Ajit Pai is going to restore the free and open internet we’ve been pining for, lo these past two years.In his speech at a FreedomWorks event this week, the FCC chief lamented the lost golden age of broadband, which we lived in before onerous net neutrality regulations were passed that mandated ISPs treat all internet traffic equally and forbid them from blocking or throttling users’ access to content.[ Read ‘em and weep: 5 ways your ISP is screwing you. | 5 more ways your ISP is screwing you. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]In the two years since the “serious mistake” of Title II classification was foisted upon the telecommunications industry, the country has been plagued by a decline in infrastructure investment, according to Pai.
The consequences are dire: Fewer Americans will have access to high-speed internet, there will be fewer jobs, less competition, and declining test scores—no wait, he failed to mention that last one. Regardless, net neutrality is the culprit.To read this article in full or to leave a comment, please click here
This means that the threats that are relevant for them can also be relevant for medical systems.
When choosing a security suite, you probably look for familiar company names rather than trusting your security to an unknown. Germany-based G Data may not have huge mindshare in the United States, but it's big in Europe. G Data Internet Security includes all the features you'd expect in a suite, including an antivirus, a firewall, parental controls, and a spam filter. Unfortunately, the quality of the components spans quite a range, from very good to very poor.
Bitdefender, Kaspersky, and ESET Internet Security 10 are among the suites that cost roughly $80 for three licenses. There's another group around $60 that includes Webroot, Trustport, and Avast. G Data falls in between, with a $64.95 subscription price for three licenses. If you need just one installation, you can cut $10 from that price.
This product's main window features the familiar bold G Data color scheme, with a red banner holding a row of icons at top. Some security vendors use precisely the same component layout throughout the product line, showing unavailable features as disabled. Not G Data. The home screen shows a detailed security status, with links to important components, but there are more components displayed in the suites banner than that of the standalone antivirus. To the three top-row icons found in the antivirus, the suite adds icons for its backup, firewall, and parental control features.
Shared with Antivirus
The antivirus protection in this suite is precisely what you get in G Data Antivirus 2017. I'll summarize my findings here, but if you want full details you should read my review of the antivirus.
Four of the five antivirus labs that I follow include G Data in their tests and reports. It earned an above-average rating in the RAP (Reactive and Proactive) test from Virus bulletin, but didn't do quite as well in the three-part testing performed by AV-Test Institute. G Data earned the maximum six points for protection against malware, and six more for low false positives, but a drag on performance dropped its score to 4.5 in that category. A total of 16.5 points is good, but Kaspersky Internet Security took a perfect 18 points in this test. Bitdefender and Trend Micro were close behind, with 17.5 points.
In the real-world attack simulation tests by SE Labs, G Data took AA certification, the second-highest of five possible levels. Emsisoft, Kaspersky, Norton, and Trend Micro managed an AAA rating. Like most tested products, G Data failed the pass/fail banking Trojans test performed by MRG-Effitas. Its aggregate score of 8.7 points is good, but Kaspersky leads with 9.8 of 10 possible points, and Norton got 9.7 points.
Like Webroot, Comodo Antivirus 10, and PC Matic, G Data detected 100 percent of the samples in my malware collection. Not-quite-perfect blocking of a few samples results in an overall score of 9.8 points. That's very good, but the other three I mentioned managed a perfect 10. G Data wasn't fooled at all by my hand-tweaked samples; it blocked them all. Comodo, by contrast, missed 30 percent of the modified versions.
For a different look at malware blocking, I use a feed of recently discovered malware-hosting URLs supplied by MRG-Effitas. G Data blocked 78 percent of the samples in this test, almost all by completely blocking access to the URL. Norton tops this test, with 98 percent protection.
The same Web-based protection component should also serve to steer the hapless user away from fraudulent sites that try to steal login credentials. However, G Data fared poorly in my antiphishing test, with a detection rate 44 percent lower than Norton's. While most products lag Norton in this test, more than half of them did better than G Data. Only Bitdefender, Kaspersky, and Webroot SecureAnywhere Internet Security Plus have eked out a better score than Norton.
Other Shared Features
Exploit protection is usually associated with the firewall component, but G Data offers it in the standalone antivirus. In testing, it didn't block exploits at the network level, but wiped out the executable payload for 50 percent of the samples. That's quite good. Champion in this test is Symantec Norton Security Deluxe, which stopped 63 percent of the attacks at the network level.
My hands-on testing confirmed that G Data's keylogger protection and ransomware protection are effective. For those tests, I had to turn off all other protective layers.
Similar to the SafePay feature in Bitdefender Internet Security 2017, BankGuard protects your browsers from man-in-the-middle attacks and other data-stealing attacks. The AutoStart manager lets you reversibly disable programs from launching at startup, or set them to launch after a delay.
See How We Test Security Software
Every firewall needs to at least match the abilities of the built-in Windows Firewall that it replaces. Specifically, it must block outside attacks and put the system's ports in stealth mode, so they're not visible from the Internet. G Data's firewall fended off my port scans and other Web-based attacks, and popped up a notification that it had done so. So far, so good!
The settings page for G Data's firewall is pleasantly simple. A large slider lets you choose one of five preset security levels: Maximum, High, Standard, Low, and Disabled. Three other pages of settings are deliberately unavailable, with their configuration changed automatically as you switch security levels. True firewall experts can choose custom settings, thereby enabling access to those pages. But most should leave the firewall set to its default Standard level.
Most firewall components also keep track of how programs are using your network connection. Advanced firewalls like Norton's automatically define permissions for millions of known programs and carefully watch how unknowns behave, smacking them down if they show signs of misusing the network. Less advanced firewalls rely on the user to determine whether unknown programs should be allowed to access the network, which sometimes results in a deluge of popup queries.
G Data's firewall runs by default in autopilot mode, meaning you won't see any queries. It's not entirely clear just what it does in this mode, but as far as I can tell, it allows all outbound connections and rejects unsolicited inbound connections. That's not doing a lot.
To see the program control component in action, I turned off autopilot. Cleverly, the program offers to temporarily turn autopilot back on if it detects you're launching a full-screen application.
When I tried launching a guaranteed-unknown program (a small browser I coded myself), G Data popped up asking whether to allow or block access, once or always. That's exactly what should have happened. I tried a few leak test utilities, programs that try to gain access to the Internet without triggering the firewall's program control. G Data caught some, but not all, of these.
Unfortunately, it also popped up repeatedly for some Windows internal components. Note, too, that firewall popups appear for any user account, including non-Administrator accounts. While your toddler is playing games online, she may accidentally tell G Data to always block access by some Windows component. In that case, you'll need to open the Application Radar window from the Firewall status screen to unblock that application.
A firewall isn't much use if a malicious program can reach in and flip the off switch. I couldn't find a way to disable G Data by manipulating the Registry, though it didn't protect its Registry data against change the way Bitdefender, McAfee Internet Security, and others do. The last time I tested G Data, I found that I could terminate some of its processes using Task Manager. This time around, all 11 processes received protection.
Alas, G Data's essential Windows services are still vulnerable to a simple attack that could be carried out programmatically. I set the Startup Type for each of six services to disabled and then rebooted the computer. That effectively eliminated G Data's protection. In a similar situation, Comodo Firewall 10 Firewall seemed to succumb, but recovered on reboot.
This firewall component handles the basic tasks of protecting against outside attack and preventing programs from misusing your Internet connection, but that's about all. And the vast majority of competing products manage to harden their Windows services against tampering more thoroughly than G Data does.
Cloud Storage Backup
When you first click the backup icon, you just get a big, empty page. A bit of investigation reveals the New Task button. Clicking it brings up a disclaimer pointing out that the subscription you have offers online backup only. If you want advanced features like making local backups or burning backups to optical media, you must upgrade to G Data Total Security. You can check a box to suppress this disclaimer in the future.
To start designing a backup job, you select files and folders for backup. You do this using a folder/file tree. Checking or unchecking a folder selects or deselects all its contained folders and files. If you simply check the tree item with your username, representing all your user data, that may be enough.
The selection tree exhibits a strange redundancy that might cause trouble. For example, after the entry with your name is an entry called Libraries. If you check your username entry, the corresponding entries under Libraries (Music, Videos, Documents, and Pictures) do not get checked. But if after that you check Libraries and then uncheck it, those four entries under your username lose their checkmarks. This is just one of several redundancies in the tree, so you should carefully review your selections before proceeding.
The next step is target selection, but your only choice is cloud backup. Well, there's also an option to copy the archived data to an FTP server, but not many users are equipped to perform the necessary configuration. When I tried to continue at this point, the program admonished me, "Cloud has been selected as target, but no login has been entered." Guessing at this point, I clicked a button for network login—no joy. I finally thought to click the cloud icon. This triggered a menu titled New Account, which in turn asked me to select Dropbox or Google Drive. That could be clearer.
Kaspersky Total Security also offers to store backups on Dropbox, but this is just one of its many options. With Kaspersky, you can also back up your files to any local, removable, or network drive, or to an FTP server.
You can optionally create a schedule, separately for a full backup of all data and for a partial backup containing only changed data. Do you know what the difference between a differential backup and an incremental backup is? If not, just leave it set at the default. For each type of backup you can choose one-off, daily, weekly, or monthly backup, or just run the backup manually when you think of it.
Now you can review the dozens of options on the final page of settings. Some are disabled, most are set to the best configuration, but there's one you might want to tweak. By default, G Data opts for fast compression, making the backup process as speedy as possible. If you're short on cloud space, consider setting it to emphasize good compression, instead.
You can create as many backup jobs as you like. You might choose redundancy, backing up to both Dropbox and Google Drive. These jobs appear in the previously blank main backup window.
As for restoring backed-up files, it's a snap. Choose the backup, choose to restore all files or just some of them, and choose whether to restore to the original location or a new location.
Norton gives you 25GB of hosted online backup storage, and makes setting up a backup job very easy. Webroot completes also offers 25GB of storage, and serves as a full file-syncing tool. The backup system in G Data does the job, but it requires that you use third-party cloud storage, and it could be much, much simpler for users.
Porous Parental Control
This suite's parental control system is minimal, consisting of content filtering and time scheduling for Internet or computer use.
The content filter can block websites matching five categories: Drugs, Hackers, Violence, Extremist, and Pornography. There's also an option to block all HTTPS sites, but it's a ridiculous option. Yes, it would prevent access to secure anonymizing proxies, but it would also block any site that sensibly uses a secure connect, including Google, Unicef, and Wikipedia.
Parents can limit time on the computer, the Internet, or both. When enabled, the default in each case is 1.5 hours per day, 10.5 hours per week, and 45 hours per month. These times line up nicely. For example, 1.5 hours on each of seven days equals 10.5 hours. You can also define a weekly schedule, in one-hour increments, for when the child can use the Internet, or the computer. This feature uses a handy grid that makes it easy to set allowed and blocked times.
When I put G Data's scheduler to the test, I found that time-scheduler relies on the system clock. Resetting the clock to an allowed time defeats it. Admittedly, I couldn't find a similar way to defeat the daily cap.
Content filtering is keyword based, and it's both too lax and too strict. Photo-based pornographic sites with no banned words in the URL or page text flew right past the filter, while perfectly innocent sites triggered the over-zealous filter. For example, it blocks any page on blogspot.com because the filter found "pot" in the URL. Pages on the American Kennel Club site that used the word bitch (perfectly valid in this context) got the axe. And so on.
You'd think the Hackers category would block secure anonymizing proxy websites, but it doesn't. By connecting to one, I completely eluded the filter—don't think your teenager won't figure this out.
G Data does report which websites it blocked for each user, along with a date/time stamp and explanation. The explanation helped me confirm that, for example the app did indeed block a blogspot.com page due to the embedded word pot.
This is just not a useful system. If you need parental control in your security suite, look elsewhere. The parental control component in Norton is an Editors' Choice as a standalone. ZoneAlarm's is based on ContentWatch Net Nanny 7, another Editors' Choice. And Kaspersky Total comes with the excellent Kaspersky Safe Kids.
Simple Spam Filter
The need for local spam filtering gets smaller and smaller as more people use services that filter spam at the server level. If you're one of the few who don't get spam skimmed out of your email feed before it arrives, it's nice to have spam filtering handled by your security suite.
G Data analyzes incoming POP3 and IMAP email messages, flagging suspected spam messages, messages with a high spam probability, and messages with a very high spam probability. It prefixes [suspected spam] to the subject line for the first category, [spam] for the other two. You can change these tags, if you like, but most users will surely leave them at their default values.
This spam filter integrates with Microsoft Outlook, automatically diverting marked messages into the spam folder. Those using a different email client must create email rules based on the subject tags, not a terribly challenging task.
G Data uses quite a few different criteria to develop a spam score for each message. It checks the message text for certain keywords, and the message subject for a different set of keywords. You can edit either keyword list. It also includes a self-learning content filter system that's meant to improve accuracy over time.
The spam filter can also check spam messages against real-time blacklists. This process tends to slow the email download, so by default it only uses those blacklists for suspicious messages. Digging deeper, you can configure the spam filter to reject messages written in languages you don't speak. But really, most users can just leave the spam filter settings alone.
You can put specific addresses or domains on the whitelist, to ensure that the spam filter never blocks them. Conversely, you can blacklist addresses or domains to ensure they always get filtered. There's no option to import the content of your address book, or automatically whitelist addresses to which you send mail, like you get with ESET, Trend Micro Internet Security, and others.
If you do need local spam filtering, and want your security suite to handle it, G Data is as good as any. It doesn't offer the comprehensive feature collection that Check Point ZoneAlarm Extreme Security 2017 does, but on the flip side, it doesn't require any attention from you.
On a seriously icon-infested desktop, you not notice the appearance of a new icon titled G Data Shredder. This is a secure deletion utility, for use when you want to delete a file beyond the possibility of forensic recovery. Many encryption utilities come with a shredder, for thoroughly wiping out the originals of files that have been encrypted.
Simply deleting a file sends it to the Recycle Bin, and bypassing the Recycle Bin leaves the file's data still on disk, just marked as space that can be reused. Overwriting that data just once is enough to defeat software-based recovery. Recovery experts use hardware systems to peel back the layers and find previously stored data, but those techniques run into the limitations of physics at about seven overwrites. Why G Data lets you choose up to 99 overwrites I do not know. Three should be plenty for normal use.
Once you've configured the shredder, you drag files and folders onto its icon for secure deletion. You'll also find a Shred choice on the right-click menu.
Minor Performance Impact
While testing G Data, I occasionally felt the system might be running a little slow, but then, my virtual machines necessarily don't have a lot of resources. Running my hands-on performance tests revealed only minor impacts on system performance.
The biggest hit (not big, but biggest) came in my boot time test. Averaging many runs before installation of the suite and many more after, I found that the boot process took 26 percent longer with G Data loading at boot time. Given that most people reboot only when forced to, that's not a big deal.
To check whether a security suite affects everyday file manipulation activities, I time a script that moves and copies an eclectic collection of files between drives. Averaging multiple runs with no suite and with G Data installed, I found the script took 18 percent longer. That's not bad; the average for this test among current products is 23 percent. And there was no measurable slowdown for my zip/unzip test, which compresses and decompresses that same file collection repeatedly.
While G Data didn't put much of a drag on performance, some competing products had even less impact. Webroot, in particular, didn't show measurable impact in any of the three tests.
Component Quality Varies
G Data Internet Security 2017 includes all of the expected security suite components and even offers a backup system. The antivirus performed well in testing, but the parental control system is both limited and ineffective, and the basic firewall could be disabled by a determined hacker. You're better off with a suite in which all of the components do a good job.
For the purpose of defining Editors' Choice products, I distinguish basic suites like G Data, feature-packed mega-suites, and cross-platform multi-device suites. In the basic suites arena, Bitdefender Internet Security and Kaspersky Internet Security are my Editors' Choice products. Both cost a bit more than G Data, but they also offer much better security.
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Some antivirus companies that are big in Europe don't get as much mindshare here in the US.
G Data is one such security software maker.
According to the G Data website, G Data developed the very first antivirus in 1985; while some dispute that claim, the company has clearly been around for a while.
G Data Antivirus 2017 is the company's latest, and it does a good bit more than the basics of antivirus protection.
At $39.95 per year for a single license, G Data is in good company price-wise.
Bitdefender, Kaspersky Anti-Virus, Norton, and Webroot are among the numerous products at that price point.
For another $10, you can install G Data on up to three PCs.
If you go for a multi-PC license, you create an account for the first installation, then log in to that account for the rest.
G Data's main window features a bold red banner across the top. Not red for danger, or for stop—it's just red.
The rest of the main window displays the status of the product's numerous protection features, in several groups.
A green checkmark icon indicates that the feature is fully active.
For a partially disabled component, the icon changes to a yellow exclamation point; a fully disabled feature gets a grey dash icon. Naturally, you want to see green across the board.
G Data participates in testing with three of the five independent testing labs that I follow.
In Virus Bulletin's RAP (Reactive And Proactive) test, it scored 85.19 percent.
The average score for products I follow is 81.99 percent, so G Data comes in above average. PC Pitstop PC Matic scored highest in the latest test, with 94.75 percent, but failed overall due to many false positives.
Testers at AV-Test Institute look at antivirus products from three different perspectives, assigning up to six points for each of the criteria.
G Data earned 6 points in the all-important protection category, and by avoiding false positives (detection of valid programs as malicious) it managed another six points for usability.
A small impact on performance dragged its score in that category down to five points, however.
The overall score of 17 points wasn't quite enough to earn it a Top Product rating, but it's good.
In that same test, Kaspersky scored a perfect 18 points.
Bitdefender, Quick Heal, and Trend Micro Antivirus+ Security got 17.5 points.
These four earned the designation Top Product.
Most of the lab tests I follow report a range of results. MRG-Effitas takes a different tack.
To pass the banking Trojans test, a product must protect against every sample used; anything less is failure. Over 70 percent of tested products fail, G Data among them.
Due to the binary pass/fail nature of this test, I give it less weight when calculating an aggregate lab score.
G Data's three lab results worked out to an aggregate score of 8.7 points, which better than most companies manage. However, based on tests from all five labs, Kaspersky took 9.8 of 10 available points, the best aggregates score.
Avira Antivirus and Norton managed 9.7 points, each tested by three of the five labs.
Effective Malware Blocking
Your antivirus utility has many opportunities to save your PC from malware attack.
It can block access to the malware-hosting website, eliminate the threat on download, detect and delete known malware based on its signature, and even detect unknown malware based on behavior alone.
G Data includes all of these layers of protection, and my hands-on testing showed them in action.
In addition to scanning files on access, G Data scans your computer any time it's idle.
Between real-time protection and idle-time scanning, there isn't a screaming need for a full scan of your whole computer.
If you want a full scan, you click the Idle Time Scan link on the main window and choose Check Computer.
A full scan of my standard test system took an hour and 40 minutes, over twice the current average of about 45 minutes.
But once again, unless you actively suspect an infestation you should be able to just rely on the idle-time scan.
When I opened the folder containing my current collection of malware samples, G Data started examining them.
The process was slower than with many competing products, but clearly very thorough.
In most cases, it offered to quarantine the item as its default action; for a few, it advised simply blocking the file from execution.
By the time it finished, 97 percent of the samples were either quarantined or deactivated.
I keep a second set of samples on hand; these are modified versions of the originals.
To create each modified sample, I change the filename, append nulls to change the file size, and overwrite some non-executable bytes.
G Data detected all of the same samples, even in their tweaked form.
In addition, it detected all the remaining samples after execution, for a 100 percent detection rate. Webroot SecureAnywhere AntiVirus, F-Secure, and Ashampoo Anti-Virus 2016 also detected 100 percent of the samples. PC Matic also blocked 100 percent of the samples, but then, it blocks any unknown program.
Webroot managed a perfect 10 points in this test.
G Data, like F-Secure Anti-Virus, allowed a few executable traces to hit the test system, but the 9.8 points both of them earned is still very respectable.
For another view of each product's ability to protect against malware, I use a feed of current malware-hosting URLs supplied by MRG-Effitas.
I launch each URL in turn, discarding any that are defective, and noting whether the antivirus blocks access to the URL, wipes out the malware download, or fails to respond at all.
I keep at it until I've accumulated data for 100 malicious URLs.
G Data earned a 78 percent detection rate in this test, in most cases by blocking access to the malware-hosting URL.
That's just a middling score.
Symantec Norton AntiVirus Basic and PC Pitstop managed 98 percent protection, with Avira close behind at 75 percent.
I didn't see G Data's behavior monitoring kick in during these tests, because other protection layers beat it to the punch.
In any case, behavior monitoring in some antivirus products bombards the user with dire warnings about good and bad programs alike.
For a sanity check, I installed about 20 old PCMag utilities, programs that tie into the operating system in ways that malware might also do.
G Data didn't flag any of the PCMag utilities, but it did give the stink-eye to two of my hand-written test programs.
It popped up a clear warning that the test program might be malicious, with a detailed list of its reasons, and its reasons made total sense.
A program that launches Internet Explorer and manipulates it to download malware? That's suspicious! I'm pleased to see that behavior monitoring kicks in for a pattern of suspicious behavior, not for every little potential problem.
So-So Phishing Protection
Writing a data-stealing Trojan and getting it somehow installed on victim PCs can be a tough job.
Simply tricking users into giving away their passwords and other personal data can be quite a bit easier. Phishing websites masquerade as financial sites, Web-based email services, even online games.
If you enter your username and password on the fraudulent site, you've given the fraudsters full access to your account.
If the website looks just like PayPal but the URL is something goofy like armor-recycling.ru, at least some users will detect the fraud.
But sometimes the URL is so close to the real thing that only those with sharp eyes will spot it as a fake.
Antivirus programs that have a Web protection component usually attempt to protect users against phishing as well, and G Data is no exception.
To test the efficacy of a product's antiphishing component, I first scour the Web for extremely new phishing URLs, preferably URLs that were reported as fraudulent but that haven't yet been analyzed and blacklisted.
I launch each simultaneously in one browser protected by the product under test and another protected by long-time fraud fighter Norton.
I also launch each URL in instances of Chrome, Firefox, and Internet Explorer, relying on the browser's built-in phishing detection.
Because the collection of fraudulent sites differs every time, I report results in relative terms rather than absolute detection rate.
Very few products do better than Norton in this test, but many come closer than G Data did.
G Data's detection rate came in 45 percentage points below Norton's, which a is poor result.
Internet Explorer and Chrome both did a better job than G Data. Yes, G Data beat Firefox, but Firefox hasn't been doing very well lately.
The lesson here? Don't turn off your browser's built-in phishing protection.
Along with the expected antivirus features, G Data gives you several features that you'd expect to see in a security suite.
I tested its exploit protection by hitting the test system with about 30 exploits generated by the CORE Impact penetration tool.
It identified 30 percent of the exploits by name and blocked another 20 percent using more generic detection.
That 50 percent detection total is as good as what Kaspersky Internet Security managed in this test. Norton leads this test, with 63 percent protection.
Like Safepay in Bitdefender Antivirus Plus 2017 and Kaspersky's Safe Money, G Data's BankGuard feature aims to protect your financial transactions.
Bitdefender uses a whole separate desktop to run Safepay, and Kaspersky puts a glowing green border around the browser protected by Safe Money.
By contrast, BankGuard works invisibly to protect all your browsers.
The only way to see it in action is to encounter a Trojan that attempts a man-in-the-browser attack or other data-stealing technique.
The related keylogger protection feature was easier to test than BankGuard.
I installed a popular free keylogger, typed some data into Notepad, typed into my browsers, and then typed in Notepad again. When I brought up the keylogger's keystroke capture report, it showed no keystrokes between the two uses of Notepad.
To test G Data's ransomware protection component, I first turned off every other feature related to real-time malware protection. When I launched a ransomware sample, it quickly popped up a warning about suspicious behavior that suggests encrypting ransomware, with the caveat that if you are actively running an encryption utility yourself, you can ignore the warning. My G Data contact noted that in most cases, some other layer of protection will block the ransomware before it gets to this point.
G Data has long featured the ability to manage the programs that launch automatically when your system boots.
Its Autostart Manager can delay launch of any such program for from one to 10 minutes, or set it to never launch at startup. You can also configure it to launch the program when the system's startup activity has died down.
This is a more fine-grained control than you get with the similar feature in Norton.
A Mature Product
G Data has been around longer than almost any of its competitors, and G Data Antivirus 2017 is a mature product.
Since my last review, it has added components specifically designed to protect against exploits, keyloggers, banking Trojans, and ransomware.
It earned a great score in my hands-on malware-blocking test, and took decent scores from the independent testing labs. However, it proved less effective at blocking access to malicious and fraudulent URLs.
Bitdefender Antivirus Plus and Kaspersky Anti-Virus earn top scores from the independent labs.
Symantec Norton AntiVirus Basic scored high in all of my hands-on tests, and includes an impressive set of bonus features. Webroot SecureAnywhere Antivirus goes even farther with behavior-based detection, making it the tiniest antivirus around.
And a single license for McAfee AntiVirus Plus lets you install protection on every device in your household. Out of the huge range of antivirus products, these five have earned the title Editors' Choice.
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
This year saw significant changes in the copyright and patent landscapes. "Patent trolls" who sue technologists for fun and profit got smacked down by courts more often—and harder—than ever before.
At the same time, universities were filing patent lawsuits at an increased rate, and often winning.In the copyright realm, the Oracle v.
Google trial dominated the spring.
A jury was left to decide the murky rules about when using an API could be "fair use." That legal uncertainty led to the two tech giants clashing over the ethics of each others' business practices and the history of the smartphone industry. In two very different cases in 2016, copyright issues led to criminal charges being filed. US authorities are seeking to extradite and put on trial a man named Artem Vaulin, who they say made $16 million annually by running a massive online storehouse of pirated films and songs.
And more than three years after they were condemned by a federal judge, lawyers behind a vast array of copyright lawsuits, a firm known as Prenda Law, were arrested and accused of fraud. Here's a look back at 2016's most dramatic IP cases. Graphiq CEO Kevin O'Connor and former director of operations Danny Seigle.
Graphiq (formerly FindTheBest) became the first company to win attorneys' fees in a patent case under the Supreme Court's new Octane Fitness standard.
An appeals court approved the fee award in January 2016. Patent trolls continued to face stiff fines throughout 2016. eDekka, the most litigious patent company just a year ago, collapsed and dropped its appeal after being hit with fees in East Texas. Carnegie Mellon University ended a prolonged patent battle with Marvell Technology in February, with Marvell agreeing to pay a $750 million settlement—the largest payout ever for a patent related to computer science. Pictured here is CMU Professor José Moura, inventor on the two patents in the case. An image explaining one of two patents owned by Carnegie Mellon University, which describe a method of reducing noise when reading data from hard disks.
The patents were used by CMU to sue Marvell Technology. Universities have increasingly been willing to become plaintiffs in high-stakes patent lawsuits, and are sometimes partnering with professional patent enforcement companies to do so.
The Electronic Frontier Foundation launched a "reclaim invention" campaign in June 2016, seeking to pressure universities not to partner with such "patent trolls." Since the US Supreme Court's 2014 Alice v.
CLS Bank decision, it's been easier to get software patents thrown out of court. Until this year, the US Court of Appeals for the Federal Circuit had only upheld software patents in one post-Alice case.
But in 2016, the Federal Circuit gave approval to software patents in three more cases.
The image above is pulled from the McRo v.
Bandai Namco Games opinion.
A Federal Circuit panel said McRo's digital animation patents could survive, rejecting arguments from public interest groups like EFF that McRo was being allowed to essentially patent mathematics. In May, a second jury trial between Oracle and Google over whether the Android operating system violated Java copyrights ended with a second resounding win for Google.
The testimony of Jonathan Schwartz, former president of Sun MicroSystems, loomed large in the case.
Schwartz testified that he had no problem with Android, since Google had followed the rules around Java intellectual property that Sun had established. Noah Berger/Bloomberg via Getty Images Oracle attorneys tried to sway the jury by painting former Sun Microsystems president Jonathan Schwartz as a hypocrite, who praised Google in public but privately decried its licensing practices.
It didn't work.
Above is a slide from Oracle's closing argument. In June, a Los Angeles federal jury considered whether or not Led Zeppelin's "Stairway to Heaven" was ripped off from a song by psychedelic rock band Spirit.
The jury found in Led Zeppelin's favor, quelling some fears that the music industry may continue to be plagued with copyright lawsuits over similar-sounding songs.
The case followed a high-profile 2015 trial in which a jury found that the hit song "Blurred Lines" infringed the copyright of Marvin Gaye's "Got to Give it Up." In July, US prosecutors charged Artem Vaulin, a 30-year-old Ukrainian man, with criminal copyright infringement for running the popular website KickAssTorrents.
Vaulin was arrested and is being held in Poland awaiting extradition.
It's the highest profile criminal copyright case since the US charged Kim Dotcom—who's still living in New Zealand, where he's desperately hoping to avoid extradition.
Above is a screenshot of the now-shuttered torrent website. On July 21, the Electronic Frontier Foundation filed a lawsuit that's been a long time coming.
EFF claims that the DMCA's ban on circumventing digital locks violates the First Amendment.
Digital locks may need to be sidestepped "in order to create a running critical commentary on... a political debate, sporting event, or movie," all legitimate activities that should be protected by fair use, EFF argues.
The government has asked for the case to be dismissed, and the matter is awaiting a judge's decision. Pictured above is EFF client Andrew "bunnie" Huang, who wants to market a product for editing HD television signals, but is hampered by copyright limitations he believes are unconstitutional. Record label EMI sued MP3tunes, an early music locker service, in 2007, along with its founder Michael Robertson, pictured above in a 2006 photo.
The litigation caused MP3tunes to go bankrupt in 2012, but Robertson kept fighting his battle in court.
In October 2016, the 2nd Circuit appeals court upheld and even expanded EMI's court win—a disastrous result for Robertson and MP3tunes.
Today, cloud music services are thriving.
But the MP3tunes precedent shows that innovators who cross the music industry still must risk paying a heavy price. In an opinion published December 6, the US Supreme Court stopped Apple from collecting $399 million in patent infringement damages from Samsung over iPhone-related design patents.
The high court held that the lower court erred when it allowed Apple to automatically collect "lost profits" damages based on the entire value of a phone.
It was the first time in more than a century that the Supreme Court took a case involving design patents. Pictured above is one of the infringed patents, D618,677, describing a black rectangle with rounded corners. The lawyers behind Prenda Law were denounced in 2013 by a federal judge who called them a "porno-trolling collective" that had abused federal courts.
In December 2016, two of those lawyers, John Steele and Paul Hansmeier, were arrested and charged with fraud and perjury. Pictured above is John Steele's banner advertisement from his old firm, which practiced family law. Two band members of 60's rock band The Turtles, pictured above, have turned the once-obscure issue of pre-1972 songs into a hot copyright issue.
The Turtles sued Sirius XM and Pandora, demanding royalties for their old sound recordings, which are not protected by federal law.
Sirius and Pandora lost key legal battles in 2015, and Sirius paid out a $210 million settlement to record labels.
But the Turtles case went on, and on Dec. 21, 2016 the New York Court of Appeals handed a big victory to Sirius, saying that the state's common law offered no copyright protection for pre-1972 recordings.
The decision may be influential in other states. Nokia and Apple fought each other over smartphone patents between 2009 and 2011, but settled their case. Nokia has backed out out of the smartphone business, but is still licensing its patents, so the two companies are back at war. Nokia has sued Apple over patents in 11 different countries. Meanwhile, Apple has filed an antitrust lawsuit against Nokia, accusing the Finnish firm of working together with "patent-assertion entities"—a.k.a. patent trolls—to "maximize the royalties that can be extracted from product companies."
If a website's massive data breach compromises your privacy, there's not much you can do. It's out of your hands. But that doesn't mean you're completely helpless. There's plenty you can do to protect your own privacy, things like encrypting your files, and protecting your passwords. Steganos Privacy Suite 18 brings together a variety of useful privacy-related tools. However, the quality of the tools varies, and the suite lacks some useful features found in competing products.
With most antivirus tools, security suites, and password managers, you pay a yearly subscription fee. That's not the case with Steganos. For $59.95 you can install it on up to five PCs and use it for as long as you like. The only thing you don't get is a free update to the next version.
Earlier editions of this product included VPN protection, but the current product lineup makes Steganos Online Shield VPN a separate product. As I write this, Steganos is running a promotion that gives you the VPN for free when you purchase the suite. Note, though, that PCMag's Max Eddy gave this VP service just two out of five stars.
Getting Started with Steganos
After the quick, simple installation Steganos displays its main window. At the left is a three-by-three matrix of icons representing the suite's features: Safe, Portable Safe, Crypt & Hide, Password Manager, Private Favorites, E-Mail Encryption. Shredder, Trace Destructor, and Privacy. The suite is effectively a launch pad for these utilities.
The right-hand portion of the main window is a kind of security progress report. Just by installing the suite, you start with a 20 percent security level. Creating an encrypted safe for storing sensitive files gets you another 20 percent, and setting up the password manager raises it by another 20. Using the password manager's bonus ability to store private favorites adds 20 percent more. Configuring the Privacy components takes you to 100 percent. I like the way this simple report encourages full use of the product's features.
Several components of the Steganos Privacy Suite are available as standalone products. I'll summarize my findings regarding those products. To get full details, please click the links to read my reviews.
Steganos Safe 18 lets you create any number of safes, which are encrypted storage containers for your sensitive files. You can create safes on your PC, on portable devices, or in your cloud storage accounts. When a safe is open, you use it exactly like any disk drive. When it's shut, its contents are completely inaccessible.
Steganos Safe is extremely easy to use, more so than most container-based encryption products. In addition, it offers some seriously sneaky techniques for hiding the very existence of your safes from prying eyes. For example, you can hide a fairly small safe inside an audio, video, or executable file. And the Safe in a Safe feature lets you dedicate a percentage of a visible safe for use as a discrete, invisible storage location, with its own separate password.
Along with the encryption tool, you also get Steganos Shredder, a secure deletion shredder utility. You can securely delete any file or folder by selecting Destroy from the right-click menu. With this tool you can also shred all of the free space on disk, effectively applying secure deletion to already-deleted files. It can also wipe any disk drive (except the active Windows drive) so thoroughly that a format is required when it's done.
Steganos Password Manager 18 handles the basic tasks of password capture and replay, and includes a password generator. Unlike most competing products, it doesn't directly handle syncing your passwords between devices; if you want syncing, you must connect to your existing cloud storage. You also get a limited ability to fill Web forms with personal data.
In testing, I couldn't get the password manager's Firefox extension to load. Also, some features worked in Chrome but not in Internet Explorer. If you get this password manager as part of the Steganos suite, you might as well use it. But if you're shopping for a standalone password manager, there are much better choices.
The two standalone Steganos products I've reviewed account for five of the suite's nine component icons. Password Manager and Private Favorites both correspond to Steganos Password Manager. Safe and Portable Safe are parts of Steganos Safe, as is Shredder. For the remainder of this review I'll focus on the rest of the privacy components.
Encrypt and Hide
The name Steganos comes from the term steganography, which is not the same as encryption. The aim of encryption is to ensure that others can't decipher your secrets. The aim of steganography is to conceal the fact that you have secrets. When you process a file through the suite's Crypt & Hide component and then shred the original, a hacker or snoop won't find any evidence that the sensitive data exists.
I don't know precisely how this tool processes files—it's not in the company's interest to reveal such information. But here's a simple example of how steganography could work to hide a file inside an image. First, picture that the file contains a list of numbers representing the exact color of each pixel in the image. Now round all those numbers so they're even. That tiny change doesn't make a visible difference in the image. Convert your secret file into a stream of bits, and step through the list of the image's pixels, leaving the color number unchanged for zero bits and making it odd for one bits. You've hidden the file in a way that's completely recoverable, but the image doesn't look appreciably different.
Steganos can use BMP, WAV, or JPG files as carriers for encrypted data. The help system advises using a carrier file at least 20 times the size of the encrypted data. You can also use it to create encrypted archives without hiding them, much as you'd do with a ZIP archive utility. Note, though, that the archives created by Steganos use the proprietary EDF format, not the standard ZIP format.
To create a simple encrypted archive, drag files and folders onto the Crypt & Hide dialog, or browse to locate the desired items. You can also enter a text description of the contents. Clicking Save lets you define the name and location for the resulting EDF file. The password entry dialog is the same as that used by Steganos Safe and Steganos Password Manager. It rates password strength as you type, with the option to use a virtual keyboard, or to define the password by clicking a sequence of pictures.
To create an encrypted file and also hide it, follow precisely the same procedure, but click the Hide button instead of the Save button, and choose a BMP, WAV, or JPG file as carrier. That's it. Your secret files are hidden within the chosen carrier. Don't believe it? Launch Crypt & Hide again, choose Open, and select your carrier. Once you enter the password, your files are back. Of course you must use the shredder to destroy the originals.
As you use your computer and browse the Web, you leave behind traces of what you've been doing. Sure, you hid your secret plans using Crypt & Hide, but if MyWorldTakeover still shows up in the list of recent documents, you're busted. In a similar way, your browsing history may reveal way too much about what you've been researching. That's where TraceDestructor comes in.
TraceDestructor clears various types of browsing traces from Chrome, Firefox, Internet Explorer, and Microsoft Edge. For Edge, it just clears cookies and cached files. For the others, it can also wipe out such things as history, autocomplete data, and passwords. It can also empty the Recycle Bin and eliminate Windows temporary files, recently used file lists, and other traces.
Cleaning up traces doesn't take long. When the process has finished, Steganos advises you to log off and on again, for full cleanup. Simple!
Clicking the Privacy icon brings up a simple settings dialog with four on/off switches, all off by default. I couldn't test Webcam protection, because my virtual machine test systems simply don't have webcams. In addition, every time I opened Privacy Settings I got a notification from Windows that the webcam privacy component crashed.
Webcam protection does nothing but deactivate your webcam, so you must turn that protection off if you want to use the cam for videoconferencing. A similar feature in ESET Internet Security 10 lets you disable the webcam in general but enable specific programs. That would prevent webcam spying while still letting you Skype, for example.
Kaspersky Total Security also offers webcam blocking for all but permitted programs. It extends similar protection to the microphone, to head off the possibility of a snoop listening in on your activities.
Internet advertisers work hard to profile your personal surfing habits, so they can target ads based on your interests. If you've ever bought (or looked at) a product on one site and then seen an ad for that product on a different site, you've seen this process in action. You can set your browser to send a Do Not Track header with each request, but sites aren't compelled to obey this header. The Prevent tracking option in Steganos filters out tracking activity before it reaches the browser.
Some trackers skip the usual techniques for tying together all data about your online activity, instead trying to create a fingerprint of your devices and activity, including precise data about the browsers you use. Steganos lets you replace your actual browser details with a generic fake set, to anonymize your browser type. Finally, you can choose to block advertisements altogether. The Block ads, Prevent tracking, and Anonymize browse type settings are simple on/off switches.
In testing, these three privacy elements initially didn't work. I confirmed this using various online tests. I reinstalled the product, to no avail. I installed it on a physical system, thinking that it might be incompatible with running in a virtual machine. Here, too, the privacy elements just didn't work. Tech support determined this was due to the absence of a proxy process that provides all three types of filtering.
Going back and forth with tech support, I determined that the installer failed to create a necessary configuration file. Even after I manually copied the config file that tech support supplied, it did not launch the proxy process. After more back and forth, I got the proxy running on both systems. It seemed to be running smoothly on the physical system, but its output on the virtual system contained many error messages. That being the case, I focused on the physical system.
There's no way to tell if the Prevent tracking feature is working, but Anonymize browser type should change the user agent string that your browser sends to every website. It did not do so. And although the filter's output log contained tons of ad blocking reports, the ads visibly weren't blocked.
The worst thing about this component is that even when its proxy failed to load, it didn't display any kind of error message. The privacy features work silently, so you'd have no idea that they weren't functioning, unless you noticed its failure to block ads.
There is one icon I haven't covered, E-Mail Encryption. I've skipped this one for several reasons. First, it is not a Steganos product; it's from another company, MyNigma. Second, on a PC it only functions as an Outlook plug-in, and my test systems don't have Outlook. Third, it only works to encrypt email between other users of MyNigma, so it's not useful for general-purpose encrypted communication.
Another Take on Privacy
Abine Blur is another suite of tools aimed at protecting your privacy. Its active Do Not Track component goes way beyond just sending the DNT header, which websites can ignore. Furthermore, unlike Steganos, it makes its activity visible. It includes a simple password manager, but goes beyond Steganos by offering a safety report that flags weak and duplicate passwords.
Blur protects your privacy by masking email accounts, credit cards, and (on a smartphone) phone numbers. Suppose you make a purchase from a merchant using a masked email account, and a masked credit card. Mail from the merchant reaches your inbox, but you can delete the masked account if it starts getting spam. And a merchant who doesn't have your real credit card number can't sell the card data or overcharge you. Read my review for a full explanation.
Blur doesn't block ads, and it doesn't include file encryption, but all of its components are directly aimed at protecting your privacy. Even if you do install the Steganos suite, consider trying Blur's free edition for additional protection. Note that if you do opt for a $39-per-year premium subscription, you can use Blur on all your devices.
Do You Already Have It?
You may also find that you've already got significant privacy protection courtesy of your security suite. For example, Kaspersky and AVG Internet Security include an active Do Not Track system, like what Blur offers, and Kaspersky can block banner ads. Webcam protection in Kaspersky and ESET goes farther than what you get with Steganos.
As for encrypted storage, the core of Steganos Privacy Suite, you can find a similar feature in many suites, among them McAfee LiveSafe, Bitdefender, Kaspersky, and Trend Micro. Admittedly, none of the suites build out this feature into the comprehensive encryption system that is Steganos Safe.
As for password management, it's becoming a common bonus feature in larger suites. Webroot includes a version based on award-winning LastPass, and McAfee comes with all the multi-factor authentication glory of True Key. Symantec Norton Security Premium, Trend Micro, ESET, Kaspersky, and Bitdefender are among the other suites with a password manager built right in.
Before you purchase a set of privacy tools, check to see what you already have right in your existing security suite.
A Mixed Bag
Steganos Safe is easier to use than other container-based encryption programs, and has some nifty features to both encrypt and hide your files. However, Steganos Password Manager lacks advanced features, and some of its features didn't work in testing. The Crypt & Hide component is a kick, as it truly hides your secrets, leaving no trace. But the browser-related privacy filters just didn't work in testing. Steganos Privacy Suite is a mixed bag, for sure.
There aren't many utilities specifically devoted to privacy. Abine Blur Premium remains our Editors' Choice in this interesting field. I look forward to seeing more competition in the specific area of privacy protection.
Gabriel owns Haki Creatives, a design firm that specializes in building websites for social activist groups like Black Lives Matter (BLM)—and for that work strangers want to kill her. When these people aren’t hurling threats at the site’s designer, they’re hurling attacks at the BLM site itself—on 117 separate occasions in the past six months, to be precise.
They’re renting servers and wielding botnets, putting attack calls out on social media, and trialling different attack methods to see what sticks.
In fact, it’s not even clear whether ‘they’ are the people publicly claiming to perform the attacks. I wanted to know just what it takes to keep a website like BlackLivesMatter.com online and how its opponents try to take it down. What I found was a story that involves Twitter campaigns, YouTube exposés, Anonymous-affiliated hacker groups, and a range of offensive and defensive software.
And it’s a story taking place in the background whenever you type in the URL of a controversial site. BlackLivesMatter.com Although the Black Lives Matter movement has been active since 2013, the group’s official website was set up in late 2014 after the shooting of Michael Brown in Ferguson, Missouri. Until that point, online activity had coalesced around the #BlackLivesMatter hashtag, but when the mass mobilizations in Ferguson took the movement into the public eye, a central site was created to share information and help members connect with one another. Since its creation, pushback against BLM has been strong in both the physical and digital world.
The BLM website was taken down a number of times by DDoS attacks, which its original hosting provider struggled to deal with.
Searching for a provider that could handle a high-risk client, BLM site admins discovered MayFirst, a radical tech collective that specializes in supporting social justice causes such as the pro-Palestinian BDS movement, which has similarly been a target for cyberattacks. MayFirst refers many high-profile clients to eQualit.ie, a Canadian not-for-profit organization that gives digital support to civil society and human rights groups; the group’s Deflect service currently provides distributed denial of service (DDoS) protection to the Black Lives Matter site.
In a report published today, eQualit.ie has analyzed six months’ worth of attempted attacks on BLM, including a complete timeline, attack vectors, and their effectiveness, providing a glimpse behind the curtain at what it takes to keep such a site running. The first real attack came only days after BLM signed up with Deflect.
The attacker used Slowloris, a clever but dated piece of software that can, in theory, allow a single machine to take down a Web server with a stealthy but insistent attack.
Billed as “the low bandwidth yet greedy and poisonous http client,” Slowloris stages a “slow” denial of service attack.
Instead of aggressively flooding the network, the program makes a steadily increasing number of HTTP requests but never completes them.
Instead, it sends occasional HTTP headers to keep the connections open until the server has used up its resource pool and cannot accept new requests from other legitimate sources. Elegant as Slowloris was when written in 2009, many servers now implement rules to address such attacks.
In this case, the attack on BLM was quickly detected and blocked.
But the range of attack attempts was about to get much wider. Enlarge / The Slowloris tool running in a terminal. Anonymous “exposes racism” On May 2, 2016, YouTube channel @anonymous_exposes_racism uploaded a video called “Anonymous exposes anti-white racism.” The channel, active from eight months before this date, had previously featured short news clips and archival footage captioned with inflammatory statements (“Louis Farrakhan said WHITE PEOPLE DESERVE TO DIE”).
But this new video was original material, produced with the familiar Anonymous aesthetic—dramatic opening music, a masked man glitching across the screen, and a computerized voice speaking in a strange cadence: “We have taken down a couple of your websites and will continue to take down, deface, and harvest your databases until your leaders step up and discourage racist and hateful behavior.
Very simply, we expect nothing less than a statement from your leadership that all hate is wrong… If this does not happen we will consider you another hate group and you can expect our attention.” The “we” in question was presumably a splinter cell of Anonymous known as the Ghost Squad Hackers.
Three days previously, in a series of tweets on April 29, Ghost Sqaud’s self-styled admin “@_s1ege” claimed to have taken the BLM site offline.
Ghost Squad had a history of similar claims; shortly before this, it had launched an attack against a Ku Klux Klan website, taking it offline for a period of days. Dr.
Gabriella Coleman is an anthropologist and the author of Hacker, Hoaxer, Whistleblower, Spy—considered the foremost piece of scholarship on Anonymous. (She also serves as a board member of eQualit.ie.) She said that Ghost Squad is currently one of the most prolific defacement and DDoS groups operating under the banner of Anonymous, but she also noted that only a few members have ever spoken publicly. “Unless you’re in conversation with members of a group, it’s hard to know what their culture is,” said Coleman. “I could imagine hypothetically that a lot of people who use the Ghost Squad mantle might not be for [attacking Black Lives Matter] but also might not be against it enough to speak out. You don’t know whether they all actively support it or just tolerate it.” Just as with Anonymous as a whole, this uncertainty is compounded by doubts about the identity of those claiming to be Ghost Squad at any given time—a fact borne out by the sometimes chaotic attack patterns shown in the traffic analytics. Enlarge / A screenshot of BlackHorizon in action. The April 29 attack announced by S1ege was accompanied by a screenshot showing a Kali Linux desktop running a piece of software called Black Horizon.
As eQualit.ie’s report notes, BlackHorizon is essentially a re-branded clone of GoldenEye, itself based on HULK, which was written as proof-of-concept code in 2012 by security researcher Barry Shteiman. All of these attack scripts share a method known as randomized no-cache flood, the concept of which is to have one user submit a high number of requests made to look like they are each unique.
This is achieved by choosing a random user agent from a list, forging a fake referrer, and generating custom URL parameter names for each site request.
This tricks the server into thinking it must return a new page each time instead of serving up a cached copy, maximizing server load with minimum effort from the attacker. But once details of the Ghost Squad attack were published on HackRead, a flurry of other attacks materialized, many using far less effective methods. (At its most basic, one attack could be written in just three lines of Python code.) Coleman told me that this pattern is typical. “DDoS operations can attract a lot of people just to show up,” she said. “There’ll always be a percentage of people who are motivated by political beliefs, but others are just messing around and trying out whatever firepower they have.” One group had first called for the attack, but a digital mob soon took over. Complex threats Civil society organizations face cyberattacks more often than most of us realize.
It’s a problem that these attacks exist in the first place, of course, but it’s also a problem that both successful and failed attempts so often happen in silence. In an article on state-sponsored hacking of human rights organizations, Eva Galperin and Morgan Marquis-Boire write that this silence only helps the attackers. Without publicly available information about the nature of the threat, vulnerable users lack the information needed to take appropriate steps to protect themselves, and conversations around effective defensive procedures remain siloed. When I spoke to Galperin, who works as a global policy analyst at the Electronic Frontier Foundation, she said that she hears of a civil society group being attacked “once every few days,” though some groups draw more fire and from a greater range of adversaries. “[BLM’s] concerns are actually rather complicated, because their potential attackers are not necessarily state actors,” said Galperin. “In some ways, an attacker that is not a nation state—and that has a grudge—is much more dangerous. You will have a much harder time predicting what they are going to do, and they are likely to be very persistent.
And that makes them harder to protect against.” By way of illustration, Galperin points to an incident in June 2016 when prominent BLM activist Deray Mckesson’s Twitter account was compromised despite being protected by two-factor authentication.
The hackers used social engineering techniques to trick Mckesson’s phone provider into rerouting his text messages to a different SIM card, an attack that required a careful study of the target to execute. Besides their unpredictability, persistence was also a defining feature of the BLM attacks.
From April to October of this year, eQualit.ie observed more than 100 separate incidents, most of which used freely available tools that have documentation and even tutorials online. With such a diversity of threats, could it ever be possible to know who was really behind them? Chasing botherders One morning soon after I had started researching this story, a message popped up in my inbox: “Hello how are you? How would you like to prove I am me?” I had put the word out among contacts in the hacking scene that I was trying to get a line on S1ege, and someone had reached out in response. Of course, asking a hacker to prove his or her identity doesn’t get you a signed passport photo; but whoever contacted me then sent a message from the @GhostSquadHack Twitter account, used to announce most of the team’s exploits, a proof that seemed good enough to take provisionally. According to S1ege, nearly all of the attacks against BLM were carried out by Ghost Squad Hackers on the grounds that Black Lives Matter are “fighting racism with racism” and “going about things in the wrong way.” Our conversation was peppered with standard-issue Anon claims: the real struggle was between rich and poor with the media used as a tool to sow division and, therefore, the real problem wasn’t racism but who funded the media. Was this all true? It’s hard to know.
S1ege’s claim that Ghost Squad was responsible for most of the attacks on BLM appears to be new; besides the tweets on April 29, none of the other attacks on BLM have been claimed by Ghost Squad or anyone else.
To add more confusion, April 29 was also the date that S1ege’s Twitter account was created, and the claim to be staging Op AllLivesMatter wasn’t repeated by the main Ghost Squad account until other media began reporting it, at which point the account simply shared posts already attributing it to them. Despite being pressed, S1ege would not be drawn on any of the technical details which would have proved inside knowledge of the larger attacks. Our conversation stalled.
The last message before silence simply read: “The operation is dormant until we see something racist from their movement again.” Enlarge / Number of connections per day to the Black Lives Matter website.
DDos attacks are the massive spikes. eQualit.ie Behind the mask As eQualit.ie makes clear, the most powerful attacks leveraged against the BLM website were not part of the wave announced back in April by Ghost Squad.
In May, July, September, and October, a “sophisticated actor” used a method known as WordPress pingback reflection to launch several powerful attacks on the site, the largest of which made upwards of 34 million connections. The attack exploits an innocuous feature of WordPress sites, their ability to send a notification to another site that has been linked to, informing it of the link.
The problem is that, by default, all WordPress sites can be sent a request by a third party, which causes them to give a pingback notification to any URL specified in the request.
Thus, a malicious attacker can direct hundreds of thousands of legitimate sites to make requests to the same server, causing it to crash. Since this attack became commonplace, the latest version of WordPress includes the IP address requesting the pingback in the request itself. Here’s an example: WordPress/4.6; http://victim.site.com; verifying pingback from 188.8.131.52 Sometimes these IP addresses are spoofed—for illustration purposes, the above example (184.108.40.206) corresponds to Google’s public DNS server—but when they do correspond to an address in the global IP space, they can provide useful clues about the attacker.
Such addresses often resolve to “botherder” machines, command and control servers used to direct such mass attacks through compromised computers (the “botnet”) around the globe. Enlarge eQualit.ie In this case, the attack did come with clues: five IP addresses accounted for the majority of all botherder servers seen in the logs.
All five were traceable back to DMZHOST, an “offshore” hosting provider claiming to operate from a “secured Netherland datacenter privacy bunker.” The same IP addresses have been linked by other organizations to separate botnet attacks targeting other groups.
Botnets can be rented on-demand for around $60 per day on the black market, but the price of being flooded by one can run into the hundreds of thousands of dollars. (Commercial DDoS protection can itself cost hundreds of dollars per month. eQualit.ie provides its service to clients for free, but this is only possible by covering the operating costs with grant funding.) The Internet had long been lauded as a democratizing force where anyone can become a publisher.
But today, the cost of free speech can be directly tied to the cost of fighting off the attacks that would silence it. Corin Faife is a freelance journalist writing on the intersection of technology and politics. You can find him in one of the many bars of Montreal, Canada, or on Twitter at @corintxt.
Facebook, however, may have filled that gap today with the release of a previously internal tool called the Certificate Transparency Monitoring Developer Tool. The tool checks major public CT logs at regular intervals for new certificates issued on domains singled out by the user. “We’ve been monitoring Certificate Transparency logs internally since last year, and found it very useful,” Facebook security engineer David Huang said. “It allowed us to discover unexpected certs that were issued for our domain that we previously were unaware of. We realized it might be useful for other developers and made this free for everyone.” The tool allows users to search CT logs for a particular domain and return certs that have been issued for the domain and its subdomains. Users can also subscribe to a domain feed and receive email notifications when new certs are issued. Facebook said the search interface is easy to use, and its infrastructure can process large amounts of data quickly, providing a reliable return for any domain.
Facebook has been promoting the use of CT logs to detect unexpected certificates; not all of these occurrences are malicious. “It’s not always necessarily a vulnerability or attack, but it may be a case where a site as large as Facebook with lots of domains—some run by ourselves or by external hosting vendors—where we many not have a full picture of how our certs are deployed on domains,” Huang said. “This tool provides easy information for us.
This is probably very interesting for individual sites or smaller sites that probably are not actively monitoring certificates for their domains.” The framework is set up to monitor, in a standard way, all publicly trusted TLS certificates issued on the internet.
It consists of logs, or records of TLS certs submitted by CAs or site owners; an auditing services that ensures submitted certs are included in the CT logs; and a monitoring service that queries CT logs for new cert data.
Facebook said since it adopted Certificate Transparency, it has observed more than 50 million certificates.
That data is collected and verified against a ruleset, and any variations triggers a notification. Huang said that Facebook’s tool is among the few free services that include a notification and subscriber option. “There are dozens of CT logs, and we periodically fetch them (hourly, or even every 15 minutes) and keep synching across CT logs,” Huang said. “Once we fetch those certificates and process them through our pipeline, we generate alerts if we detect anything unexpected.” Google recently said it was making Certificate Transparency mandatory, an set an October 2017 deadline that was announced at the CA/Browser Forum in mid-October.
Sites that are not compliant will not display the green banner signifying a site is secure. “The level of transparency CT logs have provided is moving us in a very good direction,” Huang said. “In the future, all publicly published certificates will be required to be logged to CT Logs.
By that time, our monitoring tool will be able to have full coverage of any type of public certs.”