An evaluation of a few popular cybersecurity products and their value claims.
Many significant businesses, including Uber, Twitter, Whatsapp, LastPass, and Revolut, as well as governmental organizations like the FBI, have been involved in security breaches or have exposed sensitive data in 2022.
People are now more aware of cybersecurity and the importance of protecting their online information as a result of the uproar brought on by such high-profile attacks.
As a result, the demand for consumer-oriented cybersecurity products has grown substantially. We’ll look at some of them and see if the value proposition of such products is compelling.
Virtual Private Network (VPN)
The use of a VPN is arguably one of the most widely advertised tools for protecting one’s online presence. Most VPN companies grossly inflate the usefulness of a VPN as a one-stop solution to “stop the hackers.”
A VPN spoofs your IP address to make it appear as if the traffic is coming from a different server (hosted by the VPN provider). Using a VPN does prevent your ISP from eavesdropping on your traffic and could potentially help increase the download speeds of files from a torrent site, for example.
However, using a VPN does not protect you from visiting malicious websites, which can still access your system through a VPN-tunneled connection and steal your personal information.
The end user also needs to be diligent and ensure that the VPN provider is not logging or selling your data to third parties. This is easier said than done since most private companies are not transparent about their business operations, especially when the service is offered free of charge.
Is it worth using a VPN? Instead of putting your trust in a VPN provider, it is much safer to use a private, self-hosted server to route your traffic. VPNs are not as effective in the context of cybersecurity.
Many people have switched to competing password managers in the wake of the infamous LastPass breach, or they have abandoned the idea of keeping their passwords in the vaults of a private company.
A password manager, in general, is a convenience tool that helps you create and store complex passwords on the fly. The company generally uses a master password that only the end-user knows to prevent the exposure of critical information.
In the LastPass breach, we learned that LastPass only encrypted the credentials using this method and leaked other account information since those were considered metadata to identify users and their vault information.
Although we are unsure of how other private password managers store their users’ data, we can assume that any password manager business is a top target for attackers and, as a result, can be regarded as a high-risk environment.
Utilizing an open-source password manager (like Bitwarden) and hosting it on a secure, self-hosted server is the better recommendation.
Unquestionably, you must have a good antivirus program. Microsoft Defender, which comes installed by default on Windows systems, has advanced significantly and can now function as a standalone program to stop known malicious files from running.
Antivirus software still has its limitations because it cannot protect against a zero-day attack and cannot detect malware that is sufficiently obfuscated (there are known evasion techniques for bypassing antivirus solutions).
The majority of paid antivirus programs include features that are typically just smoke and mirrors. It is preferable to use Windows’ built-in Microsoft Defender. It is advised to exercise caution when browsing potentially dangerous websites and to err on the side of caution when running files with an unknown origin.
In conclusion, cybersecurity companies should be more transparent about their products and services so that the public can make better-informed decisions when it comes to protecting their online data.