Checklist 35: Q&A Grab Bag Redux

• What are all of those “advanced” network settings for in the macOS System Preferences?
• What’s up with spam that appears to come from someone I know?
• Web of Trust – is it any good?
• FileVault clarification – what’s the difference between the recovery key and the password?
• How smart is Time Machine when it comes to Optimized Storage?

It’s been awhile since our last Q&A episode, so on today’s show we’ll be answering questions submitted by some of our listeners. As always, please feel free to shoot us an e-mail if you ever have a question about a topic we’ve covered, have a specific topic you’d like us to cover in the future, or need some advice when it comes to the security of your devices – we love hearing from our listeners!

What are all of those “advanced” network settings for in the macOS System Preferences? Corrie A. wrote in asking for more information on “How to set up the “Network” setting, specifically the fields under the Advanced button… (TCP/IP; DNS; WINS; 802.1X; proxies and Hardware)? What does all of it mean and are there safe ways to configure these fields?”

Setting up a computer on a network used to be a bit tricky, but Apple has worked hard to make the process as seamless as possible in macOS. Most of the time you don’t need to do anything more advanced than select your wifi network from the Airport menu and enter the password – that’s it, you’re connected to the internet!

That being said, there are some more advanced network settings and options available in macOS for situations where the defaults aren’t enough. All of these settings are found by opening the System Preferences on your Mac, clicking the Network icon, selecting your active network connection from the list on the lefthand side of the screen that appears (which will usually be Wi-Fi), and then clicking the “Advanced” button. Let’s go through each of these optional network settings:

First up is Wi-Fi, which will only show up if you’re working with a wifi connection. This screen gives some options such as setting preferred networks, and locking down some of the wi-fi functionality. It can be helpful in situations where you have multiple wifi base stations due to poor reception, as your Mac will try to connect to your preferred networks in the order you specify. Some of the security options can be useful if you have kids and want to make sure they’re not messing around with your wifi settings.

Next up is TCP/IP, which is where you’ll find information on your computer’s IP address, as well as your router’s IP address. This can be useful when trying to get various devices on your home network to talk to each other. Most of the time you can leave the settings on this screen alone, but sometimes it’s necessary to manually enter the information.

The next one is DNS, and this is actually one you might want to change. We’ve discussed DNS on the show before, it’s basically the equivalent of a phonebook for the internet. It helps match up the numerical IP address of a website with the plaintext URL (such as apple.com) that we’re all familiar with. By default, your Mac will use the DNS Servers provided by your internet service provider. There are some reasons you might want to change to different DNS Servers, however.

Sometimes, ISPs will have network problems that prevent you from accessing websites. If the problem is limited to your ISP’s DNS Servers, your internet connection itself still works – it just doesn’t know how to get from apple.com to the actual numerical IP address that Apple’s site resides at. Other times, ISPs will use DNS redirection to inject ad content on to sites you try to visit. Most of the time you’ll see this when a website doesn’t exist because you mistyped the address, but some shadier ISPs actually replace legitimate ads with their own on normal websites.

One option would be to switch over to Google’s Public DNS Servers. They’re fast and often a good alternative if your ISP is experiencing problems with their own DNS Servers. Thankfully, it’s pretty easy to remember the addresses for Google’s Public DNS Servers, which are 8.8.8.8 and 8.8.4.4. You can switch to Google’s Public DNS Servers by clicking the plus button on the DNS settings screen and entering those addresses one at a time.

The next setting is WINS, which is used for networking in a Microsoft Windows environment. This screen is useful if you want to find out the name of your computer as it would appear on a computer running Windows on the same network. Normally you don’t need to change anything on this screen.

The next screen is 802.1X. The name might sound familiar to the various 802.11 standards for wifi connections, and that’s because it also has to do with wifi! 802.1X is a standard that is designed to enhance the security of local area networks. The setup and configuration of 802.1X would be done by a system administrator, and is usually found in a corporate network environment. You don’t need to worry about setting anything up here – if you need an 802.1X profile because it is required by your corporate policy, your system administrator will provide you with one to use.

Next up is Proxies. In some network situations, it’s necessary to route your internet traffic through a proxy server in order to access some internet sites. This usually occurs in situations with more advanced firewall setups such as those found in a corporate network environment. Unless you know what you’re doing, you shouldn’t enable any proxy services on your Mac, as they can pose a security threat since your internet traffic is routed through another computer.

Finally, there’s the Hardware tab. This tab provides information on your actual network hardware. Sometimes you’ll need information such as your MAC Address, especially if you’ve configured your network to only allow traffic from whitelisted MAC Addresses. This is a way to lock down your network to only work for computers you’ve specifically allowed. Occasionally, some networking problems can be solved by adjusting some of the settings to values other than the defaults, but most of the time leaving things alone should work fine.

So that’s it for the Advanced Network settings in macOS – 99% of the time you don’t need to change any of these settings. About the only ones you’d ever need to think about changing would be the preferred Wi-Fi networks setting and the DNS Server setting. It’s better to leave the rest alone unless absolutely necessary!

What’s up with spam that appears to come from someone I know? Dennis A writes: “I get an email from someone I know. There are a half-dozen on the To list, and sometimes I recognize them. The content of the message is something short like “Look what I found on the internet!” and a URL.

Of course the message is not from the source it seems to be, but the To list does seem to be taken from the address book of the purported source. Somehow the address book has been compromised and a spammer is sending messages to the contacts, pretending to be the owner.

This seems to happen over and over. How are address books getting stolen so commonly?”

When it comes to spam, we’re all pretty familiar with the generic stuff – some prince in a foreign country needs our help moving the extra millions he just happens to have laying around. Sometimes, however, we receive an e-mail from someone we know, and we might even see other people we know in the CC field. But…something just seems off about the e-mail. The writing style is different, or the person just provided a link to some random-looking website, or included a strange attachment. All of which should be setting off your alarm bells.

Disguising spam to appear from someone we know is a tactic used by spammers to increase the chances that their targets will open the spam message, then click the link or download and run the attached file (both of which usually lead to malware). So where do the bad guys get this legitimate-looking address book information from? Hacked computers, e-mail accounts, and websites.

If a user ends up installing malware used by spammers, the malware will usually look for the victim’s address book and immediately start spamming everybody in it. Other times, if a website is hacked and has information on its users stolen by the bad guys, they’ll get e-mail address and connections between the various users from that information, which they’ll use to attempt that targeted form of spamming we mentioned earlier. Finally, if someone’s e-mail account is hacked, either through malware, phishing, or password re-use, the bad guys will do the same thing there – grab their address book, and spam the heck out of all of their contacts.

As Dennis pointed out, this is very common. It’s actually exceedingly common, and is one of the most basic tactics used by spammers and hackers to spread their junk to as many people as possible. There’s not much you can do to avoid receiving these types of e-mails, as they’re coming from one of your friends who got hacked, but it would be nice to let your friend know that you received the spam and that they should probably change their passwords and run an anti-malware scan on their computer. You can help avoid falling victim to address book theft yourself by being very careful with links you click and files you download from these types of e-mails, and practice general safe computing habits while surfing the web.

Web of Trust – is it any good? Bob B has a question on browser security: “For quite some time, I’ve been using a browser plugin called Web of Trust (WOT) on a PC and a Mac. When I google, I see coloured circles beside the suggested website (Green is good, yellow is caution, and red is Avoid). Do you see any benefit or risk with this plugin?”

Web of Trust is a great concept, and can definitely help determine the trustworthiness of websites you visit. However, the trustworthiness of the plugin itself has been called into question recently. Back in November 2016, a German television channel investigated Web of Trust and found that they’re collecting, analyzing, and selling information about the browsing habits of their users to third parties. This information included mailing addresses, travel plans, possible health issues or anything else you googled for, and more.

As if that wasn’t bad enough, Web of Trust wasn’t doing a great job of properly anonymizing the data, which meant those third parties could potentially use it to identify an individual user and their browsing habits. While the core concept of Web of Trust is great, due to their lax views on user privacy we have to recommend that you pass this one up.

FileVault clarification – what’s the difference between the recovery key and the password? Do I need to actually write down the recovery key? Longtime listener Paul H liked our episode on Safeguarding Data With Backups and Encryption, and writes: “It has inspired me to encrypt both the hard disk and time machine backup for my iMac. Alas I did not record the recovery key for this encryption as I thought it would be much easier to save the encryption password in a secure place rather than save the much longer recovery key. Does saving the recovery key have more benefit than saving the password and if so what is this extra benefit?

If it is better to save the recovery key rather than the password is there anything I can now do to find out what my recovery key is?”

The Recovery Key is the most important piece of information when it comes to FileVault encryption. DO NOT IGNORE IT.

You need to print out and keep the Recovery Key in a secure place, such as a safe deposit box at your bank.

If you forget your password for any reason, or you’re incapacitated and a family member needs to access your files without your password, the Recovery Key is the *only* thing that will work. Otherwise your files are locked forever and essentially gone for good.

We do have some good news for Paul, however! Since he knows his password, he just needs to authenticate and disable FileVault. Once FileVault has been disabled, he can re-enable it, at which time a new Recovery Key will be generated, which he should be sure to keep in a safe place this time around. The downside here is that he’ll have to wait while FileVault re-encrypts all his files, which could take awhile. The upside is that he thought to double-check on the situation before disaster struck!

How smart is Time Machine when it comes to Optimized Storage? Inspired by Episode 30 – the one about The Cloud, Eric W wrote in asking about Optimized Storage… “I’m assuming Time Machine is smart enough to understand the stub files? So if a file is removed from my Mac’s SSD and replaced with a stub, Time Machine will retain a full backup of the file…? And also wondering, if I update an iCloud file on another device, and that file is currently a stub on my Mac, does Time Machine know to download a new copy of the file to back up?”

Unfortunately there isn’t a whole lot of information on this topic out there.

As far as we can tell, if Time Machine had previously backed up your file (prior to it being optimized), it will retain that full backup of the file for a certain period of time. After your Time Machine backup uses up a certain amount of space, it starts cycling out the oldest backups and overwriting them.

After optimized storage has taken place, Time Machine will only be backing up the stub of the file. To restore the original file (if you’ve accidentally removed it from iCloud, for example), you’d need to know the exact time and date that optimized storage took place, and go that far back in Time Machine to restore the original. Again, after a certain amount of time, that original backup will be overwritten and the file will be effectively lost forever.

Since Time Machine is only backing up the stub file after optimized storage has taken place, if you make changes on another device it wouldn’t have any effect; Time Machine would still only be backing up the stub file. This is one of the situations where Optimized Storage might be a pitfall waiting to happen, and it would be great to get some clarification from Apple on this exact topic.

Would you like to be a part of Q&A Part III? If so, send us an e-mail at checklist@securemac.com!