11.5 C
London
Saturday, October 21, 2017
Home Tags 2017

Tag: 2017

Everybody enjoys a good scare at Halloween. Little kids shudder at ghost stories, teens plan their goriest scary costumes, and adults pay to participate in zombie attacks.

But some things are just too scary.
Imagine sitting down to write the next chapter in your novel and finding it locked away in encrypted form, with a ransom note demanding three bitcoins for the encryption key. Or picture turning on your smartphone only to find it locked, unusable until you pay up. Holy water won't exorcise these cyber-haunts or ward off their attacks. You need an antivirus utility. We've evaluated dozens of them and come with a list of top choices. Pick the one that suits you best, and install it before a botnet turns your computer into a zombie. I did say antivirus, but in truth it's unlikely you'll get hit with an actual computer virus. Malware these days is about making money, and there's no easy way to cash in on spreading a virus. Ransomware and data-stealing Trojans are much more common, as are bots that let the bot-herder rent out your computer for nefarious purposes. Modern antivirus utilities handle Trojans, rootkits, spyware, adware, ransomware, and more. PCMag has reviewed 46 different commercial antivirus utilities, and that's not even counting the many free antivirus tools. Out of that extensive field we've named four Editors' Choice products. Ten more commercial antivirus utilities proved effective enough to earn an excellent four-star rating.
I eliminated three special-purpose products that aren't really like the rest: Daily Safety Check Home Edition, Malwarebytes Anti-Exploit Premium, and VoodooSoft VoodooShield 2.0.
I also culled Panda Antivirus Pro 2016, as it costs slightly more than the rest, and its free edition gets plenty of attention as an Editors' Choice for free antivirus.

And Check Point's ZoneAlarm PRO uses antivirus licensed from Kaspersky, with almost no lab test results for ZoneAlarm itself.

That leaves the ten excellent products you see above. All of these products are traditional, full-scale, antivirus tools, with the ability to scan files for malware on access, on demand, or on schedule.

As for just relying on the antivirus built into Windows 8.x or Windows 10, that may not be the best idea.
In the past, Windows Defender has performed poorly both in our tests and independent lab tests It did score several wins last year, and it earned decent scores in several more recent tests.

Even so, our latest evaluation indicates that you'd still be better off with a third-party solution. Listen to the Labs I take the results reported by independent antivirus testing labs very seriously.

The simple fact that a particular vendor's product shows up in the results is a vote of confidence, of sorts.
It means the lab considered the product significant, and the vendor felt the cost of testing was worthwhile. Of course, getting good scores in the tests is also important. I follow five labs that regularly release detailed reports: Virus Bulletin, Simon Edwards Labs (the successor to Dennis Technology Labs), AV-Test Institute, MRG-Effitas, and AV-Comparatives.
I also note whether vendors have contracted with ICSA Labs and West Coast labs for certification.
I've devised a system for aggregating their results to yield a rating from 0 to 10. PCMag's Own Antivirus Testing I also subject every product to my own hands-on test of malware blocking, in part to get a feeling for how the product works.

Depending on how thoroughly the product prevents malware installation, it can earn up to 10 points for malware blocking. My malware-blocking test necessarily uses the same set of samples for months.

To check a product's handling of brand-new malware, I test each product using 100 extremely new malware-hosting URLs supplied by MRG-Effitas, noting what percentage of them it blocked. Products get equal credit for preventing all access to the malicious URL and for wiping out the malware during download. Some products earn absolutely stellar ratings from the independent labs, yet don't fare as well in my hands-on tests.
In such cases, I defer to the labs, as they bring significantly greater resources to their testing. Want to know more? You can dig in for a detailed description of how we test security software. Multi-Layered Antivirus Protection Antivirus products distinguish themselves by going beyond the basics of on-demand scanning and real-time protection.
Some rate URLs that you visit or that show up in search results, using a red-yellow-green color coding system.
Some actively block processes on your system from connecting with known malware-hosting URLs or with fraudulent (phishing) pages. Software has flaws, and sometimes those flaws affect your security. Prudent users keep Windows and all programs patched, fixing those flaws as soon as possible.

The vulnerability scan offered by some antivirus products can verify that all necessary patches are present, and even apply any that are missing. You expect an antivirus to identify and eliminate bad programs, and to leave good programs alone. What about unknowns, programs it can't identify as good or bad? Behavior-based detection can, in theory, protect you against malware that's so new researchers have never encountered it. However, this isn't always an unmixed blessing.
It's not uncommon for behavioral detection systems to flag many innocuous behaviors performed by legitimate programs. Whitelisting is another approach to the problem of unknown programs.

A whitelist-based security system only allows known good programs to run. Unknowns are banned.

This mode doesn't suit all situations, but it can be useful.
Sandboxing lets unknown programs run, but it isolates them from full access to your system, so they can't do permanent harm.

These various added layers serve to enhance your protection against malware. Bonus Antivirus Features Firewall protection and spam filtering aren't common antivirus features, but some of our top products include them as bonus features.
In fact, some of these antivirus products are more feature-packed than certain products sold as security suites. Among the other bonus features you'll find are secure browsers for financial transactions, secure deletion of sensitive files, wiping traces of computer and browsing history, credit monitoring, virtual keyboard to foil keyloggers, cross-platform protection, and more. You'll even find products that enhance their automatic malware protection with the expertise of human security technicians.

And of course I've already mentioned sandboxing, vulnerability scanning, and application whitelisting. What's Best? Which antivirus should you choose? You have a wealth of options. Kaspersky Anti-Virus and Bitdefender Antivirus Plus invariably rate at the top in independent lab tests.

Back from limbo, Norton AntiVirus Basic aced both lab tests and my own hands-on tests.

A single subscription for McAfee AntiVirus Plus lets you install protection on all of your Windows, Android, Mac OS, and iOS devices.

And its unusual behavior-based detection technology means Webroot SecureAnywhere Antivirus is the tiniest antivirus around. We've named these five Editors' Choice for commercial antivirus, but they're not the only products worth consideration. Read the reviews of our top-rated products, and then make your own decision. Note that I reviewed many more antivirus utilities than I could include in this story.
If your favorite software isn't listed here, chances are I did review it, but it just didn't make the cut. You can see all the relevant reviews on PCMag's antivirus software page. FEATURED IN THIS ROUNDUP Kaspersky Anti-Virus (2017)$59.99The independent testing labs consistently award Kaspersky Anti-Virus their highest ratings, plus it aces our own antiphishing tests, adds plenty of bonus features, and it's fast.

That's enough to earn our Editors' Choice nod again this year. Read the full review ›› McAfee AntiVirus Plus (2017)$59.99McAfee AntiVirus Plus doesn't score as high as other Editors' Choice products in testing, but it covers vastly more than the others. One subscription lets you protect every Windows, Android, macOS, and iOS device in your household. Read the full review ›› Avast Pro Antivirus 2016$34.99With Avast Pro Antivirus 2016 you get the same effective protection found in Avast's free edition along with a hardened browser, DNS protection, and sandboxing.

Experts will love these advanced features, but for the average user the free edition is just fine.  Read the full review ›› ESET NOD32 Antivirus 9$39.99ESET NOD32 Antivirus 9 is a step up from the company's previous version, and gets excellent marks in most independent lab tests.
It scores especially well in our antiphishing and malicious URL blocking tests. Read the full review ››
Palo Alto Networks, AVANGRID, and others honored at Submerge 2016 for their innovative work in phishing prevention.Leesburg, VA – October 14 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, has announced the winners of the PhishMe Excellence Awards at Submerge 2016, its inaugural phishing and defense summit and user conference. PhishMe chose the winners for their innovative, successful programs designed to combat phishing attacks and protect their enterprise from the risks of malware infiltration and fraud loss. An anonymous panel of judges comprised of PhishMe product experts, industry leaders and security professionals reviewed the applications and designated the following companies winners across a number of different categories. AVANGRID, Inc. a diversified energy and utility company, received the Phishing Defense Program of the Year, for consistently demonstrating the most effective all-around, top-performing phishing defense program with superior performance in detection, alerting, reporting, training, participation and results. Palo Alto Networks, the next-generation security company, received the Most Innovative Phishing Defense Program Award, which recognized the company’s ability to think outside the box to leverage fresh approaches to achieve optimal training effectiveness and boost company-wide cyber education participation. Additionally, PhishMe recognized industry leaders for achievements in the field of incident response, honoring the team that demonstrated superior overall process of responding to phishing threats in the Incident Response Team of the Year category, and the PhishMe Community Trailblazer of the Year, an award created to recognize the PhishMe user who has gone above and beyond in their phishing defense efforts. Co-founders Rohyt Belani, PhishMe CEO, and Aaron Higbee, PhishMe CTO, presented the awards to the winners on-stage at the PhishMe Submerge Conference in Orlando, Florida. More than 150 phishing defense professionals attended this inaugural conference, which provided them with opportunities to learn from industry experts while networking with peers and other PhishMe users from all over the world. After the award ceremony, Belani commented, “I would like to extend my huge congratulations to our winners and to all those who applied for the PhishMe Excellence Awards this year.

The quality of the submissions was outstanding and a credit to the entire industry.
I’m highly encouraged to see the commitment companies and individuals exhibit in protecting their businesses against increasingly sophisticated phishing attacks. PhishMe is very proud to be part of such a remarkable and growing community and we look forward to seeing everyone next year at Submerge 2017.” For more information about the PhishMe Submerge Conference and the PhishMe Excellence Awards, please follow this link http://phishme.com/phishme-announces-new-excellence-awards-program-customers/ Connect with PhishMe Online About PhishMePhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today's top attack vector -- spear phishing. PhishMe's intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization's security decision making process. PhishMe's customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise. Media Contacts:Lucy GossCohn & Wolfe US for PhishMePhone: 415.403.8305Email: phishme@cohnwolfe.com Francesco TiusAxiCom UK for PhishMePhone: +44 (0)20 8392 4061Email: phishme@Axicom.com
Sometimes the best thing to say about a wireless router in your house is that once it's set it, you forget it exists.

As long as the devices that need the Wi-Fi connection can get on and function, that's all that matters, right? Maybe, but we also live in the age of leaks, wiki and otherwise.
If you're worried about the security of your home network, and by extension your personal data—especially from hackers who could casually sit in a car outside and get access to your systems—then you need to put a padlock on that wireless. You may also want to prevent others from using your network, hackers and freeloaders alike. So what do you do? Follow these tips and you'll be well ahead of most home Wi-Fi users. Nothing will make you 1,000 percent safe against a truly dedicated hack.

Crafty social engineering schemes are tough to beat.

But don't make it easy on them; protect yourself with these steps. Time-Tested Wi-Fi (and All Around) Security Change Your Router Admin Username and Password Every router comes with a generic username and password—if they come with a password at all. You need it the first time you access the router.

After that, change them both.
Immediately.

The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for someone who gets physical access to your router to mess with the settings. If you forget the new username/password, you should probably stick to pencil and paper, but you can reset a router to its factory settings to get in with the original admin generic info. Change the Network NameThe service set identifier (SSID) is the name that's broadcast from your Wi-Fi to the outside world so people can find the network. While you probably want to make the SSID public, using the generic network name/SSID generally gives it away.

For example, routers from Linksys usually say "Linksys" in the name; some list the maker and model number ("NetgearR6700").

That makes it easier for others to ID your router type.

Give your network a more personalized moniker. It's annoying, but rotating the SSID(s) on the network means that even if someone had previous access—like a noisy neighbor—you can boot them off with regular changes.
It's usually a moot point if you have encryption in place, but just because you're paranoid doesn't mean they're not out to use your bandwidth. (Just remember, if you change the SSID and don't broadcast the SSID, it's on you to remember the new name all the time and reconnect ALL your devices—computers, phones, tablets, game consoles, talking robots, cameras, smart home devices, etc. Activate Encryption This is the ultimate Wi-Fi no-brainer; no router in the last 10 years has come without encryption.
It's the single most important thing you must do to lock down your wireless network. Navigate to your router's settings (here's how) and look for security options.

Each router brand will likely differ; if you're stumped, head to your router maker's support site. Once there, turn on WPA2 Personal (it may show as WPA2-PSK); if that's not an option use WPA Personal (but if you can't get WPA2, be smart: go get a modern router).
Set the encryption type to AES (avoid TKIP if that's an option). You'll need to enter a password, also known as a network key, for the encrypted Wi-Fi. This is NOT the same password you used for the router—this is what you enter on every single device when you connect via Wi-Fi.
So make it a long nonsense word or phrase no one can guess, yet something easy enough to type into every weird device you've got that uses wireless. Using a mix of upper- and lowercase letters, numbers, and special characters to make it truly strong, but you have to balance that with ease and memorability. Double Up on Firewalls The router has a firewall built in that should protect your internal network against outside attacks.

Activate it if it's not automatic.
It might say SPI (stateful packet inspection) or NAT (network address translation), but either way, turn it on as an extra layer of protection. For full-bore protection—like making sure your own software doesn't send stuff out over the network or Internet without your permission—install a firewall software on your PC as well. Our top choice: Check Point ZoneAlarm PRO Firewall 2017; there's a free version and a $40 pro version, which has extras like phishing and antivirus protection.

At the very least, turn on the firewall that comes with Windows 8 and 10. Turn Off Guest Networks It's nice and convenient to provide guests with a network that doesn't have an encryption password, but what if you can't trust them? Or the neighbors? Or the people parked out front? If they're close enough to be on your Wi-Fi, they should be close enough to you that you'd give them the password. (Remember—you can always change your Wi-Fi encryption password later.) Use a VPN A virtual private network (VPN) connection makes a tunnel between your device and the Internet through a third-party server—it can help mask your identity or make it look like you're in another country, preventing snoops from seeing your Internet traffic.
Some even block ads.

A VPN is a smart bet for all Internet users, even if you're not on Wi-Fi.

As some say, you need a VPN or you're screwed.

Check our list of the Best VPN services. Update Router Firmware Just like with your operating system and browsers and other software, people find security holes in routers all the time to exploit. When the router manufacturers know about these exploits, they plug the holes by issuing new software for the router, called firmware.

Go into your router settings every month or so and do a quick check to see if you need an update, then run their upgrade. New firmware may also come with new features for the router, so it's a win-win. If you're feeling particularly techie—and have the right kind of router that supports it—you can upgrade to custom third-party firmware like Tomato, DD-WRT or OpenWrt.

These programs completely erase the manufacturer's firmware on the router but can provide a slew of new features or even better speeds compared to the original firmware.

Don't take this step unless you're feeling pretty secure in your networking knowledge. Turn Off WPS Wi-Fi Protected Setup, or WPS, is the function by which devices can be easily paired with the router even when encryption is turned on, because you push a button on the router and the device in question.
Voila, they're talking.
It's not that hard to crack, however, and means anyone with quick physical access to your router can instantly pair their equipment with it. Unless your router is locked away tight, this is a potential opening to the network you may not have considered. 'Debunked' Options Many security recommendations floating around the Web don't pass muster with experts.

That's because people with the right equipment—such wireless analyzer software like Kismet or mega-tools like the Pwnie Express Pwn Pro—aren't going to let the following tips stop them.
I include them for completion's sake because, while they can be a pain in the ass to implement or follow up with, a truly paranoid person who doesn't yet think the NSA is after them may want to consider their options.
So, while these are far from foolproof, they can't hurt if you're worried. Don't Broadcast the Network Name This makes it harder, but not impossible, for friends and family to get on the Wi-Fi; that means it makes it a lot harder for non-friends to get online.
In the router settings for the SSID, check for a "visibility status" or "enable SSID broadcast" and turn it off.
In the future, when someone wants to get on the Wi-Fi, you'll have to tell them the SSID to type in—so make that network name something simple enough to remember and type. (Anyone with a wireless sniffer, however, can pick the SSID out of the air in very little time.

The SSID is not so much as invisible as it is camouflaged.) Disable DHCP The Dynamic Host Control Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network.

For example, if the router has an IP of 192.168.0.1, your router may have a DCHP range of 192.168.0.100 to 192.168.0.125—that's 26 possible IP addresses it would allow on the network. You can limit the range so (in theory) the DHCP wouldn't allow more than a certain number of devices—but with everything from appliances to watches using Wi-Fi, that's hard to justify. For security you could also just disable DHCP entirely.

That means you have to go into each device—even the appliances and watches—and assign it an IP address that fits with your router. (And all this on top of just signing into the encrypted Wi-Fi as it is.) If that sounds daunting, it can be for the layman.

Again, keep in mind, anyone one with the right Wi-Fi hacking tools and a good guess on your router's IP address range can probably get on the network even if you do disable the DHCP server. Filter on MAC AddressesEvery single device that connects to a network has a media access control (MAC) address that serves as a unique ID.
Some with multiple network options—say 2.4GHz Wi-Fi, and 5GHz Wi-Fi, and Ethernet—will have a MAC address for each type. You can go into your router settings and physically type in the MAC address of only the devices you want to allow on the network. You can also find the "Access Control" section of your router to see a list of devices already connected, then select only those you want to allow or block.
If you see items without a name, check its listed MAC addresses against your known products—MAC addresses are typically printed right on the device.

Anything that doesn't match up may be an interloper. Or it might just be something you forgot about—there is a lot of Wi-Fi out there. Turn Down the Broadcast PowerGot a fantastic Wi-Fi signal that reaches outdoors, to areas you don't even roam? That's giving the neighbors and passers-by easy access. You can, with most routers, turn down the Transmit Power Control a bit, say to 75 percent, to make it harder. Naturally, all the interlopers need is a better antenna on their side to get by this, but why make it easy on them?
Only a handful of brands have as much weight in the security suite as Symantec's Norton.

The 2017 edition of Symantec Norton Security Deluxe continues a long tradition of top-notch security, as confirmed by independent labs and my own hands-on testing and evaluation.
Installed in Windows, it's a top-tier security suite, and Mac users also get a suite, not just an antivirus.

As for the Android edition, it's an Editors' Choice.
Support for iOS is pretty limited, but that's typical. Overall, the suite is excellent, but it's just shy of an Editors' Choice award. A $79.99 per year Norton subscription lets you install Norton's security products on up to five Windows, Android, macOS, or iOS devices. Webroot charges the same for five licenses, while Trend Micro lists for $89.95.

For about the same as Trend Micro's price, you can install McAfee's top-level security software on all the devices in your household. Oh, and for that rare individual who just has one device, Norton Security Standard protects a single PC or Mac for $59.99 per year. You'll find that all of these prices are frequently discounted, sometimes deeply. As with many cross-platform multi-device suites, Norton's online console is central to managing and installing protection. You start by creating your account and entering your license key.

At that point you can download and install Norton Security for your Windows system. You can also extend protection for up to four other devices.
I'll go into detail about protection on other platforms later in this review. Appearance-wise, there's not much change since last year.

The main window still features four panels devoted to Security, Identity, Performance, and More Norton.

Clicking a panel slides down the whole panel row, revealing additional icons related to the panel you clicked.

For example, when you click Security, you get icons for Scans, LiveUpdate, History, and Advanced. Most of the new developments are invisible. New Protection LayersKeeping up with the very latest malware innovations requires expertise, study, and analysis. Having researchers perform that analysis can take too long, so a couple of years ago Symantec launched an initiative focusing on machine learning.

According to my Symantec contact, the team "consists of 10 PhDs and two research Engineers from top schools, with combined 100+ years of experience in applied machine learning." That's quite a brain trust. Symantec has always taken a layered approach to system protection.

At the network level, Norton fends off attacks and blocks contact with malicious websites.
If a malicious file makes it onto your disk, the antivirus scan may wipe it out. Other factors such as file prevalence and behavior-based blocking come into play. The current product line adds several new layers to the protection mix. Proactive Exploit Protection actively prevents exploit techniques such as heap spray and ROP (Return Oriented Programming).

Threat Emulation handles malware that has been encrypted, packed, or obfuscated by running it in a controlled environment and evaluating it after it self-decrypts, much like Check Point ZoneAlarm Extreme Security 2017's similar feature.

And a predictive machine-learning algorithm aims to catch even the freshest and most innovative malware. These new layers aren't visible to the user (or even the expert).

But they help Norton keep malware out of your system. Shared AntivirusAfter a brief hiatus, Symantec again offers antivirus product, Symantec Norton AntiVirus Basic.

Feature-wise, the suite's antivirus protection is identical. However, where users of the standalone antivirus must rely on FAQs and forums for support, the suite adds a full range of tech support, and a Virus Protection Promise—if Symantec's tech support agents can't rid your system of pesky malware, the company will refund your money.

But as far as features go, the suite's antivirus protection is identical. Read my review for all the juicy antivirus details. Norton doesn't participate with all of the independent testing labs that I follow, but those that do include it give it high marks.
In the three-part test performed by AV-Test Institute, it got top marks for malware protection and low false positives, though it slipped in performance, taking 5 of 6 possible points.
Its total of 17 points is good, but Trend Micro Maximum Security, Bitdefender, and Kaspersky managed 18 of 18 possible points in the latest test.

There's nothing second-rate about a perfect AAA rating from Simon Edwards Labs, though.

And Norton is one of a very few products to pass two tests performed by MRG-Effitas.
Its aggregate lab score, 9.7 points out of a possible 10, beats all others except Kaspersky Total Security. Norton also did very well in my own hands-on tests.
Its detection rate of 97 percent and malware-blocking score of 9.7 are among the best, though Webroot did manage a perfect 10 points. When I tested Norton with 100 very recent malware-hosting URLs, it blocked 98 percent of the malware downloads.
In some cases, its Web-based protection kept the browser from even visiting the malicious URL, but mostly the Download Insight feature eliminated the malware payload. Only Avira Antivirus Pro 2016 has done better in recent tests, with 99 percent protection. I use Norton as a touchstone for measuring antiphishing success, reporting the difference between the tested product's protection rate and Norton's. Webroot, Bitdefender Internet Security 2017, and Kaspersky are the only recent products that have done better than Norton.

And of course it's significantly more accurate than the phishing protection built into Chrome, Firefox, and Internet Explorer. Other Shared FeaturesDespite the word Basic in its name, Norton's standalone antivirus offers a lot more than just the basics.
It doesn't include full firewall functionality, but in testing, its Intrusion Prevention component did an impressive job blocking exploit attacks, stopping them at the network level and identifying many of them by name. You'll also find a complete antispam component that filters POP3 email accounts and integrates with Microsoft Outlook. A Norton Insight scan lists all the files on your computer, along with the trust level for each, prevalence among Norton users, and impact on system resources.

The antivirus scanner uses Norton Insight results to avoid scanning known and trusted files.

The Norton Safe Web browser extension uses red, yellow, and green icons to flag safe, iffy, and dangerous links in search results. You can click through for a full report on just why a given site got the rating it did. The Symantec Norton Identity Safe password manager is free for anyone to use, but having it integrated with your Norton protection is convenient.
It handles all basic password manager functions and syncs across all your devices, though it lacks advanced features like two-factor authentication and secure password sharing. Several of the shared features aim to improve your system's performance. Using the startup manager, you can reversibly disable programs from launching at startup, or set them to launch after a delay.

The File Cleanup tool wipes temporary files that waste space.

There's even a disk defragger, in case you don't have Windows optimizing disk fragmentation in the background. See How We Test Security Software Intelligent FirewallAs noted, the standalone antivirus includes a powerful Intrusion Prevention tool, a feature more commonly associated with firewall protection. With the suite, you get a complete two-way firewall. The built-in Windows firewall completely handles the task of stealthing your PC's ports and preventing outside attack.

Any firewall that aims to replace the built-in needs to do at least as well. Norton passed my port-scan and other Web-based tests with flying colors. What you don't get with the Windows firewall is control over how programs access the Internet and network.

Don't worry; Norton won't bombard you with confusing queries about what ports and IP addresses a given program should be allowed to access.
It handles such matters internally, automatically assigning network permissions to the vast number of known and trusted programs in its online database. When Norton encounters an unknown program attempting Internet access, it cranks up the sensitivity of its behavior-based malware detection for that program, and keeps an eye on its connections.
If the program misbehaves, Norton cuts its connection and eliminates it.

This isn't quite the same as the journal and rollback technology that McAfee and Webroot SecureAnywhere Internet Security Complete apply to unknown programs, but it's effective. I always do my best to disable firewall protection using techniques that would be available to a malware coder. Norton doesn't expose any significant settings in the Registry, so that route is out.

Both of its processes resist termination.

And its single Windows service can't be stopped or disabled.
It's worth noting that this isn't always the case.
I completely disabled all processes and services for ThreatTrack Vipre Internet Security Pro 2016, for example.

And while the majority of McAfee's 14 processes and 13 services resisted attack, quite a few succumbed. Excellent Android ProtectionNorton's standalone antivirus is PC-specific. With the suite, you can cover your Mac, Android, and iOS devices as well.

Click More Norton in the program's main window, then click the Show Me How button to get started.
Sign in to your Norton account and enter the email address used on the device you want to protect. Unlike the similar feature in McAfee LiveSafe, you don't have to choose the platform.

Clicking the emailed link on the device automatically selects the proper download. On an Android device, you get Norton Security and Antivirus (for Android).

Along with Bitdefender Mobile Security and Antivirus, this product is an Editors' Choice for Android security. Please read our review of that product for a deep dive into its features.
I'll summarize here. Note that the Android app has gotten a significant user interface redesign since our review, and more new features are due in the coming weeks. Immediately after installation, the antivirus runs an update and a scan. You also must activate the app for Device Administration in order to make use of its anti-theft features, and give it Accessibility permission so it can scan apps on Google Play. Norton scans for malicious and risky apps, as expected. More interestingly, its App Advisor works inside Google Play, checking every app you tap and reporting the risk level.

Tap the small notification at the bottom to see details of App Advisor's findings. Norton's extensive set of anti-theft features can be triggered either by logging in to the Web console or by sending coded SMS commands. Naturally you can use it to locate, lock, or wipe the device, and the scream feature helps find a misplaced device at home. When you lock the device, it displays a contact message of your choice, so someone who finds your lost device can arrange to return it. The Sneak Peek feature lets you remotely (and silently) snap a photo of whoever is holding the device. When you lock a lost or stolen device, it automatically snaps a photo every 10 minutes, and reports its location every five minutes. You can also remotely back up your contacts before resorting to the Wipe command, which performs a factory reset. There's a link to install the free separate App Lock app, and another to install a trial of the Norton WiFi Privacy VPN (Virtual Private Network).
It offers call blocking on Android smartphones.

And you can extend protection to another device directly from within the Android app. Suite for macOSIt's fairly common for multi-platform suites to give macOS short shrift, but Norton doesn't follow that trend. Norton Security on a Mac is a full security suite, not just antivirus. My Norton contacts say that the definition file size is down by two thirds in the current edition, which means faster scans and lower memory usage. As expected, the antivirus component scans files on access, on demand, and on schedule.
It can also scan inside ZIP files.

The full-scale firewall blocks dangerous network connections and controls how programs access the network.

The related Vulnerability Protection feature blocks port scan attacks and attacks attempting to exploit system vulnerabilities. Norton's Safe Web website reputation monitor installs in Chrome, Firefox, and Safari, marking up search results and optionally blocking access to dangerous sites, just as with the Windows edition. Phishing protection is likewise parallel to what you get with Windows. The File Guard feature aims to protect your most important files from unauthorized modification. You can set it to guard up to 250 specific files.
It doesn't protect an entire folder the way Trend Micro's Folder Shield or Bitdefender's Data Shield do.

Files under guard can't be opened, moved, copied, or deleted. You can optionally let system processes like Finder and Spotlight manage guarded files.
If you want to manipulate or modify a file that's under guard, you simply enter your password in the popup notification. Find Your iOS Devices You may want to think twice about using up one of your five licenses to protect an iOS device, as the feature set on iOS is seriously limited. Norton does offer to back up your contacts, just as it does under Android. You can use the Web portal to locate your iOS device.

And you can trigger a loud alarm to help find a nearby device.
Is it under the sofa? Or in that scruffy guy's backpack? But that's the extend of anti-theft. You can't lock or wipe the device, and you certainly can't snap a sneak peek photo. The iOS version does offer one unusual feature.

As long as you're using a device with microphone and speakers, say, a laptop or another mobile device, you can make an Internet call to the lost or stolen device. Note, though, that this won't work if the device is locked with a PIN or passcode. That's the extent of mobile security on iOS devices. No Performance WorriesAround 10 years ago, Norton had a reputation for being a resource hog, offering security at the expense of performance.

The developers quashed that reputation by spiffing up the suite's performance, and they continue to work toward less and less performance impact. I check performance using three tests that measure boot time, the time to move and copy a ton of files between drives, and the time to zip and unzip that same collection of files.
I average the results of multiple tests with no suite installed, then install the suite and average another round of testing. Norton's results were outstanding, quite a bit better than last year's.

They were so outstanding that, just to be sure, I uninstalled the product and repeated the whole process.

The results were the same within a few percent. Norton had no measurable effect on the boot time test or zip/unzip test.

The file move and copy test took 16 percent longer with Norton watching over the test system, well below the current average of 24 percent.
It's pretty clear that you don't have to worry about Norton dragging down your system's performance. Overshadowed by PremierAntivirus protection in Norton Internet Security Deluxe is excellent, with very high marks in my hands-on tests and in independent lab tests.
Its phishing protection is so good that I use it as a touchstone for evaluating other products.

Add a self-sufficient, tough firewall and a straightforward antispam tool and you've got a fine suite for your Windows devices. Norton's Android security product is an Editors' Choice, and it offers more under macOS than many.

Granted, it doesn't do a lot on iOS devices, but they do tend to need less protection. The main reason this product isn't an Editors' Choice for cross-platform multi-device suite is that its big brother, Norton Internet Security Premier, is significantly better.

For just $10 more, Premier gets you twice as many licenses, plus some significant added features.
It's a seriously better deal, well worth an Editors' Choice. Our other top pick in this category, McAfee LiveSafe, doesn't offer quite the stellar protection that Norton does, but a single subscription lets you install protection on every device in your household. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: n/a Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
Which kind of security suite you choose depends on what kinds of devices you need to protect.
If you're strictly a PC household, a traditional Windows-centric suite should do fine.

But if you use multiple platforms, you're better off with a cross-platform suite like Trend Micro Maximum Security.
It offers an impressive feature set on Windows and Android, but less so for macOS and iOS devices. For $89.95 per year you can install Trend Micro security on up to five PCs, Macs, smartphones, or tablets.

That's up from three licenses in the previous edition.
If five seems insufficient, you can pay $10 more for Trend Micro Premium Security, which gives you 10 licenses but is otherwise identical to the suite reviewed here.
Symantec Norton Security Premium's pricing is similar, except that besides adding five more licenses, the top-of-the-line suite includes 25GB of hosted online backup and a full premium license for Symantec's parental control system. During the installation process, you must create a Trend Micro account to activate the software.

From this account, you can download the appropriate software for the device you're currently using, or send an email with a download link for a different device.

The online console very clearly shows which devices you've protected and how many licenses remain. On a PC, the suite's main window is almost indistinguishable from that of Trend Micro's entry-level suite, or from the standalone antivirus.

A big round Scan button sits in the center, below a row of icons for Device, Privacy, Data, and Family. You'll find a couple of new items on the Data page, and the window that appears when you click Protect Another Device offers Windows, Mac, iOS, and Android.

Trend Micro's password manager is also included, but as a separate download. Shared AntivirusFor Windows systems, antivirus protection is the same throughout the Trend Micro product line. Read my review of Trend Micro Antivirus+ Security for a full discussion of Trend's antivirus technology. To counter the uptick in ransomware attacks, Trend Micro includes Folder Shield, a component that bans unauthorized programs from making changes in your Documents folder.

The company also maintains a ransomware hotline that's free for anybody who needs help. Trend Micro's scores from the independent testing labs are mixed.
It earned a perfect 18 points in the latest test by AV-Test Institute, as did Kaspersky and Bitdefender.
Simon Edwards Labs certified it at the AA level, the second-best of five certification levels. However, it failed one of two tests performed by MRG-Effitas (to be fair, many products fail these tests). Out of three tests by AV-Comparatives, Trend Micro took a just-passing Standard rating in one and a second-best Advanced rating in the other two.
Its aggregate lab test score, 8.7 of 10 possible points, is good, but Kaspersky Total Security and Norton managed 10.0 and 9.7 points respectively. In my hands-on malware blocking test, Trend Micro detected 97 percent of the samples and earned 9.7 of 10 possible points, exactly the same as Symantec Norton AntiVirus Basic.

But in a separate test that challenges each antivirus to block downloads from malware-hosting URLs, Norton exhibited a 98 percent protection rate, better than Trend Micro's 89 percent. Norton is my touchstone for antiphishing success.

Trend Micro's detection rate was just two percentage points below Norton's which is better than the vast majority of competitors. ZoneAlarm tied Norton, though.

And Webroot SecureAnywhere Internet Security Complete, Bitdefender, and Kaspersky all scored higher than Norton on this test. The antivirus boasts a wealth of bonus features.
It marks up links in search results and social media, identifying them as safe, iffy, or dangerous.

A firewall booster component works alongside Windows Firewall, with the particular aim of foiling botnets.

The antivirus even includes a full-blown spam filter.

And of course, all of these features are found in Trend Micro's suite products. See How We Test Security Software Shared Suite FeaturesOne step up from basic antivirus, Trend Micro Internet Security adds a number of security components, some more effective than others.
I'll briefly summarize here. You can read my review for more information. I wasn't impressed by the parental control system.
It keeps kids from accessing websites matching 32 content categories.
It does filter HTTPS sites, but I found some secure anonymizing proxy sites that weren't caught.

Connecting through such a site eliminates Trend Micro's ability to control and monitor access.

Trend Micro has the unusual ability to cover up naughty images in search results, but it's not completely effective. You can put a daily cap on Internet usage, set a weekly schedule for when kids are allowed online, and even schedule use of individual programs.

A simple report lets parents view which sites were blocked.

That's the extent of parental control.
Some competitors, Check Point ZoneAlarm Extreme Security 2017, Norton, and Kaspersky in particular, offer a much wider set of features. A security scanner checks your social media accounts (Facebook, Google+, LinkedIn, and Twitter) for settings that might be giving away too much personal data, and for insecure browser settings.

Data Theft Prevention blocks transmission of user-specified private data, though it doesn't work on HTTPS sites.
Secure Erase wipes out sensitive files beyond the possibility of forensic recovery.

And PC Health Checkup attempts to improve system performance by wiping out junk files.

Advanced optimization features include managing startup programs and finding space-wasting duplicate files.

That's it for shared features. Next I'll look at features only found in Trend Micro Maximum Security. Password ManagerTrend Micro Password Manager 3.7 costs $14.95 per year as a standalone product, but you get it for free as part of your Maximum Security subscription.
It's not outstanding as a password manager, but it does the job. My review goes into detail about just what this product does and doesn't do. To get the password manager on your devices, you go to the online portal and download it separately.
In a similar situation, McAfee's suite links to True Key by Intel Security. The password manager has the ability to import passwords that are insecurely stored in your browsers, remove them from the browsers, and turn off browser-based password capture. However, the only competitor it imports from is LastPass 4.0 Premium. As expected, the password manager captures credentials as you log in to secure sites, plays back saved credentials when you revisit a site, and lets you pick from a toolbar menu to both navigate to a saved site and log in. However, it doesn't handle non-standard logins. When you're signing up for a new account, you can use the password generator to gin up a strong, random password. Trend Micro does rate password strength, but it's too permissive.

Any password of eight characters or more containing all four character types is rated maximally strong.

Do you consider "1Monkey!" a super-strong password? Neither do I.

By the same token, if the Password Doctor analysis tool declares that one of your passwords is weak, that means that it most definitely needs to be changed. You have to make the change yourself; there's no automatic password updating like you get with LastPass and Dashlane 4. Like many password managers, Trend Micro lets you record personal information for use in filling Web forms.

This feature is limited to a single profile and just one instance of each field.
In testing, I thought it was broken, as it failed to fill in details at two huge online retailers. When I did get it to work, its form filling was spotty. Bonus features include a secure browser for financial transactions, a slightly odd keylogger-foiling utility, and the ability to sync passwords across Windows, macOS, iOS, and Android devices.
It's a decent password manager, just not an outstanding one. Cloud Storage ScannerAntivirus protection scans all of your local files, but these days your files may live in the cloud.
If you link the Cloud Storage Scanner with your OneDrive account, you can scan those files too.

The process happens totally in the cloud, so you just start it and walk away.

This year's edition adds support for Dropbox, and even includes the Dropbox-specific ability to scan new and changed files every 15 minutes. I gave this feature a whirl and got an interesting surprise—it found several dozen malware-infested files! Fortunately, they weren't active.

During another review I enabled storage of backups in my Dropbox, and some of my malware samples got backed up because they were in a folder on the desktop. During the scanning process, all of your PDFs, Office documents, and executables get sent (securely, of course) to a Trend Micro server for scanning.

According to the explanatory text, "Trend Micro deletes the temporary files after every scan to help preserve your privacy." It's probably fine, but those with an enhanced paranoia level may want to forego using this feature. Encrypted VaultKeeping your most sensitive files encrypted is just plain smart.

A malefactor who hacks into your computer remotely or steals your laptop still won't be able to get at those particular files.

Bitdefender Total Security 2016, Kaspersky, and McAfee LiveSafe are among the security suites that let you store files in an encrypted vault.

These three let you create multiple vaults for different purposes, but each vault's size is fixed at the time you create it. Trend Micro works a bit differently.

There's just one vault, but it doesn't have a predefined size. When it's open, it acts more or less like any other folder, with a few exceptions.

Dragging a file into the vault always moves it; you can't force a copy by right-dragging or holding down Ctrl.

Dragging a file out of the vault always copies it.

The only way you can copy a file into the vault is using the venerable keystroke combos Ctrl+C to copy it and Ctrl+V to paste it inot the vault. Why is that important? If you just move the file, it's as if you copied and then deleted it.

But that leaves the file subject to forensic recovery. You need to copy into the vault and then use Trend Micro's file shredder to securely delete the original.
I like the fact that when you transfer files into Kaspersky's vault, it offers to automatically delete the originals. On the plus side, Trend Micro lets you remotely seal the vault in the event your device is lost or stolen.
Sealing the vault forces a reboot, and when the device has restarted, the vault isn't even visible.
If you get the device back, you can remotely unseal the vault. Extensive Android Support Installing Trend Micro on an Android device gets you a well-rounded collection of security features.
It starts with the security scan, of course, but this scan does more than just look for malware.
It also identifies apps that pose a security risk for other reasons.

These include unreasonable permissions, code errors that could allow access by malware, and unsecured communications, among other things.

A scan runs automatically as soon as you've installed the app.
If it finds any issues, you'll see a notification prominently displayed at the top of the screen. Loss or theft of your Android device is actually more likely than getting hit with malware.

Trend Micro offers a full range of anti-theft features, managed through an online console.

There are a few settings you'll configure on the device itself. You can specify a message to be displayed after you remotely lock the device, and you can choose whether a remote wipe just clears your personal data or performs a full system wipe. From the online console, you can check the device's position, remotely lock it, or wipe all data. You can also trigger a loud alarm, handy if you've misplaced the device somewhere in your home.
If the battery is just about to die, the device sends a last-gasp position notification to the Web console, similar to the Signal Flare feature in Lookout Mobile Security Premium (for Android). The App Manager shows you how much storage each of your apps is using and offers a quick way to uninstall any of them if you're running low.

As on other platforms, Safe Surfing blocks malicious and fraudulent websites.

The handy Wi-Fi Checker warns when you've connected to an unsecured hotspot, and shows how to make your device stop connecting to it automatically. I installed Trend Micro on a Nexus 9 to see it in action.
Its security scan found two risky apps, so I removed them.

The System Tuner claimed that I should be able to use the device for 50 hours and 13 minutes on its current charge, which I found extremely optimistic.

From this screen you can put the device in Power Saver mode or set it to automatically go into that mode when the battery drops below a certain percentage.

The Smart Power Saver mode manipulates Wi-Fi and Bluetooth to minimize battery drain.

For example, it can stop the device from seeking a Wi-Fi connection after a certain time with no Wi-Fi discovered. The System Tuner also reports on how much of the device's memory is in use, along with a list of apps and their memory usage. You can shut down memory-hungry apps or click a button to optimize available memory. As with the Windows edition, you can scan social media for security risks. However, on Android this only works with Facebook.

Trend Micro can alert you to dangerous links in instant messages, but only if you use Line or WhatsApp. Parental control is available on Android, but it's not the same as under Windows. Parents can choose to block use of specific apps, if desired.

There's a content filter, but you can only choose an age range, Child, Preteen, or Teen.

That's about the extent of it.
It's nothing like ZoneAlarm's powerful parental control (licensed from Net Nanny), which has you create a child profile online and then apply that profile to any number of devices. Independent of the mobile security app, you can optionally install an Android edition of the password manager, and sync it with your other devices. Limited Mac Support You can use one of your licenses to install Trend Micro Antivirus on a Mac, but as the name suggests, this is antivirus protection, not a full security suite. On the bright side, like the Windows-based antivirus it includes more than just the basics. Trend Micro's ransomware protection applies to the Mac edition, along with the expected antivirus, antiphishing, and protection against Web-based threats. You get spam filtering, and it marks up search results and social media links to show you whether they're safe, iffy, or dangerous. As with the Windows version, a privacy scanner checks your social media settings to make sure you're not exposing too much private information.
It also checks settings in your browser, ensuring they're configured for maximum security.

Finally, unlike the Windows edition, Trend Micro's Mac antivirus includes a parental control system. You can also install a Mac edition of the password manager, syncing data with your other devices. Some Support for iOSGiven that licenses for this product are a finite resource, you may not want to use up one by installing protection on an iOS device.

Trend Micro Mobile Security doesn't offer many features on iOS, in large part because iOS is so thoroughly locked down.

There's no security scan, and the anti-theft features are limited to locating the device and sounding an alarm.

To get the benefits of Trend Micro's website reputation system, you must use the internal SafeSurfing browser.

There is an option to back up your contacts, but not other data. There are some features not found in the Android edition.

Trend Micro can track your Cellular, Roaming, and Wi-Fi data usage.

The social-network scan coves both Facebook and Twitter.

But that's about it.

Tapping More Tools takes you to a page where you can install the password manager. Tiny Performance Hit When I tested Trend Micro Internet Security for impact on performance, it exhibited almost none.

Trend Micro Maximum Security, with its additional features, displayed just slightly more of an impact, but it's still way lower than most competitors. To check for impact on boot time, I run a script that waits for ten seconds in a row with CPU usage no more than five percent, meaning the computer is ready for use.
Subtracting the start of the boot process, as reported by Windows, yields a measure of boot time.
I averaged multiple runs on a clean test system, then installed Trend Micro on that system and averaged another set of runs.

Boot time came in just 5 percent longer with the suite installed, well below the current average of 17 percent. In my file move and copy test, Trend Micro's presence caused the script to take 13 percent longer, which is also less than the average for current products.

And in the zip and unzip test, like the entry-level Trend Micro suite, it didn't cause any slowdown. While it's not quite as light on resources as Webroot, Trend Micro's performance impact just isn't something you need to worry about. Good, Not BestWith a subscription to Trend Micro Maximum Security, you can protect up to five devices—10 if you pony up an extra $10.
Its support for Windows and Android is comprehensive, but you get less on a Mac and still less on an iOS device. McAfee LiveSafe follows a similar pattern, offering its best protection on Windows and Android. However, for the same price as Trend Micro, McAfee lets you install protection on every device in your household.

That unlimited licensing is a big part of the reason McAfee is an Editors' Choice for cross-platform multi-device suite.
Symantec Norton Security Premium is our other Editors' Choice.
It includes top-notch password management and parental control.
Its Windows antivirus and Android security products are both Editors' Choice in their fields. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: n/aAntivirus: Performance: Privacy: Parental Control: Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
NEWS ANALYSIS: Beginning this week, all updates will be roll-ups, with complete cumulative updates to begin in 2017, eliminating the ability to choose individual patches. Starting this week (on Oct. 11), Microsoft will change its update method for Wind...
The new funding round, which was led by Strategic Cyber Ventures, aims to help the company expand. E8 Security announced on Oct. 11 a $12 million Series B round of funding, bringing total funding to date to $21.8 million.

The company, which calls itsel...
The true purpose of a security suite isn't to secure your computer.
It's to protect you, your privacy, and your data. With customer protection in mind, McAfee Internet Security (2017) installs on all of your devices. However, most of what it offers comes with McAfee's antivirus, and the additional suite-specific components don't add enough value, especially if you don't need antispam or parental control. At $79.99 per year, McAfee looks like it's right in line with the competition, price-wise.

Bitdefender and Kaspersky charge the same, within a nickel or so.

But look again. With a Bitdefender or Kaspersky subscription you can install protection on three PCs. McAfee is unlimited, and lets you protect every Windows, macOS, iOS, or Android device in your household. In fact, the Home screen in this product is a list of all the devices you've protected, along with a button that scours your network to find unprotected devices and bring them into the fold.

A panel at the top summarizes the status of your current device, and clicking Manage Security opens the local installation's main window. The main window looks, for the most part, like that of McAfee's antivirus.

Both have four squarish green-edged panels representing Virus and Spyware Protection, Web and Email Protection, McAfee Updates, and Your Subscription.

To the right of these, the antivirus displays smaller panels for Data Protection and for PC and Home Network Tools.

Those appear in this suite too, along with Parental Controls and the True Key password manager.
It should look reassuringly familiar to existing users. Shared Antivirus FeaturesAs is often the case, this suite's antivirus protection is precisely the same as that of the corresponding standalone antivirus, McAfee AntiVirus Plus.

That review goes into greater detail than the summary that follows. Lab Test Results ChartAntiphishing Results ChartMalware Blocking Results Chart McAfee's scores in independent lab tests are generally mediocre.
It received an A-level certification from Simon Edwards Labs, which sounds good until you realize that AA and AAA are even better. Of three tests by AV-Comparatives, it earned one passing grade and two grades a notch above passing.

The three-part test by AV-Test Institute maxes out at 18 points; McAfee got 16, and in particular scored only 4.5 of 6 points for protection.

Finally, in the banking Trojan test and all-types tests by MRG-Effitas, it simply failed. My lab test score aggregation algorithm yields 7.9 of 10 possible points for McAfee. Kaspersky took a perfect 10, while Norton and Bitdefender Internet Security 2017 came out at 9.7 and 9.3 respectively. This year's McAfee products use an entirely new antivirus detection method called Real Protect. Real Protect is focused on behavior, so as to catch even zero-day malware. Like Webroot SecureAnywhere Internet Security Plus, when it sees an unknown file behaving suspiciously, it starts journaling that file's actions and queries the cloud for advice.
If cloud-based analysis red-flags the file, McAfee rolls back all of its actions.

The new engine has been rolling out piecemeal over the last few months, so we can't know whether these tests included the new engine. Perhaps McAfee will score better going forward. In my own hands-on malware-blocking test, McAfee scored 9.2 of 10 possible points. However, among the samples it missed were two well-known ransomware threats.
I watched one of them as it busily encrypted documents on the test system, without a peep from McAfee about its behavior. Webroot scored a perfect 10 against this same malware collection. McAfee also protected against 85 percent of the 100 malware-hosting URLs I threw at it, mostly by diverting the browser from the dangerous URL.

The average score among current products is 75 percent, so McAfee is above average here. I score phishing protection by matching a product's detection rate against that of Symantec Norton Security Premium and of the protection built into Chrome, Firefox, and Internet Explorer. Last year, McAfee came very close to matching Norton's score.

This year it lagged 44 percentage points behind Norton.

Chrome and Internet Explorer beat out McAfee, as well.

Don't turn off your browser's phishing protection! Other Shared FeaturesThere's a lot more to the nominally standalone antivirus; hence "Plus" in the name.

For starters, it includes a firewall.
In testing, the firewall correctly stealthed all ports and fended off Web-based attacks. Rather than bombard the user with queries about network permissions, it handles program control internally. When I tested its ability to withstand direct attack, I found that I could terminate and disable more than half of its essential Windows services. The WebAdvisor component identifies dangerous downloads and steers the browser away from malicious or fraudulent sites.
In addition, it marks up search results with icons identifying safe, iffy, and dangerous links.

This edition adds protection for typosquatting, and it works. When I entered www.paypla.com it asked if perhaps I really wanted PayPal. Using the My Home Network feature, you can set up a trust relationship between any and all of the PCs on your network that have McAfee installed.
It doesn't even have to be the same version of McAfee. Once you've taken that step, you can use one PC to remotely monitor others, and even remotely fix configuration problems. Mac and mobile support is the same across all of the McAfee product line. Mac support is little more than antivirus, firewall, and WebAdvisor.

There's no antivirus under iOS, but you can do things like locate and wipe the device, back up contacts, and capture a photo of someone who found or stole your phone. On Android, you get a full-featured security utility with antivirus, app ratings, anti-theft, call and text filtering, and more.

And once again, there's no limit on how many devices you can add. Other shared bonus features include the QuickClean tune-up tool, a vulnerability scanner, and a secure deletion file shredder. You can also access a number of security-related online resources directly from the program. See How We Test Security Software True Key Password ManagerWith your McAfee subscription you also get a license for the True Key password manager. Read my review for a full description of this password manager and its unusual collection of authentication options. True Key's biggest claim to fame is its comprehensive multifactor authentication choices.
It does support the expected strong master password, but you have many other options. You can have it send an email each time you log in.

Clicking a link in the email allows login to proceed. More conveniently, you can associate a mobile device with True Key, and authenticate by swiping a notification. Even better, if you're using a device with a camera, you can authenticate using facial recognition, and if a finger print reader is available, you can add that, too.
If you worry that James Bond might spoof facial recognition with a photo of you, just enable enhanced facial recognition, which requires turning your head. Most password managers warn that if you lose your master password, you're hosed; you have to start over.

That's actually good, as it means that the company can't access your data even if subpoenaed.

True Key retains that same zero-knowledge benefit, but doesn't leave you in the lurch if you forget the password.

As long as you've enabled Advanced authentication, which requires a trusted device plus two other factors, you can authenticate using all the other factors and then reset your master password. True Key is a separate download, but getting it installed is easy.

After you run the installer, it adds itself as an extension to Chrome, Firefox, and Internet Explorer.

At this time, it can import passwords stored insecurely in the browsers.
It can also import from LastPass 4.0 Premium and Dashlane 4. As with most password managers, True Key captures credentials as you log in to secure sites and plays back saved credentials as needed.

The first time, it actively walks you through the process. You can also click on tiles for Google, Facebook, PayPal, and so on, entering your credentials directly.

Clicking the TrueKey toolbar icon doesn't bring up a menu the way it does with many other products. Rather, it displays the main True Key window, from which you can launch any of your saved sites. You can save personal details in the Wallet, but True Key doesn't use these to fill web forms.

The main reason to do this is that the Wallet items sync across all your devices.

The same is true of secure notes. Here's a rare feature.
If your PC has a forward-facing camera, you can configure it to unlock your Windows account using True Key's facial recognition.

True Key doesn't have advanced features like secure sharing, automatic password updates, or password inheritance, but it's far ahead of the pack when it comes to multi-factor authentication. Tepid Parental ControlsOne bonus you get by upgrading from McAfee's antivirus to this suite is a parental control system, but it's limited.

For each child's Windows account, you can choose content categories for blocking, set a schedule for Internet use, and view a report of activity for each child or all children.

That's the extent of it. The reviewer's guide for this product notes that parental controls may not work properly in a virtual machine.

That's unusual.
I made a point of testing on a physical system to give it a fair shake. To get started, you set a password, so the kids can't just turn off monitoring.

The configuration window lists all Windows user accounts and invites you to configure parental control for each one that belongs to a child.

As with previous versions, setting up parental control for a child's account that has Administrator privileges triggers a big warning.

And yet, many parents do give older children Administrator accounts, so as to avoid constantly having to jump and supply an admin password any time the child wants to install a new game. Most other parental control systems don't have this limitation. To configure the content filter, you first choose one of five age ranges.

Doing so pre-configures which of the 20 content categories should be blocked. Rather than the usual list with checkboxes, McAfee displays a list of blocked categories and another list of allowed categories, with arrow buttons to move items back and forth between the lists. I couldn't disable the content filter with the three-word network command that neutered parental control in Total Defense Unlimited Internet Security and Alvosecure Parental Control . However, I found quite a few truly raunchy sites that the content filter didn't block. McAfee replaces naughty content in the browser with a warning message that explains why the page was blocked.

For HTTPS sites, or in unsupported browsers, it displays that warning as a popup, leaving the browser to show an error message.

The kids won't get past it by using a secure anonymizing proxy. Note, though, that Check Point ZoneAlarm Extreme Security 2017 goes even further, with the ability to filter content even over an HTTPS connection. In addition to categories, McAfee offers to block sites with "inappropriate images or language" from appearing in child's search results.

A similar feature in Trend Micro Internet Security covered up many such images. However, I couldn't find a single instance where McAfee did anything to block erotic images in search. The time scheduler is as awkward as ever.
It does let you create a weekly grid-style schedule of Internet access, in half-hour increments. Most parental control systems that use a scheduling grid let you block out rectangles on the schedule by dragging.

For example, with one drag you could block from midnight to 6am every day of the week. McAfee's system forces you to drag on just one day at a time.

The grid is so tall that you can only select about seven hours at a time, and it doesn't auto-scroll when you hit the edge.

This feature could be so much easier to use! On the bright side, time-scheduling doesn't rely on the system clock, so the kids can't fool it. The simple parental report lists all domains blocked, along with their categories.
It also logs all attempts to use the Internet when the schedule doesn't allow it. And there you have it.

That's the totality of parental control in this suite.
It's limited, awkward, and not entirely effective.
If you actually need a suite that includes high-end parental control, look to ZoneAlarm, Kaspersky Internet Security, or Norton. Broad-Spectrum Spam FilterWith so many users getting spam filtered by the email provider, the value of local spam filtering is on the decline.

But if you're one of that diminishing group whose email provider doesn't offer spam filtering, a local filter can be essential. McAfee's spam filter integrates with Outlook, Windows Mail, and Windows Live Mail.
In these email clients, it adds a handy toolbar and automatically tosses spam messages in their own folder. You can still use it if you're a fan of Eudora or The Bat!, but you'll have to define a message rule to sift out the spam. McAfee filters spam from POP3 and Exchange email accounts.
It doesn't handle IMAP accounts in your email client the way ZoneAlarm does. However, in an unusual twist, it has the ability to filter webmail accounts directly. Webmail filtering was a pretty amazing feature when first introduced years ago, but these days it's hard to find a webmail provider that doesn't implement its own spam filtering. You can view messages filtered out by this feature right in the application and, if necessary, rescue any valid mail that was misfiled. There are quite a few options for configuring the spam filter.

To start, there are five levels of protection, from Minimal, which allows more spam but doesn't throw away valid mail, to Restricted, which blocks all messages unless the sender is on your Friends list.
I'd advise leaving it set to the default Balanced level. You can define custom spam filtering rules, but I can't imagine why any user would take the time to do this.

The Friends list identifies addresses or domains that should always reach the Inbox. You can manually edit this list, add friends from the email client toolbar, or add all your contacts to the Friends list.

There's also an option to automatically block messages written using character sets for languages you don't speak. Just to see how it works, I set up filtering for the Yahoo mail account I use in testing. When I filled in the address, McAfee automatically selected the correct mail server and port. However, after I entered my password and tried to add the account, McAfee reported that it was the wrong password. In fact, the password was correct, but Yahoo rejected the login and sent me an email warning about an attempt to connect by a "less-secure app." In order to let McAfee do its job, I had to dig into Yahoo settings and enable access by less-secure apps. If you do need spam filtering at the local level, McAfee can handle it. Where many products limit protection to POP3 accounts, McAfee can filter Exchange accounts and even pull spam from your webmail. Minor Performance HitDuring my extensive testing, I didn't get any feeing that McAfee was slowing me down.

That's not surprising; these days its uncommon for security suites to exhibit a noticeable performance impact. My hands-on test did reveal some actions that took longer with McAfee installed. Most of us don't reboot often—perhaps never except when an update requires it. My boot-time test showed just a 3 percent increase in the time from the start of boot until the system was ready for use, so if you do have to reboot, you'll hardly notice McAfee's presence. Performance Results Chart Given that the new Real Protect real-time antivirus scans files when they try to execute, not on just any file access, I expected minimal impact in my file move and copy test.

This test repeatedly times a script that moves and copies a mammoth collection of various-sized files between drives.
I was surprised to see a 44 percent increase in the time required for this test. On the bright side, another test that zips and unzips the same file collection didn't have any measurable impact. While there's some variation in the results of this test, a couple products come out on top. Webroot and Trend Micro exhibited almost no slowdown in the performance test. Stuck in the Middle With YouFor $20 per year more than McAfee's antivirus, McAfee Internet Security gives you innovative password management along with parental control and antispam features that you may not even need.

Everything else—firewall, remote management, support for macOS, iOS, and Android, and more—is present in the antivirus.

For another $10 you could upgrade to McAfee's top-of-the-line suite.

This suite remains stuck in the middle, with no compelling reason to buy it rather than one of McAfee's other products. Other than the cross-platform bonus, this suite is comparable to Bitdefender Internet Security 2016 and Kaspersky Internet Security.

These two suites earn fantastic scores from the independent testing labs, their components are capable across the board, and they offer a comparable smorgasbord of bonus features.

They're our Editors' Choice winners for entry-level security suite. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
New Features Added to Managed File Transfer Products Help IT Teams Protect Data When Most VulnerableLondon, UK. 11th October, 2016 – Ipswitch, the leader in easy to try, buy and use IT management software, today announced MOVEit® 2017 – the combined release includes new versions of its industry leading Managed File Transfer products MOVEit® Transfer, MOVEit® Automation and Ipswitch® Analytics.

These new releases significantly enhance the ability of IT teams to ensure the secure exchange of sensitive data with external partners on a global scale, and in compliance with data protection regulations such as HIPAA, PCI and GDPR. Ipswitch MOVEit 2017 In our information-based economy, the daily exchange of data with external organisations has become a core process of businesses across a large number of industries. Healthcare providers and Insurers routinely share Protected Health Information (PHI) between themselves and regulatory agencies. Retailers and Financial institutions transmit payment card data. Organisations in multiple industries routinely exchange Personally Identifiable Information (PII).

All of this data is protected by regulations such as HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), GDPR (the European Union’s General Data Protection Regulation) and others. PHI, PII and payment card data are the target of global cybercriminal activity. MOVEit® helps safeguard that data when it is most vulnerable – in transit, as well as when the data is at rest, with best in class encryption. Ipswitch’s industry leading MOVEit® products help IT teams ensure these exchanges are secure, in compliance with data protection regulations, and automated to reduce IT overhead costs and meet internal and external Service Level Agreements (SLAs). MOVEit Transfer 2017 provides enhanced language support and improvements to its user interface. MOVEit users can now externally transfer files in any language (including support for Japanese and Simplified Chinese) to anywhere in the world securely and in compliance with multiple data protection regulations. MOVEit Automation 2017 includes new features that significantly extend IT team’s ability to automate core data exchange processes at high volumes while continuing to meet SLAs and reduce IT costs.

These include improvements to its state-of-the-art web admin interface, the ability to manage files and resources in any language and SOCKS proxy support for SFTP hosts. Ipswitch Analytics 2017 enables SLA and compliance reporting with new advanced data filters, and enhanced management of security keys, licenses and agents.

Additionally, Ipswitch Analytics provides new agents for Microsoft Exchange that extend IT teams’ visibility to include data transfers that occur through email.

This significantly enhances the organisations ability to assure regulatory compliance by providing first time visibility into an area of increasing concern – ad hoc file transmissions of sensitive data by employees. “With many organisations implementing security policies to restrict manual file transfers, IT teams need a flexible, IT-approved solution that provides the ease-of-use that today’s employees crave combined with the security IT teams demand for protection and compliance,” said Austin O’Malley, Chief Product Officer at Ipswitch. “Thousands of companies in some of the most data-sensitive industries are using MOVEit 2017 to better manage data exchange processes from a central console that is understandable and easy-to-use.” EditionsTo make it easier for IT teams to buy a solution that meets their exact requirements while increasing the value they receive from their investment, MOVEit Transfer 2017 and MOVEit Automation 2017 are offered in Standard, Professional and Premium editions. MOVEit Automation 2017 is also offered in an additional edition, Basic, which is ideal for small businesses. All MOVEit 2017 solutions – MOVEit Transfer, MOVEit Automation, Ipswitch Analytics and Ipswitch Gateway – are combined in the comprehensive MOVEit Complete package, which simplifies IT teams’ Managed File Transfer needs in Standard, Professional and Premium editions as well. MOVEit has been reliably and predictably transferring files for thousands of customers and millions of users across several vertical industries – including banking, financial services, insurance, healthcare and retail.

To learn more about MOVEit 2017, visit https://www.ipswitch.com/secure-information-and-file-transfer/moveit-mft-complete. END About IpswitchToday’s hard-working IT teams are relied upon to manage increasing complexity and deliver near-zero downtime.
Ipswitch IT and network management software helps them succeed by enabling secure control of business transactions, applications and infrastructure.
Ipswitch software is powerful, flexible and easy to try, buy and use.

The company’s software helps teams shine by delivering 24/7 performance and security across cloud, virtual and network environments.
Ipswitch Unified Infrastructure and Applications Monitoring software provides end-to-end insight, is extremely flexible and simple to deploy.

The company’s Information Security and Managed File Transfer solutions enable secure, automated and compliant business transactions and file transfers for millions of users.
Ipswitch powers more than 150,000 networks spanning 168 countries, and is based in Lexington, Mass., with offices throughout the U.S., Europe, Asia and Latin America.

For more information, please visit http://www.ipswitch.com/, or connect with us on LinkedIn and Twitter. Media Contact:Rebecca Orr or Richard WolfeTOUCHDOWNPROffice: +44 (0) 1252 717 040ipswitch@touchdownpr.com
One of Windows 10's biggest internal changes is support for management and security APIs à la enterprise mobile management (EMM).
It uses APIs similar to those in iOS, Android, and MacOS.

But Windows 10's EMM policies are limited compared to what traditional Windows management tools can do.

Thus, a lot of what IT does to manage PCs today can't be done in Windows 10 via EMM, such as set up kiosk mode or enable local encryption.
Instead, old-school tools like System Center Configuration Manager (SCCM) must be used instead. EMM provider MobileIron has an answer: MobileIron Bridge, an add-on to its EMM tools that lets IT apply their familiar -- and often extensive -- group policy objects (GPOs) to Windows 10 PCs managed via EMM. Applying GPOs via EMM lets IT manage Windows 10 PCs using both legacy and modern techniques from one console (MobileIron's EMM), filling in the API gaps Windows 10 currently has. Some vendors let IT install listener apps on PCs to locally apply some GPOs, a technique that could be used with traditional Windows 10 tools in parallel with an EMM tool.

But MobileIron is the first to provide GPO support directly via EMM -- there's no local client app to install, and all the GPO settings go through the same channel as the other EMM policies. MobileIron Bridge's support of GPOs is done by supporting PowerShell, VBScript, and registry scripts.
IT can take existing scripts, as well as create new ones, and bundle them into policies that MobileIron Bridge then deploys like any EMM policy.  For example, Windows 10's EMM APIs can detect a PC where BitLocker encryption is disabled, rendering the PC noncompliant with corporate security policy.

But those APIs can't be used to enable BitLocker. With MobileIron Bridge, PowerShell-driven GPOs can be used to enable BitLocker remotely, so IT can detect noncompliant PCs, then turn them compliant -- all remotely. MobileIron Bridge lets IT run bundled scripts to implement group policy objects and other system management commands on Windows 10 PCs managed via EMM. Here, BitLocker encryption is enabled on a noncompliant PC. As another example, MobileIron Bridge can be used to run scripts to set up kiosk mode on Windows 10 PCs, which essentially locks a specified user to specified apps and can seal off their data from that of other people using the same PC.

A retailer might use kiosk mode for a shared Windows laptop or tablet, giving each employee a separate kiosk account and retiring the accounts as employees leave. Another scenario that MobileIron Bridge supports is setting up multiple user accounts on a PC, such as one used by contractors, for job-sharers, across shifts involving different departments in a "hoteling" workplace, or even by employees working from home on a personal PC. Working in concert with Azure Active Directory, IT can use MobileIron Bridge to remotely set up the multiple accounts, determine which accounts can share data with each other, and which accounts run in kiosk mode, then retire accounts as users leave. MobileIron Bridge also lets IT install .exe apps onto Windows 10 PCs; Microsoft's EMM APIs support installation only of .msi and .appx software, which means most legacy apps aren't supported for remote, policy-based installation. MobileIron comes with a graphical interface to install such .exe apps, but it also can install other binaries using a command-line interface, again using scripts as it does for GPO deployment. MobileIron Bridge can install legacy .exe apps onto Windows 10 PCs via EMM policies; example apps are highlighted here. Ojas Rege, MobileIron's chief strategy officer, notes that when iPhones entered the enterprise in the late 2000s, IT couldn't reuse any of the many policies they had painstakingly set up in BlackBerry Enterprise Service for their BlackBerrys.

Thus, they had to start from scratch. MobileIron Bridge's GPO support gives an IT an easier path to transition Windows 10 PCs from traditional management approaches to the EMM one used on other devices, he says. However, Rege suggests that IT shops not deploy all their existing GPOs as is on Windows 10 PCs; they should use the EMM transition to evaluate what policies they still really need -- BlackBerry shops soon realized they didn't need all 450 BES policies, for example -- and deploy those in a staged approach. "It should be done with a change-management process," he says. MobileIron Bridge will support Windows 10 Professional and Enterprise Editions, though some supported Windows 10 capabilities such as kiosk mode require the Enterprise Edition. Licenses will cost $3 per PC.
It's now in prerelease at some customers, and the company hopes to make it generally available by January 2017.
EnlargeSAUL LOEB & ROBYN BECK AFP/Getty Images / Aurich Campaign 2016 FCC official: “Something’s not right” with Wi-Fi at Monday’s debate Trump: “The security aspect of cyber is very, very tough” Journalists must fork over $200 for Wi-Fi at presidential debate Trump takes on “Crooked Hillary” with Snapchat geofilter View more storiesreader comments 10 Share this story The 2016 presidential election is likely to have a major impact on how the US government tries to expand broadband deployment and how it regulates Internet service providers.

But while we have a pretty good idea of how a President Hillary Clinton would approach the broadband industry, there’s very little to go on when predicting broadband policy under a President Donald Trump. Clinton’s technology plan includes several initiatives designed to “deliver high-speed broadband to all Americans,” and it promises to defend network neutrality rules that prevent ISPs from discriminating against online services.

There are questions about how Clinton would implement the plan and whether it's aggressive enough to achieve 100 percent broadband deployment, and her campaign has declined to provide more specifics.

But the mere fact that Clinton has outlined some clear broadband goals sets the Democratic nominee apart from the other candidates. Republican nominee Donald Trump doesn’t seem to have any plan for increasing access to broadband, and there are indications that he would not support new consumer protection regulations. He weighed in on net neutrality, but only in a November 2014 tweet: Obama’s attack on the internet is another top down power grab. Net neutrality is the Fairness Doctrine. Will target conservative media. — Donald J.

Trump (@realDonaldTrump) November 12, 2014 The Information Technology & Innovation Foundation (ITIF), a public policy think tank, recently analyzed Clinton’s and Trump’s positions on technology.

There were six broadband and telecommunications policy categories, and for five of them Trump was listed as having “no position” or having made no comment.

Trump had no position on wireless spectrum and 5G; a Communications Act update; broadband and telecom subsidies; broadband adoption and digital literacy; and broadband competition and public-private partnerships. Net neutrality was the one category where Trump had a position, but only because of the two-year-old tweet. Besides "that one tweet from 2014 on net neutrality, it's pretty much radio silence from the Trump camp," ITIF telecommunications policy analyst Doug Brake told Ars. Trump has finally just hired an aide to help him develop a telecom plan, Politico reported Friday.

The aide, Jeffrey Eisenach of the American Enterprise Institute, is described by Politico as "a crusader against regulation" and is a staunch opponent of net neutrality rules.

Eisenach's appointment suggests Trump might pursue a deregulatory telecommunications agenda, but the candidate still isn't talking publicly about specific policies. Brake didn’t endorse either candidate, but he said that when it comes to broadband, “Clinton at least has a plan. You can quibble with some of the details in it, but she has clearly thought hard about what the government’s role should be in promoting innovation and has policies that will work to promote innovation throughout the economy.” The ITIF describes itself as nonpartisan, but the group prefers a more conservative approach to telecommunications policy than the one chartered under President Obama and current FCC Chairman Tom Wheeler. Libertarian Party nominee Gary Johnson has opposed net neutrality rules and Internet regulation in general, while Green Party nominee Jill Stein supports net neutrality rules.
Stein has called for universal broadband access—but she also claimed that wireless Internet signals can damage children’s brains despite a lack of scientific evidence to support such concerns. None of the four candidates has responded to our repeated requests for more details.
So with the clock ticking toward November 8, we’ll have to settle for examining their public statements. The Clinton broadband plan Clinton’s tech agenda describes the nation’s broadband problems as follows: “Millions of American households, particularly in rural areas, still lack access to any fixed broadband provider, around 30 percent of households across America have not adopted broadband (with much higher levels in low-income communities), and American consumers pay more for high-speed plans than consumers in some other advanced nations.” Enlarge / Democratic nominee Hillary Clinton. Clinton campaign Clinton cited research from the FCC, which defines broadband as Internet access with speeds of at least 25Mbps downstream and 3Mbps upstream, but she is flexible on what speeds the nation should strive for.

By 2020, she wants 100 percent of American households to have the option of buying affordable broadband at “speeds sufficient to meet families’ needs.” This wouldn’t necessarily involve stringing fiber wires to every home.

Clinton wants federal agencies to consider fiber, fixed wireless, and satellite technologies for bringing broadband to unserved areas. Here are some of her proposals: Continue investments in the Connect America Fund, the Rural Utilities Service program, the Broadband Technology Opportunities Program (BTOP), and Lifeline. Use Lifeline to help people learn how to use the Internet and expand access to cheap devices. Create a competitive grant program encouraging local governments to reduce regulatory barriers to private investment; promote “dig once” programs that install fiber or fiber conduit during road construction projects; and develop public-private partnerships. Expand federal funding to bring free Wi-Fi and high-speed Internet to “recreation centers, public buildings like one-stop career centers, and transportation infrastructure such as train stations, airports, and mass transit systems.” Accelerate 5G cellular deployment and other wireless advances by reallocating and repurposing spectrum, and use federal research funding for “Internet of Things” test beds and field trials. Encourage state and local governments to relax rules that protect incumbents from new competitors, such as “local rules governing utility-pole access that restrain additional fiber and small cell broadband deployment.” Push federal agencies to identify anticompetitive practices “such as tying arrangements, price fixing, and exclusionary conduct,” and refer potential violations of antitrust law to the Department of Justice and Federal Trade Commission. (This proposal isn’t specific to broadband but could have an impact on ISPs.) Separately, Clinton pledged to defend the FCC’s net neutrality rules in court and continue to enforce them.
She also supports the FCC's related decision under Wheeler to reclassify ISPs as common carriers under Title II of the Communications Act; Title II, while controversial, is the legal mechanism used to enforce the net neutrality rules. Clinton’s plan leaves out some of the specifics that will be needed to achieve her goals, and the plan proactively takes credit for 5G development that is likely to happen regardless of who wins the presidency.

But that doesn’t seem to bother Harold Feld, senior VP of Public Knowledge, a consumer advocacy group that generally supports Wheeler’s broadband deployment and net neutrality policies. “This is not the blueprint, this is the promise,” Feld said. “Once they get in, they're still going to have to do the blueprint, and that's when we'll see if they'll swing for the bleachers or just try to play it safe.” As a campaign platform, what Clinton has proposed is “very good,” he said. 100 percent deployment probably won’t happen, but setting the goal at 100 percent makes it more likely that she’ll get to 95 percent or so, Feld said. “The thing that worries me is this is a very incremental approach,” Feld said of Clinton’s plan. “It builds on what's out there now, it generally solidifies around basic points of agreement.” For example, Clinton hasn’t talked about whether the FCC should crack down on Internet data caps, but “those are not the kinds of things you put in a campaign platform,” Feld said. A Clinton FCC seems likely to continue on a path similar to the one taken by Obama and Wheeler. Yet she is getting support from the same telecom industry that bitterly opposed Wheeler’s net neutrality plan and many of his other initiatives. Telecom services and equipment companies donated $640,247 to Clinton this year, while giving just $19,319 to Trump, according to the Center for Responsive Politics. Clinton also won an endorsement from Jim Cicconi, a longtime GOP supporter and senior executive VP at AT&T—a company that sued the FCC to stop the net neutrality rules. “This year I think it’s vital to put our country’s well being ahead of party,” Cicconi said, according to The Wall Street Journal. “Hillary Clinton is experienced, qualified, and will make a fine president.

The alternative, I fear, would set our nation on a very dark path.” Brake said he is hopeful that Clinton would take a more “pragmatic” approach than Wheeler.

Though Clinton supported Wheeler’s Title II net neutrality plan, Brake pointed to an interview Clinton gave last year in which she said net neutrality rules could alternatively have been imposed through an update of the Communications Act. That statement “indicates to me that she gets that Title II isn't something to be desired in and of itself,” Brake said.
It’s thus probably unlikely that a Clinton FCC would be more liberal than an Obama one, making things like network unbundling a long shot, Brake said. Trump's (lack of a) plan Trump, on the other hand, is a total wild card. He would like the FCC to fine journalists who are critical of him. Beyond that, there's little indication of how the FCC would operate if he’s elected, though not much would get done initially, as he has promised “a temporary moratorium on new agency regulations.” Though he did take a position on net neutrality back in 2014, it isn't an issue Trump continued talking about.

A lot has happened in net neutrality since Trump initially weighed in—the FCC passed its rules in February 2015 and defeated a broadband industry lawsuit this year. Even in a private, off-the-record meeting with tech industry groups, "Trump's team made clear it did not expect to craft a full, new tech platform," Politico reported, citing sources who attended the meeting. "But the GOP candidate's aides urged the industry to submit their recommendations for potential federal agency appointments—as well as regulations they'd like to see shredded if Trump is elected president, the sources said." “Clinton at least has a plan” for the broadband industry, Feld said. “Whether you think it’s a detailed enough plan, at least she understands the issue here and has a plan.

Trump’s plan is basically, 'if we wish hard enough for the things people like, we'll get them.'” Republican nominee Donald Trump. Trump campaign. Much would depend on who Trump nominates to lead the FCC.

A Republican president might be expected to consider the FCC’s current Republicans, Ajit Pai and Michael O’Rielly, who have opposed most of Wheeler’s major initiatives.

But it’s difficult to even make a guess on what industry a Trump FCC chairperson would come from. “If he pulls somebody from Silicon Valley to do this, it’s going to be very different than if he pulls someone from the cable or telco world,” Feld said.

But, again, it’s not clear what kind of chairperson Trump would prefer. “That means you really just can’t tell because I don’t think he's going to involve himself in any of the details,” Feld said. If Eisenach becomes FCC chairman or plays a big role in determining Trump policies, Feld said the agenda would be "voraciously pro-corporate and anti-consumer," representing "bad news for competition, and bad news for consumers." (We were unable to get an interview with Eisenach.) Trump may have developed relationships with broadband industry executives and lawyers when he was a reality TV show star, so perhaps he would nominate someone from the broadcast industry. “It’s total speculation, but he could go with an existing Republican commissioner or some random lawyer that he's worked with before,” Brake said. “It seems a total possibility that he could pick a random friend that he's worked with before. Who knows.” As for Eisenach, Brake said he is "a well-known champion of light-touch regulation in telecom." Wheeler’s five-year term technically extends into 2018, but FCC chairs usually leave their post the same year a new president takes office. Wheeler would thus likely move on in the months after the January 2017 inauguration. Wheeler has not disclosed his plans, which seem to hinge on the election's outcome.

A Bloomberg report said he intends to stay until the middle of 2017 if Clinton is elected.

That isn’t an unusual timeline, but it wouldn’t be surprising to see Wheeler leave earlier than that if Trump wins. Party changes in the White House tend to be followed by quick exits for FCC chairs, and, during a recent Congressional hearing, Wheeler himself hinted that he might leave quickly if Trump wins. Speculation about who Clinton might nominate as FCC chairperson has included Susan Ness, a former FCC commissioner and one of Clinton’s biggest fundraisers; and Karen Kornbluh, a Nielsen executive and former US ambassador to the Organisation for Economic Co-operation and Development, according to Politico. Feld said Clinton’s choice of FCC chair might depend on her other appointments.

For example, if Clinton wins the presidency and appoints a moderate to head up the Justice Department’s antitrust division, she might face pressure to make a more liberal appointment to the FCC, he said.

That could work the other way, too.
If Clinton appoints a vigorous antitrust enforcer at the DOJ, she might choose someone more moderate for the FCC, Feld speculated. “Unlike Trump, where you can't tell what’s going to happen because he doesn’t care about the details, with Clinton you can’t tell what’s going to happen because she will care enormously about the details,” Feld said. Green Party and Libertarian candidates Just like Clinton and Trump, the campaigns of Stein and Johnson did not answer our questions about their broadband and net neutrality policies. Stein’s platform vows to “protect the free Internet,” and she has called broadband Internet access a “human right.” But she doesn’t seem to offer a plan for making broadband deployment universal.
She's also skeptical about the use of Wi-Fi and cell phones. Access to information is a right, not a commodity.

The Internet is a public asset we must defend from corporate stranglehold. #NetNeutrality — Dr. Jill Stein (@DrJillStein) June 14, 2016 At a campaign event this year, Stein was asked about health effects of wireless Internet in schools.
She responded, “we should not be subjecting kids’ brains, especially, to that. We don’t follow that issue in this country, but in Europe, where they do, they have good precautions around wireless, maybe not good enough.
It’s very hard to study this stuff. We make guinea pigs out of whole populations and then we discover how many die.” Enlarge / Green Party candidate Jill Stein. Stein campaign. In a Q&A on her website, Stein denied that her concern about Wi-Fi undermines the Green Party’s call to make broadband access a taxpayer-funded utility. Feld said that “it is difficult for me to be objective about Jill Stein in that she basically treats the tremendous amount of advocacy that I and others have done on wireless and Wi-Fi in schools as being a crime against public health.
I do not see how you can manage a modern FCC when you essentially apply the same principles of pseudo-science to wireless that the anti-vaxxer crowd applies to vaccines.” Johnson’s platform doesn’t include a plan for accelerating broadband deployment, but he and other Libertarians generally prefer free market solutions instead of government intervention. His platform has a section on preserving “Internet freedom and security” that objects to regulation of the Internet in general, with an emphasis on privacy rights. “There is nothing wrong with the Internet that I want the government to fix,” Johnson said. Johnson opposes attempts to increase the government’s ability to monitor private information, saying that we shouldn’t be “throwing away our right to privacy” in order to boost security. Enlarge / Libertarian nominee Gary Johnson. Johnson campaign. Johnson’s platform doesn’t specifically address net neutrality, but he has spoken about his opposition to network neutrality rules in years past. With “net neutrality, the notion is that it’s going to create a freer environment when the reality is… is there really an issue now?" Johnson said during a Q&A in 2011. "And if you get government involved in getting its nose in the tent isn’t this ultimately gonna make things a lot worse and cost us a lot more than just doing nothing? So all of my free market friends, all of my computer-savvy people that are advising me, say that net neutrality is anything but.

All of what's it supposed to accomplish that actually by supporting it you’re creating the opposite." The modern, controversial FCC The FCC under the Obama administration has taken on a much greater public prominence, which peaked during the net neutrality debate that inspired 4 million public comments.

Tom Wheeler has been the subject of John Oliver skits and been called to testify at many contentious Congressional hearings led by Republicans who want the FCC to impose fewer regulations on Internet providers. Whoever wins the presidency and has to choose the next FCC chair will face a highly scrutinized decision.

A conservative nominee would draw outrage from consumer advocates who pushed for strong net neutrality rules, while a liberal choice could face plenty of criticism, especially if the Senate (which confirms nominees) remains in Republican hands. Already, the Senate is refusing to extend the term of Democratic Commissioner Jessica Rosenworcel unless Wheeler promises to step down after the election. “After the net neutrality decision there was no doubt, there is going to be a lot of scrutiny of who the next choice of FCC chair is going to be,” Feld said. “The FCC has achieved a lot of visibility, and not just from the left but from the right.”
Two CAs get new bosses, operations to be split After being pinged by Mozilla for issuing backdated SHA-1 certificates, Chinese certificate authority WoSign's owner has put the cleaners through the management of WoSign and StartCom. Mozilla put WoSign and StartCom on notice at the end of September. As part of its response, the company has posted around 200,000 certificates with the Google transparency log server as well as on its own CT log server, covering everything issued in 2015 and 2016, with a promise to expand that to “all certificates past and present”. In this discussion thread, Bugzilla lead developer Gervase Markham explains that people from WoSign's majority shareholder Qihoo 360 and StartCom met with Mozilla representatives last Tuesday in London. WoSign's full response is here (PDF).
In it, as summarised in the mailing list discussion by StartCom founder Eddy Nigg, the company promises to: Separate the WoSign and StartCom businesses, so StartCom will report directly to Qihoo 360; Qihoo 360's chief security officer Xiaosheng Tan will be appointed chairman of StartCom, StartCom Europe's general manager Inigo Barreira is elevated to CEO of the company, and WoSign CEO Richard Wang has been relieved of his duties; The two certificate authorities' teams, operations and infrastructure will be separated, Qihoo 360 personnel will review the code base in an internal audit, and StartCom will submit its systems for an external audit; and StartCom will prepare and publish a separate “near term change plan. Qihoo 360 is taking the issue of backdated SHA-1 certs, in January 2016, as the most serious violation, and the reason for the executive re-organisation. The incident report states: “Wosign is in process of making legal and personnel changes in both WoSign and StartCom to ensure that both WoSign and StartCom have leadership that understand and follow the standards of running a CA”. The incident report lists more than 60 backdated certificates, including the one issued to Australian-headquartered payments processor Tyro (The Register has previously contacted Tyro for comment, but received no response). The Qihoo 360 incident report says SHA-1 certificates with a validity beyond January 2017 were issued because of delays to the systems upgrade it was undertaking to implement SHA-1 deprecation. Customers holding an SHA-1 certificate will be offered free revocation and an upgrade to SHA-2. The company puts other certificate issuance errors down to a variety of system bugs and, in the case of certificates for Alibaba's alicdn.com that opened a middleman vulnerability, a lack of human validation for important customers. Mozilla will now decide whether Qihoo 360's intervention brings it back into compliance with its certificate rules.

After that, the company will also have to convince Apple to rescind its decision not to trust its certificates. ®