For VPNs, would you recommend Virtual Shield or Nord?

I’ve never used Virtual Shield so I really can’t give an opinion on them. Nord has consistently been a very good performer in the testing on the channel. Virtual shield is on the list to review 👍

2 things. First, is VeraCrypt encrypting the entire drive or just a part of it? Second, keep in mind and inform people that they can actually get "hacked" without the "hacker" ever touching their computer by simply being connected to the same wifi connection!

Veracrypt can do both as far I know...individual files and full drive encryption.

how do you get your flash drive to do this? Could you make a video for that

Then what you do is change the wallpaper to “Encrypt your drives IT department” and wait for them to get half a clue as to how to properly secure their devices. Shame on them for not encrypting that stuff. Students are logging in every day with personal information...that is just so ridiculous.

I was going to do that but coronavirus happened. I would of had to unplug the harddrive to hack the boot order because the bios has security.

oh wow thats cool

My school has the bios locked and I don’t know where the cmos battery is

Softwate encrypting the drive would have stopped you. Wow, your school was lazy.

Agreed. I have encrypted my systems. One is a multifunction rig. Primarily for streaming and editing. Your security is in correlation to your threat modeling. If you want to encrypt everything. Which is normally my default for primary drives. I suggest you invest here: 1) Buy the fastest processor you can. 2) By the one with the most cores you can afford. 3) RAM, faster is better always, but in real world applications. There is a limit. Unless you are doing some heavy stuff on it. Most of us are not. Video editing, rendering, etc. For the average users and casual gamers. They will not notice much difference. With every computer I have ever owned. RAM is what I normally consider one of the key upgrades. 4) For your OS partition, a platter drive is more secure. An SSD. Given the technology and how it works at current. Is less secure in most instances, but speeds up performance even on older rigs. Extending their life. There are ways to mitigate security risks with SSDs.

@«tutacat» Look up hardware encryption standards and breaches. Garbage. I use it as a layer. Not as my absolute line of for security. Even Microsoft gives instructions to disable hardware encryption. Software encryption all the way.

@«tutacat» From what I read. Hardware encryption sucks. OPAL was poorly implemented. I use it as weak 2FA. A common thief will steal the drive. Think it is busted. Thus they will either wipe the drive or toss it in the trash in fustration. Fail Safe or Fail Secure? I lean on Fail Secure most of the time. Any mission critical data is typically software encrypted. Either as individual files or an encrypted partition. This will not stop an informed individual. Or a government agency. If somebody broke into my house. I doubt they would have a clue. Also, their are plenty of forms and KZbin Videos on how to bypass the weakest of hardware encryption. With relative ease. Now some are better than others. However, I do not bet the farm on hardware encyrption. winaero.com/disable-hardware-bitlocker-encryption/ linustechtips.com/topic/991420-major-ssd-hardware-encryption-flaws-discovered/ www.digitaltrends.com/computing/western-digital-encryption-flaws/ redmondmag.com/articles/2018/11/06/microsoft-ssd-security-advisory.aspx www.bleepingcomputer.com/news/security/flaws-in-popular-ssd-drives-bypass-hardware-disk-encryption/ www.tomshardware.com/news/crucial-samsung-ssd-encryption-bypassed,38025.html www.tomshardware.com/news/crucial-samsung-ssd-encryption-bypassed,38025.html www.reddit.com/r/DataHoarder/comments/5z2gmf/do_western_digital_external_drives_still_have/ www.pcworld.com/article/398130/bitlocker-windows-built-in-encryption-tool-no-longer-trusts-your-ssds-hardware-protection.html www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/ www.computerworld.com/article/2995516/western-digital-self-encrypting-hard-disk-drives-have-flaws-that-can-expose-data.html arstechnica.com/information-technology/2015/10/western-digital-self-encrypting-hard-drives-riddled-with-security-flaws/?comments=1

​@«tutacat» Disclaimer: I am not an expert. I read things. Watch KZbin Videos. As well as draw conclusions from my own experiences. LOL, you want to take that risk for senstive data. Knock yourself out. I never suggest long term storage. Of senstive data. On a hardware encrypted drive. My only exception is if the files are individiually encrypted. That is fine. Senstive naked data long term on a hardware encrypted drive? Absolutely not. I Own a few old and new hardware encrypted drives. All of them are on a compromised list. Last I checked, they all had firmware updates. As far as speed. I am generally going agree with you. Since you would also have to account settings both on the OS and and hardware. Not to mention bus speeds. Etc. LOL, if you can afford after. Buy faster. Every milisecond counts. One of the things I learned using VeraCrypt. Is that in some rare instances. There is slow down depending on what I am doing. The best I can do is buy a faster processor with more cores. Which for the moment is not required. For gaming. A faster graphics cand and going above 60Hrtz. Seems to be bottlenecking my FPS. Now what I could do is enable virtual memory. However, that is in itself is a security risks. Granted minimal since the entire drive is encrypted. Also I have not maxed out my RAM. What I have personally observed. Is that during certain processes. Even when I use all the cores on my processor. Opersations that require way more cycles. Before I encrypted the drive. This was not a problem at all. Thus I advise everyone. If you are going total OS drive encryption with VeraCrypt. Which I recommend everybody does. You must buy all the cores you can. Lite users will see absolutely no difference. Casual web browsing. Videos with minor editing. I use bitlocker, but to a limited extent. Only out of convience, nothing more. To people I talk to and or know off line. I tell them. If you are not software encrypting your senstive data. They are fools. Fail Safe or Fail Secure?

@@jamesedwards3923 Decently new hardwares would probably be able to encrypt and decrypt simultaneously without a noticable slowdown as long as your CPU have the AES new instruction. I have a laptop from 2016 and with full disk encryption, and it has only been experiencing 2-5 frames drop when playing games.

Same here dude. I know people who make no effort to encrypt their phones. I know one person who made no effort to wipe a phone after it was completely compromised. Nor did they destroy it and buy a new one. You know what I learned about users? They are not ignorant in the general or laymen sense. They are just lazy. Until they get powned. Most of them will never make even a decent basic effort. Even then, they do not care. If one more person bitches and complains to me offline. Here are my following questions: 1) Did you use a password manger? 2) Did you use complicated and long passwords. For the codes you must remember? 3) Did you enable OTP and FIDO keys for all accounts that allow it? - Did you disable SMS on all accounts that allow you to turn it off? Yes, I acknowledge some accounts you do not have a choice.

Every time when I was paranoid I lost important information.

It makes less than a 10% difference on any modern machine, this is not a noticeable difference whatsoever. If you have an SSD, this will be almost no difference.

Upgrades will be completed soon on all devices.

Thanks for the kind words :)

Correct.

LOL, I still need to buy a cheap, but vial microSD or flash drive. For my recovery disk. All critical data is not on the primary drive. Two internals and external SSD for backing up daily stuff.

You can install and configure to boot from a flash drive. I have not learned how to do this yet. In time I will and adjust my security protocols accordingly.

Thanks for watching!

Wow Stephen thanks so much for all the nice comments 😀 Yes, that support link is the best way to give back; I also recently setup Brave Rewards on the KZbin channel itself if you use BAT. You’ve already given back in encouragement and support, so thank you!

That is because he makes harder subjects easier to understand. Telling people how use more powerful tools to further secure their data. Of course it is underrated.

Disclaimer: I am not a cybers security expert or scientist. I just read casually. I am a layman. Remember this is the internet. Hardware encryption is weak. This has been well documented. Unless you have a absolute minimal assumption of threats in your models. I do not recommend using hardware encryption as a single layer at all. If at all possible software encryption is the preferred option. If you do not believe me. Take a few hours out of your day and run a search on hardware encryption flaws.

TPM are a component of encrypting anything on a computer. I do not even mention it since it is a standard component. Like a math coprocessor. When I talk about hardware encryption. I am referring to the OPAL standard.

If you want to stick with Microsoft Encryption. Research EFS for Microsoft Windows Professional and higher. If you used Windows NT or Windows 2000 back in the day. You should be aware of this. I have incomplete casual data. So I do not know all the strengths and weaknesses. Cumbersome, but not bad for low threat environments.

It completely is frustrating! I actually made a tutorial for this though lol: kzbin.info/www/bejne/jYuofYmYp7p4ha8 (It’s old so don’t be too harsh) And yes Samsung totally kept this under the radar which is crazy! I only use Samsung SSDs and having that functionality is absolutely spectacular and doesn’t require crappy bitlocker

Thanks Rhyming Dinosaur :)

Thanks bro!

Passwords are easier to backup than entire drives.

@@jamesedwards3923 yeah, i got locked oout of a USB because i forgot to capitalize one letter. My memory came back, but it was a scary, sad week

That is part of the problem. In my experience most users. They know what to do. They do not want to do it. People prefer convenience over security. One of the biggest jokes in cyber security: Biometrics. Something that can not be changed or replaced. Stupid. Also, as part of a single factor is worse.

@@genkiferal7178 I hope you chose a password manager. Then back it up.

I transitioned to VeraCrypt years ago. I tried to access a file. Did not remember what it was. A true or vera file. Currupted the data. Do you know of any program that fix it? Most of that data can be rebuilt, but that is time consuming.

Finishing up building and upgrading my devices this week. Yea, I have been busy. Too busy.

Glad to have you on board and I'm happy you enjoy it :) As for being like Steve Jobs...I am not much of a revolutionary thinker lol, just a presenter of information. I am glad you think so though!

Never tested this but my guess is yes. If it somehow does clone they’ll still need a password to decrypt it. Someone chime in if I’m wrong.

I assume that your Acronis is on some kind of bootable media, like a CD or USB drive. In that case, you can still use it, but the backup images will also be encrypted. But you can copy and restore the encrypted images, and they will still work. There is only one backup/disc imaging program, the one I use, that can make a backup image of the system that it's running on, so doesn't have to be booted in a different os, and it's called SelfImage. If you make a backup using that, in the running system, then the backup will NOT be encrypted. SelfImage is freeware, and makes standard format *.img flat disc images that will work with many different programs, like WinHex, WinImage, and many others.

@@MarkUnique Which aspect? I'll admit, my drive isn't encrypted, so I have never tried it. But I assume that the decryption takes place at a lower level, so it will be presented to the software the same way as it's presented to the user, and therefore if the system is running, it's decrypted already, and so will be the backup. But like I said, backing up the running system is a trick in itself that I only know of one software that can do at all. Generally speaking, as a rule, you can't backup the running system disc, so you can only backup the disc from another bootable os of some kind.

@@MarkUnique It shouldn't be a big issue. Generally speaking, backup software has to be it's own bootable os, and it should make brute force backups just fine. If you are making your own backups to restore your system, and you know the password, then it shouldn't be a problem, the software is brute force, sector for sector, so it will copy the drive encrypted. If you know the password, you can use them like normal. But for someone like say, the police, who want to make an image of your drive to gather evidence of some kind against you, it's a problem, without the password, the images are useless.

Yeah of course. Major OSes have drive encryption support like Linux and MacOS

@@techlore Is it still safe and anonymous to browse Tor if I was to use a boot up version of Linux or would it be better to just fully convert to Linux?

It’s very minor. You won’t notice a difference in casual usage with that setup. You could see 10% decrease in performance in intense tasks. Depends on the rig

@@techlore Thanks for the answer! Go incognito is great btw and have been listening to ur new show

Follow up to my initial post. Buy the fastest and most efficient specs you can. When using encryption on my rigs. Initial access or opening is the bottleneck. Even when including gaming. Once accessed. No significant speed decrease. Software encryption, all the way.

TPM, Bitlocker with encryption, Acronis with encryption. If you can crack it you are in the wrong line of work. Will it slow down your system, yes by like 3.7% average. Can always try to brute force it but good luck with that 256bit the sun will go dim first. People go after your keys and if they want it bad enough they can eventually get them, either by being sneaky or just straight out violent means. Can sub Bitlocker and Acronis with 2 others, just saying triple layer protection.

Password protecting the UEFI aka BIOS. Is a good first step. If you 'software' encrypt the drive. Which is something most people do not even think about. You greatly mitigate the threats. Correct, about the RAM issue. First off why most of my encryption involves VeraCrypt, since they use limited encryption of the keys. It is a yes/no option when you type in the password. I do not know if Windows Bitlocker does it at all. I use Bitlocker for lower threat modeled threats. I have to do more research. Let us be honest. Most smash and grab thieves will have no fucking idea what we are talking about. You are correct enabling TPM is useful. Laptops come with it. Modern CPUs have a it built in. You can also buy an independent TPM for desktops. Also when dealing with laptops. Enabling UEFI password. Will turn your laptop into a brick. So unless they are going to flash hack it or replace the chip. Which again, most common thieves will not. At best they will sell it for parts.

👍

LOL, a bit of work. Not a bad option though.

And this is why you perform regular backups 👍

I am looking into doing gaming and multimedia on my two computers. I wish somebody would do videos on that. You say VeraCrypt eats up system resources? Please elaborate.

@@jamesedwards3923 Veracrypt is much slower than Bitlocker. They just do things differently... Veracrypt is probably more secure than Bitlocker, but its so much slower that normal people should just use Bitlocker. Only if you're afraid of government or something should you use Veracrypt.

@@teemuvesala9575 I want encryption with no back doors.

@@jamesedwards3923 Then you'd be best off with VeraCrypt. Just keep in mind it will be slower than BitLocker.

@@teemuvesala9575 VeraCrypt does it a larger percentage of speed transfers. I analized the data using 'crystal'. Not by any signficant amount. Plus I brought M.1 type SSDs for most of my working and gaming. For exactly that reason. I did decide on VeraCrypt. Marginally more secure. Bitlocker, I use it at a limited capacity. Do you have how many articles I had to go throught? To figure how disable stuff on it. Not to mention enabling 256bit as opposed to the standard 128bit? It is like Microsoft watered down and disable security to the bare minimal.

You are correct. In an Evil Maid attack. There are easy ways to defend against this. Let us talk about the classic literal example of an evil maid attack. 1) You encrypt every drive on the computer. 2) Password protect your BIOS. A lot of people especially common Apple users. Do not password protect their BIOS. Some have asked me, "why would you password protect your BIOS? If I have done a full encryption of the drives on it?" Deterrent and layering. An Evil Maid, would have enough sense to not even bother. Since most people do not password protect the BIOS. In my experience most people who password protect the BIOS have disabled both 'wake on LAN' and alternate boot priority. So you would have to either software hack the BIOS. Or take apart the computer. Those take time. I think I have a public playlist [if not I will enable public viewing]. That involves traveling. All those people robbed. Airbnb and Hotels. Let me ask you a question? How many of those used passwords to encrypt their drives, tablets, and laptops? Answer, probably a handful at best. In my offline and online experience most users use numeric PIN codes. Especially Apple users. Once those hashes are extracted. A lot easier to brute force that stuff. All hashes can be deciphered and encryption can be broken. All it takes is time. 3) I use hardware encrypted drives. More a deterrent and layering. So use the same example. The weaknesses in many hardware encrypted drives. Are publicly known. O rare occasion. I have no choice but to use unencrypted drives. if the file has anything a criminal would want. Or could use. I make an effort to encrypt that file. The threat modeling suggest that a typical smash and grab robber is not going to physically bypass my hardware encryption; depending on the model of the drive. Then brute force the files. 4) Remember the best password is the one you do not know. 5) Certain files have certain limitations on how you can encrypt them. I think we all know many of the common limitations. You now have SSDs that can do 1TB to 4TB. FYI, I'd be careful which drives you choose. Plenty of adaptors and enclosures. You could install multiple OSes and between script kiddy knowledge or even retail software. Created a multiple partition. And it fits in your pocket.

How so?

For drive encryption definitely go with Veracrypt. It is considered the go-to program right now. I am still due to make a tutorial on how to use it :( Coming soon!

I always recommend open source options. Yes, all software has flaws and zero days. However, with open source. You will have a much better opportunity to learn what they are.

no you can set a password on it if its your secondary drive

@@FGV_Gravity I’m referring to the average person, most people don’t want to be entering passwords every time the use an additional drive.

@@FGV_Gravity once they have access to your main drive it’s easy to install keyloggers and Rats.

Every distro has LUKS built into which you can activate at installation. I has better encryption than Bitlocker lol.

What?

Does she know this now? Yet another example. In my experience there are two types of Apple Users. Ignorant or IT Cyber Expert. In my direct experience Apple Users enjoy being ignorant of their technology. They figured, 'I paid a fortune it must be secure.' You proved me right again. I normally meet graphical designers and a few IT Professionals. The vast majority of Apple users I have met or know. Barely know how to make a phone call with their device.

It's called "a brain".

@@IngolfLau I have a mental disability tho

@@footage6402 Then write it down somewhere.

@@footage6402 use that sentence, "IHaveAMentalDisability"

No, once full disk encryption is setup you can modify it in any way and it won’t affect the encrypted volume.

Do not overthink it. You will be fine.

The point of software encrypting a drive. Is in case someone has physical access to it. VeraCrypt.

@@jamesedwards3923 Veracrypt is not secure, it has been exposed to have dozens of security flaws that hackers could exploit effortlessly, so its useless, plus its unknown to the vast majority of users so its useless.

@@Billy123bobzzz VeraCrypt is open sources. All security applications have flaws. I own a bunch of old and new OPAL drives. That I secure with software encryption of course. At least you can learn what the flaws are. As opposed to closed source apps. In my experience users are too damn lazy. Even with basic security. Keep in mind. Even when they know better; most do! They do nothing. I can not help people who refuse to try. I have tried. They are too damn lazy.

I’ve been waiting for you 😛

( ͡° ͜ʖ ͡°)

You could remove the drive and put it in another computer

You can't encrypt your BIOS. All you've done is password protect your BIOS which doesn't change the fact your hard drive could be physically taken and plugged into another computer. Only hard drive encryption protects your data in that case.

Wrong. Your u encrypted drive can be removed and read. A BIOS is a stop gap measure. Helps against minimal attacks. I always recommend password BIOS for laptops and tablets.

basically any bootable linux live usb

Linux on a flash drive.

Grub-Password?

Ahh Linux.

Linux

Yes but negligibly

No, unfortunately not. I will have a video coming soon about a topic which ties to this though....some things are impossible to be "anonymous" for. You need to use your legit information. The purpose of creating pseudonyms and what not is to separate your different activities from your personal life so there is very little tied to your personal life. All we're doing when we're talking about anonymity is creating new identities.

Or you can buy digital locks with builtin cameras. If your system has video. Have them show their photo ID. A lot of systems have builtin logs. If you have to send them a digital key of some sort. Log their finger prints if you have bioscanner. Thumb print scanners are cheap. Keep it on file.

I own a few of them. The OPAL standard is garbage. I use them as a layer. I software encrypt the partition. A common thief will think the drive is broke. Which means either they will wipe it and use it. Or will throw it out. Thinking it was garbage. Most common thieves will not know what to make of it.

Correct.

I have not played with Virtual Machines much. I know many IT guys and Linux use them. I am concerned about going totally Linux. Learning Virtual Machines for academic and or professional. Fine, for daily driver. I will try to run it on two seperate drives. A lot of new motherboards allow for costomized boot configurations.

You can make any USB drive just like mine.

2FA using your phone is being hacked now by social engineers using a SIM card scam. I think I overheard my roommate doing this to her mom when the mother kicked the son out of the house. The two of them were having the greatest fun doing it. Now the trouble maker is living here with his sister and I am worried about my stuff!

LOL, Fail Safe or Fail Secure. Depends on the damage. You might be able to use a recovery disk.

This doesn't stop someone from gaining unauthorized access to your device though

everyone is a jerk. women with no intention to steal will sometimes go through your stuff just out of curiosity and probably for something to make fun of you for. We are already seeing that what is acceptable in one decade may not be a decade later and you can get fired for it or ostracized publicly. PC and cancel culture means we are all at risk.

Do you have passwords? Do you have virtual memory enabled? Do you use the same passwords for everything?

@@jamesedwards3923 no i dont use zhe same password, i have a hardware key to open a database with all my passwords

@@Gigachad-mc5qz Password Safe or KeePass? I go with KeePass, but you have tweak your file for each app you use. I prefer old school. Password and a keyfiles You can get addons. I decided for stuff like that. I will use Password Safe. More straight forward. Since Password Safe, did it from the ground up. The problem is I have had issues with the database conversion. Which means I have to rebuild the database from scratch for Password Safe. Yes, I tried the KeePass 1.x conversion .CSV. Except it did not work at all.

@@jamesedwards3923 keepassxc

​@@Gigachad-mc5qz I do not think its a bad app. It is oversimplifed. They give you almost no information on the security attributes of the file. I have played with it. I had to water down a lot of the security. I could not use most of the higher hashing functions and encryption. I have experimented with it. For Windows and Linux when I start learning how to use it. I will use KeePass 2.x. Android. I use two different applications. Never had a problem. It has PGP and the like. All good there. The GUI and lack of options in chosing the features. As well as the details are horrible. I only keep it on my rig as a backup measure. Not my daily driver.

Do you keep them in your sock?

Techlore you could say that, more or less

KiranProGamer as a standard OS? What for? Sure is a great pentesting OS solid based on Debían but for daily use? Too much of a hassle, other distros more friendly to daily life use are just as safe if not better! Kali was made for pentesting purposes and is optimized to do just that that's why it sucks as a daily runner.

Johan Herrera Actually I'm a programmer, So kali linux is perfect for me. Yes it is difficult to switch to linux from windows environment but it gives us complete control on what we are doing.. It is better to dual boot for gaming and for using other software.. But Linux never betrays you like Windows (ransomware, malwares...)

KiranProGamer well if you really know what you are doing then scratching Debían and Ubuntu repositories might patch Kali to make it usable as a daily runner. I'm an IT spec, although my area of expertise is more focused on hardware and automatization. May I ask why kali with all the hassle and not something like Arch? Is about the same ammount of work but the by the end you get modularity and more stability on you side. I mean with arch you can build almost anything including a daily runner productivity distro and black arch repositories have almost as many pentesting tools as kali. Some even better from the modular perspective. Best regards M8, have a good one.

GNU Linux can help you :)