Information Technology

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. 

On Wednesday, GitHub said the company received reports from Robert Chen and Philip Papurt, between July 21 and August 13, of security flaws impacting the packages via one of GitHub’s bug bounty programs, which give researchers credit and financial rewards for responsibly disclosing vulnerabilities to the vendor.  GitHub’s Chief Security Officer Mike Hanley says that these reports prompted GitHub to conduct its own review of tar and @npmcli/arborist, leading to the discovery of additional security issues.  The tar Node.js package is used to mimic the tar archive system on Unix, whereas @npmcli/arborist has been developed to manage node_modules trees. Tar is a core npm dependency for npm package extraction, and @npmcli/arborist is a core dependency for npm CLI. Node-tar has accounted for 22,390,735 weekly downloads, at the time of writing, whereas @npmcli/arborist has been downloaded 405,551 times over the past week.  In total, seven vulnerabilities have been verified through the bug bounty reports and the security team at GitHub’s findings: Tar: CVE-2021-32803, high impact: Arbitrary File Creation/Overwrite via insufficient symlink protection. A malicious tar archive could create/overwrite arbitrary files with the privileges of the process using tar. CVE-2021-32804, high impact: Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization. Malicious npm packages could create/overwrite files with the privileges of the user running the install, leading to code execution. CVE-2021-37701, high impact: A path separator issue in file names could lead to malicious tar archives creating/overwriting arbitrary files with the privilege levels of the process running tar. CVE-2021-37712, high impact: Unicode conversions and Windows 8.3 file name semantics could cause directory cache poisoning and symlink check bypasses, leading to arbitrary file creation and overwrite. CVE-2021-37713, high impact: Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization. Malicious npm packages could create and overwrite files outside of their installation root, with user privileges. 

@npmcli/arborist: CVE-2021-39134, medium impact: An issue in how symbolic links within the node_modules tree are handled. Exploitation could result in malicious packages overwriting files outside of an installation root with user privileges. CVE-2021-39135, medium impact: This vulnerability also impacts symbolic link handling, specifically when untrusted packages are installed on case insensitive file systems.”CVE-2021-32804, CVE-2021-37713, CVE-2021-39134, and CVE-2021-39135 specifically have a security impact on the npm CLI when processing a malicious or untrusted npm package install,” GitHub says. “Some of these issues may result in arbitrary code execution, even if you are using –ignore-scripts to prevent the processing of package lifecycle scripts.” To make developers aware of these bugs, GitHub created 16.7 million Dependabot alerts and released 1.8 million notifications.  GitHub has requested project managers that use npm CLI and download it directly to upgrade to v6.14.15, v7.21.0, or newer. If Node.js is in use, the organization recommends an upgrade to the latest releases of Node 12, 14, or 16, all of which contain patches to resolve the security flaws. Tar users are now able to upgrade to versions 4.4.19, 5.0.11, and 6.1.10. The latest version of @npmcli/arborist available is 2.8.3. Chen and Papurt have been awarded a combined bounty of $14,500 for their reports.   Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Microsoft has revealed that it has fixed a bug in its Azure Container Instances (ACI) service that may have allowed a user to access other customers’ information in the ACI.    ACI lets customers run applications in containers on Azure using virtual machines that are managed by Microsoft rather than managing their own.   

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

Researchers from Palo Alto Networks reported the security bug to Microsoft, which recently addressed the issue.  SEE: The CIO’s new challenge: Making the case for the next big thingMicrosoft said in a blogpost there was no indication any customer information was accessed due to the vulnerability — both in the cluster the researchers were using or in other clusters. “Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data,” it said.Nonetheless, it has told customers who received a notification from it via the Azure Portal to revoke any privileged credentials that were deployed to the platform before August 31, 2021. 

Ariel Zelivansky, researcher at Palo Alto, told Reuters his team used a known vulnerability to escape Azure’s system for containers. Since it was not yet patched in Azure, this allowed them to gain full control of a cluster. Palo Alto reported the container escape to Microsoft in July.  Even without vulnerabilities, containerized applications, which are often hosted on cloud infrastructure, can be difficult to shield from attackers. The NSA and CISA recently issued guidance for organizations to harden containerized applications because their underlying infrastructure can be incredibly complex. SEE: Open source matters, and it’s about more than just free softwareMicrosoft noted that among other things admins should revoke privileged credentials on a regular basis.Microsoft disclosed a separate Azure vulnerability two weeks ago affecting customers running NoSQL databases on Azure, which provides the Cosmos DB managed NoSQL DB service. A critical flaw, dubbed ChaosDB, allowed an attacker to read, modify or delete databases.   More

Image: Asha Barbaschow/ZDNet
ANZ New Zealand’s internet banking app and website was offline as it dealt with a cyber attack.The app and website issues are now online again, with the bank saying in a tweet that the issues were resolved by 2:27pm AEST.”Kia ora whanau! The outage across our online services has been resolved. Again thank you all for your patience and understanding,” ANZ tweeted.ANZ was among a number of organisations hit by a cyber attack yesterday, which also reportedly took down the Kiwibank, MetService, New Zealand Post, and Inland Revenue websites. New Zealand’s cybersecurity agency Cert NZ tweeted yesterday that a number of New Zealand organisations were being targeted by a distributed denial of service (DDoS) attack. Cert NZ said it was monitoring the situation and working with affected parties. While most of these sites were back online by Thursday morning, ANZ New Zealand was still working towards resolving the outage.

“Kia ora, as you’ll be aware we are still experiencing outages in channels, all hands on deck are working on this!” ANZ New Zealand said in a tweet earlier today. The bank clarified, however, that ANZ ATMs, Eftpos, credit and debit cards, automatic payments, bill payments, and direct debits are working. Last year, the New Zealand Stock Exchange (NZX) was forced offline for almost an entire week due to DDoS attacks that hit the exchange.The NZX attack was attributed to a criminal gang that has launched DDoS attacks against some of the world’s biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. Updated at 3:51pm AEST, 9 September 2021: ANZ’s online issues are now resolved. Related Coverage More

Image: Getty Images
The inventor of the World Wide Web, Tim Berners-Lee, has joined the advisory board of hosted email service provider ProtonMail.In a statement, ProtonMail CEO and founder Andy Yen said the addition of Berners-Lee to the company’s advisory board was aligned with its goal to “create an internet where people are in control of their information at all times”. “Our vision is to build an internet where privacy is the default by creating an ecosystem of services accessible to everyone, everywhere, every day,” Yen said.Yen said the company already had a past relationship with Berners-Lee, explaining that the idea of ProtonMail was initially conceived at CERN, the European Organization for Nuclear Research, where the World Wide Web was created.The addition of Berners-Lee comes almost immediately after ProtonMail received flak for giving a climate activist’s IP address to French authorities to comply with a Swiss court order. Addressing the logging of the IP address in a blog post earlier this week, Yen said all companies have to comply with laws, such as court orders, if they operate within 15 miles of land.”No matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law,” Yen said.

Since the incident, ProtonMail has changed its privacy policy to state that the company can be “legally compelled to log IP addresses as part of a Swiss criminal investigation”. Previously, the company’s website said that, by default, it did not keep any IP logs that could be linked to an anonymous email account. In making the change, ProtonMail apologised for its previous wording and said it clarified ProtonMail’s obligations.ProtonMail currently has 50 million users.RELATED COVERAGE More

Always prepared. Always.
Photo: Michael Krigsman
I’m not sure I remember what life was like before Covid came along.

more Technically Incorrect

Somehow, it’s invaded every form of behavior, in one way or another, and emerging from it seems an unlikely dream.I’ve been wondering, indeed, how the people who hold our systems together — IT professionals — managed to keep our systems together as everything seemed to crumble.This recurring thought invades my mind every time I hear of a new corporate hack — hullo, T-Mobile, your faces aren’t deep pink, they’re magenta, right?With constant invasions from those who’d do harm, and constant missteps caused, at least in part, by so many working from home, IT Whack-a-Mole becomes more like a headspinning Whack-a-Hole. It must be eternally maddening. Or is it.You see, I just stumbled upon a relatively recent survey that revealed the surprising innards of the IT mind.

Conducted on behalf of OpenSystems, which styles itself as a “cybersecurity service innovator for future-ready enterprises,” the survey offered the promise of today-ready psychological insight. It was entitled: “What IT Pros Are Feeling, Doing and May Be Overlooking in the Post-Pandemic Environment.”During the pandemic — which doesn’t feel all that post- to me — several things I’ve felt and done have caused me to overlook far more important things I haven’t felt and done. My feelings of inner despair for humanity, for example, have led me to overlook several things on my grocery shopping list.While the survey dwelled on how there’s been an increase in cyberattacks and how the pressure on IT professionals has never been greater, it also offered one overarching, and frankly beautiful, conclusion: 90% of these 210 IT professionals insisted they’d been mostly or somewhat prepared for the pandemic.I stared at that and thought: “IT professionals truly are special people. They’re undervalued. They’re occasionally derided. Inside, however, beat minds of steel. So much so that I can’t understand why more superhero movies don’t have IT professionals as their main characters.”I fear you might think I’m jesting. But here’s a survey from last year — deep in the heart of the pandemic — in which IT leaders claimed, quite openly, that they hardly ever get things wrong.As you unfreeze your jaw, may I offer you more? 55% of the IT professionals in the OpenSystems survey said they were perfectly prepared for the pandemic because they had already established “better processes.”Should one conclude, therefore, that these processes really did include dealing with a mass exodus of millions of employees from offices and into large houses, tiny bedrooms, cramped kitchens, shared living spaces and, yes, Idaho?It must have taken an unusual prescience, most often seen in kingmakers, oddsmakers and post-rationalizers.Perhaps most staggeringly, a mere 22% of these IT professionals declared that, now that they’ve endured the pandemic experience, they’re evaluating their organization’s incident response plans.Please don’t be concerned. Well, too concerned. We’re all in good hands. There may be a few kinks in the firmament here and there, but it’s all going to be fine. More

Researchers are tracking a campaign that is both promoting the Chinese government and encouraging real-world protests surrounding the COVID-19 pandemic in the United States.

On Wednesday, Mandiant Threat Intelligence said the pro-People’s Republic of China (PRC) network was first discovered in June 2019. At the time, the network composed of a web of inauthentic accounts on social media platforms — including Facebook, Twitter, and YouTube — used to slam pro-democracy protests in Hong Kong.  Fake propaganda networks are nothing new. Companies including Facebook are constantly detecting and wiping them out, but others take its place as soon as one vanishes.  This campaign, however, has captured the interest of cybersecurity researchers due to its rapid increase in size and “multiple shifts in tactics,” as observed by Mandiant.  Past reports on this misinformation group have noted that those responsible generate photos for fake profiles, spread different stories concerning COVID-19 and US political events, and were widely critical of Guo Wengui, a businessman and high-profile activist who is critical of the Chinese government.  Now, it appears that the campaign is far more extensive than previously believed.  One of the more disturbing aspects of the pro-PRC network is evidence that the group has actively spread content designed to incite protests in the United States in response to the COVID-19 pandemic. 

The researchers emphasized there is “no evidence” of these activities succeeding.”This direct call for physical mobilization is a significant development compared to prior activity, potentially indicative of an emerging intent to motivate real-world activity outside of China’s territories,” Mandiant says. “We believe it is important to call attention to such attempts and for observers to continue to monitor for such attempts in future.”According to Mandiant, the pro-PRC information network is no longer limited to English and Chinese content posted to a few platforms. Instead, the campaign is now being conducted in seven languages and includes content posted in Russian, German, Spanish, Korean, and Japanese.  In addition, Facebook, Twitter, and YouTube are not the only target platforms in play. The operators are present on 30 social media services, including Vimeo and TikTok, and at least an additional 40 websites and forums.  “While some platforms have hosted hundreds or thousands of accounts in the network, other platforms have hosted a smaller number,” the researchers say. “Collectively, these observations suggest the actors behind this campaign have significantly expanded their online footprint and appear to be attempting to establish a presence on as many platforms as possible to reach a variety of global audiences.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

ZDNet Recommends More

Tampa hosts one of the most diverse cultural, architectural, and economic landscapes in Florida. Despite such prosperity, Tampa’s residents are not excluded from being victims. In this article, we prioritized the best home security systems Tampa has to offer. In our analysis, we involved monitoring services (professional and self-monitoring), pricing, ease of installation, equipment quality, as well as how customers rated their experience with a particular provider’s service.We know there is a myriad of options that appear to fog your lens to understand the best home security Tampa can provide you, so we’ve reduced the best national home security providers while providing insight on their services. Arranging home security providers according to their pros and cons, we hope to support you in fortifying your home and ensuring that uninvited guests will always be many steps behind.Here is a comparison of our top picks for the best home security system in Tampa:SimpliSafeAbodeArloRingBlue by ADTReviews.com Score4.44.2544.23.6Monitoring prices start at$0.50/day$0.20/day$2.99/mo. (1 camera)$10/mo.$19.99/mo.Contract lengthNoneNoneNoneNoneNoneCamerasIndoor/Outdoor/DoorbellIndoor/Outdoor/DoorbellIndoor/OutdoorIndoor/Outdoor/DoorbellIndoor/Outdoor/DoorbellSensorsDoor, window, motion detection, water damage monitoring, temperature sensorDoor, window, motion detectionDoor, window, motion detection, spotlight, floodlightDoor, window, motion detection, spotlight, floodlight, flood and freeze sensor, panic buttonDoor, window, motion detection, smoke and carbon monoxide sensorSmart home capabilityGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon Alexa, Apple WatchGoogle Assistant, Amazon AlexaGoogle Assistant, Amazon Alexa, Apple HomeKitControl panelA mobile app, key fobs, keypadsA mobile app, key fobs, keypadsMobile appMobile appA mobile app, keypad integrated on hubs*Information accurate as of March 2021

Best overall home security system

Shutterstock

Reviews Score: 4.4 | J.D. Power: 889* | Contract requirement: No |Why we chose itSimpliSafe went the smart route and made a customizable system, enabling customers to contour their home security system around their floor plan. Furthermore, monitoring plans are only $0.50 a day ($15 a month), and SimpliSafe is the highest rated home security system by J.D. Power.Pros:Plan options for almost every homeBudget-friendly in the long runDIY is simple, yet professional install isn’t unreasonableCons:Customer service leaves room for improvementAdd-ons to plan may become too expensiveUpfront costEquipment availableEntry sensorMotion sensor105dB sirenSmart lockWireless, keypadKey fobPlans & pricingStandard Monitoring: $0.50/dayInteractive Monitoring: $0.83/day

Best for smart home integration

Abode

Reviews Score: 4.25 | J.D. Power: N/A | Contract requirement: No |Why we chose itIf you like Alexa or Google to run your home while you sit in peace on the couch or in bed, Abode connects to popular smart home devices and arm your security system for you.Pros:Inexpensive compared to competitorsNo forced contractsGood monitoring for the priceCons:Fee for contract/early terminationRefunds could be betterWarranty is limited to a yearEquipment availableRecessed window and door sensorGlass break sensorMotion sensorsOutdoor cameraIndoor cameraSirenPlans & pricingStandard: $0.20/dayPro Plan: $0.66/day

Best for high-quality cameras

Shutterstock

Reviews Score: 4 | J.D. Power: N/A | Contract requirement: No |Why we chose itArlo includes cameras that will even impress the tech-savvy with a product line that seems almost too state-of-the-art. Despite being a younger company, Arlo is earning a robust reputation as a national brand.Pros:4K-video historyContinuous footageCameras have more technical featuresCons:Cameras are expensiveIt doesn’t offer door and window sensors24/7 monitoring brings up pricingEquipment availableIndoor cameraOutdoor cameraSolar panel cameraSmarthub MountsChimePlans & pricingSmart: FreePremier: $2.99/mo. (1 camera) or $9.99/mo. (up to 5 cameras)Elite: $4.99/mo. (1 camera) or $14.99/mo. (up to 5 cameras)

Best for security sensors

Ring

Reviews Score: 4.2 | J.D. Power: 882* | Contract requirement: No |Why we chose itRing’s sensors could catch almost any event in your home, from flood to freezes and carbon monoxide leaks. It’s not just security from break-ins, but from disasters as well.Pros:Installation requires less than 20 minutesAffordable compared to other smart home packagesSimple pricing for subscription supportCons:It doesn’t have a quality appearance compared to competitorsGoogle support can be problematicWiFi connectivity can be poorEquipment availableIndoor cameraOutdoor cameraWindow sensorDoor sensorMotion detectorPanic buttonPlans & pricingBasic: $30/yearPlus: $100/year

Best for professional monitoring

Shutterstock

Reviews Score: 3.6 | J.D. Power: 880* | Contract requirement: Yes | Why we chose itAlthough professional monitoring costs are higher than competitors at $19.99 a month, Blue by ADT monitoring alerts authorities, sends alerts to your phone, and has cellular backup for camera footage.Pros:High-quality monitoring servicesBrand recognition deters crimeContract offers longevityCons:Costly up-front expensesCancelation feesMust have contractEquipment availableHubIndoor cameraOutdoor cameraDoor sensorsWindow sensorsMotion sensorPlans & pricingDIY monitoring: FreeProfessional Monitoring: $19.99/mo.

Home security in Tampa: What you need to know Tampa, Florida, crime statistics In Tampa, the largest rates of crime fall under four major categories. The largest category is aggravated assault, polling nearly 2100 incidents in 2020. The second-largest is car burglary, reaching almost 1250 crimes during 2020. The third-largest is burglary, almost reaching 1000 incidents during 2020. The fourth-largest category is car theft, capping at nearly 600 incidents in 2020. Burglary and car burglary often occur in residential areas where criminals furtively take advantage of the night’s lower visibility.In 2002, crime rates in Tampa reached 35 380 crimes in total.In 2020, 325 robberies occurred.In 2019, burglaries reached a total of 1022 crimes.Research your neighborhoodHistoric Kenwood is the loudest bell that rings in the mind when talking about Tampa. The St. Petersburg Police Department protects an area that hosts homes dating back to the 1920s, the architecturally rich homes in Historic Kenwood. The St. Petersburg Police Department also protects the city’s single-family homes, townhomes, and luxury highrises. West Tampa boasts a diverse melting pot of cultures, huddled among business districts and employment centers. The residential neighborhood there is protected by the City of Tampa Police Department. Hyde Park has emerged as the trendy, go-to city for those seeking a metropolitan community. Considered the affluent centerpiece of Tampa, the neighborhood of Hyde Park is protected by the Tampa Police Department, as well.To research your Tampa neighborhood, you can use this crime map for more information.Register your home security system in Tampa

When preparing your home for its new security system, don’t forget that you are required to register your home security system with the City of Tampa. Remember to do this once your system is set up but not too long after your home security’s installation has occurred. Below is a list of steps to help get your home’s security system in compliance with the City of Tampa’s ordinances:1. Open your browser and visit the City of Tampa’s False Alarm Program page.2. Once you have arrived, download and complete the Alarm User Registration Form under the heading “What can you do to reduce false alarms?”3. Upon completion, print the form and mail it to the address listed here: City of TampaAttn:  A/R & Billing – Police False Alarms306 E. Jackson St., 050A7ETampa, FL  33602How to choose your Tampa home security systemInterior/exterior cameras: It’s worth noting that any home security system’s exterior devices should be rated for Tampa’s climate. Tampa is hot and humid almost year-round, bringing in rain and showers almost weekly. Is the camera that you want to install capable of tolerating Tampa’s harsh relative humidity? Instead of prioritizing the aesthetic of a device, make sure that your home security implementations exposed to Tampa’s climate will operate and not fail.Control panel: Usually, control panels and interfaces are pretty straightforward. For users with poor dexterity, or poor vision, consider using an interface with the least interpretation possible. Getting lost in the settings can be nice for someone who can harness and appreciate fine-tuning, although most would like a relatively autonomous system that is ready from the start. We recommend acquiring a limited interface control panel or devoting time to learn how to use the control panel effectively, especially if you have to enter a sequence of commands, or characters, to deactivate a false alarm. Compatibility: Almost all smart hubs offered in home security systems support Android, Google, and iOS operating systems. An operating system can be unsupported by a security system, although the circumstance is incredibly rare, excluding a demographic entirely. Regardless, make sure your phone is supported by researching the provider that interests you and even calling them for more insight.Storage: For those living in areas where foot traffic is frequent or wildlife is a natural part of the area, your motion-activated camera may be triggered unnecessarily and perhaps even too often. This can rack up video data, filling up your storage capacity. If you prefer to remain in your current data plan and video storage limits, our first suggestion is to orient the camera so that its field of view is limited to the points of entry of your house. This will prevent any motion that is not related to your home from being captured. Alternatively, you may consider increasing your storage capacity. For the sake of overall security, this is the preferred route. Sure, it may cost more, although keeping a view of your home and its surroundings can help increase accountability if a crime occurs and is recorded. Increased storage space means you won’t have to worry about data management and superfluous data monitoring.Window/door sensors: Tampa is hot, humid, and beautiful. The area’s beauty won’t affect your window or door sensors much, although the climate certainly will if any device’s specifications aren’t prepared for it. All devices, especially sensors, should be waterproof and capable of operating a little over 103 degrees Fahrenheit. Local vs. national companies Pros of local security companyKnowledgeable of the local areaQuicker emergency dispatchingNegotiable termsCons of local security companyLimited warrantiesReputation could be terribleSub company for larger corpPros of national security companyThe strong name behind the companyStable among competitionMore space for warrantiesCons of national security companyOvercharge for packagesDelay in installation or serviceMay not know the area wellTampa home security systems FAQ 

What’s the most cost-effective home security system?

The most cost-effective home security system is SimpliSafe. Despite Blue by ADT offering a tremendous package that is actually cheaper when the benefits are compared to competitors, Simplisafe has the best overall cost-to-effectiveness ratio when one wants to get the job done without a hefty upfront cost, all while providing the benefits that are often sought after.

How much is ADT a month?

Including its basic package for the devices, ADT’s Secure Package costs about $55.99 per month. Without its package, monitoring alone costs $45.99 per month. However, Blue by ADT only costs $14.99 a month for professional monitoring

What’s the best and least expensive home security system?

Abode is the best home security system for the least amount of money. Its upfront cost is only $20 more than its competitors; Abode skips the unnecessary all-in-one packaging while giving you a base security system with monitoring capabilities.

Methodology We evaluated home security companies based on equipment cost, monthly costs, contract options, installation and customer satisfaction to determine Reviews.com scores and create our best home security reviews. To compare home security companies with other providers across the board, we calculate each Reviews.com score based on the following:Monthly Price: The lower the cost of a home security company’s monthly contract, the higher the score. Inversely, the higher the cost of the monthly contract, the lower the score in this metric. Equipment Cost: Affordability is important with home security, so we awarded higher scores to home security companies with lower equipment prices.Contracts: Reviews.com reviewed the flexibility in contracts of the home security companies. The more flexibility, like having no contracts to bind customers for long periods, the higher the score. Customer Satisfaction: With J.D. Power’s 2020 Home Security Satisfaction Study, we assigned a score to each company based on the rating it received.Installation: Like with contracts, we award higher scores to companies with flexible installation options, like DIY or professional options. More

To find the best home security companies Dallas has to offer, we reviewed each of the following brands based on affordability, monitoring capabilities, equipment availability, and integration capabilities with smart devices. While none of these Dallas alarm companies is perfect, each of them offers an intuitive experience, whether that be a professional or DIY install. Our favorites of the bunch we reviewed — SimpliSafe, Ring, Abode, Arlo, Blue by ADT, and Cove — offered high-tech equipment, round-the-clock monitoring services, and easy DIY options. In a word, these home security systems Dallas provides made us feel safe.Here is a comparison of our top picks for the best home security system in Dallas:SimpliSafeRingAbodeArloBlue by ADTCoveReviews.com Score4.44.24.2543.63.5Prices start at$184.99$199.99$199.99$129.99$179.99$122Contract lengthNo contractsNo contractsNo contractsNo contracts36 monthsNo contractsCamerasIndoor/DoorbellIndoor/Outdoor/DoorbellIndoor/Outdoor.DoorbellIndoor/OutdoorIndoor/Outdoor/DoorbellIndoorSensorsEntry sensor, motion sensor, glass break sensor, panic button, smoke detector, water sensor, temperature sensorDoor,window,motion detection, spotlight,floodlight,flood and freeze sensor,panic buttonDoor, window, motion detection, door sensor, window sensorDoor,window,motion detection,spotlight,floodlightDoor, window, motion detection, smoke and carbon monoxide sensorDoor/window sensor, motion detector, panic button, glass-break detector, smoke/heat/freeze detector, flood sensor, carbon monoxide detectorSmart home features105dB siren, smart lock, pro-set-up help, smart home support through third party systemsSmart home integration with Z-Wave supportSmart home integration through the custom engine (CUE), third party smart software supportSmart home support through their proprietary hub selectionSmart home integration with Z-Wave hubKey remoteControl panelWireless, keypad, key fob, base station, mobile app, key fobMobile appThe mobile app, key fob, keypadMobile appThe mobile app, keypad is integrated on the hubThe mobile app, touchscreen alarm panel*Information accurate as of May 2021

Best for flexibility

Shutterstock

Reviews Score: 4.4 | J.D. Power: 889 | Contract requirement: No | Why we chose itIf you want to keep your home and loved ones safe but aren’t a fan of home security prices, SimpliSafe is a strong as well as flexible option. SimpliSafe offers 24/7 professional monitoring services and gives customers wanting to save money the option to monitor their security system themselves.Pros:Easy, DIY installation optionDIY monitoring optionNo required contractsCons:No outdoor camera optionsExpensive video storage feesLimited integration optionsEquipment availableMotion sensor105dB sirenSmart lockWireless, keypadKey fobEntry sensorPlans & pricing:Foundation: $229Essentials: $259Hearth: $374Knox: $449Haven: $489

Best for ease of use

Ring

Reviews Score: 4.2 | J.D. Power: 882 | Contract requirement:No | Why we chose itRing’s straightforward DIY approach makes the home security company a top contender for those looking to protect their homes. While not perfect, Ring’s affordable pricing and lack of contracts make it an attractive option.Pros:Quick, easy installation processAffordable packagesSimple pricing for subscription supportCons:Poorer performance compared to competitorsGoogle support can be problematicThe basic plan offers no professional monitoring servicesEquipment available:Outdoor cameraWindow sensorDoor sensorMotion detectorPanic buttonIndoor cameraPlans & pricingBasic: $30/yearPlus: $100/year

Best for budget

Abode

Reviews Score: 4.25 | J.D. Power: N/A | Contract requirement: No |Why we chose itAbode security plans are a great option if you don’t want to break the bank on a home security system but still want the peace of mind it offers. Unfortunately, its limited integration capabilities with smart devices can be a big frustration.Pros:Inexpensive costsNo security contractsOffers DIY and professional monitoringCons:Early termination fees applyRefund options are lackingWarranty is limited to a yearEquipment availableGlass break sensorMotion sensorsOutdoor cameraIndoor cameraSirenRecessed window and door sensorPlans & pricingStandard: $6/mo.Pro Plan: $19.80/mo.

Best for technical features

Shutterstock

Reviews Score: 4 | J.D. Power: N/A | Contract requirement: No |Why we chose itUninterested in monitoring your home security system yourself but don’t want to pay an arm and a leg? Arlo’s professional monitoring systems are some of the cheapest plans on the market and come with some impressive camera equipment.Pros:Offers 4K-video footage capabilitiesGood BBB ratingsInexpensive plansCons:Costs extra for 24/7 monitoringIt doesn’t provide products like doors and windows sensorsExpensive camera equipmentEquipment availableIndoor cameraOutdoor cameraSolar panel cameraSmarthubMountsChimePlans & pricingSmart: freePremier: $2.99/mo.Elite: $4.99/mo.

Best for most rounded features

Shutterstock

Reviews Score: 3.6 | J.D. Power: 880 | Contract requirement: Yes | Why we chose itAs one of the longest-running security system companies, ADT has a long, trusted history with a solid variety of plan options for home security. Despite being one of the few security system companies requiring a contract, Blue by ADT offers extensive hardware options.Pros:Quality professional monitoringQuick installations and repairsMoney-back guarantee for first six monthsCons:Requires a long contractCancellation feesPoor BBB customer service ratingsEquipment availableHubIndoor cameraOutdoor cameraDoor sensorsWindow sensorsMotion sensorPlans & pricingBuild Your Own System: $179.99Starter System: $219.99Starter Plus System: $299.99

Best for customizing

Cove

Reviews Score: 3.5 | J.D. Power: N/A | Contract requirement: No |Why we chose itFounded in 2018, Cove is new to the home security scene, but that by no means makes it a non-valuable player. Cove’s BBB customer ratings are impressive, to say the least, and its easily customizable security plans make it a dream for customers who want more control over their home security setup.Pros:No contractsCustomizable plansStellar BBB customer service reviewsCons:No professional installationLimited app functionsLimited integrationEquipment availableDoor/window sensorMotion detectorPanic buttonYI Indoor CameraKey remoteTouchscreen alarm panelPlans & pricingCove Basic: $15/moCove Plus: $25/mo

Home security in Dallas: What you need to know Dallas, Texas, crime statisticsYour city’s overall crime rate and common types of crimes can provide better insight into how to keep your home safe. However, keep in mind that crime stats only offer a piece of the entire puzzle. In Dallas, Texas, the crime rate is twice as high as the national rate, which is understandable given how large a city it is. Unfortunately, in Dallas, you have a 1 in 29 chance of becoming the victim of a property crime. Here are a few more statistics to bear in mind:34 out of 1000 residents of Dallas are victims of property crimesNearly 7 out of 1000 people in Dallas will experience a burglary20 out of 1000 people in Dallas will experience a theftResearch your neighborhoodThe type of home security system you’ll need will depend on what kind of neighborhood you live in. Be sure to research your neighborhood to see how likely it is that you’ll experience a crime and what kind of crimes are common in your area. If you live in a low-crime neighborhood, you may only need a basic security setup. However, if burglary is a concern where you live, you may want to consider a complete home security package. Most of the safest neighborhoods like Hillcrest Road/Spring Valley Road, Northaven Road/Hillcrest Road, Northaven Road/Inwood Road, Northaven Road/Preston Road are located in northern Dallas. Areas like Sargent and Fruitdale, however, have lower safety ratings. To learn more about how to research your neighborhood’s safety record, browse our resources here.Register your home security system in Dallas

It’s important to register your home security system with the city of Dallas because, if it’s not, the city can refuse to respond to your home alarms. Keeping a record of the Security Alarm Permits helps the city keep the registration information up-to-date. Hence, law enforcement knows how to reach you should your alarm go off and you’re not home, and it lets the city of Dallas keep track of false alarms. The first three times you spark a false alarm in Dallas, you will not be charged a fee. After that, the fourth, fifth, and sixth false alarms will cost you $50. For the seventh and eighth false alarms, you’ll be charged $75 and $100 from then on. In order to register for a Security Alarm Permit with the city of Dallas, follow these instructions:Visit False Alarm Reduction Website (dallasalarmpermit.com)Click “Register Online”Fill out the online registration form, which will require your contact information, address, and alarm company informationPay the $50 feeFor more information, visit Home (dallaspolice.net)How to choose your Dallas home security systemInterior/exterior cameras: If you’re going to purchase a security camera for your home, consider the weather ratings for exterior cameras. Dallas is hot and humid, with warm summers and mild winters. Since Dallas is exposed to such extreme weather conditions, you’ll want to make sure the camera you install outside your home is rated for your specific climate.Control panel: The control panel is one of the most important facets of your home security system. This is the interface that gives you access to the backend of your home security system. Before you purchase a security system for your home, research how intuitive and easy to use the control panel is. You won’t want to find yourself with a complicated control panel while frantically trying to turn off your home’s security alarm. Compatibility: One of the most convenient aspects of a home security system is its compatibility with your smart devices. The top operating systems for phones, Android, Google, and iOS, should integrate with most home security system hubs. Before choosing a home security system, research to make sure the software, usually an app, will work with your phone or any other smart devices you own. Storage: If you live in an area where you’re bombarded with foot traffic, you might stock up on video storage a lot more quickly than you would expect should you have a motion-sensor camera. If this is the case, be sure to position the camera to focus on the traffic that’s coming in and out of your home instead of the street. This will help to cut down on needless monitoring and keep you from racking up unnecessary video footage.Window/door sensors: Due to Dallas’s considerable humidity, you’ll want to make sure your door and window sensors are weatherproofed. With long-term exposure, the dense humidity and heat could cause a lot of wear and tear on any outdoor sensors. Ideally, you’ll want to keep your window and door sensors indoors. Local vs. national companiesPros of local security companyIt offers a more personalized experienceFamiliarity with your neighborhoodInvestment in your communityCons of local security companyPricier packagesLonger wait timesLess resources to offerPros of national security company24/7 monitoringWide variety of equipment optionsSmart equipment capabilitiesCons of national security companyPoor customer serviceLess personalized experienceLack of familiarity with your neighborhood

Can I self-install my home security system?

While some home security systems do require a professional install, many companies offer self-install options. If you’d like the DIY option, make sure to read all the fine print before purchasing a system to find out whether the home security company allows for self-installs.

What’s the best Dallas home security system?

The best home security system entirely depends on your individual needs and budget. If money isn’t an object, consider going with a package from a company like Blue by ADT, which is more costly but offers many benefits. If you’re interested in a more basic option, consider a company like Arlo or Abode.

What’s the least expensive home security system?

Within this listing, the least expensive home security system is Arlo. The company only charges $2.99/month for its Premier plan and $4.99/month for its Elite plan.

Methodology We evaluated home security companies based on equipment cost, monthly costs, contract options, installation and customer satisfaction to determine Reviews.com scores and create our best home security reviews. To compare home security companies with other providers across the board, we calculate each Reviews.com score based on the following:Monthly price: The lower the cost of a home security company’s monthly contract, the higher the score. Inversely, the higher the cost of the monthly contract, the lower the score in this metric. Equipment cost: Affordability is important with home security, so we awarded higher scores to home security companies with lower equipment prices.Contracts: Reviews.com reviewed the flexibility in contracts of the home security companies. The more flexibility, like having no contracts to bind customers for long periods, the higher the score. Customer satisfaction: With J.D. Power’s 2020 Home Security Satisfaction Study, we assigned a score to each company based on the rating it received.Installation: Like with contracts, we award higher scores to companies with flexible installation options, like DIY or professional options.

ZDNet Recommends More