Robert, you are the best, NAS discovery Award 2024 goes to you this year, Thank you very much for sharing this with us, we have all become a little wiser thanks to you!
@hellolau I know, right? Well, it's still down and unusable. It seems that both QNAP and others were hit. It comes down to following yhe advice given in this series of videos no matter what NAS solution one chooses, no?
Sorry, but you made an oepsie right from the start! QuLog is nowadays installed by default, you can not stop it, remove it or install it for that matter. It is there when you install the later versions for QTS & QuTS Hero since quite some time now.... I guess you are better versed at Synology ;-) As for virus and vulnerabilities, generally speaking viruses infect because the user clicked on that file & executed it. With vulnerabilities, the attacker finds the "doors", holes & such without any user interaction. BTW, for completeness, Deadbolt attacked not only QNAP. The biggest issue for Deadbolt were the users and there were some issues how QNAP initially follow-up on that attack. Something which is not that uncommon nowadays, security is not always on the top of the agenda for manufacturers & vendors. The disabling of the admin-account is only happening when you start a new installation. If your QNAP has been around some time, the admin-account will often still exist and be active. You can change the system to disable that admin account and create a more safe admin-account.
@@nascompares No problem, just noted if when viewers start looking the download for QuLOG. There is another recent significant change that QNAP made I noticed; SMB is nowadays (since end of October 2024) an integral plugin/app for QNAP. (called SBM Service) I gather that way they can control the security (and updates). BTW, fun fact look into the outcomes for both QNAP & Synology in the latest ZDI meeting. 🙂 Security is not a thing but a way of living ...
QNAP NAS Setup Guide (2024) - Secure Your NAS from Vulnerabilities................. Rule #1 Don't buy a QNAP (Especially with their most recent security issues and responses)
@@nlrz313 Security researchers exposed Qnap for having massive security holes ...they patched it belatedly but only after external pressure then lied about what systems were affected... it's like they learned NOTHING from Deadbolt
This has been a recurring bu****it for several years now. QNAP has far more security than Synology ever had after the historical problem. And a lot of people have quickly forgotten about SynoLocker.
Best NAS channel that answers all questions, Even the ones I don’t think of! Thank you !
Thanks for having our backs. Very helpful information.
Thanks. I am beginning to wonder with all the content that you put out do you ever leave your little studio?
Robert, you are the best, NAS discovery Award 2024 goes to you this year,
Thank you very much for sharing this with us, we have all become a little wiser thanks to you!
TS-453D here and automatics update (system and app) never happen, for no reason. i always have to connect to the NAS and check for them.
Thank you! I was hit twice with ransomware (deadbolt then qlocker). Time to harden my environment! I like the idea of scheduled shutdowns!
Why did you choose to stay with QNAP even though your data was compromised twice?
@hellolau I know, right? Well, it's still down and unusable. It seems that both QNAP and others were hit. It comes down to following yhe advice given in this series of videos no matter what NAS solution one chooses, no?
Sorry, but you made an oepsie right from the start!
QuLog is nowadays installed by default, you can not stop it, remove it or install it for that matter.
It is there when you install the later versions for QTS & QuTS Hero since quite some time now....
I guess you are better versed at Synology ;-)
As for virus and vulnerabilities, generally speaking viruses infect because the user clicked on that file & executed it.
With vulnerabilities, the attacker finds the "doors", holes & such without any user interaction.
BTW, for completeness, Deadbolt attacked not only QNAP.
The biggest issue for Deadbolt were the users and there were some issues how QNAP initially follow-up on that attack.
Something which is not that uncommon nowadays, security is not always on the top of the agenda for manufacturers & vendors.
The disabling of the admin-account is only happening when you start a new installation. If your QNAP has been around some time, the admin-account will often still exist and be active. You can change the system to disable that admin account and create a more safe admin-account.
You are bang on about QuLog yes! Even though this vid was recorded a wee whole ago, that has been true for ages, yeah. My slip!
@@nascompares No problem, just noted if when viewers start looking the download for QuLOG. There is another recent significant change that QNAP made I noticed; SMB is nowadays (since end of October 2024) an integral plugin/app for QNAP. (called SBM Service) I gather that way they can control the security (and updates).
BTW, fun fact look into the outcomes for both QNAP & Synology in the latest ZDI meeting. 🙂
Security is not a thing but a way of living ...
Tk U for sharing
QNAP NAS Setup Guide (2024) - Secure Your NAS from Vulnerabilities................. Rule #1 Don't buy a QNAP (Especially with their most recent security issues and responses)
"Especially with their most recent security issues and responses" Can you tell me more ?
@@nlrz313 Security researchers exposed Qnap for having massive security holes ...they patched it belatedly but only after external pressure then lied about what systems were affected... it's like they learned NOTHING from Deadbolt
This has been a recurring bu****it for several years now. QNAP has far more security than Synology ever had after the historical problem. And a lot of people have quickly forgotten about SynoLocker.