Zoom, how secure is it??

mudsticks · 10 Apr 2020

Brompton Bruce said:
I am a member of an NHS Research Ethics Committee (REC) - we held this month's meeting via Zoom. The Chair had a licence for Zoom Professional. We discussed sensitive issues around five research projects and Zoom's use was sanctioned by the Health Research Authority which oversees the RECs. There were no concerns about leaks, privacy, data loss or naked men. I think you'll be fine.

That sounds reassuring :okay:

contadino said:
I run zoom in it's own virtual machine. Same with Microsoft teams, Skype, Facebook, etc.

It's the only way to ensure I can control whether these insecure apps can't hijack my webcam, microphone, or other contents of my drives.

In its own 'virtual machine' :blink:

Sorry me no speak computer.

mudsticks · 10 Apr 2020

alicat said:
Zoom has just introduced a password system to make it harder to gatecrash a random meeting.

Yes, the invites I send out have passwords

Andy_R said:
Try using Cisco Webex - personal version is free, and being Cisco it's very secure.

Thanks for that, I'll look into it.

So long as it works for us, free is a good price.

I'm hoping not to have to do it this way for months on end, I can only do so much adjustment, by words alone. :blink:

contadino · 10 Apr 2020

Try jitsi. Open source (i.e. the software has been peer reviewed and so should be more secure) and is free.

https://jitsi.org/

Microsoft teams tried to enable my laptop microphone 20-odd times the first night it was installed so I put it in a virtual machine to box it in. Just putting a password on your zoom meeting doesn't stop zoom accessing your computer.

mudsticks · 10 Apr 2020

contadino said:
Try jitsi. Open source (i.e. the software has been peer reviewed and so should be more secure) and is free.

https://jitsi.org/

Microsoft teams tried to enable my laptop microphone 20-odd times the first night it was installed so I put it in a virtual machine to box it in. Just putting a password on your zoom meeting doesn't stop zoom accessing your computer.

OK, thanks, sounds good.

I'll have to find out what a virtual machine is, but I'm sure someone, somewhere, will be able to explain it in terms I can comprehend :smile:

contadino · 10 Apr 2020

mudsticks said:
OK, thanks, sounds good.

I'll have to find out what a virtual machine is, but I'm sure someone, somewhere, will be able to explain it in terms I can comprehend

If software needs to be in a virtual machine to be safe, it's not safe to use. Find an alternative.

bruce1530 · 10 Apr 2020

So there’s been a lot of hype about Zoom in the press recently. Some of it is valid, but much of it is press fodder written by the uninformed. I also suspect that some of that criticism is fuelled by Zoom’s competitors.

For example, we hear a lot of people complaining about “Zoombombing”, Or to put it another way “I created a conference. I didn’t put a password on it. I advertised all the details on social media. I was shocked when other people joined the call. That must be a security flaw”. No it’s not. Its a problem in the chair, not in the computer.

Zoom is probably suffering from having grown too quickly. There have been some security criticisms - but show me any software company which has not had critical vulnerabilities. Cisco, Apple, they’ve all been there. We accept microsoft’s “Patch Tuesday” every month as being a good thing, yet crucify any other vendor who has a vulnerability. Zoom’s reaction to these issues has been good.

The UK’s national cybersecurity centre has not issued any formal statement on Zoom. However their New Zealand counterparts did, I’m paraphrasing their report as “Don’t use it for the most highly classified government meetings, but for most stuff its fine, as long as you are sensible when setting it up."

NorthernDave · 10 Apr 2020

mudsticks said:
Do you happen to know what concerns these might be??

What we are doing in class is not sensitive datawise.

I'm more bothered if someone's (or my) email account is more easily corrupted.

I paid for the subs through what I assume is normal secure banking channels.

No such sensitive data is transmitted during class.

Sorry, no idea - I'm just a tiny cog in a huge machine. We just got an email telling us not to use it and there has been a banner on the front page of our intranet reinforcing the message since.

bruce1530 · 10 Apr 2020

Do you happen to know what concerns these might be??

It’s probably because the Chief Exec saw an article in Popular Mechanics which said not to use it.
(Popular Mechanics was the top hit earlier this week when you searched for “Zoom security”)

mudsticks · 10 Apr 2020

bruce1530 said:
So there’s been a lot of hype about Zoom in the press recently. Some of it is valid, but much of it is press fodder written by the uninformed. I also suspect that some of that criticism is fuelled by Zoom’s competitors.

For example, we hear a lot of people complaining about “Zoombombing”, Or to put it another way “I created a conference. I didn’t put a password on it. I advertised all the details on social media. I was shocked when other people joined the call. That must be a security flaw”. No it’s not. Its a problem in the chair, not in the computer.

Zoom is probably suffering from having grown too quickly. There have been some security criticisms - but show me any software company which has not had critical vulnerabilities. Cisco, Apple, they’ve all been there. We accept microsoft’s “Patch Tuesday” every month as being a good thing, yet crucify any other vendor who has a vulnerability. Zoom’s reaction to these issues has been good.

The UK’s national cybersecurity centre has not issued any formal statement on Zoom. However their New Zealand counterparts did, I’m paraphrasing their report as “Don’t use it for the most highly classified government meetings, but for most stuff its fine, as long as you are sensible when setting it up."

OK so as long I'm only sending invites (and passwords) to individuals that I know, and we're not doing anything that would be compromising even if anyone else saw it, then there's not a problem in your view?

Zoom was recommended by our teaching association, so I assumed it would be OK.

Maybe the concern comes around their suddenly having to massively expand their service availability, and potential compromises, that could have arisen as a result?.

And as you suggest, some of these 'allegations: are bit of internecine industry sniping perhaps?

I'll not fret too much I think.

kynikos · 10 Apr 2020

Like lots of things, if you're sensible about how you use it you'll be fine. Some useful guidelines to follow here.

mudsticks · 10 Apr 2020

Thankyou..

I promise to be very sensible :angel:

steverob · 10 Apr 2020

The problem we have at my work with Zoom is that we've paid for some super secure, state of the art video conferencing software, which is pre-installed on everyone's laptop and is fully tested to work in all scenarios; and then because one of our executives suddenly read an online article a few weeks back which basically said "zoom iz grate", he wants to install it on all the laptops in his department because it MUST be better than what we already use, despite him never having used it probably. Then he gets all angry at us (IT department) because we won't give him the administrative rights to do this, plus the fact that it goes against company policy. Of course this is then the same exec who a week later will have had his mind changed by all the suddenly negative press around Zoom and now has moved on to the next thing that's getting rave reviews - and the cycle starts all over again.

mudsticks · 10 Apr 2020

steverob said:
The problem we have at my work with Zoom is that we've paid for some super secure, state of the art video conferencing software, which is pre-installed on everyone's laptop and is fully tested to work in all scenarios; and then because one of our executives suddenly read an online article a few weeks back which basically said "zoom iz grate", he wants to install it on all the laptops in his department because it MUST be better than what we already use, despite him never having used it probably. Then he gets all angry at us (IT department) because we won't give him the administrative rights to do this, plus the fact that it goes against company policy. Of course this is then the same exec who a week later will have had his mind changed by all the suddenly negative press around Zoom and now has moved on to the next thing that's getting rave reviews - and the cycle starts all over again.

I'm mighty glad I don't work in the corporate world.

Never having had an office job, I'm always slightly curious as to what actually goes on there.

The more I hear about it, the gladder I am, that I've avoided it. :blink:

MartinQ · 11 Apr 2020

https://www.bbc.co.uk/news/entertainment-arts-52243209

:wacko:

mudsticks · 11 Apr 2020

MartinQ said:
https://www.bbc.co.uk/news/entertainment-arts-52243209

Shouldn't laugh ^_^

But given the poor quality of the Archers storyline, and acting, there was no alternative :rolleyes:

Zoom, how secure is it??

mudsticks

Obviously an Aubergine

mudsticks

Obviously an Aubergine

contadino

Veteran

mudsticks

Obviously an Aubergine

contadino

Veteran

bruce1530

Guru

NorthernDave

Never used Über Member

bruce1530

Guru

mudsticks

Obviously an Aubergine

kynikos

Veteran

mudsticks

Obviously an Aubergine

steverob

Guru

mudsticks

Obviously an Aubergine

MartinQ

Guru

mudsticks

Obviously an Aubergine

Similar threads