Apple Macs have long had a reputation for being more secure than PCs but where does this idea come from and is it really the case?

How Did It Start?

Apple itself supported the idea that Macs didn’t get computer viruses until (in 2012) it was noted that the claim was removed from its “Why You’ll Love a Mac” web page.

Mac Users

There are also successions of fan-like owners who, judging by their online comments and based on their own experiences, would support the idea that their machines have never had a virus. Historically, more ‘user-friendly’ and more aesthetically pleasing, Macs were also the domain of those in design professions and/or ‘non-techie’ people rather than those using banks of much lower priced PCs as daily office workhorses and business tools that required them to be online more often, getting more exposure to viruses and threats.

Although less technical users may find the macOS platform easier to navigate and to keep safe, this can lead to perception that few safety precautions need to be taken, thereby weakening safe user behaviour.

Fewer Macs

There are far fewer Macs in use than PCs.  For example, looking at the OS market, although macOS’s share grew from a tiny 2.26 per cent in 2003 to more respectable 10.18 per cent July 2019.  This could mean that:

– If Windows accounts for 90 per cent of the market, it makes sense for cyber criminals to target the majority, and that this could mean that there are fewer Mac-focused cyber threats.

– If there are fewer Macs, owners may simply be enjoying a degree of ‘security through minority’.

Operating System

Apple’s macOS is based on Unix.  This is generally accepted as being more difficult to exploit than Windows. That said, the level of security for Apple’s macOS may depend on which version it is.

Macs Under Attack

There is (what appears to be) a mistaken perception that Mac’s don’t get viruses. In fact, contrary to popular belief, now that Macs are becoming more popular, they have become more of a target for cyber criminals. Examples of Mac threats include the Flashfake botnet, the Koobface worm, and Mac Defender malware, Silver Sparrow malware, Pirri/GoSearch22 adware,ThiefQuest/EvilQuest ransomware and LoudMiner/Bird Miner crypto-mining software.

Larger Threat Growth For Macs

As highlighted in the Malwarebytes (annual) State of malware report (February 2020), the growth in attacks on Apple endpoints is outpacing the threats targeting Windows machines.  Kaspersky figures also show increasing dangers for Mac users. Early last year, Kaspersky reported that two years on from its detection, Shlayer Trojan malware attacks one in ten macOS users, and it accounts for almost 30 per cent of all detections for the macOS.

System Vulnerabilities?

In comparison to Windows users, Mac users seem to suffer less from threats that exploit system vulnerabilities without the need for downloads.

Speed of Security Fixes

In the past, there have been reports of Apple being slow with security fixes (e.g. its patch for 2012’s Flashback exploit taking almost 50 days to be ready for distribution) to macOS users and even then, only being made available for those running macOS Snow Leopard and macOS Lion. If there has been any lack of urgency in the release of security patches and updates for the macOS it may simply have been down to a historically lower threat presence compared to PCs.

Browser Security

In the light of the increasing rate in attacks on Macs, Apple’s Safari browser has been updated to block ads and (unwanted) pop ups. However, third-party browsers like Google Chrome and Firefox may be considered to be more secure, especially against the newest threats, because Safari appears to have a slower update cycle.

Threats To Both

It should be remembered that both Mac and PC users also share common threats which aren’t linked to which flavour of computer an OS they have.  These threats include phishing scams and other social engineering attacks, spam, human error of the Mac or PC user, and the threats of theft or loss of the Mac or PC.

Whether a Mac or PC user, clicking on a link or downloading an attachment in a suspicious email can mean an equal risk of falling victim to malware.

Taking Precautions

Mac and PC users should always take precautions to reduce the risk of viruses and attacks.  These include:

– Keeping anti-virus software up to date and making sure that all the latest patches and updates have been installed.

– Not clicking on suspicious links or downloads in emails.

– Making sure that (staff) users are aware, educated and trained in spotting and dealing with cyber threats, scams, social engineering attack behaviour (on and offline) and more.

What Does This Mean For Your Business?

Macs and PCs are both vulnerable to attacks and threats and the increasing popularity of Macs means that threats towards them are growing. Users of both Windows and Mac operating systems should always stay up to date with measures that ensure that their systems are protected and should make sure that staff are educated, trained, and motivated to spot and deal with threats in the right way.

Mac users may can check the advice on Apple’s website about features (found in System Preferences) that help protect Macs and the personal information of users from malicious software/malware, such as that embedded in harmless-looking apps.  See: https://support.apple.com/en-gb/guide/mac-help/mh40596/mac

Using the Investigatory Powers Act of 2016, it has been reported that a recent government test of tracking users’ web histories has been helped by two ISPs.

The Investigatory Powers Act

The Investigatory Powers Act 2016 (also known as the ‘Snooper’s Charter’) became law in the UK in November 2016. It was designed to extend the reach of state surveillance and requires web and phone companies (by law) to store everyone’s web browsing histories for 12 months and to give the police, security services, and official agencies access to that data when requested. The Charter also means that security services, government agencies and police can hack into computers and phones to collect communications data in bulk and that judges can sign off police requests to view journalists’ call and web records.

Back in December 2018, human rights group Liberty won the right to a judicial review into the Investigatory Powers Act 2016. It was decided that there must be suspicion of a serious crime (one with a 12 month or more sentence) for the government agencies and police to request browsing history records.

ICRs

The records of ‘metadata’ that ISPs/telecoms companies are required to collect and store about users are called Internet Connection Records (ICRs). These show which websites a person has visited, the relevant IP addresses, and how much data they download, but do not show which pages within a website that a person visited.

Latest Trial

The latest trial of the new powers under the Act is reported to have involved the Home Office, the National Crime Agency, and two unnamed ISPs.  The ISPs involved cannot identify themselves because the law prevents them from disclosing the existence of a data retention notice to anyone else. Reports indicate that the trial is small in scale and is still in its early stages.

Issues

The trial has brought criticism that has highlighted the many issues around collecting data about everyone’s web activities.  For example:

– Privacy. The blanket mass collection of Internet histories in the hope that something will be found in it seems like an unnecessary level and type of surveillance that impacts on privacy.

– Compromising the role and values of ISPs. Commercial companies such as ISPs that need to protect customers are being made to act as an extension of government agencies, thereby being forced to compromise their role in a way that may erode customer trust.

– Security. Storing browsing histories for a year has raised concerns about how securely they are stored and what extra level of risk this poses to customers.

– Transparency. The law does not allow the disclosure of which ISPs are involved in the test, plus it is not clear how often this could happen, or whether it is necessary or proportionate.

– Oversight. There have been questions about who/what is overseeing the process.  This has led to the Investigatory Powers Commission announcing plans to appoint 13 judicial commissioners for independent oversight of any surveillance.

What Does This Mean For Your Business?

The popular justification for the introduction of the Investigatory Powers Act (Snooper’s Charter) was to improve UK’s ability to spot and foil potential terror plots, and a qualification for agencies requesting a user’s browsing records/history should be suspicion of a serious crime.  With a lack of transparency and questions about oversight, this has increased mistrust about what could be happening under this law and how the vast majority of law-abiding people are still essentially under surveillance while ISPs  (with whom customers may think they have a normal business arrangement) are obliged by law to secretly pass customer data to government and law enforcement agencies. While national defence matters are important, for some, the Investigatory Powers Act feels a bit too much like ‘Big Brother’. Some people argue that if a person has nothing to hide, they have nothing to worry about while others argue that this attitude simply gives the green light to the erosion of hard-fought rights that could have consequences for everyone further down the line.

After Liz Truss’s (the UK’s Minister for Women and Equalities) suggestion that flexible working should be standard appeared at odds with the Prime Minister’s views, will remote working be the new norm … or not?

February – The Prime Minister

In February, Prime Minister Boris Johnson said (while on a rail industry conference video call) that he believed that workers would return (all being well) to their physical workplaces in “a few short months” and that he did not believe that the future new normal would be characterised by people not moving around and commuting and simply doing things remotely.

Views Shared By Goldman Sachs Boss

The CEO of investment bank Goldman Sachs, David Solomon, who moonlights as DJ D-Sol, appeared to agree with Prime Minister Johnson’s view, saying of home working (at a Credit Suisse conference) “And it’s not a new normal. It’s an aberration that we’re going to correct as soon as possible”.  Mr Solomon justified this view by saying that remote working isn’t compatible with the innovative and collaborative apprenticeship culture at the bank and remote working would mean that new employees would miss out on things like “direct contact, direct apprenticeship, direct mentorship”.  JP Morgan is also understood to support the idea that remote working could mean a lack of mentoring for young staff and that remote working can lead to a drop in productivity on Mondays and Fridays.

Liz Truss

Liz Truss’s recent comments, just ahead of International Women’s Day, that employers should make flexible working (including remote working and job sharing) a standard option to help level the digital divide appear to be at odds with those of the Prime Minister. The Minister argues that the pandemic has led to “changed mindsets” and that allowing flexible working as the norm rather than by special request could help open up employment opportunities to workers, regardless of their sex or location.

Research Supports Remote/Flexible Working

Research from Cardiff and Southampton Universities shows that 90 per cent of UK people who worked remotely during the pandemic would like to continue to stay away from the office.  Also, research by the Behavioural Insights Team (BIT) and the jobs website ‘Indeed’ shows that job ads that explicitly offer flexible working would increase applications by up to 30 per cent.

Hybrid Model

It is likely, however, that many businesses may opt for a ‘hybrid’ model of working in the near future.  For example, according to research (Feb 2021) by global human resource consulting firm Robert Half, 89 per cent of UK businesses expect hybrid working trends to become permanent.

What Does This Mean For Your Business?

For many service-based businesses, switching to remote working during the pandemic led to several discoveries (such as the idea that they can continue to offer a good service), many employees like remote/flexible working (due to its compatibility with the real work/life balances and challenges), and some businesses have discovered that it allows them to reduce costly office space.  For example, HSBC is cutting its office space by 40 per cent and Lloyds is cutting its office space by one fifth. In many sectors (e.g. the hard-hit hospitality sector) flexible and remote working is not an option and for some businesses (e.g. Goldman Sachs) there are clearly concerns about how physical separation could affect the development and training of staff. Looking ahead to the near future and with predictions that COVID-19 is essentially here to stay, many businesses look set to go for a hybrid solution to working where possible.

If you like the streaming music platform Spotify and sound quality is really important to you, here are some ideas and tips for how to get the best listening experience.

Disclaimer

Firstly, the disclaimer.  This article in no way endorses, recommends, or favours Spotify over the many other audio streaming services that are available such as Amazon, Apple Music, Tidal, Primephonic, Deezer, Qobuz and more.  This is merely written to highlight ways that users of this particular (popular) streaming service can improve their experience.  Many points could apply to other music streaming services.

Spotify

Subscription music streaming service Spotify has 155 million premium subscribers and 345 million monthly active users. Spotify has a massive music catalogue with more than 50 million songs, with around 40,000 being added every day. In recent times and in a move to improve user engagement and get away from a reliance on music licensing, Spotify has been investing very heavily in podcasts.  There are now 2.2 million podcasts available through the platform and with the pandemic, podcast consumption is reported to be up by around 100 per cent compared to the same time last year.

Compression

Audio files are very large and in order to be able to reduce the size and the bandwidth required by audio files and to minimise data usage, audio files need to be compressed.  Lossless and lossy are the main types of compression for audio.  The difference is that lossless compression (as the name suggests) squeezes the file size without taking anything away from it (it’s a near-perfect copy), and lossy removes elements from the audio file in a way that may be almost imperceptible to the listener in order to shrink the file.

Bitrate

With Spotify being an audio streaming service, the bitrate also affects how a listener perceives sound quality.  Bitrate is the number of bits per second that can be transmitted along a digital network and a higher bitrate generally delivers better sound quality.

The highest bitrate supported by Spotify (for its Premium customers) is 320 kbps. Even lossy audio files can sound the same as lossless to listeners if the bitrate is high enough.

For most devices, the tiered default bitrate for Spotify’s ‘Automatic’ settings  are thought to be 24 kbps (for low), 96 kbps (for normal), 160 kbps (for high), and for very high, 320 kbps.

Wi-Fi

The quality of the Wi-Fi signal also affects data transfer and, therefore, could impact on the bitrate.  In short, a better, stronger Wi-Fi signal can contribute to a better music streaming experience.  It is worth remembering that Wi-Fi signal quality is affected by many factors including how many other networks are on the same Wi-Fi channel, how many users in the building are using the Wi-Fi signal (same network), the data rate of the backhaul network that connects the Wi-Fi network to the Internet, and more.

Speakers and Headphones

Once the Spotify audio is delivered to the subscriber via their receiving device, the type and quality of speakers or headphones is another factor that can impact on a Spotify user’s experience.

Spotify Connect

The Spotify Connect service, available to Premium customers, enables users to stream songs over wi-fi (no Bluetooth pairing) to any compatible audio product in the user’s home (e.g. wireless speaker, soundbar, AV receiver or smart speaker) with just two presses of a button, rather than listening just via mobile or desktop. Spotify refers to these as Connect-enabled speakers.

Listening to streamed music through these other speaker systems could, therefore, be away to improve the listening experience.

Spotify ‘Hi-Fi’ Lossless, CD Quality

In February, Spotify announced that beginning later this year, Premium subscribers in select markets will be able to upgrade their sound quality to Spotify HiFi.  Spotify says that this service will enable users to “listen to their favourite songs the way artists intended” and that Hi-Fi offers a “new high-quality music experience”.  The company says that this better listening experience will be possible thanks to what it describes as its “high-quality music streaming” as well as CD-quality, lossless audio format to the user’s device and Spotify connect-enabled speakers.

Perception

There is, however, some debate online as to whether users will be able to clearly distinguish between the sound quality of lossless through Spotify Premium and Spotify Connect.  For example, Premium already streams as 320 kbps (256 kbps on the web), which is the highest Spotify bitrate. Other variables such as a user’s hearing and a user’s audio/sound system could also make a difference.  ABX offers a page to test whether a user’s system is “ready for lossless sound” on Spotify here: http://abx.digitalfeed.net/spotify-hq.html

The point and difference about Spotify Connect is that it offers the convenience of being able to listen to music on different speakers around the home using Wi-Fi.

More Tips

Here are some other tips for getting the most from Spotify:

– On a mobile, in Spotify’s Settings (upper right of the app), scroll to find ‘Audio Quality’.  This gives the option of setting the quality to ‘Very High’.  In reality this decision should be balanced against a user’s data and storage space allowances.

– On the Web app, whereas a free version of Spotify plays at a 128kbps bitrate, Spotify Premium plays at 256kbps which may sound better.  The web app also uses the more efficient AAC, which may contribute to a better sound than the desktop and mobile apps.

– On the desktop and mobile apps, leaving the ‘Normalize Volume’ control on helps to keep the volume/even up the different volumes of different songs so that user hears them all at one level (songs are mastered at different output volumes). This can be very helpful with playlists where there may different songs from different albums and different artists. Premium subscribers have the option of setting the Normalisation to ‘Quiet’, ‘Normal’, or ‘Loud’. The ‘Normal’ setting covers the dynamic range for most music and ‘Quiet’ offers the largest room for variations in dynamic range (e.g. for listening in a quiet setting).

In Summary

There are many variables at work in getting the most out of Spotify or, indeed, many other music streaming services. Paying for services where there are higher bitrates and lossy compression, delivered with strong Wi-Fi signal and played through high quality audio equipment appears to the way to increase the possibility of getting a better listening experience.  However, the ability for each individual to clearly hear the difference between the quality offered by different types of compression on audio is something that’s open to discussion.

If you’re using Microsoft’s Edge browser, a handy organising feature means that you can easily get a full, instant view of every window you have open and quickly tab between them. Here’s how:
– Press Alt + Tab.
– Holding down Alt, click Tab to move between the windows and to select the one you want.
– To configure you’re the settings or turn off the feature, go to Settings > System > Multitasking, and see the dropdown menu for options of what Alt + Tab can do.

As Google has announced an end to third-party cookies, we look at the issues that have led to the decision, and at what may replace these cookies.

The Difference Between First and Third-Party Cookies

A cookie is a piece of code (used for tracking) that takes the form of a small text file that is stored on the browser of someone who visits a website. A ‘first party’ cookie is only generated when a person visits one particular website (domain) and is only used for finding out what that person did when they visited that site, recording how often they visit in future, and for recording details such as remembering passwords, basic data about the visitor, and some other preferences. This type of cookie does not record details about a person’s activities when they go on to visit other websites after leaving that website (i.e. websites that are not affiliated with the first website).

A third-party cookie, on the other hand, is created by a third-party, perhaps an advertiser, and is placed on a visitor’s computer when they visit your website and other websites. Its main purpose is to track a web user and gather data about their activities and preferences (e.g. websites they visit frequently, what they purchased online and what they show interest in). This enables the building of a visitor profile which, in turn, leads to them being shown ‘relevant’ targeted adverts.  For example, after showing interest in products on one particular website one day, they can then be shown adverts about that product type when visiting completely different websites at different times.

Google’s Announcement

Google announced that it will not only get rid of third-party cookies but that it will not use other technology to replace these cookies or build features into its Chrome Browser to allow itself access to that data. Google plans to not simply remove third-party cookies but to phase them out over two years before rendering them obsolete. The reason for the slow phase-out is given as allowing time to develop workarounds that address the need of not just users, but also of businesses, publishers, and advertisers.

Why?

There are many reasons why Google is phasing out third-party cookies in Chrome.  These are essentially the same reasons why other browsers such as Firefox and Safari have already phased out third-party cookies.  For example:

 – Legislation. Improved and new data privacy laws. The introduction of GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) and others have meant that tech companies can no longer track everything that users do without permission and share that data with multiple other third parties as they wish. For example, in the UK, websites now have cookie consent and privacy information displayed on the home page following the introduction of GDPR.

– Privacy Campaigners. Many privacy campaign groups and others have challenged tech companies and advertisers over the years about privacy and tracking users.  For example, in November 2020 Big Brother Watch, Oxford University and UCL were among 38 signatories of an open letter to the UK charity sector asking them to look at how advertising companies are allowed to build profiles of users based on sensitive information gained from trackers in websites and the impact that cookie consent processes had on these trackers.

– High profile Criticism. Among other things, in January the UK Competition and Markets Authority started investigating whether restricting cookies on Chrome could help Google increase its dominance in the online ad industry. For example, some commentators have questioned Google’s motives for removing third-party cookies, suggesting that forcing a reliance upon first-party cookies may simply be a way for Google to get more of a grip on the ad market and receive the revenue that would have been spent on third-party platforms.

Competition Between Browsers

Some browser companies have been publicly at the forefront of restricting the use of third-party cookies e.g., Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.  This has put pressure on the browser market-leading company Google to follow suit.

Interim Measures

As part of the phasing out of third-party cookies, Google is putting some Interim measures in place.  These include Google’s Chrome limiting insecure cross-site tracking (started in February 2021). For example, Google’s Chrome is treating cookies that don’t have a SameSite label as first-party only, and requiring cookies labelled for third-party use to be accessed over HTTPS, thereby making third-party cookies more secure and giving users more precise browser cookie controls for now. Also, Google is trying to stop covert tracking using new anti-fingerprinting measures (to launch later this year).

Replacements?

Although the phasing out of third-party cookies by Google was not unexpected, it has, of course, worried advertisers, publishers and owners of ad-supported websites who need to know how they can continue to rely upon the generation of effective adverts and revenue.  For example, Google Ad manager data shows that when advertising is made less relevant by removing cookies, funding for publishers falls by 52 per cent on average.

Although Google has said that it doesn’t plan to use other technology to replace third-party cookies there are alternatives.  These include:

– Google’s Privacy Sandbox, which it originally announced last August, and touched upon again on in January this year.  Google describes this as “a new initiative to develop a set of open standards to fundamentally enhance privacy on the web” and a “a secure environment for personalisation that also protects user privacy”.  Exact details are thin on the ground.  The idea of Sandbox, however, is to move all user data into the Google Chrome browser where it can be securely stored and processed so that it stays on the user’s device and is, therefore, making it compliant with privacy laws. It is understood that the Privacy Sandbox may also include an algorithm to group people according to their common web browsing and thereby create ‘clusters’ of people (who can’t be directly identified) with similar interests. These clusters can then be targeted by adverts without affecting the privacy of the individuals in a cluster.

– Systems made by rivals of Google Ads (e.g. Trade Desk Inc) where people can protect their privacy by logging on to websites using encrypted copies of email addresses. Also, Criteo SA, an AdTech company is reported to have developed a possible alternative.

Looking Ahead

Even though this is a big change, it is not unexpected and it will take place over a two-year phase out period within which time alternatives will have been introduced. Getting rid of third-party cookies is going to have the biggest impact on third-party ad platforms that are reliant on cookies for their revenue and for those who rely upon lots of data for their online advertising, pop-up ads, or a really focused audience-targeting strategy. For everyone else, considering third-party cookies aren’t used by most other (admittedly less popular) browsers, it’s unlikely to have a massive impact. It’s worth remembering that first-party cookies will still be used for Google Ads and that Google is likely to be investing money and effort into getting its alternative Privacy Sandbox tools up and running.