After the first launch of the operating system in July 2015, there was a flurry of criticism about Microsoft’s handling of users’ personal data. For example, Microsoft edge (the built-in browser) collects information from Internet searches, your location is processed by built-in telemetry services, information entered by keyboard/handwriting or voice commands is read and remembered, constant “eavesdropping” on the microphone, handling contacts, text messages, reading hard drives and passing encryption keys to Microsoft servers. All negatively affected the first impressions of the operating system

By no means do I want to scare you that everything is so terrible and impossible to fix. Since you voluntarily agreed to the processing of data at the first start of the operating system, it is just as possible to voluntarily opt out without loss of warranty of the computer or service from the companies.

If you only plan to install the operating system

Choose manual settings, and independently remove all the checkboxes that will meet us along the way. Be sure to create a local account (without having the Internet), skipping the step of connecting to your Wi-Fi, or do not insert the Internet wire into the computer.

If you have already created a Microsoft account, it is better to delete it and recreate it without linking it to an email address. That way you will remain anonymous.

Privacy and updates

After we have seen the desktop of our computer, we have to change the privacy policy. We go further: Start – Settings – Privacy. Here, under: “General”, we forbid all manipulations.

Below left, go to “diagnostics and feedback” Select Basic. Disable all information collection, unfortunately, you can not, as most things are the usual diagnostics of the device itself.

Scroll down below and uncheck all the checkboxes. Since we can not disable the diagnostics completely, we can prohibit sending this data to Microsoft. At the very bottom there is an item “Frequency of feedback formation”, there in the dropdown box select “Never”.

Next we will disable updates. Since updates come out frequently, our manipulation will lose relevance, due to the fact that the parameters will be forcibly enabled. We go to:

Start – Settings – Windows Update and Security – Advanced Settings. There uncheck the first 4 items, then you can leave them as they are.

Next, rename the PC. To do this, next to the Start button is a magnifying glass icon (search).

Click it and type in the query field “About the computer”. Go to the “about computer” section, which is in the “best match” line.

Swiping through, just below, we’ll see the “Rename this PC” button. Write in Latin the name that is convenient for us. You need to do this because Windows automatically distributes PC names, and if your computer ends up on a public network, it will be harder to identify it.

Did that turn out to be easy? Then let’s increase the complexity.

Changing ad settings.

Right click on the Start menu – Windows PowerShell Administrator.

Start typing the script:

sc delete DiagTrack

sc delete dmwappushservice

C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl

Notepad C:{Windows\System32\drivers\etc\hosts

Confirm each script by hitting Enter and our PowerShell should look like the screenshot below.

After you have entered the script. Our notepad window will appear.

At the end of the notepad we enter the following:

127.0.0.1 localhost

127.0.0.1 localhost.localdomain

255.255.255.255.255 broadcasthost

It will look like the picture below. Save this file. By doing this we are disabling the external resources and ad blocking in many built-in or released programs by Microsoft itself.

Built in security and telemetry

Now we will modify the local group policies to disable OneDrive, built-in anti-virus, and some telemetry.

Press Win+R and this will open Runtime window:

In it directly already write in the line “open” the following query:

gpedit.msc

We will open Computer Configuration. In this section, select the administrative templates, almost at the bottom select “Windows Components”, then the folder “Builds for data collection and pre-builds” and disable telemetry.

In the Build Components menu, select OneDrive and disable it.

Then immediately disable Windows Defender. I suggest you use a third-party antivirus rather than the original built-in one.

Next, find the components of Windows – Antivirus program. Turn off the option highlighted in the screenshot below.

One of the last points – in the registry you need to disable telemetry completely, so that your PC collects less technical information. Press our usual Win+R. Write regedit. This will open a window where we will need to go to:

Click on the arrow icon each time, and at the end click on the “DataCollection” folder itself:

Where we change the value of 1 to 0. Then we click OK.

The last thing we do is to check whether our voice recorded by our own PC. To do this we will go down the path:

C:/Windows\Temp

There you can find the recorded voice in WAV format. If it is there, you can safely delete it. As practice has shown, it was not Windows itself that was snooping, but filters installed on the microphone. The most effective option is to disable the microphone through the taskbar.

Conclusion
So, we have learned to control our actions, both on and off the Internet. It is necessary to understand that companies act for purposes more advertising than observational.

For the best effect, we also advise not to use built-in programs like GrooveMusic, photo browsing, but to use extraneous software.

Cortana is a handy voice-activated personal assistant that runs on Windows. It helps you with tasks such as setting reminders for important events, managing your calendar, sending emails, finding elusive files on your computer, and more. However, Cortana is not so well accepted, and many users end up asking, how to disable Cortana in Windows 10 permanently?

3 methods to disable Cortana in Windows 10

Let’s discuss the different methods to disable Cortana in Windows 10 and stop Microsoft from collecting personal data.

Change Cortana in the SystemApps folder

You can change the process name of Cortana in the SystemApps folder to completely disable Cortana in Windows 10. This method changes some of the basic settings, so make sure you want to perform this step.

Therefore, it is highly recommended that you create a system restore point before performing these steps.

So, you were able to successfully disable Cortana in Windows 10. You can always repeat this process by changing the file name to the original one. If this method doesn’t work for you, try another one.

How to disable Cortana in Windows 10 using a registry file

One surefire way to disable Cortana in Windows 10 is to make a few changes to your computer’s registry. Since diving into the registry can sometimes lead to unintended consequences, make sure you follow these steps exactly to avoid complications.

Just in case, back up the registry and create a system restore point before you do anything.

You were able to disable Cortana in Windows 10. However, if you are a Pro or Enterprise user, you can also choose method 3.

Use the local group policy editor to disable Cortana

If you’re a Windows Pro or Enterprise user, here’s how to permanently disable Cortana in Windows 10 using local group policy.

Press Windows + R to open the Run dialog box.

Type gpedit.msc and click OK.

The local group policy editor will open. In this window, navigate to:

Computer Configuration> Administrative Templates> Windows Components> Search

Double-click Allow Cortana in the right pane. Select Disabled and click OK.

To enable Cortana again, you just need to switch back to Enabled.

Reboot your computer.

Now you know a few ways to disable Cortana. Well, sometimes you don’t want to talk to Cortana, but you don’t want to turn it off completely either. You can go into your Windows settings and quickly manage your Cortana settings by following the simple steps below.

How do I configure Cortana using System Preferences?

As mentioned above, there are handy methods you can use to find out how to disable Cortana in Windows 10.

But what if you don’t want to disable it and configure Cortana. Using this method, you can get some/all of the permissions that your Cortana has on your device.

First go to the search bar and type in Cortana, you will see the Cortana Search and settings option at the top, click on it.

Under Talk to Cortana you need to disable a few things if you want to get rid of Cortana.

Disable any features you don’t need, turn them off first. Allow Cortana to respond to “Hello, Cortana.”

Use the switch to disable the “Allow Cortana to listen to my commands when I press the Windows + C logo key” option.

Then, if you want privacy when your screen is locked, disable the “Use Cortana even when my device is locked” option.

Then switch to “Permissions and History Settings” for Cortana.

The right side of enabling this feature is that you get good recommendations for apps, news, etc., since Cortana gets an idea of your likes and dislikes. However, if you don’t need this feature, just turn it off and Cortana won’t save your history without your permission.

Windows Search is a convenient way to retrieve any data on your computer or on the Internet. Similarly, Cortana helps you use your voice to search for any content at any given time. There is an option in Windows where Cortana Search can also display your cloud content when you search for something.

In “Permissions and History Settings,” the very first option here is whether you want to see cloud content when you do a Windows search. You can configure it for your account or for other Windows users. Consequently, disable “Windows Cloud Search”, which will not display your cloud content in Windows Search.

Next, do you want Cortana to view your activity history? If you enable “View Activity History,” you will be able to view your activity history on the Cortana home page.

Another feature to turn off is “Activity Recommendations.” This feature notifies you where you last stopped so that you can easily resume unfinished tasks when you switch devices.

Enabling “My Device History” improves your experience on your device. It keeps track of all your activities on the devices you’ve logged in on and helps improve your search results through Cortana. Turn it off if you don’t want Cortana to retain your device history.

Last but not least, simply clear your device history and all your data collected in the Cortana database will be erased. Although Cortana stores your data, history and actions to improve your experience, some people find it intrusive and don’t want their actions tracked by any app. Consequently, click “Clear your device history” and you’re all set.

Cortana has a lot of good things to offer, but at the same time it requires you to grant access to your device and other data. Hence, it is an individual choice.

Suspending updates

The easiest way to pause updates is already in Windows 11 itself. It allows you to delay downloading updates for up to five weeks. Just go to “System” and select “Windows Update Center”.

In the window on the right, set the desired interval of suspension of updates.

Disabling the Windows 11 Update Service

Another way to stop Windows updates is to disable the services responsible for downloading them.

Press Win+R to open the Run window, type services.msc and press Enter. The command can also be pasted into Search.

The “Services” window will open, where you need to find “Windows Update Center”. If the service is running – click “Stop”.

To prevent the system from starting the service itself, change the “Startup Type” to “Disabled” in the “Properties” tab.

Blocking Windows 11 updates in the Group Policy Editor

You can stop the update by editing Group Policy.

Press Win + R at the same time and type gpedit.msc.

In the Local Computer Policy window, select the “Computer Configuration” line. Then select “Administrative Templates” – “Windows Components” – “Windows Update Center” – “User Interface Management” – “Configure automatic updates”. Select “Disabled” and click “Apply”.

Disable Windows 11 updates using the registry

Press Win + R at the same time and type regedit.exe to open the registry editor. In it, go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows.

Create a folder named WindowsUpdate, in it another folder named AU, and already in this folder create “Parameter DWORD (32-bit)”.

Give it the name NoAutoUpdate and press Enter. Double-click NoAutoUpdate and make sure that “Calculation System” is selected “Hexadecimal”.

The truth is that since the release of Windows 10, Microsoft has been increasingly collecting more user data. And that’s not the case with Windows 11. So if you’re worried about your privacy in Windows 11, follow our guide to protect your privacy in Microsoft’s latest desktop OS. We’ve mentioned the key settings you should turn off to protect your privacy in Windows 11.

We’ve added 10 different ways to protect your privacy in Windows 11. At the end, we’ve also included a third-party program to make Windows 11 a privacy-friendly OS. On that note, let’s dive in and check out the privacy settings you should change right now.

Сhange the general privacy settings

Disable online speech recognition

If you don’t want to use the new Windows 11 features such as voice input and voice access that use Microsoft’s online speech recognition, you can disable it. This will prevent Microsoft from sending your voice data to the cloud, thereby preserving your privacy. Here’s how to do it.

Disable sending diagnostic data

To keep Windows 11 secure and up-to-date, Microsoft sends a limited amount of diagnostic data that is required by default. However, there is another set of optional diagnostic data that allows Microsoft to access your browsing history, how you use an application or feature, and much more. If you don’t want to send optional diagnostic data to the Redmond giant, follow these steps.

Disable activity history

In 2018, Microsoft introduced a timeline feature in Windows 10 that tracked all your actions on your PC. It was later renamed Action History. In Windows 11, it doesn’t show a timeline of your tasks and actions, but Microsoft still stores all your actions, which is pretty amazing. If you want to protect your privacy in Windows 11 and prohibit Microsoft from tracking all your actions, follow these steps and disable this feature.

Permission to change your location

If you don’t want apps to access your location in Windows 11, you can block access with a single click. However, completely disabling location services in Windows 11 will also prevent you from finding your device if it is stolen.

To avoid this, I suggest that you only allow location permission for apps that really need it. Here’s how to manage location permission and protect your privacy in Windows 11 from aggressive apps.

Change Camera and Microphone Permissions in Windows 11

Among the many permissions, the camera and microphone are the most important, and you should make changes to your Windows 11 PC to prevent nefarious applications from accessing your camera and microphone in the background. This will greatly protect your privacy in Windows 11. Here’s how to do it.

Enable encrypted DNS

Another way to protect your privacy in Windows 11 is to encrypt the web traffic on your computer. Encrypted DNS (also known as DNS-over-HTTPS) is becoming the accepted standard for encrypting DNS requests.

Whenever you try to open a website or an application tries to connect to its server, your computer contacts the DNS server to look up the domain name. This exchange goes largely unencrypted and can be a major source of leakage.

If you are serious about your privacy, you should definitely enable encrypted DNS in Windows 11.

We’ve already written a detailed guide on how to enable DNS over HTTPS in Windows 11, so read our guide and make the necessary changes. This will go a long way toward protecting your Internet activity not only on home networks, but on public networks as well.

Switch to a local account

By now you know that Microsoft is pushing users to choose a Microsoft online account over a local Windows 11 account. And judging from the latest news, Microsoft is also looking to introduce an online account requirement for Windows 11 Pro users.

All of these changes are being made to collect more user data, create a monetizable user profile and target customers with personalized advertising. Essentially, the online account requirement allows Microsoft to track your usage and create an online profile tied to your Microsoft account.

So, the first thing you must do to keep your privacy in Windows 11 is to switch to a local account. We have a detailed guide on how to switch from a Microsoft account to a local account in Windows 11, so follow the instructions in the linked article. This will prevent Microsoft from creating an online profile associated with your activities on the device.

Delete your Microsoft cloud data

No matter what you do on your Windows 11 PC, Microsoft tracks all your activities and sends the data back to its server. Microsoft says the data is used to improve its services and products, personalize your online experience and provide better recommendations. The data is designed to understand your behavior and provide you with targeted advertising. i

If you want to delete all of your cloud data, including location information, browsing history (collected from Edge or Windows search), app and service activity, media activity, and performance data, follow these steps.

Protect your privacy in Windows 11 with ShutUp10++

Finally, we have O&O ShutUp10++, which allows you to disable all kinds of telemetry, background access to applications, data collection, suggestions and more in just a few clicks. ShutUp10++ is an anti-spyware tool created by the German company O&O.

It is a free tool that offers recommended settings to ensure maximum privacy in Windows 11. You don’t need to open Windows 11 settings, and you can make your own privacy-friendly changes.

This program does it all seamlessly and changes basic configurations through the registry and group policy that are not available in Windows settings. In addition, for security purposes, ShutUp10++ also creates a system restore point in case something goes wrong.

To learn how to use ShutUp10++ to protect your privacy in Windows 11, follow the instructions below.

Here’s how you can easily protect your privacy in Windows 11. I would advise you to review all the Windows 11 privacy settings that you should disable, and then use ShutUp10+ to make other recommended changes. If you have any questions, let us know in the comments section below.

Thanks to them, parents always know what their child is doing on the phone: what he is interested in, how much time he spends, where he is at a particular moment. All applications can be customized according to individual parameters. There are many such solutions for Android. Let’s look at the best of them.

Google Family Link

Parents can remotely prohibit the downloading of suspicious content, limit the time of Internet use, block the phone at night or at any other time. Regardless of an adult’s opinion, Family Link arbitrarily cuts off access to YouTube services for users under the age of 13.

Through the app, you can ascertain where your child is and if he or she is skipping school. Unless, of course, he guesses to turn off his smartphone or at least the Internet. By the way, it is the app Family Link is famous for the fact that today’s children easily bypass its bans.

Kaspersky Safe Kids

Practicing psychologists were involved in creating the Kaspersky Safe Kids app. Therefore, the main feature – more than 100 professional recommendations, which you get, using the service.

The free version contains tools that show what your child is looking for on the Internet, what sites he or she visits, what programs he or she uses and how much time he or she spends online. All of this can be adjusted, limited or disabled if desired. However, due to the peculiarities of the iOS system, you will not be able to block a child’s iPhone or iPad.

Premium version allows you to monitor the battery charge, monitor social networking activity, view the history of YouTube requests and make a schedule for your child to use the device.

For paid subscribers, geolocation is also available, with the ability to outline a safe perimeter for walks. If your child tries to bypass the bans or runs outside the area specified in the program, the system will instantly send you a notification.

Where are my kids

The program is compatible with both smartphones and GPS watches. In addition to the location, the devices will tell you what time the student came to school, when he came home, and how long the battery will last. So you can reach your child even if he or she left the phone in another room or turned off the sound, the developers came up with a loud signal function.

Parental Control Kroha

The app works as a GPS tracker and a means of monitoring screen time. Parents are provided with detailed application statistics. Based on it, you can reasonably block access to games, social networks, websites and YouTube channels. That is, to all the entertainment that interferes with students’ concentration on studies.

The program also allows you to monitor WhatsApp and Viber correspondence, control the battery level and view photos that your child took or received.

Kidslox

Kidslox is a cross-platform application, which allows full control of the iPhone from an Android device and vice versa. The program is designed to block “time killers” or at least limit their use. Games (including Minecraft and Clash of Clans), YouTube channels and social networks (Facebook, Snapchat and Instagram are in the zone of special attention). Naturally, access to sites with adult content is severely cut off.

In addition, Kidslox allows you to remotely turn off the camera if your child is too engrossed in selfies or video chats.

According to a study by the international company Ipsos, which came out in 2021, 94% of Russian children use smartphones, with 85% having one of their own. 93% of children regularly use a computer. Kaspersky Lab’s 2021 study confirms these numbers. According to it, 93% of children in elementary school have a smartphone. Most often children go online to play games (76%), watch videos (70%), communicate with friends (67%) and prepare for lessons (53%). In addition, every second teenager, according to NAFI, makes purchases with a smartphone.

As noted by parents, 53% of children spend between one and four hours a day on a smartphone or computer; more than a quarter (26%) spend all their free time on them. At the same time, only 55% of parents limit the time their children spend on the Internet.

According to the international organization Common Sense, parents themselves usually begin to give their children gadgets, and from the age of six to eight months. According to a study conducted by NetMums, most children today start using the Internet at the age of three.

How to set up a smartphone for a child, not a child against himself?

When setting up parental controls, it’s worth understanding that they need to be ethical. First, you have to accept the fact that your child’s playtime will account for 50% to 99% of his or her time on the smartphone. The parent’s job is to make sure that play sessions don’t stretch for hours, but are shorter, but can occur several times a day.

Instead of being afraid of information on the Internet, it is worth teaching your child how to properly search for, analyze, and use data from the Web. Preferably do it together until he or she learns how to use the Internet properly.

You should not read your child’s correspondence – it is acceptable only in emergencies, as well as studying the contents of his smartphone. And installing spyware can only undermine trust.

As kids get older and prove to know the rules of smartphone use, it’s wise to give them more freedom.

Both Android and iOS have built-in parental control tools. Let’s figure out how to choose and set them up properly.

What are parental controls?

Parental controls are software designed to protect minors from age-inappropriate content. It can block pornography, websites containing alcoholic beverage ads and so on on smartphones and other devices.

At the most basic level, parental control products contain tools to block unwanted content. But most products also have the option to set up white lists and blacklists. Whitelists are parentally allowed sites. They won’t be blocked even if they fall into a category that the app normally restricts. In contrast, a blacklisted website will not appear in searches even if the category itself is not blocked.

In addition, most parental control tools include other features:

Controls or limits on the amount of time children spend on their smartphones. For example, a parent can configure settings so that the Internet or certain programs don’t run after 10 p.m., when children should be getting ready for bed, and can limit the daily Internet time. If the daily hours limit is exceeded, the child will not be able to access a particular site.
App blocking: this allows parents to completely block certain programs, regardless of the time of day or amount of use.
Geolocation view. This feature will allow you to check where your child is at any time.
Many parental control tools can be installed on the system completely invisibly. Because of this, even technically savvy teenagers sometimes can’t easily remove them or bypass content filtering.

How to set up parental controls

The process for setting up parental controls is different for iOS and Android devices.

Create a user account

First, you need to sign up for an Apple ID account or a Google account. For a child under 13, this must be done by a parent. You can create an account either when you first start your phone or on your old device by simply logging out of your account in the system settings. But it’s more convenient to perform a factory reset, which will restart the initial setup procedure.

On Android: “Settings” → “Restore and reset” → “Reset settings” → “Reset phone settings” → “Erase all”.

On iOS: “Settings” → “Basic” → “Reset” → “Erase content and settings”.

Turn on the screen lock

Your smartphone contains a lot of personal information that needs to be protected. A basic level of protection involves locking the device’s screen. This can be a passcode, a pattern key, a fingerprint or face unlock. The option is usually offered to set up when you first start your smartphone, but it can also be done later in the settings.

Activate two-factor authorization

Once two-factor authentication is activated, you will only be able to log in to your child’s account and make any attempts to manipulate it after entering a code that is sent to a trusted phone number. This can be a parent’s number.

Activate family access

Sharing family members can share purchased content and allow your child to shop on-demand, as well as limit how long you can use your device, view your location, and use other features.

Add a request to buy and download apps

The purchase approval feature is needed to control children’s spending online and limit it to specific apps. If a child makes a purchase or even a free download, the parent receives a notification where they can approve or cancel the download.

Limit unwanted content

This option prohibits your child from accessing sexual content, violent content, and other unwanted pages on the Internet.

Set Screen Time Settings

The option allows you to define the amount of time your child can spend per day on games, social networks, and apps.

Turn on geolocation viewing

On iOS and Android, your location is displayed in real time in the Family Link and Locator apps, respectively.

Make settings in case you lose your phone

It’s a good idea to anticipate the situation when a child forgets or loses their smartphone by adding a phone number and a message to the lock screen asking them to return the device.

The pandemic has put Chief Information Security Officers (CISOs) at the forefront of the battle for enterprise continuity. Enterprise business continuity plans with varying attitudes toward remote work are being put to the test. What was simply a reaction to what was happening has become the object of long-term planning. And with attackers increasingly trying to exploit attack vectors exacerbated by the pandemic, information security issues are taking center stage for businesses.

“Information security directors face a number of challenges. Some they are already familiar with, some are new,” said Wendy Nather, who leads Cisco’s IS advisory group. – This year, remote working has taken center stage. It poses a serious challenge in terms of transparency of what is going on in the IT environment.” Wolf Goerlich, Cisco IS consultant, agrees with her: “It’s about transparency of applications and devices. There are enterprises with more than 1,000 applications, but security sometimes only sees 10% of them. The same goes for devices: some employees use 5-10 devices, but security doesn’t see any.” Richard Archdeacon, Cisco EMEA information security consultant, said: “Increasingly, CIOs are also concerned about staffing and how to attract and retain talent.

During the roundtable discussion, the experts suggested information security directors should pay attention to four trends.

Time to get rid of passwords

Password is the cornerstone and Achilles heel of information security. Users are forced to memorize, change and keep passwords secret, and on average there are 191 passwords per user. Passwords are easy to compromise: according to the Verizon Data Breach Investigation Report, 81% of break-ins were due to stolen or weak identities. Not only that, passwords incur hidden costs. Organizations spend millions of dollars and man-hours each year to regularly change passwords, so it’s not just hacks that are costing them money. Now, platforms, industry groups and service providers are coming together to find a foothold for a password-free future. Biometric technology is slowly creeping in everywhere. Consumers and businesses alike are increasingly using them. Companies are beginning to wonder what will happen to user and data security in a world without passwords.

“It’s not easy to forget passwords after 60-plus years of using them. We have a unique opportunity to rethink authentication principles and create systems that will be as easy to use as they are hard to crack,” says Görlich. “The password-free future may come in a year or two,” adds Nater, “In the meantime, users’ lives are already made easier by Single Sign On solutions.

Collaboration, not control

In many organizations, the traditional approach to security is to write instructions and enforce policies. In the past few months, however, a major cultural shift could be observed. A new model of cooperation and interaction between information security professionals and business colleagues is emerging. Workers are becoming more independent and the pace of work is accelerating. Therefore, security tools need to be as simple as possible in terms of their use. “When building information security systems, we should focus more on collaboration than on control,” says Nater.

On the one hand, by controlling users, organizations are spending their money, on the other hand, users are increasingly taking control into their own hands. CISOs face questions: what needs to be controlled and what can be handed over to users, what should and should not be enforced.

“In addition,” Görlich continues, “control implies hidden costs. The more we restrict users, the more resourceful they become. The consequences can be unpredictable.”

The spread of secure telecommuting

Telecommuting has long been nothing new. But now the rate at which it’s spreading is growing exponentially, even in the most conservative organizations.

During the pandemic, Cisco Duo Security, the division responsible for multi-factor authentication and secure access, recorded a jump in the number of user authentications from 600 million to 800 million. Most of this growth is related to remote working, and no downward trend is in sight.

“The actions of information security directors during the lockdown should be noted,” Arkdicon says. – They are laying the right foundations by implementing basic controls such as multifactor authentication and DNS- and VPN-level protection. As new labor regimes emerge, they are drawing conclusions and shaping a forward-looking strategy to protect their organizations. In doing so, there is a growing need for collaboration to enhance the role of users at the forefront of protection.

Artificial Intelligence, Machine Learning and Zero Trust

Traditionally, the degree of trust is determined solely by the network address from which the request came. The zero-trust approach is more dynamic and adaptive. Trust is established for every request, no matter where it comes from, networks and applications are protected, and only verified users and applications get access.

Multifactor authentication, encryption, and labeling of known and trusted devices make it difficult for attackers to obtain information (identity, network access, horizontal movement capability).

Specialized User and Entity Behaviour Analytics (UEBA) systems are an example of how zero-trust security is enhanced with artificial intelligence (AI) and machine learning (ML). In contrast to the generalized approach used today, specific actions are analyzed.

“The use of AI and MO is a form of automation to help humans. Automation works well when there is certainty, accuracy and accountability. Cisco products take all three of these factors into account. You need to be sure of why automation is necessary and what it achieves. You need to know exactly how the automation works so that it does not have an unpredictable impact on other systems. Finally, you have to take responsibility and be prepared for the automation system to work for a long time without any modifications,” Nater concluded.

What is reverse-engineering in IT?

Reverse-engineering, or sometimes called reverse engineering, is the process of analyzing an application to determine its functional characteristics, internal architecture and, actually, its operation: modules, functions, algorithms. Reverse engineering is used in IT for different purposes:

However, Reverse Engineering is often used [inappropriately], because after studying the architecture of an application or getting the source code, you can modify it and use it for your [selfish] purposes. Here are some examples:

Using trial versions of an application all the time. Say we have a product that we can use for free for a month. When we run the app, it checks the installation date relative to the current one. By removing this check or replacing it with a function that will always return the desired result, the application will remain in trial mode forever.

Information or code theft. An attacker can target not the application itself, but a module or part of it. This tactic is relevant for competing software companies.

Bypassing technical means of copyright protection. An intruder aims to bypass copy protection for audio and video files, computer games, or e-books for subsequent free distribution.

Attackers can target both [desktop and mobile applications. In the context of reverse-engineering, it does not matter whether the application is written to run on a smartphone or a PC, because the hacking methods depend to a large extent on the programming language and the security mechanisms implemented. After all, a mobile app is an archive that consists of configuration files, libraries and compiled code files. Therefore, in general terms, the approaches to [hacking mobile and desktop applications will be the same.

The source code retrieval process depends on the programming language and platform, as it is a reverse compilation process. For example, applications developed in the .Net framework are first compiled into the Common Intermediate Language (CIL) and then converted to machine code through the Common Language Runtime (CLR) at runtime. The compilation of Java and Python applications works similarly: high-level code is first compiled into an intermediate low-level byte-code language and then converted to machine code by a just-in-time compiler.

This arrangement provides cross-platform compatibility and also allows different parts of the application to be written in different languages within the same framework. However, in terms of reverse-engineering, it is possible to get information about classes, structures, interfaces, etc. from the intermediate language (both CIL and bytecode) and restore the original architecture. There are ready-made utilities for this such as .Net Reflector, MSIL Disassembler, ILSpy, dotPeek for .Net applications, Javap, JAD, DJ for recovering Java from bytecode and pyREtic, pycdc, Uncompyle2 for handling Python applications.

If an attacker is sufficiently familiar with CIL or bytecode, sooner or later he will be able to modify it, recompile it, and make the application work for his own purposes.

Reverse-engineering applications in traditional programming languages (such as C, C++, orObjectiveC) is a more difficult task. Applications written in them are immediately compiled into executable machine code, which does not store any information about the structure of the original application: class names, function or variable names, etc. An additional obstacle is that the low-level representation does not contain branching constructions (if, for, etc.), and their reconstruction requires building a graph of the flow of the program’s control constructions. This requires significant time costs. But even this cannot guarantee the safety of the application’s source code. Having deep knowledge in Assembler and programming skills, the task of source code recovery (or identical functionality) becomes only a matter of time.

So how do you secure your application? Or at least make it more difficult for an attacker?

Here are some popular ways:

There are other methods of protection such as watermarks, placing critical code sections into separate modules, protected execution environments, etc., but none of them can provide complete security. The approach to protecting an application must be unique to each individual case.

For example, code obfuscation is not only a security feature, but in some cases it may increase performance. For example, writing the code to a single line or replacing variable names with shorter and non-obvious names reduces the size of the build and increases the performance of the application. However, types of obfuscation such as adding code branches or aliasing can reduce performance.

Therefore, when choosing methods of code protection, you should first be guided by the threat model, namely: what in the application should be protected and in what ways an intruder can try to get it. If it is a code change then you should focus on integrity checking, and if you are examining a part of the application you should consider obfuscation or encryption. Although there is no guaranteed solution, with the above security methods you can make it as hard as possible for an attacker.

Stateful packet inspection (or dynamic packet filtering) is a technology that monitors active connections and checks whether incoming data packets match those connections. It then decides whether to allow or deny them to pass through the firewall.
In short, devices transmit data in packets so that the receiving side can process them more easily. One large block of data can be divided into several packets. But hackers can hack into these packets to harm the receiving server. This is where the SPI firewall checks to see if these packets are legitimate and match an already established connection. It rejects packets that do not belong to a trusted connection, thereby minimizing the possibility of hacking.

What is an SPI firewall?

An SPI (stateful packet inspection) firewall protects devices by checking incoming packets against existing connections.

A normal firewall does inspection on static values, such as the source or destination address. It does not take into account the packet connection traffic and applies the same set of rules to all packets and cannot receive any information about its connection. These firewalls cannot be configured to open and close sessions. They also cannot detect if packets are coming from a legitimate IP address. Therefore, they are not as secure as SPI firewalls, but they are faster.

How do SPI firewalls work?

An SPI firewall can memorize the attributes of each connection and use this information to determine the reliability of the packet. It stores this information by examining the packets and setting rules. Because of this, it sees the entire context of the packet, not just the contents.

With this memory, the SPI firewall does not need to thoroughly examine every packet, so it works faster than deep packet inspection (DPI). The latter deconstructs packets to see if they are properly formed and if they contain any malicious code. DPI is used for a variety of purposes, including network management, security, data mining, or Internet censorship. It provides security through speed reduction.