3.1 C
Sunday, November 19, 2017
Home Tags 2017

Tag: 2017

Banks and financial markets are adopting blockchain distributed database software for their payments and lending services at a pace faster than once expected, according to a survey of 400 such businesses globally. Blockchain software is the basis of bi...

Bitdefender Antivirus Plus 2017

All an antivirus product really has to do is wipe out any malicious software that's present on your computer and prevent future infestation by viruses, Trojans, ransomware, and other types of malware.

Bitdefender Antivirus Plus 2017 goes way beyond these basic functions.

Among its many features are a simple password manager, a secure browser for financial transactions, a secure file shredder, and new active ransomware protection.
It's almost a suite, and it performs its core antivirus tasks very well. A one-year subscription to Bitdefender costs $39.99, which is a very popular price point.

Bitdefender, Kaspersky, and F-Secure, among others, cost almost exactly the same.

For $59.99, you can install Bitdefender on three devices, which is a good deal. Of course, that same price gets you unlimited installations of McAfee AntiVirus Plus. Installation and AppearanceLike Trend Micro and Check Point ZoneAlarm PRO Antivirus + Firewall 2017, Bitdefender's installer downloads the very latest program and virus definition files.

The installer scans for active malware that could derail the installation. You can either activate your installation with a license key or select a fully functional 30-day free trial.

And you must create or log in to your account at Bitdefender Central online, to connect this installation to the account. Note that you can only associate one level of Bitdefender protection with a single account.
If you want to have the straight antivirus on some systems and the security suite on others, you must create two accounts. Over the last several years, each new Bitdefender version changed its appearance a little bit. With the 2017 edition, the main window went through some more radical changes.
It does still use a background in shades of gray, but they're substantially darker.

And it does break down the window into rectangular panels that offer access to security stats and features.

A circled green checkmark still represents safety, though the circles now animate when you open the window. The big change is a new left-rail icon menu with eight selections: Protection, Privacy, Upgrade, Activity, Notifications, Account, Settings, and Help. Protection includes antivirus, Web protection, and vulnerability scan. On the Privacy tab, you manage the Safepay secure browser, the file shredder, and the password manager.

Each of these offers a Modules view that gives you finer control.
I like the changes.
It's easier to find any given feature now. As always, Bitdefender comes preconfigured to use Autopilot mode.
In this mode, it takes care of business without hassling you.

Are you being targeted by a malware attack? Bitdefender handles it silently.

This is great for most users, but for testing purposes I frequently had to turn it off.
If you reach into the settings and start making changes, perhaps turning on Paranoid Mode, you'll get a notification that you've turned Autopilot off. Bitdefender has the option, turned off by default, to automatically change its configuration depending on what you're doing. You can also manually select any of the five configuration profiles: Work, Movie, Game, Public Wi-Fi, and Battery Mode. My stripped-down test systems aren't really conducive to testing the automatic mode selection, but I like the idea. Lovely Lab ResultsBitdefender doesn't pay for certification by ICSA Labs or West Coast Labs, but four of the five testing labs I follow include it in their testing.
In Virus Bulletin's RAP (Reactive and Proactive) test, it scored 81.08 percent, a bit of a drop from last year's score of 93.64 percent.

This current score is a hair below the average score for products I follow, 81.76 percent.

TrustPort Antivirus holds the best score at present, with 88.43 percent. The researchers at AV-Comparatives perform a broad array of tests on antivirus utilities and other security products.
I follow five of these closely.

A product that passes one of these tests earns Standard certification.

Those that do more than the minimum, or much more, earn Advanced or Advanced+ certification.

Bitdefender took Advanced+ in all five of these tests, as did Kaspersky. AV-Test Institute reports on three aspects of antivirus utilities, protection against malware, low performance impact, and low false positives.

A product can earn six points in each aspect, for a maximum of 18 points.

Bit defender lost a half-point in protection and another half-point for false positives.
Its total score of 17 points is impressive, but Kaspersky managed a perfect 18.

AVG, Norton, and Trend Micro came close, with 17.5 points. This year I added a pair of tests by MRG-Effitas to my collection. One focuses specifically on financial malware, while the other attempts to cover the whole range.

A product can earn full or partial credit in the financial test; few receive full credit.

The full-range test offers level 1 certification for products that completely prevent infection by every sample, and level 2 certification for those that initially let some samples past but remediate the damage before the next reboot.
It's all or nothing, and most products fail. My contacts at several vendors, Trend Micro in particular, urged me to treat this pass-fail test differently.
Starting with this review, I've done so, giving the MRG test significantly less weight. With the new calculation, Trend Micro's aggregate score rose to 8.5, which I'm sure they'll like.

The same calculation gives 9.2 points to Bitdefender. Kaspersky, previously burdened by one second-rate score from this lab, now has a perfect 10 points for its aggregate score. Very Good Malware BlockingA full scan of my standard clean test system took 58 minutes, a good bit longer than the average time for recent products, which is 44 minutes.

A second scan completed in half the time, which is good. However, a number of other products avoid rescanning unchanged files, making a repeat scan ridiculously fast.

F-Secure Anti-Virus 2016 took two minutes for a repeat scan, and AVG did it in under a minute. Of course, once you've performed that initial scan, most of your antivirus tool's job involves preventing infestation, not removing it. Bitdefender's score in my own hands-on malware blocking test was good, but not on par with the scores it earned from the labs. When there's a discrepancy, I give significantly more weight to the lab results. My hands-on test still gives me needed experience with the product. This test starts when I open the folder containing my samples.
In most cases, the minuscule access that occurs when Windows Explorer reads the file's name, size, and so on is enough to trigger an on-access scan.

At first, I thought Bitdefender must be one of those that waits for a more significant access, like trying to launch the file.
I didn't see any notification that it caught malware.

But then I realized—it's on Autopilot! Looking closely, I saw that it wiped out just over 60 percent of the samples immediately. Before continuing to the next phase, launching the surviving samples, I turned off Autopilot so I'd get notification of the antivirus's activities.

Bitdefender caught most of the survivors at launch, or shortly after launch.
Its detection rate of 90 percent and overall score of 8.7 are both good, but others have done better. Norton and Trend Micro both earned 9.7 points, and Webroot SecureAnywhere AntiVirus managed a perfect 10 of 10. It takes ages for me to collect and analyze a new set of malware samples, so I use the same set for a whole season. My malicious URL blocking test, by contrast, uses URLs discovered by MRG-Effitas no more than one day earlier.
I launch each URL and record whether the antivirus blocked the browser's access to the dangerous URL, wiped out the malicious executable during download, or sat around like a lump doing nothing. Bitdefender passed this test with flying colors, blocking 90 percent of the samples, almost all of them at the URL level.

Few products have done better, though Avira Antivirus Pro 2016 displayed a 99 percent protection rate and Norton managed 98 percent. Antiphishing ExcellencePhishing websites don't need fancy scripts or drive-by downloads.

They simply imitate PayPal, Facebook, Yahoo mail, your bank…just about any kind of secure site.
If you take the bait and enter your password, you're totally hosed.

The fraudsters have full access to your account. My antiphishing test uses freshly reported frauds, URLs too new to have been analyzed and put on the blacklist.

That's important, because phishing websites are ephemeral, lasting only a few days, or even a few hours.

By the time they get blacklisted, the fraudsters have pulled out and set up a new site. I launch each URL in five browsers.

Three of them just use the protection built into Chrome, Firefox, and Internet Explorer. One relies on Symantec Norton AntiVirus Basic, which for years has displayed excellent protection against phishing.

And of course one uses the product currently under test. Because the samples are different every time, I report the difference in protection rate between the product and the other four browsers rather than the raw score.
Very few antiphishing tools outscore Norton. More than half of recent products couldn't even beat two or more of the browser built-ins. As for Bitdefender, it has scored close to or better than Norton for a number of tests in a row.

This time it zoomed to the top, beating Norton's detection rate by a full five percentage points, and thoroughly trouncing all three browsers.

That puts it ahead of Kaspersky Anti-Virus and Webroot, the only other recent products to catch more phish than Norton, and of ZoneAlarm, which tied Norton. Fraud DetectionBitdefender's protection against fraudulent websites doesn't stop with antiphishing. Like Norton, Trend Micro, and many others, it marks up links in popular search and social media sites.

But where this feature typically just identifies sites as safe, iffy, or dangerous, Bitdefender goes into great details. Most links will get the green all-clear icon, but there are more than a dozen other icons detailing very specific dangers.
It very specifically calls out such things as escrow scams, online dating scams, pay-per-click websites, and piracy sites, along with malware-hosting sites and phishing sites.

Don't worry; you don't have to memorize all of the icons. Just click the icon for a popup explanation, and click the popup for a page explaining all of the icons. Vulnerability ScanYou read about security breaches at major companies every week, and quite often these breaches take place because somebody, somewhere failed to install a security patch. We recommend setting Windows Update to always install critical updates, but you also need to keep your browsers and other sensitive applications up to date. Bitdefender's vulnerability scan looks for missing Windows updates and for outdated browsers and other tools such as Java.
It also flags weak Windows account passwords and, if the system supports Wi-Fi, insecure Wi-Fi networks. On my test system, it found updates for Firefox and Java, and suggested I change all of the Windows account passwords. See How We Test Security Software Ransomware ProtectionLike Panda Internet Security 2016's Data Shield component, Ransomware protection in Bitdefender lets you define one or more folders whose contents should be protected against unauthorized modification.
It's preconfigured to protect the Documents and Pictures folders for each user account, and you can add more folders for protection.

Trend Micro Antivirus+ Security has a similar feature, but it protects just one folder (and its subfolders). With Trend Micro, turning off the real-time antivirus also turns off ransomware protection, so I couldn't test with real ransomware.

Bitdefender's configuration is more flexible, allowing me to turn antivirus off while leaving ransomware protection running.

That permitted me to launch a ransomware sample and observe the protection.

The first thing my ransomware sample does is copy an executable file to the Documents folder, launch that new file, and delete itself.

Bitdefender cut off that behavior, and thereby prevented the entire ransomware attack. I also tried editing a file in the Documents folder using an unknown text editor, one that I wrote myself.

As with Trend Micro, the ransomware protection blocked my attempt to save the edited file until I clicked the button to allow access. Panda's Data Shield goes even further, optionally blocking unauthorized programs from even reading files in your protected folders.

But Panda Antivirus Pro 2016 doesn't have this feature, just the security suite. What's in Your WalletOver the years, Bitdefender's Wallet feature has evolved into a complete, if basic, password manager.
Its feature set is on par with Trend Micro Password Manager 3.7, but it's not available as a separate purchase. Wallet exists as an extension in Chrome, Internet Explorer, and Firefox. You can create multiple wallets, perhaps for different users of the family PC. When you create a wallet, you must give it a strong master password, something you can remember, but that nobody else would guess. You can choose whether or not to sync this wallet across multiple Bitdefender installations. At creation time, a new wallet can siphon off passwords stored insecurely in your browsers. However, it doesn't remove them from the browsers or disable future password capture, the way Trend Micro does.

There's no option to import passwords from other competing programs. When you log in to a secure site, Bitdefender captures your credentials and pops up a transient notification that it did so.

Clicking the notification lets you edit the just-saved site, but you can't give it a friendly display name or assign it to a folder or category. When you return to a site, Bitdefender fills in your credentials.

Even easier, you can select the site from the browser extension's menu to both navigate there and log in. Like Trend Micro, Bitdefender doesn't handle non-standard login pages. You can manually add website login details, if you wish. You can also add application passwords, though the password manager won't fill them in for you. When you're signing up for a new account or replacing a bad password on an old one, use the password generator to create something random. You don't have to remember it, after all.

The password generator defaults to a respectable 15 characters, but only uses letters and digits by default. Please check the box to enable use of special characters, as it will improve your password security. You can create one or more identity profiles for use in filling Web forms.

Each profile includes personal, address, email, and telephone data, with just one instance of each field.

There's also a separate option to create credit card and bank account profiles, but for security these are not synced across multiple devices. When you reach a page that's asking for that personal data, just click the Wallet button and choose the profile you want to use.
If appropriate, choose the credit card separately. In testing, I found that Bitdefender did fill Web form data on most sites, including a few that stymied Trend Micro.
It did miss filling quite a few fields, but every field that it handles is one you don't have to type.

And hey, in last year's test it put the wrong data in many fields.

This is an improvement. Wallet has a few more features. You can use it to store geeky email details, like the server address and port.
If for some reason your laptop doesn't remember for itself, you can record Wi-Fi network details like password and type of encryption. Wallet handles all the basics of password management, and it may well be enough for you. However, if you want advanced features like two-factor authentication, secure credential sharing, and automated password update, you should look at our round up of the best password managers and choose one of those. Bitdefender SafePayIf you're just surfing the web for videos of kittens and fainting goats, any old browser will do.

But if your aim is to log in and make money transfers from your bank, that's a different story. When Bitdefender detects that you're heading for a financial site, it offers to open it in SafePay, a separate, secure desktop with a full-featured, hardened browser that supports multiple tabs and bookmarks. Naturally Wallet is compatible with the SafePay browser.
It allows installation of Flash, but no other extensions are permitted. Processes running in the SafePay desktop are isolated from those on the regular desktop. You can switch back and forth at will.

For protection against even a hardware keylogger, SafePay includes a virtual keyboard.

And it prevents applications from capturing the screen.
I couldn't get a screenshot using Alt+PrtSc; I had to use the virtual machine's internal screen capture feature.
I strongly advise using SafePay for any sensitive online activity. Wi-Fi AdvisorI couldn't actively test the Wi-Fi Security Advisor feature, because the virtual machines I use for testing don't have Wi-Fi.

This tools works one way for public networks, another way for your home network. When you connect to a public network, the advisor checks its security level.
If the network fails the sniff test, the advisor suggests you do all your browsing through the secure SafePay browser. For the network that you designate as home, the advisor checks security and makes recommendations.

For example, if you're using weak encryption, or no encryption, it advises that you use at least WPA2 encryption, and choose a strong password. File ShredderIf you just delete a file, it goes to the Recycle Bin, which is handy for those times you deleted the wrong file. You can also bypass the Recycle Bin for sensitive files, but even if you do, it's often possible to recover the deleted file's data.

For true, unrecoverable deletion, you need a secure deletion utility like Bitdefender's File Shredder component. Some secure deletion utilities, especially those found in encryption tools, let you choose from many different shredding algorithms.

But in truth, overwriting data just once before deletion is enough to foil all but the highest-end forensic recovery tools.

Bitdefender overwrites the data three times, which is plenty. You can open the File Shredder and browse to add files and folders for deletion, or right click a file or folder and choose File Shredder from the Bitdefender submenu.

This tool proved easy to use, though I would have preferred the option to drag files and folders onto it rather than browsing for them. Practically a SuiteThis is a long review, because this is a feature-packed product.

The labs love it, and it did especially well in my own antiphishing and malicious URL blocking tests.

Among its vast array of bonus features are a basic password manager, a secure browser to protect your financial transactions, and a permissions-control monitor to keep ransomware from modifying your important files. Bitdefender shares the Editors' Choice honor with several other commercial antivirus products.

The labs love Kaspersky Anti-Virus even more than they do Bitdefender. McAfee AntiVirus Plus protects all of your devices, on multiple platforms.
Symantec Norton AntiVirus Basic includes advanced intrusion detection and other significant bonus features.

And the journal-and-rollback technique that Webroot SecureAnywhere Antivirus applies to unknown programs should let it prevent damage by even a zero-day Trojan. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
One of the biggest security risks for computer users is their web browser.

According to Microsoft, 90 percent of phishing emails use the browser to initiate attacks, which can then be used to help attackers establish a beachhead inside a company. Microsoft is aiming to better protect users and organizations from the threats that they face with a new feature called Windows Defender Application Guard.
It's designed to isolate Microsoft Edge from the rest of the files and processes running on a user's computer and prevent computer exploits from taking hold. This is a move that could drive greater adoption of Microsoft's browser in the enterprise, at a time when the company is fiercely competing with Google in that space.
Security of company assets is a big problem for enterprises, and Microsoft is offering them another way to help protect their users without requiring those users to be security experts.
Here's how it works: when users navigate to untrusted websites in Edge with the feature enabled, Microsoft's browser launches new sessions that run in virtualized containers on their Windows 10 PCs and tablets. In the event there's malicious code on those sites that tries to deploy on users' machines, it gets deployed into the container, isolated from the operating system and everything else. When users quit their Edge sessions, the container is destroyed, and the malicious code is supposed to go along with it, thereby protecting users from whatever payload they may have been exposed to. According to Rob Lefferts, Microsoft's director of program management for Windows Enterprise and Security, the other key thing about the feature is that the container's isolation is enforced using a secure root of trust that runs on the computer's processor itself.   While Application Guard is a powerful capability, that comes at a cost.

Because the container is destroyed whenever a user quits Edge, any cookies or cached items accumulated during that time go with it.
In other words, even if users check the "Remember Me" button on a website, they'll have to log back in next time they open Edge.
Virtualizing Microsoft's browser will also lead to some loss of performance. IT administrators will be able to set the service up to whitelist certain trusted sites which will run in a traditional, non-containerized form, so users can get the same sort of browsing experience they're used to from those sites. Lefferts cautioned that the feature won't be right for every organization, or even every employee. "It is really [for] environments that want to run locked-down browsers," he said in an interview. "Finance organizations, healthcare organizations, a whole slew of military organizations that I talk to." Microsoft is still in the process of building the feature, and will be rolling it out to Windows Insiders in the coming months.

The company expects Windows Defender Application Guard to be generally available some time in 2017, for organizations that are subscribed to the Windows 10 Enterprise E3 and E5 plans. That means there are still some questions left unanswered about what Windows 10 Application Guard will mean for users.

For example, the company isn't saying yet what sort of impact running Edge in a container will have on its performance. Lefferts said that the company is still working on getting the performance right, and wants to make both the Edge startup experience and the browsing experience feel good to users. Looking forward, Microsoft may make the same containerization technology available to other applications, Matt Barlow, the corporate vice president for Windows Marketing, said during a press conference.

But right now, the company is working to ship the first version of the feature. Windows Defender Application Guard is one of a number of security-focused announcements that the company made at its Ignite conference in Atlanta, Georgia on Monday.
It also announced that Windows Defender Advanced Threat Protection and Office 365 Advanced Threat Protection will share intelligence across both services to provide IT administrators with an easier way to manage threats.   The company is also releasing a new Secure Productive Enterprise service, which gives companies an easy way to buy a suite of its advanced security capabilities across Office, Windows and its Enterprise Mobility + Security suite.
Writing secure applications doesn't mean simply checking the code you've written to make sure there are no logic errors or coding mistakes.

Attackers are increasingly targeting vulnerabilities in third-party libraries as part of their attacks, so you h...
Windows comes with firewall protection built in, and you can get enhanced third-party firewall protection for free. Why, then, would you pay for a third-party firewall tool like Check Point's ZoneAlarm PRO Firewall 2017? There's one very simple reason—the free version of this tool is only for use in noncommercial settings, so if you want to use it in a business, you must pony up. Also, this version includes premium tech support, advanced control of firewall settings, and, new in this edition, a very effective antiphishing component. At $39.95 per year for a single license, ZoneAlarm costs the same as most standalone antivirus products. In fact, it's the same price as Check Point ZoneAlarm PRO Antivirus + Firewall. Unless you already have antivirus protection, the latter may be a better choice. Note that the firewall's per-license price goes down if you buy multiple licenses. You get five licenses for $59.95 per year, for example. Except for the antiphishing component, which is strictly a browser extension, the paid edition's basic feature list is identical to what you get in the free ZoneAlarm firewall. Advanced features only appear as you drill down. However, this edition's main window is laid out quite differently. It still has three large panels, but they're titled Antivirus & Firewall, Web & Privacy, and Mobility & Data. Each panel includes three or four components, the majority of which are grayed out and unavailable. For example, on the Web & Privacy panel, Parental Control, Anti-Keylogger, and Anti-Spam are all grayed out. The full Check Point ZoneAlarm Extreme Security 2017 suite uses precisely the same layout, but in the suite all of the components are active. Shared FeaturesAs noted, this product's features include everything that you get in Check Point ZoneAlarm Free Antivirus+ 2017. I'll summarize my findings here; to get full details, read my review of the free edition. The central firewall component stealths all ports against outside attack, and also controls network permissions for all programs. It draws on a huge database to configure permissions for known programs and, by default, makes its own decisions about unknowns. If you crank up protection to the max, it notifies you when an unknown program attempts to access the network, asking you whether to allow or block access. At this maximum security level, the OSFirewall component generates a lot of suspicious behavior warnings for both good and bad programs. To be fair, the same is true of Comodo Firewall 8, which generated even more and direr warnings in testing. ZoneAlarm doesn't attempt to block exploit attacks at the network level in either the free or paid edition. However, none of the attacks I used for testing actually penetrated the test system's security. And I couldn't find any way that a malicious coder could disable firewall protection programmatically. You get 5GB of hosted online backup from partner IDrive, a PCMag Editors' Choice for online backup, as well as a year of credit monitoring from another partner, Identity Guard. And the Identity Lock feature prevents inadvertent transmission of user-defined private data via the Web or email. One significant difference in this edition becomes visible when you choose Technical Support from the Help menu. In the free edition, doing so takes you to a page with links to community forums, knowledge base articles, and support for product installation. The paid edition offers premium support, stating, "A Certified Expert can help you now! Our experts will connect to your computer over the Internet and repair your problem in no time." Advanced FirewallThe firewall component in the free edition is titled Basic Firewall; this changes to Advanced Firewall in the PRO edition. Where the free edition allows you to make broad changes to settings for the Trusted Zone and Public Zone, this paid version offers extremely fine-grained control over what network events are permitted in each zone. Unless you're a network wizard, you shouldn't touch these settings. Likewise, only a firewall expert should consider using the advanced option to manually define firewall rules. Application control also gets some added features in this app. You can enable Advanced Application Control, Advanced Interaction Control, and Component Control, among others. Be warned; enabling these features will usually cause more popup alerts. The point of these advanced monitoring tools is to detect malware attempting to subvert valid programs, or otherwise evade the firewall's notice. However, they may also report activity by legitimate programs, so you should examine the situation carefully before blocking network activity. If you don't feel you have the expertise to make such decisions, you're better off not enabling these features. Real-Time Phishing ProtectionZoneAlarm has a bit of history with phishing protection. Up until last year's edition, phishing protection came as part of a licensed toolbar. Those using free products were required to accept the toolbar, along with a change to the default search engine and home page. Last year's release removed the toolbar (and its phishing protection) from the entire product line. Now antiphishing is back, and better than ever, but only in the for-pay products. Where data-stealing Trojan malware must weasel its way past your security software, a phishing attack only needs to fool you, the user, into giving away your credentials. These fraudulent websites masquerade as financial sites, webmail sites, even online gaming sites. If you enter your username and password, the attacker owns your account. But here's an important point—nothing happens until you enter your credentials. It's not like a drive-by download, where merely visiting the site can infect your computer. That being the case, ZoneAlarm doesn't check sites for signs of phishing until the moment you click in a username or password field. At that point it visibly launches a scan of the page. It doesn't spend time checking sites against a blacklist, or running heuristic phishing detection on every site you visit. This is an innovative solution, and I won't be surprised if other vendors follow suit. I tested ZoneAlarm by setting up five test systems, one protected by ZoneAlarm, one by long-time phish phighter Symantec Norton AntiVirus Basic, and ones testing each of the protective technologies built into Chrome, Firefox, and Internet Explorer. For this test I always use sites that have been reported as fraudulent, but haven't been checked and blackisted yet. Typically, they're no more than a few hours old. Since the actual URLs differ for each test, I report not the raw detection percentages but the difference in detection rates. Quite a few recent products can't even outperform the protection built in to Chrome, or Internet Explorer. Only a very few do better than Norton. Kaspersky Anti-Virus tops the list, with a detection rate 4 percentage points higher than Norton's. ZoneAlarm resides among the elite of antiphishing, with precisely the same detection rate as Norton, and quite a bit better than all three browsers. Tested simultaneously with Norton, Trend Micro Antivirus+ Security also did well, lagging just 2 percentage points behind Norton. However, there's one fly in the ointment. At present, the antiphishing extension is available only for Chrome. Until it works with all major browsers, its protection won't help every user. See How We Test Security Software Good for Experts ZoneAlarm PRO Firewall includes everything you get with Editors' Choice ZoneAlarm Free Firewall, plus advanced firewall settings, premium support and (for Chrome users) phishing protection. It's also an Editors' Choice, naturally. But it's hard to see why you'd pay for it, unless you're a network expert, or you're using it in a commercial setting. Even then, for the same price you can get everything in this product plus Kaspersky-powered antivirus. It's an oddity; an excellent product that I don't recommend for most users. Back to top PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.
Do you need a firewall utility alone, or one that comes with an antivirus? Do you want it for free, or are you willing to pay? No matter your choices, Check Point has a product for you. With Check Point ZoneAlarm PRO Antivirus + Firewall 2017, you get advanced firewall protection along with antivirus technology licensed from award-winner Kaspersky. Yes, this is the for-pay edition, with both antivirus and firewall protection.
Specifically, you pay $39.95 per year, the same as you'd pay for Kaspersky Anti-Virus itself, or for the majority of top-rated antivirus products. You get a better deal if you need more than one license. $59.95 per year lets you install the product on five PCs. While it doesn't offer firewall protection at ZoneAlarm's level, McAfee AntiVirus Plus gives you unlimited installations on multiple platforms for that same price. Three large panels dominate the product's main window, each with links to three or four significant features.

The layout is precisely the same as in the ZoneAlarm suite, with suite-only features grayed out. You have to look closely to see the one difference between this product and the ZoneAlarm premium firewall—the Antivirus/Anti-Spyware link is enabled, not grayed out. Shared FeaturesFirewall protection in this product is identical to what you get with Check Point ZoneAlarm PRO Firewall 2017, so I won't go into full detail here. You can read that review if you want to know more. ZoneAlarm successfully stealthed all ports and resisted Web-based attacks in testing.
It didn't block exploit attacks, but then, it's not meant to.
If exploits are your concern, Symantec Norton AntiVirus Basic is a good choice, based on my testing.

Advanced firewall features include the ability to manually define firewall rules and to fine-tune exactly what network events are permitted in the Public and Trusted zones. However, few users have the knowledge needed to use these features. The application control component automatically assigns network permissions for a vast number of known programs found in the ZoneAlarm database online.
In the default configuration, ZoneAlarm makes its own decision about how to handle most unknown program.
If you crank protection to the max, it asks you how to handle every unknown.
In addition, at that level the OSFirewall behavioral detection system reports a variety of suspicious behaviors, flagging both good and bad programs. To this basic application control, the premium edition adds a number of other monitoring styles aimed at nabbing malware that tries to evade detection.

Enabling these will result in more popup queries from the firewall. You'll have to read and consider these carefully, as blocking the wrong event could cause problems. Like the advanced firewall rules, these features are best used by experts. New in this edition, ZoneAlarm's for-pay products offer an interesting take on antiphishing.

A phishing page masquerades as something important—perhaps PayPal or your bank—in order to steal your login credentials for the real site.
It's harmless until the moment you start to type something.

That being the case, ZoneAlarm doesn't bother scanning pages until that moment.
If it detects a fraud, it replaces the page with a clear explanation of what happened. In testing, ZoneAlarm proved just as effective as long-time antiphishing champ Norton.
It beat the detection rates of Chrome, Internet Explorer, and Firefox, too. Only Kaspersky, Bitdefender Antivirus Plus 2016, and Webroot have recently beaten Norton in this test.

The one catch; for now, this feature only works in Chrome. Enhanced Malware BlockingLike Check Point ZoneAlarm Free Antivirus+ 2017, this product relies on Kaspersky's technology for its antivirus protection.

Among the premium features, real-time cloud-based scanning and Web monitoring are enabled by default. You can optionally turn on scanning of files on network drives and scanning mailbox files. The paid edition also checks for antivirus updates more often.

Those using the free edition can manually check for updates at any time, but automatic updates happen just once per day.

The paid edition checks every hour, by default, but you can set it to intervals between 30 minutes and 24 hours. Free users get DIY-style tech support, with FAQs, forums, and knowledge base articles. When you pay, you move up to premium support.

That means you go straight to live chat support, with remote-control diagnosis and repair if necessary. While the independent antivirus testing labs heap honors on Kaspersky, those honors don't necessarily apply to ZoneAlarm.

The labs make it very clear that results apply only to the actual tested product.

That being the case, there's simply not enough information to come up with an aggregate lab results score for ZoneAlarm. Given that the premium product includes antivirus features that the free product lacks, I went back to the beginning and ran all of my hands-on tests again. One test starts when I open a folder full of samples. Just the minimal access required for Windows Explorer to display the filenames is enough to trigger most on-access scanners, and ZoneAlarm is no exception.
In the free edition, it always scans on any access. Premium users can choose to only scan files as they're executed.

The default Smart Mode uses its own rules to optimize scanning.
I did observe that one sample blocked on sight by the free edition wasn't caught until launch in the paid edition—but it was caught. The premium product scored slightly better in this basic malware blocking test, 8.7 of 10 possible points where the free product took 8.5 points. Webroot SecureAnywhere AntiVirus aced this test, with a perfect 10 points. For my malicious URL blocking test, I start with the most recent list of malware-hosting URLs supplied by MRG-Effitas.
I launch each URL and record whether the product diverts the browser from the URL, eliminates the payload during or immediately after download, or sits idly by doing nothing. ZoneAlarm's free antivirus was at a disadvantage in this test, as it doesn't include any Web-based protection.

Even so, it managed to wipe out 62 percent of the malware downloads.

The premium antivirus, with browser-independent Web-based protection built in, proved significantly more effective. Not only did it steer the browser away from 57 percent of the nasty URLs, it also warned when I copied a poison URL to the clipboard.

Another 17 percent of the malware samples got axed during download, for a total of 74 percent protection. That's a decent score, given that the current average is 69 percent protection. However, Avira Antivirus 2016 blocked 99 percent, all of them at the URL level, and Norton managed 98 percent. See How We Test Security Software Other Shared FeaturesAll four ZoneAlarm firewall products, free and paid, with antivirus and without, share a number of bonus features. McAfee AntiVirus Plus, a PCMag Editors' Choice, offers 1TB of hosted online backup for $59.50 per year. Your ZoneAlarm subscription gets you that same backup technology, but just 5GB of storage. Another partner, Identity Guard, supplies a year of credit and identity monitoring to go along with your ZoneAlarm product.
Similarly named but quite different Identity Lock is a tool to prevent user-defined personal data from being transmitted out of your computer via Web or email. Worth a LookIf you want to use ZoneAlarm's firewall and antivirus combo in a business setting, you must pay.

The free edition is licensed only for non-commercial use.

But in truth, even in a home setting ZoneAlarm PRO Antivirus + Firewall 2017 is worth a look.
It combines the formidable ZoneAlarm firewall with antivirus protection licenses from award-winner Kaspersky, and its new antiphishing component is both innovative and effective. On the other hand, you could go straight to Kaspersky Anti-Virus itself.

Along with Bitdefender Antivirus Plus 2016, it's a perpetual winner in third-party lab tests.
Symantec Norton AntiVirus Basic also does well in testing, and its Intrusion Prevention System blocks exploit attacks that ZoneAlarm doesn't. Webroot SecureAnywhere AntiVirus is the tiniest antivirus around, and its unusual journaling system promises to reverse any actions by malware, even ransomware.

And for the price of five ZoneAlarm licenses, McAfee AntiVirus Plus offers unlimited installations.

Do consider ZoneAlarm, but also keep these five Editors' Choice antivirus products in mind. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
Press Release Subscriber Data Management solution can handle encrypted and non-encrypted sessions REDWOOD CITY, Calif – September 21 2016 – Openwave Mobility, a software innovator enabling operators to manage and monetize encrypted mobile data, today announced the launch of Smart Identity Manager (SmartidM) for mobile operators to effectively manage their subscribers’ data, and launch new services.
SmartidM is part of the company’s Subscriber Data Management (SDM) portfolio of products. Use cases for SmartidM include centralized ID management for fraud prevention, delivering BingeOn type services and introducing micropayments that require collaboration between mobile operators and OTTs. Openwave Mobility Logo SmartidM is able to handle both encrypted and non-encrypted sessions and a number of operators are deploying Openwave Mobility’s technology ahead of Apple’s deadline for new protocols.

From January 1 2017, Apple will force all apps to comply with its App Transport Security (ATS) HTTPS encryption protocols.

This will adversely impact mobile operators that do not have the technology to manage encrypted traffic. What’s more, mobile operators will not be able to use header enrichment to deliver a personalized experience to subscribers and monetize services. “Apple’s mandatory move to HTTPS is part of a challenging trend for mobile operators” said Indranil Chatterjee, SVP of Product & Sales at Openwave Mobility. “In some regions, nearly 80% of the data travelling on the network is encrypted and mobile operators are losing the ability to collaborate with app developers and deliver more tailored services to their subscribers. Our SDM technology is designed to help mobile operators deliver a more secure and higher quality app experience to their subscribers.” All SDM solutions from Openwave Mobility, including SmartidM are NFV-enabled and future-proof.

The robust security capabilities on SmartidM allows operators to transmit data and information with network applications and trusted third parties securely. More information for mobile operators on managing Apple’s new protocols can be found here: http://landing.owmobility.com/sdm-apple-security/ About Openwave MobilityOpenwave Mobility empowers mobile operators to manage and monetize encrypted traffic.

Based on the industry’s most scalable NFV platform, our solutions alleviate RAN congestion, create new revenue opportunities and unify subscriber data.

The company provides solutions for mobile data optimization, targeted promotions and subscriber data management. # # # Openwave Mobility and the Openwave Mobility logo are trademarks of Openwave Mobility Inc.

All other trademarks are the properties of their respective owners.
For further informationFor APAC and EMEA Inquiries:Chevaan SeresinheSonus PRchevaan.seresinhe@sonuspr.comTel: +44 797 1967 644 Sonus PR for Openwave MobilityMicah Warrenmicah.warren@sonuspr.comTel: +1 (609) 247-6525
New Survey from IP EXPO Europe Shows Nearly Half of Respondents More Worried Than 12 Months AgoLONDON – 20 September 2016 – New research commissioned by IP EXPO Europe, Europe's number one enterprise IT event, has uncovered that 47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago.

This was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%). IP EXPO Europe logo In light of this newly perceived risk, more ‘traditional’ cyber threats such as malware, ransomware and DDos are rated as a lower risk, with only 11%, 10% and 9% of ITDMs respectively noting these threats as the biggest risk. Perhaps unsurprisingly, this has led to an overwhelming 94% of respondents demanding that the UK Government spend more on national cyber security. Unsurprisingly, 43% identified cyber security as one of the main technology themes for enterprises in 2017, with 89% of respondents admitting worry about being the victim of a security breech. However, almost a third (29%) are even more worried than they were 12 months ago, indicating concern over rising threat levels. In addition, the research revealed concern over the rising threat level. Not only have 52% of ITDMs had to deal with at least one cyber attack on their organisation in the last 12 months, 67% think that the threat level has increased in the last year.
In fact, 32% would rate the current threat level as 21 to 30% higher than previously.

Technology developments in areas such as AI (22%) and cloud (49%) are identified as increasing exposure to cyber security threats. “The fact that cyber security is a rising concern amongst ITDMs solidifies what we have been hearing from our exhibitors for years - that cyber attackers are getting smarter so it’s becoming increasingly more difficult for organisations to keep up with the evolving attack styles,” commented Bradley Maule-ffinch, Director of Strategy for IP EXPO Europe. “At IP EXPO Europe we’ve always been focused on ensuring that visitors can learn about the biggest technology problems of the moment and how to address them.

For many, cyber security is top of the agenda and this year we’ve built an extensive program to address all aspects of this so that organisations can better keep their assets secure.” Not only are UK ITDMs dealing with increased threat levels, many also claim they are continuing to face resourcing and skills issues. 29% are more worried about having enough resources to keep their business safe from cyber threats than they were 12 months ago, whilst 27% think that cyber security skills are going to be the most in-demand STEM skills in the future. In light of these results, it is unsurprising that 16% expect to spend over 50% of their IT budget on cyber security and 25% will spend 11 to 30%.

Conversely, an astonishing 18% saying they don’t expect to allocate any budget to cyber security solutions in the next 12 months. IP EXPO EUROPE EXHIBITOR COMMENTS:Simon Townsend, Chief Technologist at Appsense: “Sometimes it’s the simplicity of the attacks and the change in how users work which can be a big risk. Many will argue attacks are more sophisticated than they have been previously.
Sure - they are more targeted; the level of social engineering is somewhat more sophisticated; in some cases, they are programmed to be extremely clever to bypass existing protection systems, but the initial attack itself is typically simple and mainly down to a busy, naive or unaware user simply clicking an email or link.” Townsend continues: “In addition to this, users are more mobile than ever, they time slice their personal and work time using phones, PC, tablets and laptops for both social and business use.

This desire to be quicker, more productive, get things done faster and from anywhere means that the simplistic attacks prey on those who are just ‘quickly checking their phone’ or ‘quickly catching on up emails in between TV shows in their living room’.” Jean Turgeon, head of networking, Avaya: “In today’s connected world, cyber security impacts everyone.

Every time you connect to any kind of tech infrastructure you face potential threats – this doesn’t mean we should be paranoid about security, but the fact remains that threats are increasing.

The old approaches of relying on perimeter defense and rule-based security are now inadequate, especially as organisations move to the cloud.
In the near future virtual intelligence will play an important role in combatting cyber security.
Imagine an enterprise whose infrastructure is under cyber attack, it’s easy to see how an automated business workflow could be triggered as the attack is detected, enabling the system to take the necessary action to either redirect, isolate, quarantine, or even stop the attack – and notify a government security agency to also take action.” Mandi Walls, EMEA Technical Community Manager at Chef: “Much of the debate around cyber security is focused on combatting external threats, from cyber criminals to corporate espionage, which is entirely appropriate. Yet there are often more prosaic, emergent threats that can come from the evolution of a company’s own processes.

Take Automation, for example.

The day-to-day (non-Google and Tesla) world is already far more automated than most people think.

From bank loans to Netflix recommendations, companies in every sector are using this technology to increase the velocity of their services and the sheer amount of business outputs.

But the only way to go faster, safely, is to build in security and compliance as you go, i.e. to design checks and safeguards into your workflow and processes as they change, and before they go live.

Businesses that don’t do this risk accelerating into all kinds of trouble, exposing themselves to some of the biggest risks out there - without even realising it.” Shannon Simpson, CEO at CNS Group: “Cyber terrorism is increasingly high on the agenda for the UK government, following the rise in attacks seen on the ground in the last few years.
If cyber terrorism appears on the threat landscape for an organisation, i.e., where the potential attacks might be coming from, or who it is targeting, it’s imperative that the same steps are followed; classify your critical data, discover where it is stored and understand the impact of losing or not being able to access it.

This process should be the core of any cyber strategy, both in the government and businesses across the UK.

The report shows that cyber terrorism is just one of many growing issues in today’s threat landscape.
It’s important to take a holistic view of your network and continuously monitor the security of your crown jewels, whether that is critical data, industrial control systems or national infrastructure.” Graham Jones, UK managing director at Exclusive Networks: “Every system has a weakness and, despite all the advanced technology protecting networks, the one area that is most concerning is the human interface and the insider threat.
It’s not to say malice is involved either, most scams exploit people’s trust and innate helpfulness.

But, the combined potential effect of the naïve (like the US case where an FBI phone operator gave Dept. of Justice network access to hackers), the malicious, the disgruntled, the whistleblower (Snowden), the coerced and the plain criminal is enormous.

The human cyber interface has never been so blurred, nor vulnerable. “ Mike Fletcher, Account Manager at Laser 2000 UK: “Security experts agree that the rapidly changing nature of malware, hack attacks, and government espionage practically guarantees your IT infrastructure will be compromised.

The question is not whether your corporate network will be compromised, but what to do when the breach is detected.

From it being a DDoS attack to a rogue employee opening a back door, the greatest risk is not having an adequate Application Performance Monitoring solution in place to quickly identify the business critical elements of the network and applications that have been compromised in a cyber attack.” Ojas Rege, Chief Strategy Officer at MobileIron: “The most concerning cyber security risk never changes, no matter what the technology.
Security is only as strong as your weakest link.

And the weakest link is usually the human.

The human weak link creates two challenges.

First, the malicious insider continues to be the top security threat in any organisation and yet another reason why applying artificial intelligence to identify and learn from patterns of use is important in mobile security.
Second, though IT continues to be the primary line of defence, a well-intentioned but out-of-date IT professional can unfortunately do more harm than good.

The mobile threat landscape is constantly changing, and PC security fundamentally does not apply to the modern architectures and use cases of mobile and cloud.
Security strategies that try to apply PC and premises-based defences to mobile use cases will overestimate legacy threats and underestimate the new generation of threats. Malware continues to evolve.

Apple and Google are constantly fighting threats like XcodeGhost, KeyRaider, YiSpector, and the increasingly pervasive threat of ransomware, which typically locks device access until a ransom is paid. 95% of businesses have no protection against mobile malware, leaving them vulnerable, but even more importantly, many organisations have taken a surprisingly lax attitude to mobile security and lack even the basic protections.” To register for IP EXPO Europe 2016 (5th – 6th October, Excel London) for free please visit www.ipexpoeurope.com where you can also find additional information about this year’s keynote and seminar sessions, including speaking times.

Find us on Twitter and join the discussion using #IPEXPO. Note to editors:This survey was conducted online by Redshift Research in July 2016 on behalf of IP EXPO Europe, and surveyed 500 IT departments within businesses across the UK. About IP EXPO EuropeIP EXPO Europe is Europe’s leading IT event, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. Now in its 11th year, the event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT.
It covers everything you need to run a successful enterprise or organisation. IP EXPO Europe 2016 now features a brand new theme, Open Source, joining the existing Cloud, Cyber Security, Networks and Infrastructure, Data Analytics and DevOps – incorporating six events under one roof making it the most comprehensive business-enhancing experience for those across IT, industry, finance and facilities roles. Media contacts:Gemma Smith / Vicky Muxlow020 3176 4700ipexpoeurope@kaizo.co.uk Speaker or exhibitor enquiries:Sophie Barry / Keiran Prior0203 841 8500
European cloud data residency guarantee gives Morphean a competitive advantageFribourg, September 20th 2016 – Interoute, owner operator of a global cloud services platform and one of Europe’s largest networks, today announced that Morphean, a European leader in Video as a Service, is hosting its management platform for content analysis videos and incident detection in Interoute Virtual Data Centre. Interoute Morphean image Rodrigue Zbinden, CEO of Morphean commented: "Most of our competitors are American and even some European competitors often host their data in the US cloud across the Atlantic, so we decided to differentiate ourselves by giving our customers the choice to host their data with a European cloud with local European data centres.

This assures our customers that their data will stay within the borders of the elected European countries." Mr Zbinden goes on to say: “Interoute is present in almost every country we cover, it has relentless security assurances and is recognized by major consulting firms such as Frost & Sullivan and Gartner and we believe it has unbeatable performance in Europe." Currently, Morphean already hosts its VIDEOPROTECTOR platform in Interoute Virtual Data Centres in Paris, Geneva, Frankfurt and London.
It is available in SaaS mode for its customers (CCTV companies, physical security device installers and service providers) who use the solution or resell it as a white labelled solution.
VIDEOPROTECTOR is much more than just a hosted video surveillance platform.
It offers the best and easiest solution to monitor, protect or analyse shops, stations, small offices, buildings or industries.
Its unique active learning video analysis technology scans human behaviour to detect incidents or report business activities. Rodrigue Zbinden, CEO of Morphean, outlines the company’s ambitions: “By the end of 2017 we will manage 15,000 cameras per data centre, which we predict will grow to 50,000 per data centre by the end of 2018. We are experiencing strong growth in Europe and Interoute has the scale and ability to support us in this adventure.

As a leader and innovator in the VSaaS (Videosurveillance as a Service) market, we are also working on big data analysis that will demand additional processing power and unparalleled connectivity and we know that Interoute already supports such projects successfully.

Compared to other providers, Interoute covers more countries where we operate, has the high levels of security and technology, unparalleled performance and does not charge us for the inflows and outflows of data, and that's very important in video!" Matthew Finnie, CTO of Interoute, said: "We are delighted to support Morphean in its ambitious projects. Our geographic coverage, our network performance and flexibility of our pricing model provide a perfect fit for Morphean.

Thanks to our integrated cloud platform built into our network, Morphean’s customers in several countries can take advantage of the very low latency between our data centres, in addition to physical security and guaranteed data residency." -Ends- About MorpheanMorphean is a Swiss company, located in Fribourg who was founded in 2009 as a spin-off from Softcom Technologies. Morphean’s mission is to bring to the market innovative video surveillance solutions, especially hosted video management platforms, incident detection and video content analysis technology. We have been pioneering in digital video protection systems for over ten years.

As early as 2001, we produced the first fully digitalised video management systemhttp://morphean.ch/fr/ About InterouteInteroute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centres, 17 virtual data centres and 31 colocation centres, with connections to 195 additional third-party data centres across Europe.
Its full-service Unified ICT platform serves international enterprises and many of the world’s leading service providers, as well as governments and universities.
Interoute’s Unified ICT strategy provides solutions for enterprises seeking connectivity and a scalable, secure advanced platform on which they can build their voice, video, computing and data services, as well as service providers in need of high capacity international data transit and infrastructure. With established operations throughout Europe and USA, Interoute also owns and operates 24 connected city networks within Europe's major business centres. www.interoute.com Interoute PR contacts:Ruder Finn+44 (0)20 7438 3050interoute@ruderfinn.co.uk Forward-Looking StatementsThis communication contains certain forward-looking statements.

A forward-looking statement is any statement that does not relate to historical facts and events, and can be identified by the use of such words and phrases as “according to estimates”, “aims”, “anticipates”, “assumes”, “believes”, “could”, “estimates”, “expects”, “forecasts”, “intends”, “is of the opinion”, “may”, “plans”, “potential”, “predicts”, “projects”, “should”, “to the knowledge of”, “will”, “would” or, in each case their negatives or other similar expressions, which are intended to identify a statement as forward-looking.

This applies, in particular, to statements containing information on future financial results, plans, or expectations regarding business and management, future growth or profitability and general economic and regulatory conditions and other matters affecting Interoute.
Forward-looking statements reflect the current views of Interoute’s management (“Management”) on future events, which are based on the assumptions of the Management and involve known and unknown risks, uncertainties and other factors that may cause Interoute’s actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by these forward-looking statements.

The occurrence or non-occurrence of an assumption could cause Interoute’s actual financial condition and results of operations to differ materially from, or fail to meet expectations expressed or implied by, such forward-looking statements.
Interoute’s business is subject to a number of risks and uncertainties that could also cause a forward-looking statement, estimate or prediction to differ materially from those expressed or implied by the forward-looking statements contained in this communication.

The information, opinions and forward-looking statements contained in this communication speak only as at its date and are subject to change without notice.
Interoute does not undertake any obligation to review, update, confirm or to release publicly any revisions to any forward-looking statements to reflect events that occur or circumstances that arise in relation to the content of this communication.
Edward Snowden speaks via video link at a news conference for the launch of a campaign calling for President Obama to pardon him on September 14.Spencer Platt / Getty Images Former NSA contractor Edward Snowden has asked President Barack Obama for a pardon, and the ACLU, which represents Snowden in the US, agrees.

The following essay by Timothy Edgar, which originally appeared on the blog Lawfare, supports that position.

Edgar is the former director of privacy and civil liberties for the Obama administration's national security staff, and is currently the academic director of law and policy at Brown University's Executive Master in Cybersecurity program, and visiting scholar at Brown University’s Watson Institute for International and Public Affairs. reader comments 62 Share this story I have signed on to the letter asking President Obama to pardon Edward Snowden that was released today.
I know this will be an unpopular position among many of my former colleagues in the national security community. My reasons for doing so are not fully captured by that letter. They are different from those who see Snowden simply as a hero and the NSA as the villain. I have concluded that a pardon for Edward Snowden, even if he does not personally deserve one, is in the broader interests of the nation. Around the time Edward Snowden got his first job in the intelligence community, I decided to leave my position as an ACLU lawyer in the hope I could make a difference by going inside America’s growing surveillance state.
Surprisingly, senior intelligence officials took a chance on hiring me in a unique new office safeguarding civil liberties and privacy.
I began work in June 2006. For the next seven years, I worked with a growing team of internal privacy watchdogs inside the intelligence community. We reviewed the most secret surveillance programs in government, including the major programs that Snowden later leaked. Our job was to ensure those programs had a firm basis in law and included protections for privacy and civil liberties. While I am proud of the work we did, it is fair to say that until Snowden stole a trove of top secret documents and gave them to reporters in 2013, we had limited success. It took a Snowden to spark meaningful change. The NSA’s operations are essential to national security and to international stability, but it is hard to reconcile them with the values of a free society. Snowden forced the NSA to become more transparent, more accountable, more protective of privacy—and more effective.

Today, the NSA’s vital surveillance operations are on a sounder footing—both legally and in the eyes of the public—than ever before. For that, the United States government has reason to say, “Thank you, Edward Snowden.” The Snowden Reforms In the last four years, there have been more significant reforms to mass surveillance than we saw in the four decades before the Snowden revelations began. Not since the post-Watergate reforms of the Ford and Carter administrations has the intelligence community faced such scrutiny. The NSA has taken painful steps to open up.

The most secret of the government’s secret agencies will never be a model of transparency.
Still, it has never been more transparent than it is today. Before Snowden, basic information like the number of targets of the NSA’s mass surveillance operations affected by court-ordered surveillance was a closely-guarded secret.

Today, the head of the intelligence community publishes an annual transparency report that provides these and other details. Before Snowden, the NSA used a secret interpretation of the Patriot Act to amass a nationwide database of American telephone records.

Congress has nowreplaced this program of bulk collection with an alternative program that leaves the data with telephone companies. Before Snowden, the secret court that authorizes intelligence surveillance never heard more than the government’s side of the argument. Now, outside lawyersroutinely appear to argue the case for privacy. Before Snowden, there was no written order, directive or policy that gave any consideration to the privacy of foreigners outside the United States. When intelligence officials asked lawyers like me about privacy, it went without saying that we were talking about American citizens and residents.

Today, for the first time in history, a presidential directive requires privacy rules for surveillance programs that affect foreigners outside the United States. In an agreement with the European Union, the American government has been forced to adopt new protections for foreign data.
In the next few years, the NSA’s partners in the United Kingdom will have to justify the surveillance practices of both countries in court against human rights challenges. In 2017, Congress will review PRISM—a program leaked by Snowden that allows the NSA to obtain e-mails and other communications from American technology companies.

The law that provides authority for PRISM expires at the end of the year.

The law also gives the NSA access to the internet backbone facilities of American telecommunications companies, in a program called “upstream collection.” Until Snowden leaked details about PRISM and upstream collection, little was known about how the law worked.

Thanks to Snowden, the debate over whether and how these programs should continue will be one in which the public is reasonably well informed – unlike the debates in Congress over the Patriot Act in 2001, 2005, 2009, and 2011, over the Protect America Act in 2007, over the FISA Amendments Act in 2008 and 2012, and over the constitutionality of the FISA Amendments Act in the Supreme Court in 2013. The NSA’s new transparency about its surveillance operations showed that they were designed not to bring about a dystopian society where privacy would be abolished, but to collect intelligence vital to the national security.

To be sure, Snowden’s trove of documents and the investigations that followed showed some programs were more effective than others.  The same privacy board that reviewed PRISM said that the NSA’s bulk collection of American telephone records had “minimal value.” The board could find “no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.” Still, there has been remarkably little evidence of intentional abuse of the NSA’s sweeping powers for improper purposes unrelated to intelligence. None was revealed by Snowden. In response to inquiries from Congress in the fall of 2013, the NSA itself disclosed that itsinspector general had uncovered a dozen incidents over ten years in which analysts used overseas collection to spy on ex-girlfriends. As a result, the programs Snowden exposed have all survived in some form.
In the case of telephone records, the NSA says that the privacy reforms adopted by Congress have actually resulted “access to a greater volume of call records” than before. Many of the NSA’s other mass surveillance programs also enjoy greater public support and legitimacy than they did before Snowden came along.

As Jack Goldsmith observes wryly, “These are but some of the public services for which the U.S. government has Snowden to thank.” A Failure of Leadership Edward Snowden’s actions caused great damage to national security. They should not have been necessary to achieve the sensible reforms of the past four years.

That they were represents a failure of leadership by the intelligence community and the national security teams of the previous two administrations.

For me, that failure is at least in part a personal one. As a privacy and civil liberties official inside the intelligence community, and later at the White House, my job was precisely to provide top officials with confidential advice about how to ensure that intelligence programs were protective of our liberties.
In doing so, I made just the sort of arguments that many have said Snowden should have raised internally instead of compromising classified information. Unlike Snowden, I had direct access to the officials that could have made surveillance reform a reality—and who did so, after the Snowden leaks forced their hand.

There is no way a junior NSA contractor could have accomplished more. Snowden’s critics argue that he should have made his concerns about privacy known through official channels without disclosing secrets and without breaking the law.

That would have achieved nothing—even in an imaginary world in which the agency had a perfect system for protecting whistleblowers.
Snowden’s concerns were not those of a traditional whistleblower. Snowden’s complaint was not that the NSA was violating its rules, but that its aggressive pursuit of its mission—even as it largely adhered to its existing rules – posed a serious risk to privacy in the digital age. If Snowden was wrong about mass surveillance being an “architecture of oppression,” he was certainly right about that, as many government officials have now acknowledged. There is an inherent tension between the values of a free society and mass surveillance. For Snowden and his supporters, the answer is easy. End mass surveillance—which is to say, most of what the NSA does.

Those of us who believe that the NSA’s far-flung operations are essential to national security and global stability have the harder task of keeping mass surveillance under control. If Snowden deserves our thanks for both this round of surveillance reform and the next, it is only because the laws and institutions we created to control surveillance had become so obsolete.
Intelligence agencies should not need the shock of massively damaging leak to abandon programs that are not working and refine and improve those that are.

Disclosing details of classified programs should not be the most effective way to force change. What Do We Do With Snowden? It makes no sense for the United States government to pursue Snowden like a digital age Inspector Javert while at the same time admitting that his actions strengthened both our civil liberties and our national security.

This is especially true because it was the intelligence community’s own shortcomings that made his reckless leak the only effective way to achieve reform. If Snowden returned to the United States today, of course, he would have to stand trial for disclosing classification communications intelligence, among other serious crimes.

This will never happen.
Snowden’s lawyers know he would likely be convicted and would face a lengthy prison term.  Under federal sentencing guidelines, an offender with no criminal history who is convicted of disclosing “Top Secret” communications information under 18 U.S.C. § 793(d) faces a prison term in the range of 168-210 months, or 14 to 17.5 years. See U.S.S.G.M. § 2M3.2. Snowden might face a considerably longer sentence if convicted of additional charges, or as a result of sentencing enhancements. Naturally, Snowden prefers to stay abroad. The law does not allow the public interest defense that Snowden says he wants, nor should it. Permitting such a defense would encourage copycats. A Snowden wannabe might hope his lawyer could convince a credulous jury that his leaks also had some positive outcome, even if the benefits were scant. The Snowden disclosures were a unique watershed event, resulting in historic reforms.
It is highly unlikely a future leak of classified surveillance information would produce such positive change. While Snowden might be enticed to return if offered a favorable plea agreement, negotiating such a deal would create poor incentives. One idea, favored by the top lawyer for the intelligence community, was for Snowden to plead guilty to a single felony charge and serve three to five years in exchange for his help undoing the damage he caused.

Through his lawyer, Snowden has said he would never plead guilty to a felony.
If a plea deal was ever really on the table, Snowden has less to offer every day, as the information he leaked becomes stale and the intelligence community moves on.
In any event, the Justice Department rightly objects to negotiating plea agreements with fugitives, to avoid giving those who flee prosecution an advantage over those that do not. The Status Quo Nevertheless, the status quo is clearly not in American interests.
Snowden’s exile in Russia is a continuing embarrassment.
Snowden has become a potent symbol for privacy and civil liberties, human rights, and an open internet in which surveillance operations are controlled by law. His presence in Moscow is a gift to Vladimir Putin, allowing the Russian president to cynically pose as a defender of digital human rights. Every time Snowden makes a virtual appearance before his admirers, the unspoken message is that he has been forced to seek asylum because the United States opposes these values. The message is no less effective for being false and unfair. By contrast with a trial or a plea agreement, a pardon is an unreviewable act of discretion by the president. Presidents have used them not only to correct injustices, but also when the broader interests of the nation outweigh the importance of punishing a crime even where some punishment is clearly deserved. Gerald Ford pardoned Richard Nixon to help the country move beyond Watergate. Jimmy Carter pardoned draft dodgers to close the chapter on the Vietnam War. Pardons are exceedingly rare.

A pardon sets no precedent and so creates no incentives. Future leakers could not count on one.

Even if Snowden does not deserve a pardon for what former Attorney General Eric Holder called his act of “public service,” we should give him one and move on. We are the good guys. It is time for the world to know it again.
Some vendors blur the line between a simple antivirus utility and a small security suite.

The plus sign in the name of Trend Micro Antivirus+ Security refers to the fact that it includes spam filtering and a firewall booster component, items more commonly seen in full-scale security suites.
It earns great scores in all of our hands-on tests, though not all of the independent labs give it top ratings.
It's definitely worth your consideration. This product costs $39.95 per year for a single computer, a price that seems to be the standard these days. You pay the same for Bitdefender Antivirus Plus 2016, Webroot SecureAnywhere AntiVirus, and many other competing products. During installation, you must create or log in to your Trend Micro account online.

This account lets you manage your subscriptions and even view security reports remotely.
Immediately after installation, it prompts you to enable the Folder Shield ransomware protection component; more about that shortly.
It also installs browser extensions for Chrome, Firefox, and Internet Explorer. The main window's lively, quirky appearance hasn't changed since the previous edition.

A large, round Scan button dominates the squarish window, and icons across the top represent Device, Privacy, Data, and Family (though clicking Family just gets you an invitation to upgrade to the security suite).

The icons bounce as you mouse over them.
If that's not lively enough for you, you can change the background of the window's top half to any of eight predefined skins, or use a photo of your own, perhaps that selfie you took at the Insane Clown Posse concert. Ransomware ProtectionMalware coders are in it for the money, and distributing ransomware is a great way to rake in cash.
It's an instant payoff, not like using a Trojan to steal credit card numbers and sell them cheaply on the black market. New in the latest Trend Micro antivirus is a strong focus on ransomware protection. Most PC-based ransomware focuses on encrypting your essential documents and making you pay to get the decryption key.

The new Folder Shield component foils such attacks by preventing any unknown application from modifying documents in its protected folder.

By default, it protects the Documents folder and all of its subfolders.
If you habitually keep important documents in other folders, consider moving those folders into the Documents folder.

A similar feature in Panda's suite protects multiple folders, but that feature isn't included in Panda Antivirus Pro 2016. I tried to test this feature with a real-world ransomware sample, but the antivirus wiped it out. When I turned off antivirus protection, I found that doing so also turned off Folder Shield.
I created my own simple-minded file-encryption tool and tried to encrypt files in the Documents folder, but even that was blocked by the antivirus component due to its malware-like behavior.

Finally, I wrote a tiny text editor and tried to use it to modify protected files.

Folder Shield kicked in to warn that an unknown program was attempting to open protected files.
It works! I also found in my testing that ransomware samples got called out specifically, instead of the generic "Threat Detected" warning. Likewise, ransomware-hosting websites were identified as such. Trend Micro has also set up a ransomware hotline that even non-customers can call on for help.

The information page includes links to ransomware-removal utilities. One type defeats ransomware that simply locks the screen so you can't use the computer.

The other type decrypts files encrypted by some (but not all) older file-encrypting ransomware. Mixed Lab ResultsMost of the independent antivirus testing labs that I follow include Trend Micro's technology in their testing, and some of them rate it quite highly.

AV-Test Institute scores antivirus products on protection, performance, and usability, with that last category meaning a low rate of false positives.

A product can earn up to six points in each category, for a maximum total of 18.

Trend Micro took 5.5 for protection, 6.0 for performance, and 6.0 for usability.
Its total score of 17.5 makes it a "top product." Only Kaspersky Anti-Virus did better in the latest test, with a perfect 18 points. I follow five of the many tests performed regularly by the diligent researchers at AV-Comparatives.

A product that passes one of these tests earns Standard certification; those that go above and beyond can earn Advanced or Advanced+ certification.

Trend Micro participates in three of these five tests.
It took an Advanced rating in two malware-detection tests and Standard in a test of performance. (In a more recent priate test commissioned by Trend Micro, that performance score improved.) Bitdefender and Kaspersky managed Advanced+ in all five tests. The grueling real-world antivirus testing performed by Simon Edwards Labs requires a lot of time and resources, and necessarily includes fewer products.

Trend Micro is among those few, and it earned an impressive AA certification. Norton, ESET NOD32 Antivirus 9, and a few others took this lab's top rating, AAA. Earlier this year I added MRG-Effitas to the list of labs that I follow.
I particularly look at a test specific to banking Trojans and another that's meant to cover all kinds of malware.

These tests are a bit different, as the majority of products fail the all-kinds test, and fail or receive partial credit for the banking Trojans test.

Trend Micro failed both, but due to the pass-fail nature of the test I don't give this lab's results as much weight in my aggregate rating. Very Good Malware BlockingTrend Micro performed significantly better in my hands-on tests than it did with some of the labs. When I opened the folder containing my current sample collection, it quickly eliminated 68 percent of them. Rather than display multiple popups reporting its discoveries, it showed the total number of samples found in a single popup, with a link to view details. Normally I launch the samples that remain after this initial onslaught, selecting three or four at a time for processing and deleting the rest.
I was surprised to discover that Trend Micro caught a number of files as I was deleting them.
I reverted the virtual machine to an earlier state and copied the surviving files to a new folder, at which point the antivirus wiped out another 26 percent, for a total of 94 percent eliminated before ever being launched.

Trend Micro's overall detection rate was 97 percent, and it scored 9.7 of 10 possible points, just as Norton did.

Tested with this same collection, Webroot SecureAnywhere AntiVirus earned a perfect 10 points. While wiping out malware files from your PC is good, keeping them from ever landing on the PC is even better.

To test the product's ability to keep users from accidentally downloading malware, I challenged it with a collection of very recent malware-hosting URLs supplied by MRG-Effitas.

For each URL, I noted whether Trend Micro blocked access to the URL, eliminated the downloaded malware, or did nothing.
I kept at it until I had recorded data for 100 malicious URLs. Trend Micro blocked 89 percent of the malware downloads, the vast majority by replacing the dangerous page in the browser with a big warning.
In a couple of cases, it specifically identified the site as hosting ransomware.

This score is quite a bit better than the current average of 69 percent.

Avira Antivirus 2016 holds the top score in this test, with 99 percent protection, and Norton managed 98 percent. As a false-positives sanity check, I install 20-odd PCMag utilities and note any reaction from the antivirus.

Folder Shield did quite reasonably warn about one utility that creates a database in the Documents folder. Otherwise, Trend Micro kept mum…except in one case.
Its heuristic analysis actively identified one of the utilities as malware, and deleted it. Looking back at the independent lab tests, I noted that Trend Micro lost points for false positives in one test by AV-Comparatives, too. Excellent AntiphishingPhishing URLs are actually more insidious than URLs that host malware.

These frauds masquerade as PayPal, eBay, bank sites, even online gaming sites, and try to trick you into entering your login credentials.
If you do, you're hosed.

The fraudsters can clean out your bank account, or steal your level 110 Paladin.

And as soon as they've scammed a few people, they take down the site and pop up another. To test phishing protection, I gather hundreds of reported phishing URLs, ones too new to have been analyzed and blacklisted.
I launch each one simultaneously in five browsers, one protected by the product under evaluation, one by antiphishing leader Symantec Norton AntiVirus Basic, and one each by the built-in protection in Chrome, Firefox, and Internet Explorer. Because the URLs are necessarily different for every test, I report results not as the raw detection rate but as the difference between the product's detection rate and that of Norton and the browsers.

Trend Micro lagged just two percentage points behind Norton and handily beat all three browsers.
It's right up there in the winner's circle. See How We Test Security Software Web and Social MarkupMany people these days get their news via Facebook or other social media.

Friends post links, Facebook suggests links, and you click, click, click.

But what if the link is bogus? What if your friend's social media account were taken over by a hacker? What if a clueless friend unknowingly shared a malicious site? Trend Micro has you covered.

By default, it automatically highlights links in social media: green for safe, yellow for iffy, red for dangerous, and gray for untested.
If the link isn't green, don't click it! Each link also displays a small icon. Pointing to the icon gets a popup that explains the rating, but there's no link to a detailed report online such as you get from Norton. The browser extension also rates links in popular search engines. You can optionally enable it to rate links on any webpage when you hover the mouse over a link. Firewall BoosterTrend Micro doesn't include a firewall component as such in its security suite products, but the suites and antivirus all offer a component called Firewall Booster.

This component specifically aims to detect botnets. In the past, I've found no way to see the booster in action.

This time I got a little help from my Trend Micro contacts.

They supplied a file that the booster detects as the Nimda worm, though it's actually innocuous.
I used network tools to send the file to the test system, and, sure enough, I got a Network Threats Blocked popup. I also ran my exploits test, figuring those might also trigger a response from the Firewall Booster (even though my Trend Micro contacts said they would not).
Indeed, I got no reaction from the booster component, but the regular Web-protection system blocked access to over half of the exploits. Norton's Intrusion Prevention System blocked nearly two-thirds of these at the network level, identifying many by name. Spam FilterThese days, most consumers get their spam filtered by the email provider.
It's gotten to the point where some vendors are considering dropping the antispam component from their security suites.

Bucking that trend, Trend Micro includes antispam in the standalone antivirus product. The spam filter integrates with Windows Mail, Windows Live Mail, and Microsoft Outlook (2003-2016).
Since all of this component's configuration takes place in the toolbar it installs, you simply can't use it with a different email client.
It filters POP3 and Exchange email, but not IMAP. The first time you launch your email client after enabling the spam filter, it offers to import your contacts into its whitelist, so their messages will never be blocked.

By default, it whitelists any address to which you send mail. You can also manually import contacts into the whitelist at a later time. The main page of this component's settings dialog features a big slider for spam filter sensitivity. Most users should leave it set to the default Medium setting.
If you wish, you can enable the Link Filter feature, which discards messages containing dangerous links. On the Blocked Languages tab, you can set the filter to discard messages written in any language you don't speak. A Definite PlusWhile Trend Micro Antivirus+ Security didn't earn top scores with all of the independent labs, it scored very well in all of my hands-on tests.
Its ransomware protection doesn't go as far as Webroot's, which claims the ability to reverse encrypting ransomware after the fact, but it should be effective.
If ransomware has you in a panic, and especially if you also need spam filtered from your email, this is an excellent choice for antivirus software. Even so, I'd suggest you consider our Editors' Choice products in this area.

As noted, Webroot SecureAnywhere Antivirus also handles ransomware, and it's the tiniest antivirus around.
Symantec Norton AntiVirus Basic, back after a two-hear hiatus, is a dependable favorite. McAfee AntiVirus Plus costs a little more, but protects all of your devices, not just one.

Bitdefender Antivirus Plus and Kaspersky Anti-Virus and both score top marks with the independent labs across the board. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
Silicon Valley's uneasy alliance with Washington CloudFlare Internet Summit It's not every day you walk into a tech conference in San Francisco to find a propaganda video for the Islamic State playing on the screens. Two counterterrorism experts from Washington, DC, were opening the CloudFlare Internet Summit by talking about the use of social media by terrorist groups and what could be done to counteract them. It's a conversation that is had on the East Coast all the time, but not so much in Silicon Valley, as the shocked faces on attendees confirmed. And that's why they were here. "After the San Bernardino shootings, the President asked how we could work together with the tech community," explains Jen Easterly, the president's special assistant and a senior director for counterterrorism at the National Security Council. "We had a meeting in January where we brainstormed with tech companies how we could share information on how terrorists were using their platforms – because they don't want this stuff on their systems either." Left to their own devices for a few minutes, both Easterly and her co-presenter John Mulligan, deputy director of the National Counterterrorism Center, start devising how Silicon Valley can help in their fight against groups like ISIL and Al-Qaeda. "We're trying to get the broader ecosystem to reach young people, point out the hypocrisy of the so-called Caliphate," Easterly enthuses. "We can use tech to amplify those campaigns. We can underwrite and fund resources that help people that can make a difference – moms, dads, teachers, pastors..." And... relax It took CloudFlare's general counsel Doug Kramer to bring things back down to Earth. Things work a little differently on the West Coast. "The values of privacy and transparency can often be in conflict with what we are asked to do – how can they be reconciled?" he noted diplomatically, before adding a few sidenotes: "There is the history of the NSA, the use of National Security Letters; they can run counter to the principles of privacy and transparency..." To their credit, both Washingtonites got it immediately – clearly something useful has come out of the efforts to bridge the East-West gap. "Your point is completely valid," said Mulligan. "It's a continuing dialogue," he added before switching to talk about European governments. The same language – continuing dialogue – was also used by Easterly. "We're dancing around the encryption question," she noted before continuing that same dance. "Everyone believes in the value of strong encryption ... It's not going to be resolved with this administration ... The American people will have to weigh in ... The problem is big and broad..." It's clear that the uneasy stalemate between tech companies and law enforcement – most clearly signaled in the battle between the FBI and Apple over the San Bernardino shooter's iPhone – is still there, resting unhappily in the background. What will get the wheels moving again? After the collapse of several legislative efforts in Congress, the November elections seem to be the answer. Hillary Clinton has already backtracked from her call for some kind of backdoor/frontdoor in encryption products and now advocates for a special commission to look at the issue. Donald Trump... well, who knows? After the session, we asked Kramer and a number of CloudFlare's senior policy and technical people where they think the conversation is going. The short answer: no one knows. As a tech company, CloudFlare feels obliged to point out the same argument that the tech industry has repeatedly made: encryption is mathematics; a hole is a hole; if you introduce a backdoor for the US authorities, it can be opened by anyone. The claim by the FBI, politicians and others that there is somehow a solution to this logical conundrum has been termed "magical thinking." What's the answer? There will be some kind of solution that will be arrived at in the next few years, however. As Mulligan noted: "[Groups like ISIL] throw out a wide net, and start pulling people in. And when people are pulled in, then they start using secure communications." It's for that reason that the authorities are determined to find a way around encryption because to them, secure comms are the point at which people move from curious innocents to national security risks. We'll have to wait until 2017 for that conversation to start properly. What will be the startpoint? The best thinking is two areas: First, static versus communications in transit: are the dangerous people emailing or talking? The two forms are very different animals and will likely need different approaches. And second, precision. As much as the NSA loves mass surveillance, they are always going to have to do it in the dark, because neither the American people nor tech companies accept it. If Washington wants Silicon Valley's help, it will have to be more open. And that means precise, focused efforts – this communication here; that communication there. Then, perhaps the answer is pointing enormous computing resources at cracking a very small number of communications that represent real threats. But for that to happen, both coasts are going to have to learn to trust one another a little more. ®