There can be a fine line between malware and dubious applications, but NSO’s spyware Pegasus is so far past that line that you can’t even see it anymore.
We often hear of strains of distributed malware in third-party app stores, and sometimes they even make it past the gates and find them coming from official sources. What separates Pegasus from the rest is that it’s likely the most advanced spyware ever identified in the wild. The reason is simple; it exploits zero-day vulnerabilities in popular applications such as WhatsApp, iMessage and FaceTime to infect smartphones.
The NSO Group has been around for half a decade and specializes in selling government-grade spyware to a select pool of customers such as governments and law enforcement agencies. They’ve always asserted that law agencies and other institutions use their software for legitimate reasons. However, it’s challenging to find corroborating evidence since such agencies won’t admit to buying or using spyware.
It turns out that people can protect their iOS and Android devices from Pegasus if they only take one extra step.
Imagine a world without privacy
Spyware is a category of malware that grants third parties access to private information, including photos, files messages and call records from apps that are supposedly safe from such interference. The applications targeted by Pegasus are some of the most secure communication apps in existence: WhatsApp, Facebook, Twitter, Skype and Gmail.
Operators wielding this spyware would also be able to take screenshots, exfiltrate photos and directly access the phone’s camera and microphone. Since our smartphones are constantly at attention, attacks would have a 24/7 window into a target’s life.
The process of compromising a device begins with the exploitation of the software to circumvent the built-in safety features. Once the device has been “rooted” or “jailbroken”, an application can have unrestricted access to stored data and other apps running on the phone. However, the compromised mobile phone remains open to all types of attacks even after the government-sanctioned data collection program has finished.
Fortunately, there is still hope for people who use security solutions and take the precautions they need to guard their digital lives.
No one is safe from attack, but everyone can be protected
It is possible to protect our digital life by taking several common-sense measures that dramatically limit the success rate of a potential Pegasus attack:
Install applications from legitimate sources only. Avoid installing apps sent as links over messaging platforms, as they may be compromised.
Always install OS updates and security patches as soon as they become available. If you are planning to leave the country for a vacation or business trip, make sure that your device is fully patched before you leave your home. Most mobile phones don’t download bulky updates via 4G, particularly when roaming on a foreign network.
Set a pin- or pattern-based lock screen to prevent unauthorized physical access to your device.
Regularly check which apps have device administrator privileges on your device and revisit your security choices if needed.
It’s easy to think we’re all set if we have all these boxes checked. But attackers have been known to deploy zero-day vulnerabilities, which means they’ve managed to compromise fully patched and up-to-date devices.
This is also why you need a security solution to automate security decisions, such as Bitdefender Mobile Security app on iOS or Bitdefender Mobile Security for Android, which first identified the Pegasus spyware back in 2017 and, over the years, has constantly improved detection to keep up with this ever-improving spyware framework.
While mobile platforms give the impression of heightened security, Pegasus is a stark reminder that, as long as your device connects to the internet, it will never be safe as-is. The need for security solutions is now more evident than ever.
So it is that time again for me to praise the companies that provided great customer service over the last year and to name & shame those should be embarrassed at the abysmal excuse for customer service they have provided.
In the list this year we have.
Guru Cloud Hosting
Anker
People Per Hour
Zen Internet
Gradwell
Bitdefender
Europe Registry
Google
Trustpilot
THE GOOD
These are the companies who have impressed me the most and provided exceptional customer service, above and beyond what I would expect. I really wish there were more like this.
I transferred my web hosting to Guru in Feb 2019 after spending about 10 months (too long) with Siteground and finally getting fed up with their terrible customer service/support.
IT has now been almost 1 year with GURU and I still do not have a single complaint to make about them, which coming from me is quite a testament to how good they are. Unlike many hosting providers, they do not pass the buck at every opportunity (GoDaddy and SiteGround should learn this), they actually make every effort to help you and solve problems for you.
Also unlike most other hosts I have used, the support team are not jobsworths and do not give out incorrect or incompetent advice, at least not to date. Every support person I have dealt with actually has the requisite technical skills and knowledge and knows what they are doing.
Oh and the response times are very good as well, I have not yet had reason to complain that it took too long to get a reply to a support ticket. Sometimes it is annoying when they refuse to help via live chat and insist on opening a ticket. I know they do this for security reasons, but this could be avoided by simply asking for the security question/answer on the account, but that is literally my only qualm.
I have purchased a few Anker products over the last few years and so far I have been very happy with both the quality and customer service.
Back in 2018 I purchased an Anker ergonomic mouse due to developing RSI, but while it is a perfectly good product, sadly my RSI was so bad that it didn’t help. When I commented on this in my Amazon review, they contacted me directly and offered to send me an alternative mouse to see if that would help my RSI, completely free of charge.
I will note that I have since had physiotherapy for my RSI, and using this mouse is significantly better than a regular mouse, which causes me pain within minutes.
Fast forward to 2019, I started having some random problems with the mouse, it would just randomly freeze and stop moving and one of the thumb buttons stopped working. I contacted Anker support, not really expecting much since I expected it was out of warranty anyway.
Once again Anker offered to send me a replacement mouse, for free, no questions asked. So to date, I have now had 3 ergonomic mice from them and only paid for one of them.
This is well above and beyond the level of customer service you get from most companies, in fact I cannot think of a single other company that gone quite this far, except in a “we just want you to go away” type situation.
I do somewhat suspect that this may be in an effort to ensure they maintain positive reviews on Amazon, but they never asked me to adjust my original review, I chose to do that off my own back, so I am still happy none the less.
The Bad
These are the companies which while not a complete failure, have been disappointing, let me down on multiple occasions and could certainly do better.
Peopleperhour is a popular freelancer website which I have been using for the last year or so to do various freelance work such as IT support, PCI compliance testing, website design etc.
There are a number of issues with PPH, such as the extortionate 20% commission they take from the freelancers and then charge us 20% VAT on the money we are earning rather than charging it to the buyer, which I think is a complete rip-off, but that is another matter for another post.
When it comes to customer service, how good or bad it depends on your issue. For general enquiries and questions, the customer service is not too bad, the issue is when you have a problem with not getting paid, then you suddenly discover that PPH are completely biased toward the buyer.
I have had several instances where I have done work for someone on PPH, and they have decided to rip me off and not to pay me, which unfortunately is very easy as all the buyer needs to do is reject your invoice and it’s game over.
There is an escrow type deposit system, which PPH claims protects the freelancer, where you request a deposit amount, which the buyer must pay in advance when accepting a proposal. But in reality, it is useless and makes no difference whatsoever, as regardless of the deposit, the buyer can still just refuse to pay the invoice and request a refund of the deposit.
If you find yourself in such a situation, even if it is 100% clear that you have done the work, PPH customer service will do nothing to help and will side with the buyer every single time, even though it is the freelancer who pays their salary at the end of the day. We earn all the money, do the work and pay their commissions, but get nothing in return.
You will literally beat your head against a brick wall trying to get PPH support to see common sense or logic, they simply don’t care. Which is very backwards when you think about it logically, as pissing off a freelancer is going to lose them a lot more than pissing off a buyer.
The only response you can get from PPH is to “ask for a higher deposit”, which as mentioned above is completely pointless and only benefits PPH, as they can refuse to refund the deposit to the buyer as well, thus keeping the money for themselves.
PPH need to stop being so greedy, give more rights to the freelancers and treat us with more respect, as without us they would have no business.
I have been a customer of Zen Internet for about 15 years now. At my former company, we used Zen at the office, all staff had a Zen connection at home and I have also had Zen business at home for the last 10 years or so. During this time I have also referred many friends, colleagues and clients to them.
I chose Zen originally due to their massively positive customer feedback and reviews, and I stayed with them due to those reviews being true, i.e. the superior customer service and support and the reliability of the connection.
When Zen started offering mobile services as well, I transferred all our mobile contracts over to them too, expecting the same level of service. But alas this is where everything started to go downhill. it is the common issue where the bigger a company gets, the worse their customer service gets.
I had not needed to contact Zen customer service very often in the past, as we rarely ever had any issues with the broadband at the office or at home, but this changed with the mobile service and I found myself needing to contact them on a regular basis.
The customer service & support from the mobile team was absolutely terrible. Since they were basically just reselling EE, they couldn’t do anything directly, and just act as a man in the middle between you and EE, needing to contact EE customer service about every issue. So as a business service it is pretty pointless.
To cut a long story short, when I originally signed up I told the salesman I intended to use the service for business and personal use and it would be used by my wife and kids too and as such I asked about parental controls and the ability to block content etc. I was advised this was fine and that yes the parental controls Indeed existed and were available.
This advice I later learnt was completely wrong and when I had issues with the lack of security/parental controls I was quite rudely and arrogantly lambasted for giving phones to my kids, even though it was them who said their service was suitable for this. Needless to say that I transferred my mobile services away from Zen after this and I am now with EE directly, which so far has been a lot better service.
SO I certainly cannot recommend Zen Internet mobile for either business or personal use.
Sadly this was only the start of customer services going downhill, it does seem to have been getting gradually worse over the last few years, support has become less helpful, responses have become slower, often requiring emails to be chased for a response.
During a recent support issue, I was quite shocked when they sent me a loan router with absolutely no packaging or protection whatsoever. Turns out this is not a one-off either, as I discovered this is also how they post out brand new routers as well.
This is highly likely to result in damaged routers, which means any issues will automatically be blamed on your line, meaning you will be charged for an engineer call out since he will, of course, find no problem with the line.
Everyone knows how couriers treat parcels these days (especially Hermes) and everyone who posts packages on a regular basis knows that you have to use adequate protection in order to avoid items getting damaged in transit.
A recent issue with their sales dept essentially resulted in me cancelling a new order within 1 week, Zen then tried to blackmail me into a 24 month contract, which has left me very disappointed indeed considering how long I have been a customer, sadly proving once again that customer loyalty means nothing to some companies.
I no longer feel there is any benefit at all in paying more for their business service over a basic residential service and do not believe the customer service/support is any better as a result, but sadly they will not let me downgrade my service without being forced into a 24 month contract.
It is not yet bad enough to make me want to cancel my broadband services as the broadband service itself is still good and reliable and I rarely ever have issues, and I know many other providers have much worse customer service. But it is a real shame they have lost their great customer service USP.
just like Zen above, Gradwell is another provider who used to have really great customer services and was a pleasure to deal with, but this has gone downhill as the company has grown.
Once again I have been a customer of Gradwell for many years through multiple companies. I currently use them for both my business and my wife’s business and a personal VOIP number.
The once stellar customer service team have now become slow and unresponsive, regularly taking days or weeks to reply to tickets and often needing to be chased multiple times to get any response at all and getting through on the phone is equally as difficult.
When you do get a response they are often obtuse and disingenuous and require multiple back and forth (sometimes over several weeks) to get a more helpful response or a solution to the problem.
I used to be happy to recommend Gradwell to people, but I now find myself looking at alternative VOIP providers.
Bitdefender is one of if not the best anti-malware, cybersecurity product on the market. It does a lot more than most other AV products, has better protection and gets better detection scores. The other top spot contender is Kaspersky.
While I do concur that it is a very good product and I would recommend it as a cybersecurity solution for both personal and business use (not the parental controls though, this sucks), the customer service leaves a lot to be desired.
We all know that most level 1 tech support people working for large corporations are just monkey’s giving answers from a knowledge base and very rarely have any actual technical skills or know what they are talking about.
When you are dealing with a security product you somehow expect their support to be better than everyone else right? But no, the tech support/customer service really is quite useless for the most part. Often not understanding how their own product works and giving out completely wrong and bad advice.
Once you have gone through the hopeless level1 support, who will most likely get you to needlessly uninstall and reinstall the software, and eventually get escalated to level2 via a support ticket, expect to wait many weeks for any response.
When you do finally get a response from level2, they will usually just ask you for the same information that you already provided to the level1 tech in the first place, which you will then have to point out they already have, which they can see by simply scrolling down and reading the ticket history.
Don’t expect a speedy response from level, every time you reply, you will be waiting for weeks for a response, often needing to chase them when it seems they forgot about you.
If you are a very self-sufficient technical person, then you probably won’t need to contact support anyway, but if you are the average user, who is not good with IT and tends to contact tech support a lot, I would probably look for an alternative product from a smaller company with better support.
Almost all of the issues which I have needed to contact them about are related to their parental control features, which are completely useless, and I do not recommend using them.
These are the companies I have with who have the absolute worst customer services imaginable, in fact not even worthy to be called customer service.
I have worked with many different domain registrars over the last 20 years, from good to bad, but Europe Registry aka Instra Corporation Pty Ltd) is one of the worst, they are a complete nightmare.
To say their customer service and billing depts are incompetent would be a massive understatement. Dealing with them will leave you tearing hair out and screaming in frustration as they are unable to understand the most simple questions or perform the most simple tasks, requiring everything to be explained 10 different ways and repeated multiple times to multiple people.
I had a ticket open with this company requesting a very simple price update on a number of domains as we were being overcharged. All I wanted was for the price we were being charged to be updated to match the price on their website, simple right?
But this super simple request has dragged on for over 1 year and is still not resolved. IT took dozens upon dozens of emails and the involvement of multiple people, just to get them to understand this simple issue with the price. It then required sending them screenshots of their own website just to show them what their own prices were and demonstrate how they did not match our invoices. Honestly, it would have been easier to explain it to a 5-year-old child.
Another 10 months passed with no further responses or updates, and those very simple changes were still were not made. I chased them up recently and below is the final response I had from them, blankly refusing to update the prices (no discount was ever requested btw) and would thus continue overcharging.
Even if you have to pay more, I would recommend staying far away from Europe Registry and using another registrar for your own sanity.
I have been a Google g suite partner/reseller for many years, and for the most part Google technical support is pretty good, especially when you consider the mammoth size of the company. It is certainly a lot better than Microsoft support.
The issue is with partner support (PPS) and I use the word support here very loosely, as there really isn’t any, the dept seems to be run by fraggles. I cannot think of a single time I have contacted partner support about any issue where it has not been a complete nightmare.
It is completely impossible to reach partner support by phone. They do not have a phone number you can call them on and they absolutely refuse to call you. Even other Google depts, such as tech support cannot contact PPS by phone.
The only way to communicate with PPS is an email support ticket, which usually takes several weeks for them to respond to every email. There have been several occasions where I have had to chase them for months for a response and on some occasions had to resort to contacting an EMEA concierge because PPS simply wouldn’t reply.
When you do get a response, it is very unlikely that the person who responds will have any idea how to deal with your issue, and it will usually need to be escalated to multiple other people until they finally find someone who actually has any idea how anything at Google actually works, which takes weeks at best.
Believe it or not, it actually took me about 6 months just to get some reseller pricing for some specific g suite related addons. Not one single person in PPS knew what their own pricing was. I lost count the number of different people that got involved in the ticket and the number of times I had to re-explain what I wanted.
So if you have an urgent issue that only PPS can deal with, then you are literally screwed as the only thing you can do is open a ticket and hope that someone responds quickly, if at all.
Thankfully as a g suite end user / direct customer, you will never have to deal with partner support.
Everyone knows who Trustpilot are, and many know what a complete scam the site is, but not everyone has had the pleasure of dealing with their customer service team (aka compliance team).
If you are not aware of the nefarious and unethical way that Trustpilot runs their business and treats their users, then please read my Trustpilot – Can they be trusted article.
Since I regularly post reviews (good and bad), I sadly also have to regularly deal with Trustpilot compliance team whenever a legitimate review gets flagged for removal. Which is always a complete waste of time and an exercise in hair pullng, as the compliance team are dumber than a bag of marbles and always side with the paying advertiser no matter what evidence you provide to back up your review.
The only reason I even bothered to post reviews on Trustpilot at all is simply that it is so widely used and blindly trusted and some companies do not bother to monitor it or just don’t care because they get so many bad reviews it is too much effort, so your review stays intact.
I also post reviews on sitejabber.com which so far seems far more legit and to date, none of my reviews have been deleted, so I would recommend Sitejabber over Trustpilot any day. Of course I don’t know how they deal with malicious/fake reviews yet either.
On several occasions when I have posted a negative review about a company, the owner or representative of said company has retaliated by then posting false and malicious lies about me. Of course, getting these removed by the compliance team sheeple is nigh on impossible unless I am willing to sell my morals and sign up to Trustpilot as a paying business customer.
Trustpilot is likely going to re-appear on this list every single year as I cannot see their unethical practices changing any time soon. If you currently use Trustpilot, I suggest also posting your review son Sitejabber too.
It is probably no surprise to see Microsoft on this list, being one of the largest companies in the worst, they also have some of the worst customer services as well.
Every so often I will get a Windows issue that I cannot fix or has taken up too much of my time trying to fix and I will resort to contacting Microsoft support, as on the rare occasion you do find someone who actually knows what they are doing. Plus I used to have a support contract, so I could get escalated to level 2 after dealing with the level 1 muppets.
The most frequent issues I have had is with their family safety, which stops working on a regular basis on all of my kids machines and has been doing so since it was first introduced over 10 years ago. Their usual answer is always to delete all my kids accounts and start again.
In almost all cases the Microsoft level 1 support team have no idea what they are doing and will simply Google (or Bing) whatever issue you have contacted them about and just regurgitate that information or simply send you the link. 99.9% of the time I already tried everything they tell me to do since I already Googled it myself, or they tell me to do something which is complete nonsense and unrelated to my problem or even doesn’t apply to Windows 10.
If you are a non-technical person and thus will blindly follow the advice of MS tech support, they are very likely to make your problem worse or create new problems for you or make your entire system insecure.
They will also blatantly lie to you or give you ridiculous advice, especially the ones in India.
They will tell you they have escalated an issue to level 2, when they have done nothing of the sort and next time you contact them there will be no record of that conversation.
They will tell you that they are opening a case you and that someone will be in touch. You will receive an automated email with your ticket/case information, but nobody will ever contact you or respond to your emails if you reply to the ticket.
They will promise to call you back, but will never do so.
Live chat support will tell you to reboot your router or your PC, knowing full well it will end the live chat. Which is probably just a tactic to get rid of you because they do not know what else to do.
They will give you advice or take actions that leave your system in an insecure or unstable state.
For example, on one occasion when I allowed a tech to remote desktop into my machine, he enabled the default administrator account (with any password), disabled all my Microsoft services, including my firewall and my anti-virus, and told me the problem was solved, and left my machine in this state, telling me everything would be fine.
I can only imagine how many unsuspecting customers this so call Microsoft tech has “helped” by turning off all security and putting their entire system at risk, scary stuff.
I have been using QuickBooks for my billing & accounting for the last year or so, and the advice given by Quickbooks support is far too often completely wrong to the point of being incompetent and potentially damaging to your business, which is why I am listing them here.
My wife is a bookkeeper and manages numerous Quickbooks accounts for her clients and also has regular issues with the incompetent advice given by Quickbooks support and says her bookkeeping forums are full of similar complaints.
The primary issue is that the live chat support team often do not know how their own software works, which is the result of the bad advice. So you you need to be competent enough yourself with how such systems work to know when you are being given wrong/bad advice, otherwise, you have no choice but to accept what they are telling you.
Here is just one recent example.
I have all my recurring invoices setup to be paid by direct debit via Go Cardless. So the invoices are automatically generated by QuickBooks each month, and the request for payment is sent off to Cardless. When the direct debit is collected, GoCardless sends a notification back to QuickBooks, and the invoice is marked as paid.
I recently noticed that none of my invoices had been paid for an entire month, and upon further investigation, found that the GoCardless connection had been paused for some reason. I did not receive any notifications to tell me there was a problem.
When I contacted QuickBooks support they told me that none of this had anything to do with them. They advised me that invoices are generated by GoCardless and not QuickBooks, that GoCardless controls the connection and the integration and that they must have paused it and that any notifications should come from them.
They even advised me that they will simply mark all invoices as paid even if no payment is received, which left me rather horrified.
I knew none of this was true of course, but I contacted GoCardless anyway for confirmation. As expected GoCardless confirmed that their system does not and cannot generate invoices since it is just a payment gateway and not a billing system, which is exactly what I had told Quickbooks support.
They also confirmed that they do not control the integration and that is also handled by Quickbooks, nor do they have any way to pause a connection, even if they wanted to.
I then contacted QuickBooks support once again, armed with my responses from GoCardless to backup what I had already told them. This time however I spoke to someone on the phone, who was more competent on how their systems worked, and she confirmed that everything I had been told previously was completely wrong and misleading.
The only part that was confirmed to be true, is the fact that they will mark the invoices as paid, even if no payment is received, which is very worrying indeed. I have yet to see this happen, as all my invoices were simply showing as overdue, but this could certainly screw up your accounting as well as cost you a lot of money if you think your invoices have been paid, when they haven’t.
I have recently been using a new CRM system called Perfex CRM, and will likely be moving all my billing into this system and away from Quickbooks.
So I have been getting this annoying “You don’t have permission to save in this location” error crop up randomly in Google Chrome when I try to download files. When this happens the only location it would allow me to download to was the “downloads” folder. The issue would often go away after a reboot, but then it would come back again, it seemed very random and I was scratching my head for weeks over it.
Usually, I have been busy when I happened and did not have time to stop what I was doing and find the cause, so I just resorted to saving to the downloads folder and moving the files.
Today I decided I had enough and was going to find the cause. I started the google the error and found a bunch of crazy solutions telling users to change folder permissions and what not, which I definitely was not going to resort to. Then suddenly I remember my old friend BitDefender, my cyber-security/anti-malware software that runs quietly in the background and protects my system and quite often turns out to be the cause of my woes.
Now I am not bashing BitDefender, as it is a great security product, and it does what it says on the tin and I have it installed on every system in my household, and I also provide it as a manged solution for clients also. But annoying I have a habit of just forgetting that BitDefender is there or that it might be blocking things, and I am sure I cannot be the only one. So I recall that one of the features is that BitDefender protects certain folders from being changed, so I decided to go and check the activity and see if it was blocking chrome. Lo and behold there it was.
So all you have to do to fix this is to click the button and change it from “blocked” to “allowed”. Simples!
If you run any other anti-malware app such as Kaspersky or Symantec etc, that offers this same functionality, then simply check in the relevant settings.
Hopefully this might help anyone else suffer form this annoying problem.
Recent Comments