Patch Lady – 31 days of paranoia – day 5

Patch Lady here with paranoia of day 5.  And this one is a doosy… can you trust your hardware?  You’ve probably seen the headline about chips embedded into motherboards of computers used by Apple and others.  Kirsty posted about it here.

But before we start unplugging all of our computers and going back to paper cups and string as our communication means, there are also numerous stories that the article has holes in it.  For example… statements from the vendors.  Questions about the reporting from others.

But now there are stories that it’s not just hardware but firmware updates.  So how can you trust hardware when so much of it is built in a Country (and I’m going to be less than diplomatic here) has a history of being less than transparent?

And how do you know if you have a system that has such a backdoor?

There are several tools I use to better understand what is going out of my system, but none of them are easy to understand.  Some are cheap (free), but take a rocket scientist, of which I am not, to understand.

Ranging from tools like wireshark (free) that allow you to view the packets leaving your system, to Windows defender Advanced threat protection that give Windows 10 E5 users (yeah, not cheap) the ability to view in a console what is going on in your system helps me to better understand what is going outbound from my computer.

What is a bit disconcerting is that all of this information that we, the computing public, need to better understand what is happening to our systems is getting more complicated, not less.  Furthermore, our vendors are making it harder to get answers from our own systems.  While Windows 10 has a relatively new (in 1803) diagnostic data viewer, pretty much only a Microsoft engineer can understand it.  And Microsoft doesn’t offer “root cause analysis“, which includes breach investigation for customers who don’t have premier support contracts.  These support contracts are expensive and typically folks like you and I can’t afford it.  I am a bit concerned that for small firms or individuals, forensic or breach analysis affordability is about nil.

So what’s a computer user to do?  Today I don’t have a good solution for us.  Seeing and viewing outbound traffic and understanding it isn’t easy.  I hope that someday Microsoft will put Advanced threat protection in all versions of Windows.  The best I can recommend is get a gut feel for your system.  Open up the task manager and view what processes are running.  Note when your system “hits” the hard drive and what you are using at the time.  See if you want to tackle understanding Wireshark.  And then just kinda freak out a bit reading those articles.

I told you this would be 31 days of paranoia!