With malware on the rise, it's time for Next Level Security.
We have seen an enormous increase in malware during the last year. It's been especially pronounced during the lockdown. Being on a Mac provides comparative protection versus being on a PC, but that doesn't mean malware isn't a problem. And the new stuff we're starting to see is increasingly malevolent.
Up until now, we've attempted to combat malware through two different methods: Sentinel and Sentinel+.
Sentinel's 24/7 monitoring tells us when there's malware infection, and we alert the client so that they can deal with it or schedule a paid remote support session for us to resolve it.
Sentinel+ not only detects malware, but actively quarantines it on a system. It does a good job of this, probably automatically catching about 85% of the malware out there. But it's a race: Bad guys invent new stuff, we detect it, then we have to figure out how to remove it. The malware definitions for Sentinel+ are updated roughly monthly, so there's always a gap for new malware to get through. When Sentinel+ isn't able to automatically remove the malware, we schedule a free remote support session for one of our techs to go in and deal with it.
The problem in both these cases is that they're reactive. The malware is already on the system, and it's possible that someday soon we're going to get malware so dangerous that it cannot readily be removed after its installed.
So we needed to invent something new.
Enter Sentinel Ultra. Sentinel Ultra is a 4-in-1 service designed to bring you proactive, next level security. Primarily, it's a shield that blocks web sites that host malware, but Ultra helps in other ways too. Here are the four things Sentinel Ultra does:
- Malicious web site protection. Ultra blocks bad sites so you won't get a chance to download malware in the first place.
- Content filtering. Automatically block specific web sites or categories of web sites (like, say, sites promoting terrorism).
- Email phishing protection. Ultra saves you from getting tricked by scam emails by blocking web site links.
- Faster web surfing. Ultra provides something called high speed DNS. That means you'll browse the web faster.
We've been eating our own dog food as the saying goes, and testing Ultra on our internal systems and on our Macs at home. Ultra works very well.
Ultra includes all the features of Sentinel and Sentinel+, so you get 24/7 monitoring of the health of your Mac, regular testing of hardware components, automatic software updating, detection and quarantine of malware—all that stuff.
And it's just $34.99 a month. If you're already in Sentinel+, that means it's just $10 more. We think this is an incredible value for our residential clients. We always set out to provide our best effort to protect our clients, and that's what Sentinel Ultra represents.
For new clients, we're providing the same 30-day free trial that we do on all our Sentinel services. When you sign up, you have 30-days to try Sentinel, Sentinel+, or Sentinel Ultra before your credit card gets charged. You also have a 60-day money back guarantee. Don't like Sentinel/+/Ultra? Let us know within that 60-day window, and we'll refund all your money. You don't even have to have a reason. That's how confident we are that our services provide enormous value.
For existing Sentinel clients, we are offering a 60-day trial of Sentinel Ultra. That means we'll upgrade you to Ultra and you won't pay any more than you are right now for 60 days. For example, a Sentinel+ member could try Ultra for 60 days and continue to pay $24.99 during the trial period.
If you'd like more information about Sentinel, Sentinel+, or Sentinel Ultra or if you'd like the 60-day trial, please contact us via email
or phone (503-507-0410). We're incredibly excited to be able to bring this level of protection to our clients.
Announcing Sentinel AM
And now a product you probably don't need!
Coming on the heels of Sentinel Ultra (see above), announcing Sentinel AM is a little anticlimactic.
Sentinel AM (Anti-Malware) is an add-on for Sentinel+ or Sentinel Ultra.
It's the most robust, frequently updated anti-malware product we could bring to you that doesn't interfere with the operation of your Mac. (Our experience is that a lot of anti-malware products absolutely do interfere with the operation of your Mac.)
Sentinel AM is updated almost daily with new malware definitions. That means it catches and removes more malware than Sentinel+. Although we can't guarantee anything, in our internal testing we've yet to have Sentinel AM fail in detecting or removing any malware.
Sentinel AM is just $5 a month per Mac for Sentinel+ or Sentinel Ultra clients. It's amazingly affordable.
Still, we're not convinced you need it. That might make for a lousy sales pitch, but it's true. If you have Sentinel Ultra running, your odds of getting malware on your system are pretty low. Sentinel AM would likely be overkill.
That said, people have different tolerances for risk. If you want the most secure Mac system possible, we're not here to tell you that you're wrong. Sentinel Ultra with the Sentinel AM add-on is for you.
Is there a free 30-day trial of Sentinel AM for new Sentinel+ or Sentinel Ultra clients? Yes, of course.
Is there a 60-day no-additional-cost trial of Sentinel AM for existing Sentinel+ or Sentinel Ultra clients? Yes, of course.
Contact us via email
or phone (503-507-0410) to learn more about Sentinel AM.
Apple will not call you
Several clients have reported receiving calls purporting to be from Apple. Callers claim to be from Apple Support and they convey the alarming news that the client's iCloud account has been hacked. (We received one of these calls as well.)
Simply stated, this is a scam. Disconnect the call. Block the number. Apple will not call you. Do NOT provide these callers with access to your Mac, iPhone, or iPad. As always, Sentinel members should contact us with any Apple security concerns. We will be happy to provide guidance.
iPhone/iPad battery drain in iOS 13.5.x
We're seeing increasing reports of significant battery drain on iPhones and iPads running iOS (or iPadOS) 13.5 and 13.5.1.
Although we've run 13.5 and 13.5.1 on multiple devices since release, we did not see this ourselves until this weekend, when an iPhone and an iPad connected to the same AppleID account suddenly saw massive battery drain. How bad? Both devices had to be charged multiple times to make it through a day.
The nature of the problem is instructive. Because the issue is happening on two different devices, we can reasonably assume the problem isn't actually the fault of either device. In other words, if the issue were based on hardware it would be extraordinarily unlikely for both an iPhone and an iPad to have the exact same problem at the same time. This points to a problem with something the devices have in common: It could be wifi, the cellular network (the iPad has cell), or a shared Apple services like iCloud. (Hint: It's totally iCloud.)
Since this problem is not universal—lots of people aren't having this issue, and we didn't encounter it until just a few days ago—it has to be something within iCloud that not everyone uses. What were we doing this weekend? Updating our iTunes music with some new songs.
Solving the problem:
Turn off Automatic Downloads (Settings > Music > Automatic Downloads)
Disable Background App refresh (Settings > General > Background App Refresh > Disable Music
Turn off Mobile Data (Settings > Music > Mobile Data)
Cancel all downloads in the Music Library
That's what worked for us. Further good news: Testers are reporting that the problem is solved in the iOS/iPadOS 13.16 betas.
PIA VPN announces split tunneling
A Virtual Private Network, or VPN, creates an encrypted tunnel between your computer (or iPhone or iPad) and another secure computer before taking you to the internet. This tunnel protects you by making it nigh impossible for bad guys (*cough* COMCAST *cough, cough*) to see where you're going and what you're doing.
One problem is that a number of services (Netflix, Pokemon, etc.) refuse VPN connections. To use Netflix as an example, a number of their content streaming agreements are country- or region-specific. You might be able to stream, say, Monty Python's Flying Circus in the UK, but not in the US because Netflix doesn't have a US license. With a VPN, you could connect to a secure VPN server in the UK and appear to be a resident there, thwarting Netflix's licensing. So Netflix blocks all VPN traffic.
The workaround has always been to turn off the VPN when you want to use Netflix, then turn it back on when you're done. This works, but it's inconvenient.
Well, Private Internet Access (PIA) VPN, the company we've recommended for awhile now, has just announced split tunneling. As the name implies, it means you can now split your internet stream so that certain services go through the VPN and others, like Netflix, don't. You can keep your VPN turned on all the time.
If you want to sign up for PIA VPN, you can start that process here
If you're already using PIA VPN and want details on PIA's split tunneling, here you go
macOS 10.14.6 Mojave
. macOS 10.13.6 High Sierra is acceptable. Earlier versions should be upgraded ASAP. You can see your Mac's operating system version by going to the Apple menu in the top left corner of the screen and choosing "About This Mac." macOS 10.15 Catalina continues to be bug-laden. If you have already upgraded to Catalina (or if it came on a new Mac), you should update to the latest possible version, presently macOS 10.15.5.
iOS 12.4.1 (or 12.4.2 for some models) acceptable. Any device that can run iOS 11 should be upgraded to 12.4.2. You can see your iPhone or iPad's operating system version by going to Settings > General > About > Version. Note that some users have experienced battery drain in 13.5.x. Solution in our July 2020 newsletter.
iPadOS 12.4.1 (12.4.2 for some models) also acceptable. Note that some users have experienced battery drain in 13.5.x. Solution in our July 2020 newsletter.
. Older versions of WatchOS acceptable if necessary; upgrade if your devices (iPhone and Apple Watch) support it. You can see your Apple Watch's operating system version by going to Settings > General > About > Version.
. tvOS 12 also acceptable. Note that earlier models of Apple TV do not run tvOS and are fine for what they do; not all channels, features, or apps will be available. You can see if there's a software update available for your Apple TV by going to Settings > System > Software Updates > Update Software.
. Off-site backup remains important in mitigating the risk of fire or theft. We use and recommend Backblaze
. At a cost of $6 a month per Mac, Backblaze will encrypt then backup an unlimited amount of data from your Mac. Data has a 30-day retention window, though longer time periods are possible for an additional couple bucks.
Private Internet Access.
A Virtual Private Network (or VPN) creates an encrypted tunnel between your computer and the VPN company's computers. From there, you surf the internet as you regularly do. Using a VPN means that anyone who might be spying on your at the hotel, Starbucks, etc. won't be able to see what you're doing. All they'll see is encrypted internet traffic. Private Internet Access
(PIA) costs about $75 a year—a cost that covers 5 or 6 devices including Mac, iPhone, and iPad.
- iMac: iMac10,1 (Late 2009) or newer
- Mac mini: Macmini4,1 (Mid 2010) or newer
- Mac Pro: MacPro5,1 (Mid 2010) or newer
- MacBook: MacBook6,1 (Late 2009) or newer
- MacBook Air: MacBookAir3,1 (Late 2010) or newer
- MacBook Pro: MacBookPro7,1 (Mid 2010) or newer
- Note that 2016-2019 MacBook Pro models have a higher than usual keyboard failure rate. Used 2015 models, which use a different style keyboard, may be a more reliable option. The new 2019 MacBook Pro 16" model uses a new keyboard mechanism and should be fine.
These are minimum
hardware recommendations based on what is necessary to run a secure operating system (macOS 10.13.6 High Sierra).
The following are the macOS 10.14 Mojave/10.15 Catalina system requirements. If your Mac does not meet these specifications, it will need to be replaced by fall of 2020, when High Sierra will no longer be secure.
macOS 10.14 Mojave/10.15 Catalina system requirements
- MacBook (Early 2015 or later)
- MacBook Air (Mid-2012 or later)
- MacBook Pro (Mid-2012 or later)
- Mac mini (Late 2012 or later)
- iMac (Late 2012 or later)
- iMac Pro (all models)
- Mac Pro (Late 2013 or newer)
macOS 10.15 Catalina was released in October 2019 and has the same system requirements as Mojave.
iPhone and iPad
- iPhone 6S or newer. Older iPhones cannot run iOS 13.
- iPhone 7 models have a higher than normal failure rate over time. Given the choice, we would recommend iPhone SE (2020) model as a strong alternative to iPhone 7 models.
- iPad Air 2 or newer will be needed for the new iPadOS coming this fall
- iPad mini 4 or newer will be needed for the new iPadOS coming this fall
- iPad Pro (all models)
- iPad 5th generation or newer
The iPad line is made confusing by the multitude of model names and types (Air, mini, Pro, and just plain iPad). Generally speaking, devices introduced in October 2014 and later will run iPadOS. iPads that will not run iPadOS and should be replaced unless they will not be used on the internet.
- Apple Watch Series 5 is highly recommended.
- All versions are secure and acceptable though Apple Watch Series 0 will not run the latest version of WatchOS and therefore lacks both the speed and features of later Apple Watches.
- Apple TV 4K is recommended. Apple TV (4th generation) is fine as well.
- Older models of Apple TV do not support tvOS and cannot run Apple TV Store apps, though we are unaware of any major security issues.