dashlane offers a premium product and has provided a reliable service for years.
Read our full
Dashlane review
Keeper – Most security-minded
Pros
Exceptionally strong security
Seamless exprience across platforms
Easy-to-use web interface
Cons
Users may find some security features inconvenient
Free version more limited than competitors’
Best Prices Today:
$17.49 at Keeper Security
It’s a consumer’s market when it comes to password managers. While we have our clear favorite above, Keeper is a very strong contender in its own right. It emphasizes security more so than many other password managers. For instance, it eschews an automatic password update feature as even this process would require temporary access to your credentials.
While Keeper’s security-above-all-else mindset makes it one of the best, in the past it has come at the expense of things some consumers prize such as ease-of-use and aesthetics. To its credit, Keeper seems to recognize this and has taken strides to continuously update its interface to be more modern and user-friendly. While security-minded users stand to get the most out of Keeper’s robust features set, even the everyday user will be safer for using it.
Read our full
Keeper review
LogMeOnce – Best for alternate login methods
Pros
No need to remember a complex master password
Robust security features
Easy-to-use web interface
Cons
Paid plans required to share more than a few passwords and files
Number of features can be overhwelming
Best Prices Today:
Free at LogMeOnce
While most password managers require a master password to access your password vault, LogMeOnce relieves you of having to remember even that. It uniquely offers the option of a PIN, biometric, or photo login to access your vault. This feature gives LogMeOnce a unique edge over other password managers.
Other than this distinctive feature, LogMeOnce operates similarly to its peers. It allows you to store and sync passwords and credit cards across your devices with end-to-end encryption. It also includes other features such as dark-web and cyberthreat monitoring, but these will come at a bit of an additional cost. Its unique features make LogMeOnce one of the most convenient password managers we’ve tested.
Read our full
LogMeOnce review
Bitwarden – Best free password manager
Pros
Free plan offers unlimited vault entries and device syncing
Paid plan is 70% cheaper (or more!) than rival services
Supports two-factor authentication
Send feature allows you to securely share notes and files with others
Cons
Has occasional trouble capturing and filling credentials on websites
Requires more manual setup than many paid password managers
Best Prices Today:
Free at Bitwarden
Bitwarden continues to offer a generous free plan that makes it a great option for users on a budget. It doesn’t charge you a penny to save unlimited vault items or sync your vault across all of your devices. This is a refreshing change from other password managers that place heavy restrictions on free users.
While it may lack some of the advanced features offered by the paid services and its no-frills interface isn’t the most user friendly, you can’t argue against Bitwarden’s price—it allows you to upgrade your security for free after all. It also offers an ultra-affordable paid tier with more advance features, but its free tier includes so much that you might not need anything else.
Free password managers come in all sorts of different flavors. Check out our roundup of best free password managers for more information.
Read our full
Bitwarden review
KeePass – Best password manager for total control
Pros
Free to use
Highly customizable
Provides full user control of data
Cons
Requires a higher degree of technical proficiency than modern password managers
Dated interface
Core program lacks auto capture and replay and other basic password management features
Best Prices Today:
Free at KeePass
KeePass is the password manager for those who like to control and tweak everything. It’s an open-source program, and lacks the sort of polished, comprehensive UI other password managers offer, and thus may put off the average user. But tech-savvy tinkerers will love all of the customizable settings. It is functionally a very solid program on its own, but to truly realize its potential you will need to have some technical proficiency to take advantage of add-ons. Another big plus for the security-minded, is that KeePass doesn’t store your data on the cloud. Everything is stored locally, so you don’t have to worry about the security protocols of an online service (ahem, LastPass) to keep your personal data safe. A savvy user will make the file accessible to other devices by using a private cloud account. If you relish the idea of a highly customized, DIY password manager that is free and unconstrained by a third-party’s policies and practices this is the product for you—and if you end up finding it too overwhelming, a simpler alternative like KeePassXC may fit the bill just as nicely.
Read our full
KeePass review
IronVest – Best for masking
Pros
Manages login credentials
Hides email addresses and credit card numbers
Blocks trackers
Cons
Requires paid subscription to unlock advanced features
Some features still in beta
Best Prices Today:
Free at IronVest
While most password managers focus solely on passwords, IronVest sets out to not only safely store your passwords, but make your entire online experience more secure. IronVest offers an intuitive and straightforward way to keep your passwords, identity, credit cards, email addresses, and other sensitive information protected while shopping online. Still a relatively new company, IronVest impressed with its ability to obfuscate personally identifiable information and block trackers in addition to just being solid password management software. It does this by masking your information when shopping. When you enter your email address, credit card, or other information on a site, IronVest creates and submits a masked version to the vendor so that they never see your actual information. It’s a neat feature that helps IronVest stand out from the competition.
Some features of the service are still in beta, so you can expect minor tweaks and changes before the full release. Even though the application is still in its infancy, the feature set is solid and trustworthy. Besides, it’s currently free to test out, so it costs nothing to give this unique and innovative service a try.
Read our full
IronVest review
What to look for in a password manager
At their most basic, password managers capture your username and password—usually via a browser plugin—when you log in to a website, and then automatically fill in your credentials when you return to that site. They store all your passwords in an encrypted database, often referred to as a “vault,” which you protect with a single master password.
Of course, most password managers do much more than this and many extend protection beyond your login credentials to other types of personal data. We narrowed it down to a few essential features that we looked for and you should too:
Password generation
You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
Autofill and auto-login
Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
Secure sharing
Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
Two-factor authentication
To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
Protection for other personal data
Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and available to autofill into web forms when we’re shopping or registering an account.
No online security measure is 100 percent foolproof, but most security experts agree that password managers are still the safest way for people to manage their myriad logins, and we agree that the benefits far outweigh the risks. Just choose your password manager carefully after researching all the options starting with this guide.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, our reviews are subject to change in order to accurately reflect the current state of the services.
FAQ
1.
Are password managers safe?
While nothing can be said to be 100 percent safe and secure, password managers do a great job of providing enhanced security features that you wouldn’t otherwise have. Generally speaking, password managers encrypt all of the data you store with them. While cybercriminals might be able to somehow hack the password manager, it is highly unlikely they will be able to decrypt your data to see the contents.
Nevertheless, much of the security of your password manager comes down to the strength of your one master password. If you are concerned about the safety of this one password, then it would be worth it to choose a password manager that stores your master password on a different server from the rest of your encrypted passwords—adding an additional layer of security.
2.
Is it worth paying for a password manager?
This will come down to what features you need in a password manager. Free services typically are limited to one device on which to save and sync your passwords. They will generate strong passwords for use, offer basic compromised-password alerts, and will store saved credit card and address information.
Premium password managers, which you have to pay to use, offer all of the same features as their free counterparts, but also allow you to sync and store passwords and data across multiple devices—or even between family members. They also have additional special features such as dark web scanning and emergency contact access, among others.
If you only have one device and don’t need any of the fancy additional features, then there really isn’t a need to pay for a premium service. However, premium password managers are only a few dollars per month so they won’t break the bank if you ever decide to switch.
3.
What if the password manager gets hacked?
If you suspect that you have been hacked, it is important to first figure out if it’s just you or if your password manager’s database has been compromised. Reputable password managers should put out some form of public release if they have been hacked. You can figure this out with a simple Google search. If they are not claiming to have been hacked, then it may be that your own data has been compromised some other way.
If it turns out your password manager’s database has been hacked, it’s up to you whether to continue with that service. Thankfully, all your passwords will be encrypted so hackers won’t be able to see the contents even after they have been stolen.
4.
Is using one master password for your password manager really safe?
It can seem a little disconcerting to entrust the security of all your passwords to one master password on a password manager. It’s true that the strength and safety of your master password can determine the security of your password manager itself. Therefore it is ideal to create a very strong master password.
The good news is that password managers typically store your master password and your other encrypted passwords and data on separate servers. This isn’t foolproof, but it does add an additional layer of security.
5.
What are passkeys? Do I need a password manager if I use passkeys?
Passkeys are a new form of account authentication. It’s a system that uses a set of encrypted keys, with a private one that you keep and a public one given to a website. To log in, you have to approve the attempt to see if the keys pair. Major tech companies like Google, Apple, and Microsoft are pushing to see passkeys widely adopted across the web, as they’re simpler and more secure than passwords.
While most mentions of passkeys talk about storing them on a smartphone, you can store them in other ways, too, like on a hardware key or (as you might have guessed) a password manager. Multiple password managers have added support for passkeys, with Dashlane, NordPass, and 1Password just a few of the services that can now store them. And while passkeys seem to be the future of online security, passwords likely will stick around for a while. Using a service to keep track of both kinds of authentication will be very useful.
Professional Software, Security Software and Services Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | RadioNZ - 17 Jun (RadioNZ)![NZ Located](/pimages/nzsmall.gif) A bank teller who stole more than $28,000 from customers to prop up her gambling addiction chose her victims carefully - they did not use internet banking and were either elderly or had health issues. Read...Newslink ©2024 to RadioNZ | ![](/n.gif) |
| ![](/n.gif) | | PC World - 13 Jun (PC World)Your PC is capable of running not one, but two Windows apps designed to protect you and your system against online threats: Windows Security and Microsoft Defender.
Telling them apart can be tricky, though. Thanks to a few name changes, what’s old sounds new and what’s new sounds old. If you haven’t kept up with the updates, it may not be clear which one you want — or if you actually prefer to run both.
To help you decide, I’ve broken down what each app does. Let’s dig in.
What is Windows Security?
PCWorld
PCWorld
PCWorld
Previously known as Windows Defender, Windows Security is the most current name for the app that ties Microsoft’s basic antivirus and network protections together. Similar to third-party antivirus software, you get a unified interface to make changes to the app and access manual scans. Separate tabs break out various settings:
Virus & threat protection: From this tab, you can run manual scans (Quick, Full, Custom, or Offline), change how your system screens for threats, and set up more stringent ransomware defenses.
Account protection: Guard the Microsoft account tied to your PC, as well as strengthen Windows’ login process.
Firewall & network protection: Refine your settings in order to tailor screening of incoming and outgoing traffic.
App & browser control: Adjust how Windows screens apps for suspicious behavior, and if Edge runs in an isolated, sandboxed environment.
Device security: Get information about your PC’s deeper security protections in Windows — core virtualization, security processor (TPM), and secure boot.
Device performance & health: See a quick overview of the general “health” of your PC with regard to software issues or storage drive issues.
Family options: Filter viewable content for users on the PC, as well as see breakdowns of device usage. You can manage your family group through the web portal.
Click on the arrows (desktop) or swipe (mobile) to see each tab in the Windows Security app.
What is Microsoft Defender?
PCWorld
PCWorld
PCWorld
Confusingly, the Microsoft Defender app shares its name with the antivirus engine powering Windows Security’s malware protection — but they’re not directly tied. Instead, the Defender app offers additional defenses against online threats for Microsoft 365 Personal or Family subscribers. It works equally with either Windows Security (including the Microsoft Defender Antivirus engine) or third-party antivirus software.
Privacy protection: You can funnel your online traffic through Microsoft’s encrypted VPN service whenever you’re on a network connection, like public Wi-Fi you don’t trust. You get up to 50GB of data per month.
Identity theft monitoring: Through a partnership with Experian, Microsoft Defender will alert you to data breaches and any fraudulent activity on your credit reports. The service also provides up to $1 million in restoration costs and $100,000 in lost funds if you are a victim of identity theft.
Device protection: You can watch to see if your devices (up to four) or those linked through your Microsoft Family Group have any suspicious activity occurring and be notified through this app. Notifications will be sent through Windows’ notification system, and you can also view them through the Defender app.
Click on the arrows (desktop) or swipe (mobile) to see the different sections of the Microsoft Defender app.
Windows Security vs. Microsoft Defender
Windows Security and Microsoft Defender are complimentary apps, rather than competing.
Windows Security defends against online threats, including ransomware, and it’s included for free with a Windows license. (Heads-up: If you ever see a popup notification telling you to call a phone number or pay to renew, you’ve either visited a compromised website or your PC has been directly compromised — time to run an antivirus scan ASAP.)
Microsoft Defender then rounds out those protections by letting you shield your online activity from other users on the same network, keeping you informed of data leaks and credit fraud, and monitoring your devices for vulnerabilities.
Should you use Microsoft Defender?
Windows Security and Microsoft Defender paired together can rival basic third-party antivirus suite subscriptions.
Windows Security and Microsoft Defender paired together can rival basic third-party antivirus suite subscriptions.Alaina Yee / Foundry
Windows Security and Microsoft Defender paired together can rival basic third-party antivirus suite subscriptions.Alaina Yee / Foundry
Alaina Yee / Foundry
If you’re already a Microsoft 365 subscriber, having both Windows Security and Microsoft Defender set up and active is comparable to a very simple third-party antivirus suite subscription — and you don’t have to pay extra.
However, if you’re not yet a paid Microsoft 365 user, want additional integrated features (like a password manager), or prefer a different interface, independent antivirus software will be a better fit for your needs. You can check out our top recommendations in our best antivirus software roundup, which covers all types of plans.
Antivirus Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 13 Jun (PC World)The cost of airfare has risen tremendously over the past few years. Travel has always been a luxury, but today it is more unattainable than ever. Fortunately, there are ways to save, and one of them is Matt’s Flights. This premium flight service scours the web for airfare deals and, this week only, you can get a lifetime subscription for an extra $10 off.
Matt’s Flights has been covered by The New York Times and Thrillist because it’s an intuitive, simple way to save on airfare. Just choose your departure airport and Matt’s Flights will automatically send you deals on flights to destinations all over the world. With a Premium Plan, you can put in an unlimited number of custom search requests to find discounts on flights to specific destinations, and you’ll also receive five times as many deals as standard customers.
Fight back against rising airfare. From 6/11 through 11:59 pm PT on 6/17, you can get a lifetime Matt’s Flights Premium Plan for just $79.97 (reg. $1,800).
Matt’s Flights Premium Plan (Lifetime Subscription) – Save up to 90% on Domestic & International flights – $79.97
See Deal
StackSocial prices subject to change.
Accessories Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 13 Jun (PC World)At a glanceExpert`s Rating
ProsThinkPad build qualityGood battery life360-degree hinge with a pen and touchscreenConsExpensiveLong battery life comes at the cost of performanceSlow integrated graphicsWon’t run CoPilot+ PC featuresOur VerdictLenovo delivered a 2-in-1 ThinkPad with great build quality, a nice pen, and serious battery life. But you may want to wait for a next-generation model powered by Intel’s Lunar Lake hardware.
The Lenovo ThinkPad X1 2-in-1 is a 14-inch 2-in-1 premium business laptop from Lenovo, complete with a 360-degree hinge and optional stylus. This is part of the legendary ThinkPad line of laptops, so it’s a high-end machine – with a high-end price, too.
If you want a ThinkPad and you want it to be a 2-in-1 machine with a touchscreen and a stylus, this is definitely the laptop for you. It delivered serious battery life in our benchmarks, but it’s not a performance-focused beast of a machine.
Here’s the inconvenient thing about this PC: A potential future version of this laptop with Intel’s upcoming Lunar Lake hardware should have even better battery life and improved performance — and it would support all those Copilot+ PC features Microsoft just announced, which this laptop (and other Meteor Lake-powered laptops) will never get. Now that Intel has announced Lunar Lake hardware coming later this year, battery-life-focused laptops with Meteor Lake hardware already feel a little dated.
Further reading: Best laptops 2024: Premium, budget, gaming, 2-in-1s, and more
Lenovo ThinkPad X1 2-in-1: Specs
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
The Lenovo ThinkPad X1 2-in-1 (Gen 9) is a 14-inch laptop that comes with an Intel Meteor Lake CPU. This is a 2-in-1 laptop with a touchscreen and an optional pen. Our review model had an Intel Core Ultra 7 155U CPU, but you can also configure this laptop with an Intel Core Ultra 5 125U, an Intel Core Ultra 5 135U, or an Intel Core Ultra 7 165U processor.
Either way, you’re getting an Intel Meteor Lake CPU, so it has more of a focus on power efficiency than Intel’s previous Raptor Lake CPUs. However, it looks like Meteor Lake pales in comparison to the Lunar Lake hardware that’s right around the corner. This laptop also comes with an “Intel Evo” badge.
This machine uses Intel graphics – not the higher-end Intel Arc graphics, which means it’s not great for gaming, even by integrated laptop graphics standards. Our review model included 16GB of LPDDR5X RAM, and you can get up to 64GB of RAM – but the memory is soldered to the motherboard. Our review model had a 1TB SSD, but you can configure this laptop with up to 2TB of storage.
Since this is a Meteor Lake laptop with a Meteor Lake neural processing unit (NPU,) it will never run any of those new Copilot+ PC features. You should wait for a Lunar Lake laptop if those are important to you.
CPU: Intel Core Ultra 7 155U
Memory: 16GB LPDDR5X
Graphics/GPU: Intel graphics
Display: 14-inch 1920×1200 IPS touch screen with 60Hz refresh rate
Storage: 1TB M.2 PCIE 4 SSD
Webcam: 1080p webcam
Connectivity: 2x Thunderbolt 4 (USB4 with DisplayPort 2.1 Alt Mode and Power Delivery 3.0), 2x USB 3.2 Gen1 Type-A, 1x HDMI 2.,1, 1x combo headset jack, 1x Kensington nano security slot
Networking: Wi-Fi 6E, Bluetooth 5.3
Biometrics: IR camera for facial recognition and fingerprint sensor
Battery capacity: 57 Watt-hours
Dimensions: 12.3 x 8.6 x 0.6 inches
Weight: 2.98 pounds
MSRP: $2,761 as tested
Lenovo ThinkPad X1 2-in-1: Design and build quality
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
The Lenovo ThinkPad X1 2-in-1 has great build quality. That’s no surprise: Lenovo uses the prestigious ThinkPad name for its high-end business laptops. Of course, they also come at a high-end price compared to Lenovo’s ThinkBook line of laptops.
The laptop is made of metal – aluminum and magnesium – and it’s all grays and silvers with a black bezel around the screen. In the center of the keyboard, you’ve got that classic red TrackPoint “nub,” which you can use to move the cursor around.
The “communications bar” containing the webcams and microphone at the top of the display juts out a bit and sticks out on the back. On the lid of the laptop, the dot at the top of the “i” in “ThinkPad” lights up red when the laptop is on.
It’s a great, business-like look. The metal makes it feel premium to touch, and the build quality is great with no creaking bits. The hinge works smoothly and solidly, which is obviously critical for a 2-in-1. At a hair under three pounds, it’s not as lightweight as a ThinkPad X1 Carbon with that carbon fiber, but it’s a good weight.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
This is a 2-in-1 laptop, so it has a touch screen and a 360-degree hinge that lets you rotate the laptop into a variety of shapes, lying it flat, using it in “tent mode,” or rotating it all the way so that the keyboard is at the back of the screen and turning it into a tablet. The screen also has a digitizer that works well with the Lenovo Slim Pen, which is an optional accessory our review model included.
Lenovo chose not to have the ThinkPad’s optional pen – the Lenovo Slim Pen – insert into a slot on the laptop for storage. Instead, it attaches magnetically to side of the ThinkPad X1 2-in-1. Lenovo says that it it is larger and “attaches to the side of the keyboard frame magnetically, so it’s always at arm’s reach.” Some people will prefer this approach to storing the pen. Although the magnetic attachment is strong and the pen does attach securely to the laptop, it’s also easy to see how the pen could get bumped and become detached in a bag.
While the pen connects to the laptop magnetically for storage, it doesn’t charge wirelessly from the laptop. You will have to plug a USB-C cable to a port under the cap on top of the pen to charge it.
Lenovo ThinkPad X1 2-in-1: Keyboard and trackpad
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
The Lenovo ThinkPad X1 2-in-1 has a great full-size keyboard that feels pleasantly snappy. There’s nothing “mushy” about the keys here. I also like some of the little touches, like the “Delete” key at the top-right corner of the keyboard being wider than other nearby keys.
There’s also the red TrackPoint “nub,” of course – this is a ThinkPad – but the ThinkPad X1 2-in-1 also has a solid touchpad. Our review model had a touchpad with three physical buttons above it, but you can also get a haptic touchpad with customizable haptic feedback. The touchpad was nice and response to the touch, the click action felt good, and you have those three physical mouse buttons above the touchpad if you want them.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
Of course, this is also a touch screen laptop, so you have the full touchscreen experience available to you. And that optional Lenovo Slim Pen seems like a great stylus, too. I’m no artist, but it offered a responsive experience when writing notes in OneNote.
Lenovo ThinkPad X1 2-in-1: Display and speakers
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
The Lenovo ThinkPad X1 2-in-1 offers a variety of 14-inch display options. Our review model had a 1920×1200 IPS display with a touch screen, a 60 Hz refresh rate and 400 nits of brightness. It looks good and has a nice anti-reflective coating that doesn’t produce as much glare in direct sunlight as I see on some laptops.
The ThinkPad X1 2-in-1 is also available with a 2880×1800 OLED display with a 120Hz refresh rate.
I’d recommend the lower-resolution display. It delivered amazing battery life in our benchmarks (and normal computer usage,) while the choice of an OLED display dragged down the Lenovo ThinkPad X1 Carbon in our battery benchmarks. Yes, the OLED display is probably beautiful – the OLED display on the Lenovo ThinkPad X1 Carbon certainly was when I reviewed it. But, for a machine like this, all-day battery life is probably your priority.
This laptop’s speakers are decent and can put out surprisingly loud audio with clear sound. As usual with thin-and-light laptops — or most laptops of any weight — the speakers are lacking bass. Everything else sounds good, though — and you can make it quite loud, if you like.
Lenovo ThinkPad X1 2-in-1: Webcam, microphone, biometrics
The Lenovo ThinkPad X1 2-in-1 has a high-quality 1080p webcam. For a business laptop like this one, that’s table stakes – you don’t want to spend this much only to drag a low-resolution 720p webcam into meetings! The webcam looks good and worked well both indoors and outdoors, and you also have access to Windows Studio Effects for tricks like faking eye contact and removing your background on the fly thanks to the neural processing unit (NPU) included with Intel’s Meteor Lake platform.
In addition, the webcam includes a nice physical price shutter on the communications bar itself. Just slide the shutter closed with your finger and you’ll physically block the webcam for added privacy.
The microphone setup also works nicely, picking up your voice clearly. Between the webcam and microphone, this is a capable laptop for online meetings.
This laptop includes both an IR camera and fingerprint sensor, so you can use Windows Hello to sign in with either facial recognition or your fingerprint. Facial recognition worked well in a variety of lighting conditions, and the fingerprint reader also does a good job. It’s located to the left of the arrow keys on the keyboard.
Lenovo ThinkPad X1 2-in-1: Connectivity
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
The Lenovo ThinkPad X1 2-in-1 offers a decent selection of ports for a laptop this size. You get two Thunderbolt 4 (USB4 Type-C) ports on the left side of the laptop – but bear in mind you’ll use one of them to charge the laptop.
In addition, you get two USB Type-A ports – one on the left side of the laptop, and one on the right side. On the right side, you also have HDMI 2.1, a combo audio jack, and a Kensington nano security slot.
You’re not getting a microSD card reader of any sort, so you’ll have to connect a dongle if you want to access an SD card, connect to Ethernet, or do anything else these ports don’t offer. For the size, it’s a good selection of ports – although some people might want a third USB Type-C port or an SD card reader of some sort.
This laptop also includes Wi-Fi 6E and Bluetooth 5.3 radios. That’s not the end of the world as Wi-Fi 7 routers aren’t widespread yet, but there’s a reason the next-generation Lunar Lake hardware will come with Wi-Fi 7 support as standard. Now that we’re getting into the middle of 2024, it would be nice to have. You can get Wi-Fi 7 and Bluetooth 5.4, if you like – but that’ll cost you extra.
Lenovo ThinkPad X1 2-in-1: Performance
The Lenovo ThinkPad X1 2-in-1 delivered solid, speedy performance in day-to-day work tasks like browsing the web with a lot of tabs open and working with Microsoft Office documents. That’s table stakes these days for a laptop with an Intel Core Ultra CPU, 16GB of RAM, and fast solid-state storage.
As always, we ran the Lenovo ThinkPad X1 2-in-1 through our standard benchmarks to see how it performs.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
First, we run PCMark 10 to get an idea of overall system performance. The ThinkPad X1 2-in-1 delivered an overall score of 6,226, in the middle of the pack. It’s not quite as fast as a ThinkPad X1 Carbon, and interestingly enough Lenovo’s dual-screen Yoga Book 9i actually beats it on performance in this benchmark, despite both systems having the same CPU. However, this ThinkPad did deliver stronger performance than the HP Spectre x360.
That’s a surprise because that HP 2-in-1 has an H-series chip, which should deliver higher performance than the U-series ship in this laptop, which is more focused on power efficiency. It’s another reminder that the specs sheet isn’t what’s important — HP’s Spectre x360 is likely being constrained by its thermals (cooling performance).
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
Next, we run Cinebench R20. This is a heavily multithreaded benchmark that focuses on overall CPU performance. It’s a quick benchmark, so cooling under extended workloads isn’t a factor. But, since it’s heavily multithreaded, CPUs with more cores have a huge advantage.
The ThinkPad’s score of 2,915 was in the bottom of the pack here. That’s not a huge surprise because this has a U-series Core Ultra chip from Intel, which is more focused on long battery life than performance. However, it’s interesting to see that Lenovo’s dual-screen Yoga Book 9i — which has the same CPU — beat the ThinkPad X1 2-in-1 on performance again.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
We also run an encode with Handbrake. This is another heavily multithreaded benchmark, but it runs over an extended period of time. This demands the laptop’s cooling kick in, and many laptops will throttle and slow down under load.
The ThinkPad X1 2-in-1 completed the encode process in an average of 1,902 seconds — that’s nearly 32 minutes. It’s a long time in comparison to other laptops with more performance-focused CPUs. This laptop isn’t optimized for delivering sustained power in heavy workloads like this — it’s more focused on power efficiency and battery life than computing performance.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
Next, we run a graphical benchmark. This isn’t a gaming laptop, but it’s still good to check how the GPU performs. Professional 3D rendering applications that use the system’s GPU will also benefit from a good score here. We run 3Dmark Time Spy, a graphical benchmark that focuses on GPU performance.
With a score of 2,169, the Lenovo ThinkPad 2-in-1 was in the bottom of the pack as far as Intel Meteor Lake-powered laptops. That’s because the U-series processors come with the lower-end “Intel graphics,” which isn’t as fast as the Intel Arc graphics you can get with Intel H-series CPUs.
However, this machine’s integrated Intel graphics were still much faster than the previous-generation Intel Iris Xe graphics found in the older Asus ZenBook 14 Flip OLED we compared it to.
Overall, the results paint a clear picture. This laptop isn’t a speed demon, and if you’re looking for a machine to run heavy computing workloads, this is the wrong system for you. Its hardware is optimized for long battery life and power efficiency. Luckily, as we saw in our battery life benchmark below, this machine delivers.
Lenovo ThinkPad X1 2-in-1: Battery life
The Lenovo ThinkPad X1 2-in-1 includes a 57 Watt-hour battery. That feels like it’s a little on the low side, so it’s extra surprising that the Lenovo ThinkPad X1 2-in-1 delivered amazing numbers in our battery life benchmarks. Yes, this looks like it should deliver all-day battery life – thank the display. If you opt for a model with an OLED display, bear in mind you won’t get the same battery life results.
IDG / Chris Hoffman
IDG / Chris Hoffman
IDG / Chris Hoffman
To benchmark the battery life, we play a 4K copy of Tears of Steel on repeat in the Movies & TV app on Windows 11 with airplane mode enabled until the laptop suspends itself. We set the screen to 250 nits of brightness for our battery benchmarks. This is a best-case scenario for any laptop since local video playback is so efficient, and real battery life in day-to-day use is always going to be less than the number you see here.
In our video rundown benchmark, the Lenovo ThinkPad X1 2-in-1 lasted for an impressive 1055 minutes before powering itself off. That’s seventeen and a half hours, and it outshined all the other laptops we compared it against. We benchmarked a ThinkPad X1 Carbon with an OLED display, so keep that in mind when you look at the results here — the ThinkPad X1 2-in-1’s OLED display option will likely cut hours off your battery life, although I imagine it looks stunning.
Lenovo ThinkPad X1 2-in-1: Conclusion
ThinkPads aren’t targeted at the average PC user. They’re premium business laptops, and Lenovo gives them a price that matches – thankfully, Lenovo also gives them a premium build quality. (But ThinkPads also go on pretty deep sales sometimes – especially previous-generation ones. You may be able to find this PC at quite a large discount someday).
At $2,761, our review model is seriously expensive for a laptop, especially one that trades so much performance for battery life. However, it also does have serious battery life. For people who use a computer for light tasks rather than heavy local computing workloads — and who want a pen with their high-end business laptop — this is a good option.
After considering the benchmarks above, you should have a pretty good idea of whether this machine is for you. Other 2-in-1 options include Lenovo’s Yoga Book 9i, which takes the concept even further, delivering two separate displays – at a lower price, but without the ThinkPad branding and with much lower battery life. (After all, it’s powering two separate screens). Or you could go for a competing 2-in-1 like the much less expensive HP Spectre x360, although it doesn’t have anywhere near the battery life and its performance was inconsistent in our benchmarks. Plus, none of those are competing laptops are ThinkPads. That lineage and high-end design is important to a lot of people.
If you don’t need a laptop right now, you may want to wait for the next generation. Intel’s Lunar Lake hardware sounds like it will be a huge leap over Meteor Lake and deliver much more power efficiency along with improved performance – and it will support all those Copilot+ PC features Microsoft announced, which laptops like this one won’t receive. From what Intel is saying, that next-generation hardware will be a big upgrade to battery life-focused laptops like this one.
Laptops Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 13 Jun (PC World)Want to turn your lone laptop into a full-blown workstation, complete with multiple monitors? If your laptop only has a single HDMI port, that can be a tricky limitation to get around.
Unless you use a docking station! A docking station is like a USB hub, except more powerful and less portable.
The Dell WD19S is on sale for a record-low price of $135, down from its list price of $310. That’s a 56% savings, making this a phenomenal deal for one of the best docking stations available today.
I personally use this exact docking station myself, and even though I paid full price for it, I have no regrets. It’s been super helpful for expanding my laptop’s connectivity and improving my productivity.
This powerful docking station can boost your PC’s power up to 130W with Dell ExpressCharge, allowing you to charge up to 80% in just one hour. Since you’ll be sticking this one in the same USB-C port you’d use to charge your device, it’s a great thing that it’s a speedy charge.
If you’re a multitasker like me and you need multiple displays, this dock supports up to 4K resolution at 60Hz on two displays or QHD at 60Hz on three displays. That’s a lot of screen real estate!
But there’s more because the dock offers a variety of interfaces. It comes with two DisplayPort ports, one HDMI 2.0 port, and a USB-C Multifunction DisplayPort port. Plus, two USB-A 3.1 Gen 1 ports for connecting with mouse, keyboard, and external drives. Finally, a Gigabit Ethernet port for fast, reliable internet access.
The Dell WD19S is an incredible deal at $135 and the best way to turn any laptop into a power user’s workstation. It’s never been this heavily discounted before, so you’ll want to hop on it before it’s gone.
This Dell docking station has never been cheaperGet it while you can on Amazon
Docks and Hubs Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 12 Jun (PC World)Following the huge wave of ransomware last year, there’s now increasing reports of completely new tricks used by hackers and cybercriminals to gain access to computer systems, devices, and networks.
Many of these tricks exploit existing vulnerabilities in applications and operating systems, but these perpetrators are also developing completely new approaches that combine technical procedures with social engineering to achieve their goals.
To recap if you’re unaware: social engineering is when a malicious person exploits you through helpfulness, trust, fear, or respect in an attempt to manipulate you into doing something.
Further reading: Key signs of social engineering to look for
Examples of social engineering include: a work email purporting to come from your boss with a payment order for a large sum to a foreign account; a WhatsApp message from someone pretending to be your relative in need of money; or a phishing email that claims to be your bank asking you to click a link with scary consequences if you don’t.
Here are some of the latest scams and techniques used by criminals that you need to know about—and how you can protect yourself.
1. The zero font trick
It’s possible to set the font size of email text to zero using HTML code. In this way, the text is present but not visible to the eye.
A few years ago, criminals used this trick to insert invisible text into messages in order to fool the spam and virus detection mechanisms of email providers and mail programs.
They used this technique to insert harmless words and phrases into the email body to make the message appear safe, thus outwitting the email providers’ malware filters.
For emails in HTML format, it’s possible to set the font size to zero. The corresponding attribute is “font-size:0”.
For emails in HTML format, it’s possible to set the font size to zero. The corresponding attribute is “font-size:0”. IDG
For emails in HTML format, it’s possible to set the font size to zero. The corresponding attribute is “font-size:0”. IDG
IDG
Last autumn, security researcher Jan Kopriva became aware of a new version of the zero font trick. Hackers used it to attack Microsoft Outlook users, exploiting a feature of the program’s email display.
The issue is that Outlook happens to display zero font text in its list view, but not in the email preview. The malicious senders therefore placed the zero-point text in the message: “Isc Advanced Threat protection: This message has been scanned for threats.”
“Isc” stands for the Internet Storm Center, an organization of the SANS Institute that monitors malicious activity on the internet. The reference to the alleged malware scan made the email seem trustworthy to recipients, so they were more inclined to open it and trust what it says.
However, the message actually contained a link to a fake website that requested the visitor’s access data:
Outlook displays zero font text in the list view. The email has supposedly already been scanned for malware threats and is harmless. It therefore appears trustworthy to the recipient.
Outlook displays zero font text in the list view. The email has supposedly already been scanned for malware threats and is harmless. It therefore appears trustworthy to the recipient. IDG
Outlook displays zero font text in the list view. The email has supposedly already been scanned for malware threats and is harmless. It therefore appears trustworthy to the recipient. IDG
IDG
How to protect yourself:
Learn how to spot scam emails and messages.
Even with emails that claim to be from reputable senders, remember that they could be fake.
Hover over every link to confirm the destination address before clicking—and even then, don’t click unless absolutely necessary. It’s better to navigate to the site manually if you can.
If you have any doubts that an email actually came from a particular sender, give them a quick call to confirm.
2. Vulnerabilities in 2FA/MFA
Two-factor authentication (2FA) or multi-factor authentication (MFA) protects users against attacks on their login credentials. With 2FA enabled, it’s much harder to hack an account.
So, hackers are increasingly trying to access the cookie files that are created during the login process that certify correct authentication.
With these session cookies, it’s possible for a user to log in just once and continue accessing various services. As soon as the user logs out, the session cookie is deactivated.
Further reading: How to use 2FA the right way
Various malware programs are now exploiting a vulnerability in the Google login process to reactivate expired session cookies. In this way, they can freely access all Google services belonging to a user.
This works even if they’ve changed their password in the meantime. However, this requires the malware to have access to the user’s computer.
How to protect yourself:
Understand how malware infections happen. Don’t open attachments in suspicious emails. Don’t click on links in emails. Don’t download apps from illegal or suspicious sites.
Shut down your computer when you don’t need it.
Apply security patches for Windows and other programs immediately and always keep your software up to date.
3. Deepfakes from your boss
Traditionally, the boss scam is where your “boss” instructs you to transfer a large sum of money to an unusual account, but the “boss” is actually a hacker who’s sending your fraudulent emails or texts.
A new variant has now come to light in Hong Kong, where hackers invited their victim to a video conference by email. However, no real people were waiting for him there—only deepfakes of colleagues from his company. (A deepfake is an AI-generated impersonation of a real person.)
These deepfakes instructed the victim to carry out 15 transfers totaling 200 million Hong Kong dollars. (About $26 million USD.) The victim only realized that he had been scammed when he later spoke to his boss.
Baron Chan, head of the cybersecurity department of the Hong Kong police, suspects that the criminals had previously downloaded videos of the company’s employees for the deepfake of a video conference.
Baron Chan, head of the cybersecurity department of the Hong Kong police, suspects that the criminals had previously downloaded videos of the company’s employees for the deepfake of a video conference. IDG
Baron Chan, head of the cybersecurity department of the Hong Kong police, suspects that the criminals had previously downloaded videos of the company’s employees for the deepfake of a video conference. IDG
IDG
The cybersecurity department of the Hong Kong police suspects that the criminals had copied videos of their real colleagues from the company’s servers and combined that with AI-supported voice synthesis to create the deepfakes used in the video conference.
How to protect yourself:
Hong Kong police advise people to ask questions during video conferences to verify the identities of other participants.
4. AI hallucinations become reality
Word has gotten around that AI-supported language models like ChatGPT are hallucinating (i.e., making up information). For example, AI chatbots have invented court judgments for trials that have never taken place. But they can also hallucinate non-existent software packages.
A security researcher placed the package huggingface-cli in the Python Package Index (PyPI). In fact, an AI had only invented the package. Nevertheless, it was used by several Python projects within a few weeks.
A security researcher placed the package huggingface-cli in the Python Package Index (PyPI). In fact, an AI had only invented the package. Nevertheless, it was used by several Python projects within a few weeks. IDG
A security researcher placed the package huggingface-cli in the Python Package Index (PyPI). In fact, an AI had only invented the package. Nevertheless, it was used by several Python projects within a few weeks. IDG
IDG
Israeli security researcher Bar Lanyado asked himself what would happen if real code were to be published under a name invented by AI.
He asked ChatGPT-3.5-Turbo, ChatGPT-4, Gemini Pro, and Cohere Command for help with a programming problem and identified a piece of code with the name huggingface-cli that had been repeatedly recommended over several months but didn’t actually exist.
He then created an empty Python package with this name and put it online. Within a few weeks, it had been downloaded 15,000 times. Also, a GitHub search revealed that huggingface-cli had appeared in the repositories of several large companies.
The Python package from Bar Lanyado might be a harmless file with no content or consequences, but you can imagine how hackers could distribute malicious code in the same way.
How to protect yourself:
Programmers should never blindly trust the suggestions of AI models and should double-check recommended downloads themselves.
5. Current attacks via phishing emails
Typical of modern phishing emails are the time pressure they create and phrases such as “Start confirmation” or “Try to pay again.”
Typical of modern phishing emails are the time pressure they create and phrases such as “Start confirmation” or “Try to pay again.” IDG
Typical of modern phishing emails are the time pressure they create and phrases such as “Start confirmation” or “Try to pay again.” IDG
IDG
Fraudsters use phishing emails to try to persuade you to visit fake websites or websites infected with malware.
They usually ask you to enter your address and/or login details. You will then receive a phone call in which the criminals ask for a PIN or some other security factor. Or they simply sell your access data, such as your login credentials to your Netflix account.
Many of these phishing emails follow the same pattern: under a short introductory text is a button that takes you to the fake website. In many cases, the email uses a scare tactic or time pressure so that you don’t think about the authenticity and plausibility of the message.
Common button captions include:
“Update account now”
“Update address”
“Confirm now”
“Win now”
“Go to account recovery page”
“Stay protected” (for emails purporting to be from security vendors)
“Show order details”
“Activate now”
“Try to pay again”
“Pay fee now”
You should never click on any of these buttons. Always remember that reputable companies—including banks and online retailers—will never ask you to enter your login details by email.
6. Proxy server as an app
Cybercriminals often face a common problem: the IP addresses of their control servers and botnets end up on blacklists, and they’re subsequently blocked by providers, companies, and organizations.
To avoid this, they redirect their data packets via proxy servers, effectively giving new IP addresses to those data packets. But then these public proxy servers also end up on blacklists. It’s a vicious cycle.
But they have a new trick now: using malware to turn the smartphones and desktop PCs of unsuspecting users into proxy servers.
In May 2023, security researchers noticed an app in the Google Play Store that secretly turned smartphones into proxies. They later searched and found a total of 28 apps with PROXYLIB, which is responsible for these hidden proxy servers. All of them were VPN apps that supposedly provided encrypted connections on the internet.
Google has now integrated a detection routine for proxy malware in the Play Protect protection mechanism, which automatically deletes the apps in question. However, don’t be surprised if alternative app stores continue to make these malware-infected apps available.
How to protect yourself:
There’s a list of malicious apps at the bottom of this webpage. If you have one or more of them installed, delete them as soon as possible.
Only install apps via the Google Play Store.
7. Quishing instead of phishing
QR codes don’t reveal the destination of a link at first glance. In this quishing email purporting to be from Microsoft, the link in the image leads to a fake Microsoft login page.
QR codes don’t reveal the destination of a link at first glance. In this quishing email purporting to be from Microsoft, the link in the image leads to a fake Microsoft login page. IDG
QR codes don’t reveal the destination of a link at first glance. In this quishing email purporting to be from Microsoft, the link in the image leads to a fake Microsoft login page. IDG
IDG
Phishing is a type of scam where an email or message is sent to a prospective victim in hopes that they’ll click a malicious link within. It’s been around for several years now, and email providers have gotten better at recognizing and filtering out phishing attempts.
Because of that, hackers are exploring other methods of luring victims to their sites—like quishing, the transmission of links via QR code. (Quishing is also known as QR phishing.)
You’ve probably scanned QR codes with your smartphone to read restaurant menus, enter contests, and more. Hackers exploit this behavior by integrating QR codes into their emails, which then lead you to fake login pages or otherwise malicious pages.
Last autumn, the security company Harmony reported a 587 percent increase in quishing attacks.
Security provider Check Point also describes a quishing attack in which users were directed to a fake Microsoft login page. In this way, the attackers were able to bypass the usual security measures used to filter out phishing messages.
How to protect yourself:
Always pay attention to who sent you an email with a QR code and take a close look at the address displayed by the QR code reader. When in doubt, avoid scanning unsolicited QR codes.
This article was translated from German to English and originally appeared on pcwelt.de.
Security Software and Services Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | | PC World - 12 Jun (PC World)At a GlanceExpert`s Rating
ProsGood free planFast speedsUnlimited device connectionsConsStreaming unblocking is inconsistentNo independent auditOur VerdictWindscribe is an effective and user-friendly VPN with strong ad-blocking and a solid feature set for beginners and experienced users alike. Plus, the free plan continues to be one of the best.
VPNs and ad blockers help you surf the web privately so that websites and advertisers can’t track your online activities to learn where you go and what you do. You’ll find a plethora of VPNs and ad blockers with different price tags and degrees of effectiveness, but one program worth trying is Windscribe.
Originally marketing itself as a VPN with ad- and tracker-blocking at its core, Windscribe has long stood out for its generous free plan. In recent years, the service has been trying hard to add features and expand on its paid service in order to compete in the premium market as well. It might still be a ways off from the top dogs, but that doesn’t mean it has nothing to offer.
Windscribe Pro in brief:
P2P allowed: Yes, but not all servers
Simultaneous device connections: Unlimited
Business location: Ontario, Canada
Number of servers: 112
Number of country locations: 69
Cost: $9 per month or $69 for one year
Further reading: See our roundup of the best VPN services to learn about competing products.
What are Windscribe Pro’s features and services?
Windscribe is available for a variety of platforms. Beyond the desktop versions for Windows, macOS, and Linux, there are mobile apps for iOS, Android, and Blackberry OS. Browser extensions are accessible for Chrome, Firefox, and Microsoft Edge. There are even versions for certain smart TV systems and for router configurations. For this review, I focused on the Windows version and on the browser extensions.
For its lineup of VPN servers, Windscribe offers access to 112 city locations across 69 different countries. It also mercifully allows users an unlimited number of simultaneous device connections — why more VPN providers aren’t doing this is a mystery. Plus, all servers except those in India, Lithuania, Russia, South Africa, and Bosnia allow P2P. The stated reason behind this is that those countries outright restrict P2P file sharing so Windscribe complies with local laws.
The Windscribe homescreen is a tiny little window that somehow fits in all of the info you need to know.
The Windscribe homescreen is a tiny little window that somehow fits in all of the info you need to know.
Sam Singleton
The Windscribe homescreen is a tiny little window that somehow fits in all of the info you need to know.
Sam Singleton
Sam Singleton
When you first open up Windscribe you’ll notice that the window is a tiny little square with only a big connect power button, your current IP address, and a drop-down for country locations. Clicking on various drop-down menus expands the app window accordingly.
The interface is quite unique and I’m torn between whether I like it or not. On the one hand, you can tell that Windscribe has spent a lot of time cramming in all of these little fun extension windows, but on the other other hand, I feel like it’s all a bit overdone.
You can click on the drop-down menu at the top left of the home screen to access additional settings. Here you’ll find a veritable treasure trove of customization options — power users, eat your heart out. This list of settings is too many to go over here, but a few are worth pointing out.
Windscribe’s settings menu comes with a dizzying array of tweakable features.
Windscribe’s settings menu comes with a dizzying array of tweakable features. Sam Singleton
Windscribe’s settings menu comes with a dizzying array of tweakable features. Sam Singleton
Sam Singleton
There are your typical VPN features such as auto-connect, split tunneling, and a kill switch (Windscribe calls this feature “Firewall Mode”). If you have the app and browser extension installed you can use split-tunneling for both apps or IP addresses.
A feature dubbed R.O.B.E.R.T. is a customizable DNS and IP level blocker for the Windows client, capable of blocking ads, trackers, malware, and objectionable websites (gambling, adult content, crypto mining, etc.). Additionally, a MAC address spoofing tool can disguise your PC’s hardware address.
Plus, more advanced options are available. A port-forwarding feature lets you securely access your home computer, network, or NAS remotely via a Windscribe connection. A Config Generator helps you create configuration files for different VPN protocols. And though the IP address assigned to your computer will change dynamically, there is an option to upgrade to a static address for an additional fee.
Windscribe’s browser extension works in tandem wtih the VPN to provide strong ad- and tracker-blocking while surfing the web.
Windscribe’s browser extension works in tandem wtih the VPN to provide strong ad- and tracker-blocking while surfing the web.
Sam Singleton
Windscribe’s browser extension works in tandem wtih the VPN to provide strong ad- and tracker-blocking while surfing the web.
Sam Singleton
Sam Singleton
Windscribe Pro also comes with access to its browser extensions for Chrome, Firefox, and Edge. You might be wondering: Why use a browser extension when you’ve already got the Windows client? In a nutshell, the extension is designed to work in tandem with the app, mainly to reduce your online footprint and speed up your connection by blocking ads and trackers.
The extension offers a short tutorial to show you which buttons control which features. As you can with the Windows client, you’re able to turn the extension’s VPN on and off, allow it to select the best VPN server or choose one yourself, and control what gets blocked — ads, malware, social network sites, cookies, and more. Plus, you can whitelist specific sites that you don’t want affected by the blocking.
How much does Windscribe Pro cost?
Windscribe comes with a free plan, a paid monthly or yearly plan, and a customizable build-a-plan option.
Windscribe comes with a free plan, a paid monthly or yearly plan, and a customizable build-a-plan option. Sam Singleton
Windscribe comes with a free plan, a paid monthly or yearly plan, and a customizable build-a-plan option. Sam Singleton
Sam Singleton
Windscribe comes in a free edition as well as a subscription-based Pro mode. The free flavor restricts the number of VPN locations and the amount of bandwidth you can use. By default, you’re granted 2GB of bandwidth per month. Adding and confirming your email address boosts that to 10GB per month. Otherwise, the free plan imposes no speed or performance caps.
The Pro flavor grants you access to all the VPN city locations around the world as well as unlimited bandwidth. This plan can be purchased for $9 per month — which is on the high side for VPNs — or $69 per year, which drops the monthly price to a more reasonable $5.75.
A Build-a-Plan option lets you pay only for what you use via an a-la-carte approach. Don’t need or want access to all the accessible VPN servers? You can limit the scope to just certain server locations. For example, you could buy access to all 35 VPN server locations in the U.S. for $1. For each country you add, you get an extra 10GB of data per month. You can also grab unlimited data for your plan for another $1 a month. Ultimately, you need to spend at least $3 per month if you opt to build your own plan.
How is Windscribe Pro’s performance?
As always, when testing a VPN’s speeds I measure connection speeds across its servers in six different countries around the world and then compare them to my baseline internet speed.
Windscribe VPN’s speeds didn’t let me down. During the tests, Windscribe was able to manage a thoroughly impressive 64 percent of the base download speed and 70 percent of the base upload speed. That’s enough to eke it into the top-five fastest VPNs, right up there with the likes of NordVPN and HotSpot Shield.
While these speeds were done over the WireGuard protocol, testing other protocols did slow down the connection to varying degrees — none too drastically though. Regardless, I recommend that almost everyone use WireGuard as their default protocol for the best speed and security anyways.
When it comes to unblocking streaming content, Windscribe scored decent enough marks. Using region-specific VPN servers all over the world, I was able to connect to and stream content from Amazon Prime, Hulu, Disney Plus, and other services, a feat that many other VPN products can’t always achieve. It was only with Netflix that I found issues. While both the U.S. and UK Netflix seemed to work just fine with Windscribe, I found issues with unblocking in other countries such as Japan and other European countries. With these results, I’d recommend Windscribe to those looking to stream in the U.S. or UK, but can’t recommend it for other countries.
Windscribe’s speeds put it in the top-five fastest VPNs, right up there with the likes of NordVPN and HotSpot Shield.
How is Windscribe Pro’s security and privacy?
There are a good number of protocol options to choose from with Windscribe plus advanced stealth VPN and WStunnel.
There are a good number of protocol options to choose from with Windscribe plus advanced stealth VPN and WStunnel.
Sam Singleton
There are a good number of protocol options to choose from with Windscribe plus advanced stealth VPN and WStunnel.
Sam Singleton
Sam Singleton
Windscribe comes with strong AES-256 encryption and all of your standard protocol options including WireGuard, IKEv2, and OpenVPN (both UDP and TCP). It also has a stealth option that disguises traffic as HTTPS with TLS and an option for WStunnel, which wraps your traffic with web sockets. Both of these can be used in certain countries to get around trickier government censorship.
I tested Windscribe’s security on Windows with a DNS leak test and found no DNS or other leaks. Similarly, when I tested the kill-switch function it worked well, however there was no immediate indication as to what happened until the connection was automatically reestablished — a minor gripe, and doesn’t affect the functioning of the client’s kill switch.
Winscribe covers what data it does and does not collect in its privacy policy on its website. The data it does collect includes total bandwidth you’ve used in a month for its free plan management purposes and a timestamp of your last activity in order to identify inactive accounts.
The company claims that there is no logging of connections, IP addresses, timestamps, or browsing history, which it backs up in its regular transparency reports. However, you’ll have to take Windscribe’s word for all of this as it has never undergone an independent audit. Public audits are crucial to reassuring users that their data is anonymized and properly handled according to the VPN’s privacy policy. Hopefully Windscribe takes action to rectify this and undergo an audit soon.
Based in Canada, Windscribe is a small operation founded in 2015 by Yegor Sak. Canada is a member of the Five Eyes Alliance, an organization in which member countries promise to share intelligence data with each other. But that hasn’t yet affected Windscribe. As you can tell from the aforementioned transparency report, it shows that the VPN has rejected all requests for user information from government agencies due to a lack of relevant data.
Windscribe has also managed to avoid most security breaches and related problems. But there was an incident in 2021 in which Ukrainian authorities seized Windscribe VPN servers in the country and were able to access the private key as the servers were unencrypted. In response, Windscribe implemented a diskless setup with RAM nodes to better secure data, and increased staff to address these types of threats. A privacy report from Security.org gave Windscribe a grade of 7.7 out of 10, giving it a thumb’s down for the lack of advanced authentication methods and software updates but applauding the privacy policy and the encryption of user data both in transit and at rest.
Is Windscribe Pro worth it?
Windscribe is a simple yet effective VPN with solid ad- and tracker-blocking. It stumbles a bit when it comes to unblocking streaming content, but makes up for it with great speeds and tons of customization options.
The Windows client and the browser extensions make for a powerful team that will protect your privacy and block annoying ads and objectionable content as you browse the web. And with the free version of Windscribe already being so good, you can always start there and then jump to the Pro edition if you need more capability.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, this review is subject to change in order to accurately reflect the current state of the service. Any changes to text or our final review verdict will be noted at the top of this article.
VPN Read...Newslink ©2024 to PC World | ![](/n.gif) |
| ![](/n.gif) | ![](/n.gif) |
|
![](/n.gif) |
![](/pimages/bldn.gif) | Top Stories |
![](/n.gif)
RUGBY
Oh from one for New Zealand's medal hopes at the Paris Olympics... after the All Blacks Sevens crashed out in the quarter-finals More...
|
![](/n.gif)
BUSINESS
New Zealanders are finding it harder to keep up with housing costs, compared to other countries More...
|
![](/n.gif)
|
![](/n.gif)
![](/pimages/bldn.gif) | Today's News |
![](/n.gif)
![](/pimages/bldn.gif) | News Search |
|
![](/n.gif) |