Welcome!

Today Craig’s got a deep-dive into Anti-Virus software. Which should you use? What is anti-Virus’s pioneer saying? What’s the future?

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

Zoom defenders cite legit reasons to not end-to-end encrypt free calls

---

Automated Machine-Generated Transcript:

If you're like most people in the online world you have used zoom, you might even have put it in place for your business. They've now come out and said they are going to have end-to-end encryption. What's this all about?

[00:00:17] Hi everybody. Craig Peterson here. Welcome back. Thanks for joining us. We're going to talk a little bit about zoom right now. You've heard me. I'm sure. Talked about it before and how I am constantly nagging you guys that if you are a business, you should not use zoom for anything that might be proprietary.

[00:00:42] Zoom has been nailed and criticized multiple, multiple times. Zoom has been caught, lying about doing encryption more than once. Zoom was caught routing customer calls through China. Can you imagine that you're using Zoom? You're a business and your calls are going to China. They were caught installing a server on the Mac iOS application platform.

[00:01:12] Now this is really, really something. This was the final straw. This is where we absolutely laid down the law with our employees and our customers. You may not use Zoom. Even if you installed zoom from Macko Wes zoom had a piece of software that constantly phoned home information. Even after you want to install the Mac zoom application, this list just goes on and on.

[00:01:44] If you bought a higher-end zoom system for your business. And you had one of their controllers in your office, you know, a physical piece of hardware server. It had a brand it's his crazy, basically a zero-day back door wide open that they had put in purposely. That exposed every device on your network to hackers on the internet, anybody on the internet, can you believe that it's absolutely crazy.

[00:02:21] Another company we were at just this week, we were doing some analysis, replacing firewalls with something much, much, much better. And. We're looking at the firewall configuration. Right? Cause you want to do that. You want to make sure, okay. We're putting in a new firewall that has way more features that can monitor what's going on.

[00:02:42] That's going to block evilness. That's going to keep itself up to date. Right? All things that the basic firewalls that you buy online are not gonna be able to do for you. So we're looking at the configuration of their existing firewall. Now imagine our shock and amazement. When we saw that the firewall had a port wide open, the HTTPS port, the port you would use for a server that had the port wide open from the outside world.

[00:03:15] In other words, anybody can connect to it. And that connected directly to their database server internally to SQL server, which wasn't even patched up. It's absolutely incredible. What's going on? We've got to pull up our socks. You have to do an audit. You know, I think I might do that again. What about a year and a half ago we had over a thousand people.

[00:03:41] That we did free cyber health assessments for a lot of them were just home users, a number of businesses. And I have already sent out an email to businesses on my email list saying, Hey, listen, I will pay to have some of my security people talk to you now. Obviously we got to schedule it and everything else, but, um, Talk to you and fix your problems, not sell you a thing.

[00:04:06] These are fire jumper, certified security people. Okay. They know what they're doing, but zoom, this is what they're doing. Right. And on top of it, they have most of the development done in China. So the developers aren't costing them hardly anything. Can you believe this? Right? It's a, it's easy to use, but it is a security.

[00:04:29] Nightmare. What we use is WebEx teams. That's what we install for our clients. We have WebEx teams, phones. We have WebEx teams, apps on all of our smart devices, right. That's what we use. It is secure and to, and we actually control the security where we have the security keys and everything else.

[00:04:53] So it has some of the highest levels of security on it. That's what we use. If you're not going to use WebEx teams, you might consider using Microsoft teams, which is okay. But again, Microsoft misrepresents, just like we talked about Google, uh, the, the levels of security you have. Now, if you dig into the documentation, Microsoft is going to be telling you the truth.

[00:05:20] Okay. They're not lying, but the marketers. Excuse me. They just don't understand this stuff well enough, frankly, to make marketing materials because they end up misrepresenting. It goes on and on. Anyhow. So if you have looked. In Twitter, for instance, and you keep track of security stuff. Cause I know a lot of you guys you're the best and the brightest out there, you are watching some of these security conversations that are going on over on Twitter, but you've, I'm sure seen zoom just ripped.

[00:05:56] Ripped ripped for his plans to enable end to end the encrypted video. What they're doing right now is an encrypted video from your computer using their 256-bit key, which is, uh, not great, but they encrypt it to their servers. And basically anybody can hop onto any of these zoom calls or they put a few things in place.

[00:06:19] That's going to make it a little bit easier, a little bit better. But what they're saying is we're going to add end to end encryption and they have put a document up on Github, which is a website that's used by open source developers, zooms, put a document up there saying, okay, this is what we're planning on doing.

[00:06:37] For our security strategy. What do you guys think? We'll see what happens, but Zoom is only going to be providing this end to end encryption for the video and audio and files for their paid customers. So when I looked around a little bit, I found our friends over at the electronic found frontier foundation, really complaining about this.

[00:07:04] Because what they're saying is the people that cannot afford to have their messages exposed, cannot afford to pay for the encryption, the quote, right from their site here, we applaud zoom for building strong. And to end encryption into their service, but by limiting this security enhancement to pay the accounts, Zoom is denying privacy protections to the participant who may need them most.

[00:07:38] And of course, they're talking about people primarily in third world countries. And giving people special access. Like if, if they gave the FBI or local law enforcement special access to these encrypted sessions, if it's available to one government it's available to more than one government. Right. And so they're concerned about that too.

[00:08:01] And I, I think that's absolutely legitimate to be concerned about that, but. We'll see what happens here because what zoom is planning on doing is only having this end to end encryption for the paid accounts because they do not want these pedophiles. And some of the terrorists here are domestic terrorists in the US as well as internationally zoom doesn't want them using their platform to plot.

[00:08:30] Plan coordinate, organize, et cetera. Now I talked earlier about signal and what signal is doing and Signal is end to end encrypted, no matter what, right. It is absolutely free. And that's what Moxie Marlinspike put out and why he did it. WhatsApp is the same way, but, uh, well, we'll see what happens with zoom because they're figuring, Hey, if you are paying for an account, You have a credit card that you're paying with there's some way of pain and that can be tracked by law enforcement if they need to track it.

[00:09:07] So we'll just leave it at that, right. It's going to make it easy enough. And if you're not paying for it, which is how most of these pedophiles and others are apparently doing it. Do you using free accounts while then you get what you deserve? So don't use Zoom. I can't trust them. They've lied to us again and again and again.

[00:09:26] And it's been proven multiple times. They're under investigation right now by a couple of federal agencies for some of these lies and misrepresentations. Don't use zoom use WebEx teams, which is what we use. And we use it with our customers, or maybe look at Microsoft teams, stick around. We've got I'll wrap up.

[00:09:50] And one more thing. When we get back, you're listening to Craig Peterson on WGAN.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553