Jump to content


Photo

RM Security While on the Net


  • Please log in to reply
7 replies to this topic

#1 JoyceAE5

JoyceAE5

    Advanced Member

  • Members
  • PipPipPip
  • 165 posts

Posted 09 November 2018 - 09:51 AM

I recently ran into an issue where a hacker managed to grab all of my online passwords. This leads me to a concern when using RM while attached to the internet. With a lot of detailed information in my database for myself and other living people, I am concerned with someone actually getting a copy of my database while online. How are others handling this type of concern? I am reluctant to having my RM database open while online. Since there is no way to password protect the database within RM how do you go about protecting this very sensitive data?

 

One thing I was thinking of doing was to use a blank database while online to gather the information and then merge it into my offline database while disconnected from the internet. This would mean a lot of extra work keeping track of where this new information is to be included in my offline database. When creating new children for example, I would have to keep track of which parents they belong to or when adding new parents I would need to know all of the children that would need to be linked with them.

 

Any suggestions on how to handle this issue?

 

Thanks in advance,

Joyce



#2 robertjacobs0

robertjacobs0

    Advanced Member

  • Members
  • PipPipPip
  • 278 posts

Posted 09 November 2018 - 06:04 PM

Your database isn't "online," or shouldn't be. It's a file on your machine. To attack it a hacker would have to control your machine, probably through a virus or "Trojan" actually running in your machine. This kind of malware can be inserted into a machine from a flash drive or by accessing a malicious web site. Those are the ways that the infamous "ransomware" can get into your machine. Your defenses against these intrusions are the built-in firewall and regular scans by Windows Defender or other anti-malware programs.

 

The defenses are incomplete if one accesses unknown web sites or falls for any of the all-too-common scams. For example, words to the effect of "Microsoft has detected malware (or computer problem). Click here to remedy." NEVER "click here" unless you're dealing with a known and legitimate web site.

 

One of the chief means of getting people to malicious sites is by an e-mail which purports to come from a friend. The malware has somehow gotten into a friend's e-mail list and sends out something like "John thinks you'd be interested in this." The web address you're asked to click on is completely unknown to you. Don't do it!

 

A little prudence can go a long way.

 

Should your browser come up with some kind of scam message don't click on anything. Go to the task manager, highlight the browser program and click on "End task." Then run a full system scan, first with your anti-virus program and then with the free download version of Malwarebytes. I keep Malwarebytes on my machine so I don't have to try to download it while under assault.

 

Hackers are much more likely to be after bigger game than your RootsMagic files. The best way to protect yourself is to maintain a full backup set on an external device which isn't always connected to your computer and to an external site -- i.e., not your home. I periodically send a flash drive with a full system backup to my son who lives a hundred miles away. Were my house to burn down the data would still be protected -- if the rascal can remember where he stowed it.

 

Some people use a cloud service like Dropbox for their backup files. I don't care for them myself, but many do.



#3 Trebor22

Trebor22

    Advanced Member

  • Members
  • PipPipPip
  • 192 posts

Posted 10 November 2018 - 04:15 AM

Good advice already given but would add there is no harm in checking your firewall has not somehow been turned off and the security features in your modem/router are still active.



#4 John_of_Ross_County

John_of_Ross_County

    Advanced Member

  • Members
  • PipPipPip
  • 663 posts

Posted 10 November 2018 - 08:30 AM

Several suggestions:

1] Use a different Username for each on-line account unless the service requires your e-mail address.

2] Use a unique password for each on-line account.

3] Logout from any sensitive financial on-line account and close the browser after each access.

 

Also, beware of potential spam e-mail where the only content is a website.  I get e-mails where the name of the sender is familiar, but the actual e-mail address does not match my address book entry and the message content is often just a website.  Sometimes the antivirus flags these messages.



#5 JoyceAE5

JoyceAE5

    Advanced Member

  • Members
  • PipPipPip
  • 165 posts

Posted 11 November 2018 - 06:21 AM

Thanks for all the feedback but everyone missed my point of concern. I use MalwareBytes, Ccleaner, Super Anti-Spyware and ADWcleaner on a regular basis plus I have an anti-virus program running all the time and my Windows firewall is active. I have run each of them a number of times and no threats have been found..So I think I am covered that way.

 

I wanted to know how people have been using RM while online to mitigate any sensitive data within their databases being accessible.I use Family Search all the time as well as Find-A-Grave and Ancestry to glean information that I need. I also have a lot of Living people in my database that I don't want anyone having access to but myself.

 

Hopefully this clarifies my concerns. Maybe I am being a bit paranoid as a hacker did manage to get a lot of my internet passwords (most of them have been changed). I have also ran a re-install of the Windows OS while keeping my programs and data so this might have cleared up any keyloggers that might have been installed..

 

Joyce



#6 Trebor22

Trebor22

    Advanced Member

  • Members
  • PipPipPip
  • 192 posts

Posted 11 November 2018 - 07:01 AM

 

 

I wanted to know how people have been using RM while online to mitigate any sensitive data within their databases being accessible.I use Family Search all the time as well as Find-A-Grave and Ancestry to glean information that I need. I also have a lot of Living people in my database that I don't want anyone having access to but myself.

 

 

 

Joyce

Its an interesting point, is your database more at risk online when its 'open' as opposed to not in use?

I had thought the risk, such as it is, was much the same with the file open or closed, a hacker might be able to copy or explore any of the files stored on your PC if they gain access in some way.

My approach to security is a 'general one' rather than special measures when RM is in use, I hope that is a sensible approach but would be interested to hear if others think otherwise!



#7 Jerry Bryan

Jerry Bryan

    Advanced Member

  • Members
  • PipPipPip
  • 3611 posts

Posted 11 November 2018 - 08:13 AM

I run all the standard anti-malware sorts of things. I use Boxcryptor to encrypt financial files on my computer (bank statements, my Quicken files, etc.). It had never occurred to me to protect my RM files with Boxcryptor, although it would be easy to do so. I guess I had worried more about my RM data that I put on the Internet than my RM data that's on my desktop. I just make sure that I don't put anything on the Internet that has data about living people.

 

Actually, I'm more worried about the RM mobile app than my desktop because I feel like my desktop is pretty well protected. The mobile app works with a copy of your entire RMGC file. There is not a selection mechanism to  put only living people on the mobile app, and indeed the mobile app is more useful if it does include living people. The only security on the mobile app is the security of the mobile device itself. I have considered putting a copy of an RMGC file on the mobile app that is an extract of my full RMGC file, and where the extract includes only living people. But so far I have stuck with keeping my whole RMGC file on my mobile device.

 

RM's Publish Online feature has the same issue as the mobile app in that it works with your entire RMGC file and there is not a selection mechanism for living people or anything like that. Publish Online does have a password, but I'm not sure how reassuring that is. It honestly feels like a bigger security risk than does my mobile device because it's "on the Internet". And my RMGC file is too big for RM's Publish Online feature anyway, unless I make a smaller RMGC file just for Publish Online. So I don't presently use RM's Publish Online facility.

 

Jerry

 



#8 robertjacobs0

robertjacobs0

    Advanced Member

  • Members
  • PipPipPip
  • 278 posts

Posted 11 November 2018 - 09:37 AM

You are worrying unnecessarily. Trebor22 is correct in suggesting that the risk is equal whether you whether RootsMagic is in use or not while you are connected to the internet. Indeed, I suspect that almost all of us use RootsMagic while connected without harmful results. And you seem to be maintaining a desirable level of security.