“The Cloud” is becoming the place to be for backup and data storage. Microsoft offers its SkyDrive; Apple has iCloud; there’s Mozy, Acronis, JustCloud, Carbonite, Dropbox, etc. There are so many, it’s impossible to list them all. This Geek uses SkyDrive, iCloud, DropBox and, for clients, Carbonite. They all have their advantages, similarities and differences. You can do your own study and make your own choices as to who you choose for your cloud storage provider; however, be aware of this very important concept: TNO – Trust No One. You want to make sure that only you, or those you designate, have access to your data. This means that:
This is why you must PEE before you upload anything to the cloud.
PEE stands for “Pre-Egress Encryption.” In other words, encrypt your data before it ever leaves your machine. If you do this, no one will ever be able to see anything but random noise unless you allow them to decrypt it by providing the key.
Over the next couple of posts, I’ll give you a rundown of what I consider the best applications and techniques to make it easy for you to PEE. Stay tuned.]]>
The topic is Privacy and security in the cloud – is there any?
The Cloud - whatever that is - isn't new, whatever the marketing material may imply. But the scale of many modern-day cloud-oriented services is simply enormous. And since those services are run by experts, they readily promise to deliver the "holy trinity" of computer security - confidentiality, integrity and availability.
But do they? Will they? Can they? This thought-provoking presentation will help you advise your colleagues, your friends and your family how to embrace the benefits of the cloud whilst steering clear of the major risks.
This ties in nicely with something I have talked about before in a recent post, “Beware Cloud Data Storage–Pre-encrypt.”
Steve Gibson of the Security Now! podcast recently coined a term, “pre-egression encryption,” which worked out to the acronym, PEE. Not elegant, but it makes sense (he has since adopted the acronym PIE – pre-Internet encryption, coined by a listener). In other words, trust no one’s encryption: encrypt it yourself using your own secret key before you send anything to the cloud. Steve references an incident with DropBox in Security Now! episode 302:
…like Dropbox, are very user-friendly, and they say, oh, we encrypt. We use SSL 256 encryption so that all of your data is safe as it’s coming to us. The problem is, they encrypt it, and then they decrypt it at the other end. So they’re storing it, or they have it, at least, in an unencrypted state. In the case of Dropbox, they then would encrypt it for storage. But they encrypted it for storage. They have the key that was used. The only way any of this stuff is safe is if you do the encryption before it goes out on the wire, and that key never leaves your control. In which case we’re using the cloud as a big opaque storage container in the sky.
The bottom line is that you can trust no one with your security and privacy in the cloud. Before you send any data to the cloud, encrypt it with a key that is known only to you and completely under your control.
Assume that cloud security and privacy don’t exist.]]>
Your stuff is safe
Dropbox protects your files without you needing to think about it.
- Dropbox keeps a one-month history of your work.
- Any changes can be undone, and files can be undeleted.
- All transmission of file data occurs over an encrypted channel (SSL).
- All files stored on Dropbox are encrypted (AES-256).
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
So, Dropbox has the keys to the kingdom unless you encrypt the files yourself before uploading. And anyone on their staff, by extension, can decrypt your data. Not good.
If you want to maintain your security and privacy, pre-encrypt everything you intend to store in the cloud. If all the service has is pseudo-random noise in the first place, that it all anyone will get.
Trust no one when it comes to your data.]]>
On June 3, Panda Security announced that it has significantly upgraded and extended its Panda Cloud Antivirus product line to offer a free and “Pro” version to users.
A year ago, Panda made history by becoming the first major security vendor to unveil a free antivirus powered exclusively by the cloud. Microsoft was next with its Security Essentials product. Having tried AVG’s, Avast’s and Avira’s free antivirus products, I’ve settled on Panda’s Cloud Antivirus and Microsoft Security Essentials for my home systems. From their press release:
Today’s announcement is a natural evolution of the company’s “freemium” strategy and builds on Panda’s commitment to providing all users – of both the free and pro versions – with the best possible protection and minimal impact on PC performance. While other vendors charge more money for better protection (like the Mafia), Panda’s upsell comes in the form of greater ease of use and manageability through a number of automated security capabilities.
That’s a novel idea, isn’t it?
How about the rest of the industry follows suit?]]>
I reported on Panda Cloud Antivirus back in June and July in my posts, Panda’s Cloud Antivirus (Beta) is a Winner! and Panda’s CloudAntivirus Update.
I tested Panda Cloud Antivirus extensively on my systems while it was in beta and only recently switched to Microsoft Security Essentials (MSE) for evaluation. Today, I’ll switch back to Panda on my older, slower system to compare performance of each one. I have noticed a slight performance degradation with MSE that was all but non-existent with Panda. Now that Panda Cloud Antivirus is out of beta, I can make a fair comparison which I will report on later. In the meantime, here’s some info from Panda’s press release I received this morning
Panda Cloud Antivirus, the industry’s first and most comprehensive free cloud-based anti-virus that protects consumers PCs against the latest malware, spyware, rootkits and viruses, today emerged from beta after six months of user testing. To experience the expanded performance and support capabilities of Cloud Antivirus, as well as benefit from both online and offline security protection, consumers can download the free service from Panda Security at http://www.cloudantivirus.com.
Recognized for being “the first anti-virus without an update button”, Panda Cloud Antivirus delivers the fastest protection against the newest and most dangerous viruses. This is made possible thanks to Collective Intelligence, Panda’s advanced system that gathers malware information from its global community of users in the cloud to automatically identify and classify new malware strains in minutes. Collective Intelligence combines local detection technologies with real-time cloud-scanning to maximize protection while minimizing resource consumption. Available in 11 languages, Panda Cloud Antivirus works under Windows XP (32 bits), Windows Vista (32bits and 64bits) and Windows 7 (32bits and 64bits) operating systems and only consumes 20 MB of RAM.
It’s an interesting technology and one that I think we’ll see more of in the future. As more users join the collective, the application gets even more sensitive to new malware strains. A PC World review found Cloud Antivirus impressive:
“Among all of the free anti-virus software we tested for our latest roundup, Panda Cloud Antivirus was the best app at blocking known malware. The approach is intended to take advantage of the latest signatures without the need for signature-database updates–and if its excellent showing at detecting malware in AV-Test.org’s zoo of half a million samples is any indication, the approach works. Panda’s app produced an impressive 99.4 percent overall detection rate.”
Let me know if you try it and how you like it.]]>
Panda Cloud Antivirus protects you while you browse, play or work and you won’t even notice it. It is extremely light as all the work is done in the cloud.
Panda Cloud Antivirus is truly install and forget. Don’t worry about updates, configuration or complicated decisions ever again.
Panda Cloud Antivirus provides you with the fastest protection against the newest viruses thanks to its cloud-scanning from PandaLabs’ servers.
But the great part about it is how it works. Watch the video. It’s really slick, blocking malware within 6 minutes when encountered by anyone who has it installed; it’s truly real time updating.
That’s my two cents. You be the judge and try it for yourself.