In the distant past, as a Mac user, I’ve been somewhat ambivalent to using anti-virus/anti-malware due to MacOS’ methods of supposedly going above and beyond to stop the user from running potentially harmful programs by accident. But as time has gone on, these methods haven’t been terribly effective and, as we have also seen, due to bugs within MacOS, it would be fairly trivial to do extensive damage to a Mac system. So it’s essential that all MacOS users have some form of anti-virus/anti-malware protection in place.

For the past few years, I’ve been running a mix of ESET Cybersecurity Pro, Bitdefender, and most recently, Sophos Home Premium. I found ESET to be painfully slow when accessing files via WebDAV or network file stores, and BitDefender’s main window keeps popping up whenever the Mac is started – which is very annoying. That said, performance wise, Bitdefender has been excellent across the network and local filesystems.

I’ve put my dad on my personal Bitdefender license (he runs Windows) because I have an unlimited device license which expires in two years time. He can manage everything easily within the application, or if I am ever needed, I can log into a central cloud based interface and take a look from there.

At work, I was tasked at finding a replacement for ESET which at the time was managed through a server application that was hosted on the Active Domain controller. I find ESET’s user interface to be a bit of a pain in the arse. So I explored a number of options, one of them being Bitdefender’s enterprise product. But I settled for Sophos Intercept-X Advanced with EDR because of its ability to drill down processes on endpoints to determine how malware gets into the network. We can enforce a number of policies relating to threat assessment, web browsing, device encryption, and along with how external devices are used. My only complaint with this system is that:

  • Device encryption is limited to OS support – so this includes Windows 10 Pro or better for BitLocker, and MacOS for FileVault. On the other hand, Sophos Central makes the management of BitLocker massively easier – including managing recovery keys and letting users set their own BitLocker passwords.
  • Firewall management is limited to Windows Group Policies. There is no support for the Mac. The system does not include any kind of third-party Sophos firewall which I feel would make it much easier to unify firewall policies across estates like ours which utilise Mac and Windows machines.

Sophos Central, the cloud based management system, makes managing all this very easy – and to keep an eye on who uses each machine and to identify any potential dodgy program or file. The endpoint client tends to keep itself maintained pretty well.

And all this has lead to Sophos Home Premium. Thanks to two beta programs I have been using a free license (which expires in February 2020) and it’s generally been pretty good. For the longest time that I can remember, Sophos never had a consumer product. Now we have something that shares a common core with its commercial brethren, including advanced ransomware protection.

Sophos Home Premium web interface is clean and elegant, yet lacking

There are a number of issues, however:

  • The Mac version of Sophos Home Premium is lacking some features from the Windows version. It’s also behind a number of point version releases.
  • The entire user interface is almost entirely controlled from a web front-end in which you’ll need internet access. You cannot add additional users to the account to allow them to manage their own machine (unlike Bitdefender).
  • Web filtering does not let you see the sites that it’ll filter – only by category. Neither can you add sites to be blocked, only exceptions.
  • Lack of options for Ransomware, along with other related functions – you can only provide exceptions to volumes and paths. Microphone and webcam blocking doesn’t allow for exceptions.
  • New activity is difficult to clear away. It gets a bit overly zealous whenever anything happens – good or bad.

Sophos Home Premium is quite pricey given the lack of control and everything being handled through the cloud (unlike the commercial version we use which has a number of offline options). While I appreciate the average consumer isn’t going to need a tonne of bells and whistles to tinker about with, having an advanced mode (online or offline) would be highly beneficial if anything needed to be whitelisted.

I’m sticking with Sophos Home Premium on my own Mac for now, and come February next year I’ll decide whether to remain with it, or move back to Bitdefender which has been my go-to anti-virus/anti-malware for the past year.

Yesterday, Hive Home suffered a major outage which prevented control of Hive systems remotely (from the app or the web site). Symptoms included being unable to log into the Hive web site and the app being able to control individual products.

Update: information on the recent outage can be found at The Register. I never received the apology email. No, it did not get sent to Spam. Checked G Suite’s email log. Nothing except the semi-regular updates which had been flowing normally since 14th March.

As you can see the Hive Home status page (which took them a while to update), it has been a rough ride. But thankfully the thermostat and the receiver continued to work manually. The lights? Not so much. Even now, the group of lights which I’ve allocated to my living room doesn’t appear in the circle view (yet they do in the list view) – but then again, I had to recreate the group because whatever is causing this problem nuked my groups.

Given the number of problems I’ve experienced with Hive Home over the past month or so, I am increasingly concerned that my decision to swap out my thermostat with the Hive system (which cost me £50 more than the quoted repair from British Gas) was a bad one.

Speaking of Centrica’s muck-ups, did I mention that I should have HomeCare with my boiler? I don’t appear to because:

  • No documentation was ever sent in the post, with the exception of confirming of cancellation of another HomeCare account which was created in error due to the circumstances of the thermostat being broken and they had to charge £99 for the call out first. It took Centrica THREE months to get that cancellation confirmation out.
  • No direct debits have been taken in respect to any HomeCare subscription, and never has any Direct Debit been established.
  • No options within my British Gas account as to any options relating to HomeCare.

The irony of all of this is that I’ve switched to a British Gas product with basic boiler and pipe protection and having had all this confirmed in emails, would suggest that HomeCare was never truly established on my account in the first place. Even worse – when the tarrif change was confirmed, the emails neglect to publish my address properly – having had previous British Gas correspondence sent to the wrong address in the not too distant past, this worries me.

In short: Centrica – sort your systems and processes out. They’re buggy, inconsistent, and horribly unstable.

In other news: I shall be shortly shouting big time at Sky who have charged me an early termination fee for Sky Broadband despite telling me by phone that I would not be charged an early termination fee for cancellation because (a) I was out of the minimum contract term and (b) I was eligible to cancel without penalty anyway because they announced price rises for their broadband.

Is it just me? As technology marches on, it gets buggier, less reliable and ultimately becomes a burden. It’s like a stupid SkyNet. Terminator 27: Stupid Day.

All of the following apply to MacOS Mojave 10.14.4, iOS 12.2 and mid-2018 MacBook Pro and late 2018 iPad Pro.

  • Facetime on the MacBook Pro. On my work Mac Mini, if I open Facetime to make a phone call via my iPhone, I can type the number directly into the Facetime app and it’ll dial it. On my MacBook Pro which I primarily use with the lid closed, I can’t – since Facetime expects the camera to be active and will stubbornly refuse to show the entry field. I have to use Contacts app instead. Additionally, Facetime tends to get the audio devices wrong, leaving me with the person I’ve called unable to hear me.
  • I have 150Gb worth of 4G data with EE across my iPhone XS Max and iPad Pro devices. If I want to download an app on the iOS app store that’s over 150Mb in size, iOS stupidly insists I connect to Wi-Fi. Let me use 4G if I want to. Don’t nanny me.
  • Wi-Fi performance needs some serious tweaking under both MacOS and iOS for modern devices. Performance is seriously underwhelming in 2018/2019.
  • Time Machine backups under MacOS when using an encrypted USB 3 disk is unbearably slow. If you backup weekly or monthly, the time it takes for Time Machine to complete backups is stupidly slow. 11 hours to backup 99Gb worth of data? Even if the throttle limit has been removed (via sysctl).
  • Remove user selection when using FileVault – stick with a username and password prompt because this has the ability to leak user info before the Mac has even booted. I understand the reason behind this, but it’s time to change things up a bit.

This weekend I wrap up the pain in the arse Nighthawk X10 router and send it back to Amazon. In its place is Ubiquiti Networks’ Amplifi HD, a wonderful boxy router that actually looks good wherever it’s positioned.

It’s interesting to note that Wi-Fi performance isn’t spectacular. I’m still trying to figure out whether this is a Wi-Fi thing, or whether it has to do with single-thread performance (not necessarily to do with Zen Internet).

I can absolutely max out my broadband’s 141Mbs download speed from the iPhone if I launch multiple downloads from iTunes (single download lands around 100Mbs). Speedtest.net shows around anywhere between 35Mbs-80Mbs (multi). Across the network (with MacBook Pro acting as server, connected via ethernet), it’s around 195Mbs.

The Mac, like the iPhone and iPad, can also saturate bandwidth on Wi-Fi if multiple threads from the likes of Steam and iTunes are running – but single threaded operations aren’t great. And I’ve never understood why this 2018 MacBook Pro keeps reporting back that the link speed is 54Mbs. The iPhone too seems to report back a poor receive rate of just 6Mbs from looking at the client stats via the Amplifi iOS app.

I’ve also not ruled out that the latest iPhones and Macs simply just have exceptionally poor Wi-Fi transceivers in them. Hooking the Mac up to one of the Amplifi’s HD 4 gigabit ethernet ports yields 141Mbs speedtest.net download results every single time. So I’m keeping the Mac on ethernet for the foreseeable future despite a bit of cable management bodge work.

Bodge job on the cable management here – but it’s to stop pressure on the USB-C port

That said, there have been no problems with the Hive home network since installing the Amplifi, and quite frankly, it looks good sitting in the middle of the room:

The LCD display can display time & date, total amount of data transferred, current speeds and port status.

Speaking of the Hive home network, they very kindly sent me a signal booster which sits in the middle of the room and ensuring – hopefully – a strong signal is sent between the thermostat and the Hive hub.

It’s tiny! Just plug it into an electrical socket, add it as a new device to your app and job done.

This weekend I’ll be adding a mesh point to the set-up. It’ll be located in the master bedroom and hopefully, will give me the strongest signal there. I have an Apple TV HD (3rd gen) which is connected via Wi-Fi. It’ll unlikely improve single thread performance again, but at least there will be no more Wi-Fi dead spots upstairs. If that works, I might need one more mesh point at the back of the house to ensure all over coverage.

No, Nighthawk. I’m not receiving you. I’m sending you back to Amazon!

My British Gas smart meter and Hive system went offline – again, and I’m putting the blame firmly on the Netgear X10 Nighthawk router – the one that looks like Hela from Thor: Ragnarok.

On Saturday morning I awoke to find that the British Gas Smart Meter had taken itself offline along with the Hive thermostat and receiver (and subsequently the app). Another call to Hive support eventually got things going again, but this time I was informed that the signal strength was all over the place.

However, I have a bone to pick with Centrica and Hive support – they’ve moved their support pages without setting up 301 redirects. The result is this – a massive SEO fail:

One problem I did have after getting the system back online was that one of the Hive lightbulbs had stopped responding. My living room’s front light. So I had to turn the lighbulb on and off 7 times before it reset and was able to be picked up by the Hive system again. As these lightbulbs act as a signal booster, I was wondering if these things had any part to play in all these problems. Whenever there have been a problem with the Hive system, the lights on my Netgear ProSAFE switch were constantly flashing – all at the same time – and in time with each other. Rebooting the Netgear Nighthawk fixed this, and things settled down to their regular on/off blinking.

So I decided to send the Nighthawk back to Amazon. And this is an odd thing. Amazon sent the thing via DPD. In order to return it, I have to drop it off at a Hermes drop-off place, or via the Royal Mail. It’d be nice, given the heft of the product, if Amazon could pick it up.

I’ve been using the Fritz! Box again for the past couple of days and haven’t had any dropouts from the British Gas smart meter or Hive. I am going to try the Amplifi HD mesh system which costs slightly less than the Netgear router, but should – hopefully – be a considerably better performer. The manufacturer of the system, Ubiquiti Networks, is a highly respected company within the networking community.

In fact, I specified and arranged the purchase of their UniFi system at work. And all that was based around on the antics of MarzBar (Alex Brooks) who, at the age of 18 set-up an entire WISP (wireless internet service provider) and uses Ubiquiti kit extensively. And here’s Alex explaining how the Amplifi system works: