Tag: File Transfer Protocol
This means that the threats that are relevant for them can also be relevant for medical systems.
This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.
Since neither are yet patched, it might be a good day to nag your developers for a bit.…
These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall.
VU#745607: Accellion FTP server contains information exposure and cross-site scripting vulnerabilities
A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The squid34 packages provide version 3.4 of Squid, a high-performance proxycaching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* It was found that squid did not properly remove connection specific headerswhen answering conditional requests using a cached request.
A remote attackercould send a specially crafted request to an HTTP server via the squid proxy andsteal private data from other connections. (CVE-2016-10002) For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, the squid service will be restarted automatically.Red Hat Enterprise Linux Server (v. 6) SRPMS: squid34-3.4.14-9.el6_8.4.src.rpm MD5: 12a0d226d4a77c2bba9c6c3aad3526b1SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 IA-32: squid34-3.4.14-9.el6_8.4.i686.rpm MD5: e418d78e1962340f821373e8869eca13SHA-256: a40e3ede3029a6c26e7ee97c7e42002c3bfb6ced9da84d4fc55caff863a10b4e squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm MD5: a5670f9269cd9c22e3e433b28cf7390aSHA-256: 0eb94349aa4a4554a5b554ac66781da1e0de42f70892908f862b0e9d63170d20 PPC: squid34-3.4.14-9.el6_8.4.ppc64.rpm MD5: f45eb1db4fde644774bbf0d48078b45bSHA-256: 7d9b019661e7806ff12743a62c7d6dd71c81647ecfcbd5c215849cbe8e555ee3 squid34-debuginfo-3.4.14-9.el6_8.4.ppc64.rpm MD5: 798fa1d3e64e1683ea8054efe308d5b5SHA-256: aa30d82f35732ea9c2bc730dc263eaacdefc5a0a7e75195537e641fec755b076 s390x: squid34-3.4.14-9.el6_8.4.s390x.rpm MD5: 82836ee0d1a3aecc0d513bf07913bbfbSHA-256: c07d50e07bc5eb8da7be8611161404b36660fc6c5674eb9bdc9f8d89dbe3cfe4 squid34-debuginfo-3.4.14-9.el6_8.4.s390x.rpm MD5: e63f0a84a768fbe9398464678c9f7e3fSHA-256: fe01f0e09e6d63c04dfa8eca70066a9cbcbbad7aec3f2f4e64f05154fbcf2ae2 x86_64: squid34-3.4.14-9.el6_8.4.x86_64.rpm MD5: e2e2ce3d64c34fc66f476967d6f24018SHA-256: 3e4c0424a96b58737398a6c3dfb87a61dac044a59bb5190fa5f6553d2d6b3ae1 squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm MD5: 8815e2edac2c76636548f97458c1c8b8SHA-256: baf6e3c713e230039af70b2aae3c1ea487bcdad5702b8960878b573bddd12822 Red Hat Enterprise Linux Workstation (v. 6) SRPMS: squid34-3.4.14-9.el6_8.4.src.rpm MD5: 12a0d226d4a77c2bba9c6c3aad3526b1SHA-256: 6081a19508cf6df653984a3a708d9d9fbe5476f694716b0a418f67f35cc16759 IA-32: squid34-3.4.14-9.el6_8.4.i686.rpm MD5: e418d78e1962340f821373e8869eca13SHA-256: a40e3ede3029a6c26e7ee97c7e42002c3bfb6ced9da84d4fc55caff863a10b4e squid34-debuginfo-3.4.14-9.el6_8.4.i686.rpm MD5: a5670f9269cd9c22e3e433b28cf7390aSHA-256: 0eb94349aa4a4554a5b554ac66781da1e0de42f70892908f862b0e9d63170d20 x86_64: squid34-3.4.14-9.el6_8.4.x86_64.rpm MD5: e2e2ce3d64c34fc66f476967d6f24018SHA-256: 3e4c0424a96b58737398a6c3dfb87a61dac044a59bb5190fa5f6553d2d6b3ae1 squid34-debuginfo-3.4.14-9.el6_8.4.x86_64.rpm MD5: 8815e2edac2c76636548f97458c1c8b8SHA-256: baf6e3c713e230039af70b2aae3c1ea487bcdad5702b8960878b573bddd12822 (The unlinked packages above are only available from the Red Hat Network) 1405941 - CVE-2016-10002 squid: Information disclosure in HTTP request processing These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
When choosing a security suite, you probably look for familiar company names rather than trusting your security to an unknown. Germany-based G Data may not have huge mindshare in the United States, but it's big in Europe. G Data Internet Security includes all the features you'd expect in a suite, including an antivirus, a firewall, parental controls, and a spam filter. Unfortunately, the quality of the components spans quite a range, from very good to very poor.
Bitdefender, Kaspersky, and ESET Internet Security 10 are among the suites that cost roughly $80 for three licenses. There's another group around $60 that includes Webroot, Trustport, and Avast. G Data falls in between, with a $64.95 subscription price for three licenses. If you need just one installation, you can cut $10 from that price.
This product's main window features the familiar bold G Data color scheme, with a red banner holding a row of icons at top. Some security vendors use precisely the same component layout throughout the product line, showing unavailable features as disabled. Not G Data. The home screen shows a detailed security status, with links to important components, but there are more components displayed in the suites banner than that of the standalone antivirus. To the three top-row icons found in the antivirus, the suite adds icons for its backup, firewall, and parental control features.
Shared with Antivirus
The antivirus protection in this suite is precisely what you get in G Data Antivirus 2017. I'll summarize my findings here, but if you want full details you should read my review of the antivirus.
Four of the five antivirus labs that I follow include G Data in their tests and reports. It earned an above-average rating in the RAP (Reactive and Proactive) test from Virus bulletin, but didn't do quite as well in the three-part testing performed by AV-Test Institute. G Data earned the maximum six points for protection against malware, and six more for low false positives, but a drag on performance dropped its score to 4.5 in that category. A total of 16.5 points is good, but Kaspersky Internet Security took a perfect 18 points in this test. Bitdefender and Trend Micro were close behind, with 17.5 points.
In the real-world attack simulation tests by SE Labs, G Data took AA certification, the second-highest of five possible levels. Emsisoft, Kaspersky, Norton, and Trend Micro managed an AAA rating. Like most tested products, G Data failed the pass/fail banking Trojans test performed by MRG-Effitas. Its aggregate score of 8.7 points is good, but Kaspersky leads with 9.8 of 10 possible points, and Norton got 9.7 points.
Like Webroot, Comodo Antivirus 10, and PC Matic, G Data detected 100 percent of the samples in my malware collection. Not-quite-perfect blocking of a few samples results in an overall score of 9.8 points. That's very good, but the other three I mentioned managed a perfect 10. G Data wasn't fooled at all by my hand-tweaked samples; it blocked them all. Comodo, by contrast, missed 30 percent of the modified versions.
For a different look at malware blocking, I use a feed of recently discovered malware-hosting URLs supplied by MRG-Effitas. G Data blocked 78 percent of the samples in this test, almost all by completely blocking access to the URL. Norton tops this test, with 98 percent protection.
The same Web-based protection component should also serve to steer the hapless user away from fraudulent sites that try to steal login credentials. However, G Data fared poorly in my antiphishing test, with a detection rate 44 percent lower than Norton's. While most products lag Norton in this test, more than half of them did better than G Data. Only Bitdefender, Kaspersky, and Webroot SecureAnywhere Internet Security Plus have eked out a better score than Norton.
Other Shared Features
Exploit protection is usually associated with the firewall component, but G Data offers it in the standalone antivirus. In testing, it didn't block exploits at the network level, but wiped out the executable payload for 50 percent of the samples. That's quite good. Champion in this test is Symantec Norton Security Deluxe, which stopped 63 percent of the attacks at the network level.
My hands-on testing confirmed that G Data's keylogger protection and ransomware protection are effective. For those tests, I had to turn off all other protective layers.
Similar to the SafePay feature in Bitdefender Internet Security 2017, BankGuard protects your browsers from man-in-the-middle attacks and other data-stealing attacks. The AutoStart manager lets you reversibly disable programs from launching at startup, or set them to launch after a delay.
See How We Test Security Software
Every firewall needs to at least match the abilities of the built-in Windows Firewall that it replaces. Specifically, it must block outside attacks and put the system's ports in stealth mode, so they're not visible from the Internet. G Data's firewall fended off my port scans and other Web-based attacks, and popped up a notification that it had done so. So far, so good!
The settings page for G Data's firewall is pleasantly simple. A large slider lets you choose one of five preset security levels: Maximum, High, Standard, Low, and Disabled. Three other pages of settings are deliberately unavailable, with their configuration changed automatically as you switch security levels. True firewall experts can choose custom settings, thereby enabling access to those pages. But most should leave the firewall set to its default Standard level.
Most firewall components also keep track of how programs are using your network connection. Advanced firewalls like Norton's automatically define permissions for millions of known programs and carefully watch how unknowns behave, smacking them down if they show signs of misusing the network. Less advanced firewalls rely on the user to determine whether unknown programs should be allowed to access the network, which sometimes results in a deluge of popup queries.
G Data's firewall runs by default in autopilot mode, meaning you won't see any queries. It's not entirely clear just what it does in this mode, but as far as I can tell, it allows all outbound connections and rejects unsolicited inbound connections. That's not doing a lot.
To see the program control component in action, I turned off autopilot. Cleverly, the program offers to temporarily turn autopilot back on if it detects you're launching a full-screen application.
When I tried launching a guaranteed-unknown program (a small browser I coded myself), G Data popped up asking whether to allow or block access, once or always. That's exactly what should have happened. I tried a few leak test utilities, programs that try to gain access to the Internet without triggering the firewall's program control. G Data caught some, but not all, of these.
Unfortunately, it also popped up repeatedly for some Windows internal components. Note, too, that firewall popups appear for any user account, including non-Administrator accounts. While your toddler is playing games online, she may accidentally tell G Data to always block access by some Windows component. In that case, you'll need to open the Application Radar window from the Firewall status screen to unblock that application.
A firewall isn't much use if a malicious program can reach in and flip the off switch. I couldn't find a way to disable G Data by manipulating the Registry, though it didn't protect its Registry data against change the way Bitdefender, McAfee Internet Security, and others do. The last time I tested G Data, I found that I could terminate some of its processes using Task Manager. This time around, all 11 processes received protection.
Alas, G Data's essential Windows services are still vulnerable to a simple attack that could be carried out programmatically. I set the Startup Type for each of six services to disabled and then rebooted the computer. That effectively eliminated G Data's protection. In a similar situation, Comodo Firewall 10 Firewall seemed to succumb, but recovered on reboot.
This firewall component handles the basic tasks of protecting against outside attack and preventing programs from misusing your Internet connection, but that's about all. And the vast majority of competing products manage to harden their Windows services against tampering more thoroughly than G Data does.
Cloud Storage Backup
When you first click the backup icon, you just get a big, empty page. A bit of investigation reveals the New Task button. Clicking it brings up a disclaimer pointing out that the subscription you have offers online backup only. If you want advanced features like making local backups or burning backups to optical media, you must upgrade to G Data Total Security. You can check a box to suppress this disclaimer in the future.
To start designing a backup job, you select files and folders for backup. You do this using a folder/file tree. Checking or unchecking a folder selects or deselects all its contained folders and files. If you simply check the tree item with your username, representing all your user data, that may be enough.
The selection tree exhibits a strange redundancy that might cause trouble. For example, after the entry with your name is an entry called Libraries. If you check your username entry, the corresponding entries under Libraries (Music, Videos, Documents, and Pictures) do not get checked. But if after that you check Libraries and then uncheck it, those four entries under your username lose their checkmarks. This is just one of several redundancies in the tree, so you should carefully review your selections before proceeding.
The next step is target selection, but your only choice is cloud backup. Well, there's also an option to copy the archived data to an FTP server, but not many users are equipped to perform the necessary configuration. When I tried to continue at this point, the program admonished me, "Cloud has been selected as target, but no login has been entered." Guessing at this point, I clicked a button for network login—no joy. I finally thought to click the cloud icon. This triggered a menu titled New Account, which in turn asked me to select Dropbox or Google Drive. That could be clearer.
Kaspersky Total Security also offers to store backups on Dropbox, but this is just one of its many options. With Kaspersky, you can also back up your files to any local, removable, or network drive, or to an FTP server.
You can optionally create a schedule, separately for a full backup of all data and for a partial backup containing only changed data. Do you know what the difference between a differential backup and an incremental backup is? If not, just leave it set at the default. For each type of backup you can choose one-off, daily, weekly, or monthly backup, or just run the backup manually when you think of it.
Now you can review the dozens of options on the final page of settings. Some are disabled, most are set to the best configuration, but there's one you might want to tweak. By default, G Data opts for fast compression, making the backup process as speedy as possible. If you're short on cloud space, consider setting it to emphasize good compression, instead.
You can create as many backup jobs as you like. You might choose redundancy, backing up to both Dropbox and Google Drive. These jobs appear in the previously blank main backup window.
As for restoring backed-up files, it's a snap. Choose the backup, choose to restore all files or just some of them, and choose whether to restore to the original location or a new location.
Norton gives you 25GB of hosted online backup storage, and makes setting up a backup job very easy. Webroot completes also offers 25GB of storage, and serves as a full file-syncing tool. The backup system in G Data does the job, but it requires that you use third-party cloud storage, and it could be much, much simpler for users.
Porous Parental Control
This suite's parental control system is minimal, consisting of content filtering and time scheduling for Internet or computer use.
The content filter can block websites matching five categories: Drugs, Hackers, Violence, Extremist, and Pornography. There's also an option to block all HTTPS sites, but it's a ridiculous option. Yes, it would prevent access to secure anonymizing proxies, but it would also block any site that sensibly uses a secure connect, including Google, Unicef, and Wikipedia.
Parents can limit time on the computer, the Internet, or both. When enabled, the default in each case is 1.5 hours per day, 10.5 hours per week, and 45 hours per month. These times line up nicely. For example, 1.5 hours on each of seven days equals 10.5 hours. You can also define a weekly schedule, in one-hour increments, for when the child can use the Internet, or the computer. This feature uses a handy grid that makes it easy to set allowed and blocked times.
When I put G Data's scheduler to the test, I found that time-scheduler relies on the system clock. Resetting the clock to an allowed time defeats it. Admittedly, I couldn't find a similar way to defeat the daily cap.
Content filtering is keyword based, and it's both too lax and too strict. Photo-based pornographic sites with no banned words in the URL or page text flew right past the filter, while perfectly innocent sites triggered the over-zealous filter. For example, it blocks any page on blogspot.com because the filter found "pot" in the URL. Pages on the American Kennel Club site that used the word bitch (perfectly valid in this context) got the axe. And so on.
You'd think the Hackers category would block secure anonymizing proxy websites, but it doesn't. By connecting to one, I completely eluded the filter—don't think your teenager won't figure this out.
G Data does report which websites it blocked for each user, along with a date/time stamp and explanation. The explanation helped me confirm that, for example the app did indeed block a blogspot.com page due to the embedded word pot.
This is just not a useful system. If you need parental control in your security suite, look elsewhere. The parental control component in Norton is an Editors' Choice as a standalone. ZoneAlarm's is based on ContentWatch Net Nanny 7, another Editors' Choice. And Kaspersky Total comes with the excellent Kaspersky Safe Kids.
Simple Spam Filter
The need for local spam filtering gets smaller and smaller as more people use services that filter spam at the server level. If you're one of the few who don't get spam skimmed out of your email feed before it arrives, it's nice to have spam filtering handled by your security suite.
G Data analyzes incoming POP3 and IMAP email messages, flagging suspected spam messages, messages with a high spam probability, and messages with a very high spam probability. It prefixes [suspected spam] to the subject line for the first category, [spam] for the other two. You can change these tags, if you like, but most users will surely leave them at their default values.
This spam filter integrates with Microsoft Outlook, automatically diverting marked messages into the spam folder. Those using a different email client must create email rules based on the subject tags, not a terribly challenging task.
G Data uses quite a few different criteria to develop a spam score for each message. It checks the message text for certain keywords, and the message subject for a different set of keywords. You can edit either keyword list. It also includes a self-learning content filter system that's meant to improve accuracy over time.
The spam filter can also check spam messages against real-time blacklists. This process tends to slow the email download, so by default it only uses those blacklists for suspicious messages. Digging deeper, you can configure the spam filter to reject messages written in languages you don't speak. But really, most users can just leave the spam filter settings alone.
You can put specific addresses or domains on the whitelist, to ensure that the spam filter never blocks them. Conversely, you can blacklist addresses or domains to ensure they always get filtered. There's no option to import the content of your address book, or automatically whitelist addresses to which you send mail, like you get with ESET, Trend Micro Internet Security, and others.
If you do need local spam filtering, and want your security suite to handle it, G Data is as good as any. It doesn't offer the comprehensive feature collection that Check Point ZoneAlarm Extreme Security 2017 does, but on the flip side, it doesn't require any attention from you.
On a seriously icon-infested desktop, you not notice the appearance of a new icon titled G Data Shredder. This is a secure deletion utility, for use when you want to delete a file beyond the possibility of forensic recovery. Many encryption utilities come with a shredder, for thoroughly wiping out the originals of files that have been encrypted.
Simply deleting a file sends it to the Recycle Bin, and bypassing the Recycle Bin leaves the file's data still on disk, just marked as space that can be reused. Overwriting that data just once is enough to defeat software-based recovery. Recovery experts use hardware systems to peel back the layers and find previously stored data, but those techniques run into the limitations of physics at about seven overwrites. Why G Data lets you choose up to 99 overwrites I do not know. Three should be plenty for normal use.
Once you've configured the shredder, you drag files and folders onto its icon for secure deletion. You'll also find a Shred choice on the right-click menu.
Minor Performance Impact
While testing G Data, I occasionally felt the system might be running a little slow, but then, my virtual machines necessarily don't have a lot of resources. Running my hands-on performance tests revealed only minor impacts on system performance.
The biggest hit (not big, but biggest) came in my boot time test. Averaging many runs before installation of the suite and many more after, I found that the boot process took 26 percent longer with G Data loading at boot time. Given that most people reboot only when forced to, that's not a big deal.
To check whether a security suite affects everyday file manipulation activities, I time a script that moves and copies an eclectic collection of files between drives. Averaging multiple runs with no suite and with G Data installed, I found the script took 18 percent longer. That's not bad; the average for this test among current products is 23 percent. And there was no measurable slowdown for my zip/unzip test, which compresses and decompresses that same file collection repeatedly.
While G Data didn't put much of a drag on performance, some competing products had even less impact. Webroot, in particular, didn't show measurable impact in any of the three tests.
Component Quality Varies
G Data Internet Security 2017 includes all of the expected security suite components and even offers a backup system. The antivirus performed well in testing, but the parental control system is both limited and ineffective, and the basic firewall could be disabled by a determined hacker. You're better off with a suite in which all of the components do a good job.
For the purpose of defining Editors' Choice products, I distinguish basic suites like G Data, feature-packed mega-suites, and cross-platform multi-device suites. In the basic suites arena, Bitdefender Internet Security and Kaspersky Internet Security are my Editors' Choice products. Both cost a bit more than G Data, but they also offer much better security.
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.