It is cross-platform and offers many powerful video editing features.Here’s a video preview of OpenShot 2.3’s new features: LinuxG has helpful instructions on how you can install OpenShot 2.3 in Ubuntu 16.10 and Linux Mint 18:To read this article in full or to leave a comment, please click here
Some parts of the company clearly believe in that cross-platform vision.
Some parts see mobile devices as junior adjuncts to computers.
Some parts see mobile as near-equal partners, given Microsoft’s failure to have its own successful mobile platform, but they can’t get behind Mac support because that platform directly competes with Windows.To read this article in full or to leave a comment, please click here
This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.
In the upcoming Visual Studio 2017, Visual Basic will support producing and consuming tuples and consuming ref-returning methods defined in referenced libraries.To read this article in full or to leave a comment, please click here
When choosing a security suite, you probably look for familiar company names rather than trusting your security to an unknown. Germany-based G Data may not have huge mindshare in the United States, but it's big in Europe. G Data Internet Security includes all the features you'd expect in a suite, including an antivirus, a firewall, parental controls, and a spam filter. Unfortunately, the quality of the components spans quite a range, from very good to very poor.
Bitdefender, Kaspersky, and ESET Internet Security 10 are among the suites that cost roughly $80 for three licenses. There's another group around $60 that includes Webroot, Trustport, and Avast. G Data falls in between, with a $64.95 subscription price for three licenses. If you need just one installation, you can cut $10 from that price.
This product's main window features the familiar bold G Data color scheme, with a red banner holding a row of icons at top. Some security vendors use precisely the same component layout throughout the product line, showing unavailable features as disabled. Not G Data. The home screen shows a detailed security status, with links to important components, but there are more components displayed in the suites banner than that of the standalone antivirus. To the three top-row icons found in the antivirus, the suite adds icons for its backup, firewall, and parental control features.
Shared with Antivirus
The antivirus protection in this suite is precisely what you get in G Data Antivirus 2017. I'll summarize my findings here, but if you want full details you should read my review of the antivirus.
Four of the five antivirus labs that I follow include G Data in their tests and reports. It earned an above-average rating in the RAP (Reactive and Proactive) test from Virus bulletin, but didn't do quite as well in the three-part testing performed by AV-Test Institute. G Data earned the maximum six points for protection against malware, and six more for low false positives, but a drag on performance dropped its score to 4.5 in that category. A total of 16.5 points is good, but Kaspersky Internet Security took a perfect 18 points in this test. Bitdefender and Trend Micro were close behind, with 17.5 points.
In the real-world attack simulation tests by SE Labs, G Data took AA certification, the second-highest of five possible levels. Emsisoft, Kaspersky, Norton, and Trend Micro managed an AAA rating. Like most tested products, G Data failed the pass/fail banking Trojans test performed by MRG-Effitas. Its aggregate score of 8.7 points is good, but Kaspersky leads with 9.8 of 10 possible points, and Norton got 9.7 points.
Like Webroot, Comodo Antivirus 10, and PC Matic, G Data detected 100 percent of the samples in my malware collection. Not-quite-perfect blocking of a few samples results in an overall score of 9.8 points. That's very good, but the other three I mentioned managed a perfect 10. G Data wasn't fooled at all by my hand-tweaked samples; it blocked them all. Comodo, by contrast, missed 30 percent of the modified versions.
For a different look at malware blocking, I use a feed of recently discovered malware-hosting URLs supplied by MRG-Effitas. G Data blocked 78 percent of the samples in this test, almost all by completely blocking access to the URL. Norton tops this test, with 98 percent protection.
The same Web-based protection component should also serve to steer the hapless user away from fraudulent sites that try to steal login credentials. However, G Data fared poorly in my antiphishing test, with a detection rate 44 percent lower than Norton's. While most products lag Norton in this test, more than half of them did better than G Data. Only Bitdefender, Kaspersky, and Webroot SecureAnywhere Internet Security Plus have eked out a better score than Norton.
Other Shared Features
Exploit protection is usually associated with the firewall component, but G Data offers it in the standalone antivirus. In testing, it didn't block exploits at the network level, but wiped out the executable payload for 50 percent of the samples. That's quite good. Champion in this test is Symantec Norton Security Deluxe, which stopped 63 percent of the attacks at the network level.
My hands-on testing confirmed that G Data's keylogger protection and ransomware protection are effective. For those tests, I had to turn off all other protective layers.
Similar to the SafePay feature in Bitdefender Internet Security 2017, BankGuard protects your browsers from man-in-the-middle attacks and other data-stealing attacks. The AutoStart manager lets you reversibly disable programs from launching at startup, or set them to launch after a delay.
See How We Test Security Software
Every firewall needs to at least match the abilities of the built-in Windows Firewall that it replaces. Specifically, it must block outside attacks and put the system's ports in stealth mode, so they're not visible from the Internet. G Data's firewall fended off my port scans and other Web-based attacks, and popped up a notification that it had done so. So far, so good!
The settings page for G Data's firewall is pleasantly simple. A large slider lets you choose one of five preset security levels: Maximum, High, Standard, Low, and Disabled. Three other pages of settings are deliberately unavailable, with their configuration changed automatically as you switch security levels. True firewall experts can choose custom settings, thereby enabling access to those pages. But most should leave the firewall set to its default Standard level.
Most firewall components also keep track of how programs are using your network connection. Advanced firewalls like Norton's automatically define permissions for millions of known programs and carefully watch how unknowns behave, smacking them down if they show signs of misusing the network. Less advanced firewalls rely on the user to determine whether unknown programs should be allowed to access the network, which sometimes results in a deluge of popup queries.
G Data's firewall runs by default in autopilot mode, meaning you won't see any queries. It's not entirely clear just what it does in this mode, but as far as I can tell, it allows all outbound connections and rejects unsolicited inbound connections. That's not doing a lot.
To see the program control component in action, I turned off autopilot. Cleverly, the program offers to temporarily turn autopilot back on if it detects you're launching a full-screen application.
When I tried launching a guaranteed-unknown program (a small browser I coded myself), G Data popped up asking whether to allow or block access, once or always. That's exactly what should have happened. I tried a few leak test utilities, programs that try to gain access to the Internet without triggering the firewall's program control. G Data caught some, but not all, of these.
Unfortunately, it also popped up repeatedly for some Windows internal components. Note, too, that firewall popups appear for any user account, including non-Administrator accounts. While your toddler is playing games online, she may accidentally tell G Data to always block access by some Windows component. In that case, you'll need to open the Application Radar window from the Firewall status screen to unblock that application.
A firewall isn't much use if a malicious program can reach in and flip the off switch. I couldn't find a way to disable G Data by manipulating the Registry, though it didn't protect its Registry data against change the way Bitdefender, McAfee Internet Security, and others do. The last time I tested G Data, I found that I could terminate some of its processes using Task Manager. This time around, all 11 processes received protection.
Alas, G Data's essential Windows services are still vulnerable to a simple attack that could be carried out programmatically. I set the Startup Type for each of six services to disabled and then rebooted the computer. That effectively eliminated G Data's protection. In a similar situation, Comodo Firewall 10 Firewall seemed to succumb, but recovered on reboot.
This firewall component handles the basic tasks of protecting against outside attack and preventing programs from misusing your Internet connection, but that's about all. And the vast majority of competing products manage to harden their Windows services against tampering more thoroughly than G Data does.
Cloud Storage Backup
When you first click the backup icon, you just get a big, empty page. A bit of investigation reveals the New Task button. Clicking it brings up a disclaimer pointing out that the subscription you have offers online backup only. If you want advanced features like making local backups or burning backups to optical media, you must upgrade to G Data Total Security. You can check a box to suppress this disclaimer in the future.
To start designing a backup job, you select files and folders for backup. You do this using a folder/file tree. Checking or unchecking a folder selects or deselects all its contained folders and files. If you simply check the tree item with your username, representing all your user data, that may be enough.
The selection tree exhibits a strange redundancy that might cause trouble. For example, after the entry with your name is an entry called Libraries. If you check your username entry, the corresponding entries under Libraries (Music, Videos, Documents, and Pictures) do not get checked. But if after that you check Libraries and then uncheck it, those four entries under your username lose their checkmarks. This is just one of several redundancies in the tree, so you should carefully review your selections before proceeding.
The next step is target selection, but your only choice is cloud backup. Well, there's also an option to copy the archived data to an FTP server, but not many users are equipped to perform the necessary configuration. When I tried to continue at this point, the program admonished me, "Cloud has been selected as target, but no login has been entered." Guessing at this point, I clicked a button for network login—no joy. I finally thought to click the cloud icon. This triggered a menu titled New Account, which in turn asked me to select Dropbox or Google Drive. That could be clearer.
Kaspersky Total Security also offers to store backups on Dropbox, but this is just one of its many options. With Kaspersky, you can also back up your files to any local, removable, or network drive, or to an FTP server.
You can optionally create a schedule, separately for a full backup of all data and for a partial backup containing only changed data. Do you know what the difference between a differential backup and an incremental backup is? If not, just leave it set at the default. For each type of backup you can choose one-off, daily, weekly, or monthly backup, or just run the backup manually when you think of it.
Now you can review the dozens of options on the final page of settings. Some are disabled, most are set to the best configuration, but there's one you might want to tweak. By default, G Data opts for fast compression, making the backup process as speedy as possible. If you're short on cloud space, consider setting it to emphasize good compression, instead.
You can create as many backup jobs as you like. You might choose redundancy, backing up to both Dropbox and Google Drive. These jobs appear in the previously blank main backup window.
As for restoring backed-up files, it's a snap. Choose the backup, choose to restore all files or just some of them, and choose whether to restore to the original location or a new location.
Norton gives you 25GB of hosted online backup storage, and makes setting up a backup job very easy. Webroot completes also offers 25GB of storage, and serves as a full file-syncing tool. The backup system in G Data does the job, but it requires that you use third-party cloud storage, and it could be much, much simpler for users.
Porous Parental Control
This suite's parental control system is minimal, consisting of content filtering and time scheduling for Internet or computer use.
The content filter can block websites matching five categories: Drugs, Hackers, Violence, Extremist, and Pornography. There's also an option to block all HTTPS sites, but it's a ridiculous option. Yes, it would prevent access to secure anonymizing proxies, but it would also block any site that sensibly uses a secure connect, including Google, Unicef, and Wikipedia.
Parents can limit time on the computer, the Internet, or both. When enabled, the default in each case is 1.5 hours per day, 10.5 hours per week, and 45 hours per month. These times line up nicely. For example, 1.5 hours on each of seven days equals 10.5 hours. You can also define a weekly schedule, in one-hour increments, for when the child can use the Internet, or the computer. This feature uses a handy grid that makes it easy to set allowed and blocked times.
When I put G Data's scheduler to the test, I found that time-scheduler relies on the system clock. Resetting the clock to an allowed time defeats it. Admittedly, I couldn't find a similar way to defeat the daily cap.
Content filtering is keyword based, and it's both too lax and too strict. Photo-based pornographic sites with no banned words in the URL or page text flew right past the filter, while perfectly innocent sites triggered the over-zealous filter. For example, it blocks any page on blogspot.com because the filter found "pot" in the URL. Pages on the American Kennel Club site that used the word bitch (perfectly valid in this context) got the axe. And so on.
You'd think the Hackers category would block secure anonymizing proxy websites, but it doesn't. By connecting to one, I completely eluded the filter—don't think your teenager won't figure this out.
G Data does report which websites it blocked for each user, along with a date/time stamp and explanation. The explanation helped me confirm that, for example the app did indeed block a blogspot.com page due to the embedded word pot.
This is just not a useful system. If you need parental control in your security suite, look elsewhere. The parental control component in Norton is an Editors' Choice as a standalone. ZoneAlarm's is based on ContentWatch Net Nanny 7, another Editors' Choice. And Kaspersky Total comes with the excellent Kaspersky Safe Kids.
Simple Spam Filter
The need for local spam filtering gets smaller and smaller as more people use services that filter spam at the server level. If you're one of the few who don't get spam skimmed out of your email feed before it arrives, it's nice to have spam filtering handled by your security suite.
G Data analyzes incoming POP3 and IMAP email messages, flagging suspected spam messages, messages with a high spam probability, and messages with a very high spam probability. It prefixes [suspected spam] to the subject line for the first category, [spam] for the other two. You can change these tags, if you like, but most users will surely leave them at their default values.
This spam filter integrates with Microsoft Outlook, automatically diverting marked messages into the spam folder. Those using a different email client must create email rules based on the subject tags, not a terribly challenging task.
G Data uses quite a few different criteria to develop a spam score for each message. It checks the message text for certain keywords, and the message subject for a different set of keywords. You can edit either keyword list. It also includes a self-learning content filter system that's meant to improve accuracy over time.
The spam filter can also check spam messages against real-time blacklists. This process tends to slow the email download, so by default it only uses those blacklists for suspicious messages. Digging deeper, you can configure the spam filter to reject messages written in languages you don't speak. But really, most users can just leave the spam filter settings alone.
You can put specific addresses or domains on the whitelist, to ensure that the spam filter never blocks them. Conversely, you can blacklist addresses or domains to ensure they always get filtered. There's no option to import the content of your address book, or automatically whitelist addresses to which you send mail, like you get with ESET, Trend Micro Internet Security, and others.
If you do need local spam filtering, and want your security suite to handle it, G Data is as good as any. It doesn't offer the comprehensive feature collection that Check Point ZoneAlarm Extreme Security 2017 does, but on the flip side, it doesn't require any attention from you.
On a seriously icon-infested desktop, you not notice the appearance of a new icon titled G Data Shredder. This is a secure deletion utility, for use when you want to delete a file beyond the possibility of forensic recovery. Many encryption utilities come with a shredder, for thoroughly wiping out the originals of files that have been encrypted.
Simply deleting a file sends it to the Recycle Bin, and bypassing the Recycle Bin leaves the file's data still on disk, just marked as space that can be reused. Overwriting that data just once is enough to defeat software-based recovery. Recovery experts use hardware systems to peel back the layers and find previously stored data, but those techniques run into the limitations of physics at about seven overwrites. Why G Data lets you choose up to 99 overwrites I do not know. Three should be plenty for normal use.
Once you've configured the shredder, you drag files and folders onto its icon for secure deletion. You'll also find a Shred choice on the right-click menu.
Minor Performance Impact
While testing G Data, I occasionally felt the system might be running a little slow, but then, my virtual machines necessarily don't have a lot of resources. Running my hands-on performance tests revealed only minor impacts on system performance.
The biggest hit (not big, but biggest) came in my boot time test. Averaging many runs before installation of the suite and many more after, I found that the boot process took 26 percent longer with G Data loading at boot time. Given that most people reboot only when forced to, that's not a big deal.
To check whether a security suite affects everyday file manipulation activities, I time a script that moves and copies an eclectic collection of files between drives. Averaging multiple runs with no suite and with G Data installed, I found the script took 18 percent longer. That's not bad; the average for this test among current products is 23 percent. And there was no measurable slowdown for my zip/unzip test, which compresses and decompresses that same file collection repeatedly.
While G Data didn't put much of a drag on performance, some competing products had even less impact. Webroot, in particular, didn't show measurable impact in any of the three tests.
Component Quality Varies
G Data Internet Security 2017 includes all of the expected security suite components and even offers a backup system. The antivirus performed well in testing, but the parental control system is both limited and ineffective, and the basic firewall could be disabled by a determined hacker. You're better off with a suite in which all of the components do a good job.
For the purpose of defining Editors' Choice products, I distinguish basic suites like G Data, feature-packed mega-suites, and cross-platform multi-device suites. In the basic suites arena, Bitdefender Internet Security and Kaspersky Internet Security are my Editors' Choice products. Both cost a bit more than G Data, but they also offer much better security.
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Free certificate authority Let’s Encrypt provides security certificates and deployment tools so that anyone can set up their websites to use HTTPS.
The hard part left is setting up the web server and configuring it correctly to work with the certificate—Let’s Encrypt has taken care of that, too.
Caddy further simplifies the task as it automatically configures HTTPS via free Let’s Encrypt certificates. Caddy redirects non-HTTPS traffic to HTTPS by default.
The administrator doesn't have to use Let’s Encrypt certificates to get the same benefits. The web server also takes care of periodically rotating TLS session keys, which helps preserve perfect forward secrecy; even if keys are inadvertently exposed, they cannot be used to decrypt older encrypted sessions. While intended to be a static file web server, Caddy can serve up dynamic PHP through FastCGI.
It can also be used inside a Docker container.
It can also be extended with new features, with add-ons for Prometheus metrics, IP filtering, search, Cross Origin Resource Sharing, and JSONP, to name a few. Because Caddy is written in Go, it's cross-platform and works the same across operating systems, including Windows, Mac, Linux, BSD, and Solaris.
Caddy’s developers avoided using certain libraries that aren’t always available on Windows systems, ensuring that critical Caddy features don’t get locked into specific operating systems. Don’t make the mistake of thinking Caddy will dislodge Nginx or Apache from enterprise networks anytime soon—the project is suitable for quick prototyping, test environments, and internal applications. Caddy has been around for more than a year, and its latest version, 0.9.4, added new features such as support for statically compressed .gz or .br files and the ability to specify multiple back ends to a single FastCGI proxy for basic load balancing.
The new version also picked up the option to customize TLS curve preferences and support Must-Staple on managed certificates. When it comes to security, enterprises often shy away from open source projects because of the trust factor.
There is always the question of support, whether the project will continue to be actively maintained and supported, but the more pressing question is whether the security components can be trusted.
Security projects, in particular, benefit from an independent security audit since it identifies potential issues and confirms that the underlying security foundation is sound.
Caddy could benefit from having an audit—but those assessments can get expensive. Caddy is still in its infancy compared to enterprise favorites such as Apache, IIS, and Nginx, but the project is already getting big-name support from Mozilla.
Caddy was one of the nine open source projects supported by Mozilla Open Source Support (MOSS), which provides funding for “open source projects that contribute to our work and the health of the Web.” Of the $545,000 Mozilla set aside for MOSS, Caddy received $50,000.
The award was earmarked for adding a REST API, improving the Web UI, and developing new documentation to make it easier to deploy more services with TLS.
Both Dell and HP have announced that they’ll ship Azure Stack racks midyear; Microsoft has recently delivered a second preview build for proof-of-concept deployments. Although it’s not a tool for every datacenter, Azure Stack can help deliver hybrid cloud solutions where the same code runs on Azure and on-premises, with the same control and deployment models but with highly regulated data staying in your datacenter. Azure and the rest of Microsoft’s cloud will become increasingly important as part of any IT management policy, with key features in the upcoming Creators Update for Windows 10 relying on cloud services to handle security reports and for software delivery. Much of this will depend on light-touch cloud-based management tools delivered with Intune and initially exposed in Windows 8. Windows 10’s upcoming support for Qualcomm-based ARM PC/smartphone hybrids running Win32 code will likely need to take advantage of this approach, because the resulting budget devices will be used by home workers and contract staff for a mix of personal and work tasks. Cross-platform development The cloud will be a big part of Microsoft’s 2017, especially for anyone writing code.
If you tuned into its 2016 Connect event, you’d have seen that cloud services are a key part of Microsoft’s cross-platform development strategy.
As Xamarin continues to be folded into Visual Studio, the resulting tools (along with the open source Visual Studio Code programmer’s editor) will let you quickly build and deliver application endpoints that run on Windows, Android, iOS, MacOS, and even Unix, thanks to Windows 10’s Bash shell and its Linux support.
Those endpoints will take advantage of Azure services; whether via Service Fabric or serverless compute in Azure Functions. 2017 should see Microsoft continue to improve its Azure services, with updates to DocumentDB and the associated big data tools, as well as the range of IoT services and data analysis services wrapped in the Cortana Analytics Services platform. Similarly, more machine learning functionality should transition from research groups to the wider world as part of the ever-growing Cognitive Services set of APIs, which have turned what would have been complex image recognition and natural language interpretation tools into plug-and-play APIs. Developers should also pay close attention to recent moves by Oracle to monetize its Java licenses, which may make .Net Core a more attractive platform for building the middle tier of applications.
Combined with the release of SQL Server, .Net Core, and PowerShell all on Linux mean that Microsoft’s developer and management platforms can now compete directly with Java, with licensing terms that may well be a lot more attractive.
That’s not something I’d have expected to say about .Net at the beginning of 2016! Devices and collaboration Microsoft’s enterprise device strategy appears to be going well, with significant sales for the collaborative Surface Hub, including some very large deployments. Collaboration is going to be an important theme in 2017, building on the tools in Office 365 and Skype, and with strong competition from Google’s G Suite platform and third-party tools like Slack. People need to work together, and Microsoft is quickly moving to supporting these scenarios. With its new rapid delivery schedule, I expect to see quick changes in Microsoft Teams, opening up to users outside corporate Office 365 installs. The launch of Microsoft’s Teams collaboration platform also sets the scene for another year of incremental improvements to Office 365.
The launch of the Office Insiders program has meant that new features can be rolled out to users and tested in the wild, making it easier to see what new features are coming and when they’re likely to be released. Office 365 and Dynamics should also benefit from the acquisition of LinkedIn, adding an external relationship graph to Microsoft’s existing machine learning tools. Security LinkedIn should also help power a new generation of security tools, using individual relationships to help map the context of, for example, email messages.
Identity has long been a big problem facing enterprises, and by bringing together LinkedIn and Azure Active Directory, Microsoft now has an opportunity to expand its security model away from devices to people—a model that makes more sense in a world where people use multiple devices and multiple operating systems. That model also allows Microsoft to expand its intelligence-based security used by Windows Defender and Office 365 Advanced Threat Protection and other tools, bringing in more ways of understanding how malware flows and providing better tools for identifying phishing messages—especially targeted spear-phishing attacks. There’s already basic support for the FIDO (Fast Identity Online) security tools in Windows 10 and Edge browser. 2017 should see improved support for password-less security, as FIDO 2.0 gains wider acceptance. We’ll see support for Windows Hello biometrics in applications as an alternative sign-in method, as well as support for device-to-device authentication. Although 2017 won’t see the death of the password, it’ll be one of the bigger steps on the road to better ways of authenticating and securing all our devices.