This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.
I try my best to review the latest security suite and antivirus releases from all the security companies, but occasionally I miss one. The 2016 product line from TrustPort slipped past me. I hoped that with two years of innovation rather than the usual one, I would see remarkable improvements in TrustPort Internet Security Sphere, which fared poorly in my last review. Sadly, it didn't score any better than when I last reviewed it in 2015.
At $37.95 per year for three licenses (or $29.95 for a single license), TrustPort is significantly less expensive than most competing products. Bitdefender, Kaspersky, and Norton all cost just a little more than twice as much. On the other hand, those three are much more effective than TrustPort. For the same price, McAfee Internet Security lets you install protection on every Windows, Mac, Android, and iOS device in your household.
The main window for Trustport's antivirus features a single row of five square buttons, while the full suite has two rows of five, to accommodate its additional features. The six green buttons turn components like the real-time scanner and parental control on and off. Blue buttons invoke actions such as running a scan or checking for updates. It's a different arrangement of square buttons from the version I reviewed previously, and a different color scheme, but not a lot else has changed, appearance-wise.
Shared Antivirus Features
This suite's antivirus protection includes everything found in TrustPort Antivirus Sphere, plus an additional Web scanner component. Please read that review for full details of features common to both. I'll summarize here and focus on the suite's additional antivirus abilities.
Several high ratings from the independent testing labs marks a highly effective antivirus. Alas, only one of the labs that I follow includes TrustPort. In its RAP (Reactive And Proactive) test, Virus Bulletin scored TrustPort at 85.34 percent, a little above the average score. But that's not enough data for me to come up with an aggregate lab rating. On a scale of 10 possible points, Kaspersky Internet Security earned an impressive aggregate score of 9.8, while Norton managed 9.7 points.
In my own hands-on malware-blocking test, TrustPort detected 87 percent of the samples and earned 8.5 of 10 possible points. That's one of the lower scores among products I've tested with this sample set. Webroot SecureAnywhere Internet Security Plus, Comodo, G Data, and a few others detected every single sample. Webroot, Comodo, and PC Matic earned a perfect 10 points in this test.
My malicious URL blocking test uses very new malware-hosting URLs. Products get equal credit for blocking all access to the URL and for eliminating the malicious executable during download. Handicapped by lack of any Web-based protection, TrustPort's antivirus managed to wipe out 70 percent of the samples during download. When I tested the suite, its Web scanner blocked access to 21 percent of the URLs, and the real-time antivirus took care of another 55 percent. The total protection rate of 76 percent is still pretty low. Tested in the same way, Symantec Norton Security Deluxe blocked 98 percent of the samples.
Other Shared Features
The antivirus includes a feature called Anti-Exploit, but it's not about blocking attacks that exploit unpatched vulnerabilities, as you might expect. Rather, it looks for suspicious activity, things like programs attempting to manipulate other programs. In its default silent state, it doesn't do anything at all. When I took it out of silent mode and tested it with some valid programs, it found 40 percent of them to be suspicious. To get those programs working, I had to add them to the trusted list.
Next I switched from Anti-Exploit to an alternate tool called Application Inspector and tested again with a collection of valid programs. The Application Inspector flagged 30 percent of them for a different set of suspicious behaviors than Anti-Exploit did. You're better off just leaving this feature in its silent, do-nothing mode.
Clicking the Extra Applications button doesn't actually get you any extra applications, at least not in the standalone antivirus. Rather, it offers access to two different but equally complicated techniques for creating a bootable antivirus. You can use a bootable antivirus to clear up malware infestations that resist normal disinfection. However, the options offered by TrustPort are just too complex for the average user. The full security suite does offer extra applications, which I'll describe below.
Poor Phishing Protection
Phishing is the practice of creating fake versions of sensitive websites and hoping some poor chump takes the bait. Victim who log in to a fake PayPal site, for example, have just given away their credentials to their real PayPal account. These fraudulent sites get blacklisted and taken down quickly, but the fraudsters just reopen with a new fake site.
To test phishing protection, I use the newest phishing URLs I can find, preferably ones that have been reported as fraudulent but not yet analyzed and blacklisted. I try to visit each in a browser protected by the product under test, and in another browser protected by Norton, which has a long history of effective phishing detection. I also launch each URL in Chrome, Firefox, and Internet Explorer, relying on each browser's built-in fraud detection.
The first time TrustPort blocked anything, it popped up the standard notification it uses when it detects malware in a file. I resolved to track such events separately from times when the Web scanner denied all access the fraudulent site. But I didn't need to do that. Not once did I see a page replaced by the Web scanner's warning window. In addition, I found that even when TrustPort reported that it found phishing, the fraudulent page was completely accessible, and I had no trouble entering my (fake) credentials.
Very few products can match Norton's detection rate in this test. Of all recent products, ZoneAlarm tied Norton, while Webroot, Kaspersky, and Bitdefender Internet Security 2017 did a little better. Every other product lagged Norton's detection rate, some by a little, some by a lot.
TrustPort falls in the "by a lot" category. Its detection rate came in 66 percentage points behind Norton's. Chrome and Internet Explorer also beat TrustPort by a wide margin. This is a poor showing.
TrustPort's firewall handled the basic task of fending off outside attack just as well as Windows Firewall. It put the system's ports in stealth mode, making them invisible from the outside, and fended off my port scans and other Web-based attacks. In a recent test, G Data Internet Security 2017 went even further, presenting a notification that it blocked a port scan attack.
Of course, merely doing as well as Windows Firewall isn't a huge accomplishment. Most personal firewalls, TrustPort included, also take control of how programs connect to the Internet and network. Early personal firewalls foisted decision-making on the poor, uninformed user. Should I allow netwhatever.exe to connect with the computer at IP address 184.108.40.206 over port 80? Who knows! Some products, ZoneAlarm among them, cut down on these popups by maintaining a huge database of known good programs and automatically configuring permissions for those.
Norton takes this concept to the next level. If a process isn't in the database, Norton doesn't ask the user what to do. Rather, it monitors that process extra-closely for any suspicious network activity. That's much better than relying on the untrained user for important security decisions.
TrustPort offers four levels of firewall protection, but if you read the text associated with each, it doesn't actually recommend any of them. The default level is called Use Firewall Rules, but the text states this is only recommended for experienced users. The description of the less-strict Enable Outgoing Connections level includes a warning that it can't defend against Trojans and spyware. And there's no point in the options that block or allow all network traffic. For testing, I stuck with the default, Use Firewall Rules.
In this mode, TrustPort is totally old-school. It did correctly pop up a query about my hand-coded browser's use of the network, and it managed to detect a couple leak test programs trying to evade its view. But it also popped up queries for numerous internal Windows components. A user who accepted the default action, blocking that process from Internet access now and forever, would wind up disabling parts of Windows.
Fixing a program blocked in error is also tough with this suite. You click Advanced Configuration, find the Firewall section, and open the Filter Definitions page. Scrolling past dozens and dozens of confusing default rules, you'll eventually find application-specific rules. You could jump in and edit the rule that's blocking the program, but you're better off just deleting the entry and choosing to allow access next time the firewall asks.
Protection against exploit attacks is often a firewall feature. I tested TrustPort's protection by hitting the test system with several dozen exploits generated by the CORE Impact penetration tool. Its Web protection component jumped in to block 30 percent of them, identifying all but one of the exploit attacks by name. Tested in the same way, G Data blocked 50 percent of the exploits. Norton has the best score in this test. It blocked 63 percent of them, all at the network level, before any portion of the exploit reached the test system.
I always investigate methods that a nefarious coder might use to disable firewall protection. TrustPort doesn't seem to store anything in the Registry, so there's no way I could flip the Off switch. I tried to kill its six processes using Task Manager, with no result beyond six Access Denied messages.
However, like G Data, F-Secure Internet Security, and a few others, TrustPort doesn't protect its essential Windows services. I set the Startup Type for all six to disabled and rebooted the system. On reboot, TrustPort didn't run at all. Comodo also didn't protect its services, but on reboot it reported the problem and offered to fix it automatically.
This firewall handles the same tasks that the built-in Windows Firewall does, which is no great feat. Its program control component pops up queries about Windows components; a hapless user who chooses the default block action may disable part of Windows. And the firewall isn't properly hardened against attack. It's not an impressive showing.
See How We Test Security Software
Clicking the big Extra applications button on the main window lets you launch Portunes (rhymes with fortunes) and Skytale (rhymes with Italy). Portunes offers static storage for your passwords and other important data. Skytale encrypts messages. And neither is very useful.
Portunes stores passwords, credit cards, contacts, addresses, and more. You define what it calls a PIN to protect the collection. Last time I reviewed this product, it required a four-digit PIN; now you can enter a respectable master password. That's an improvement, albeit a minor one.
However, Portunes doesn't have any password management features other than including passwords among the things it stores. You can, if you wish, sync your data between multiple installations. To do so, you give Portunes access to your Dropbox account.
As for Skytale, it's easy enough to use. Type or paste in some text, click Encrypt, enter a password, and email or otherwise transmit the resulting gibberish to the recipient, sending the password separately. The catch is, the recipient must also be a TrustPort users. Quite a few encryption utilities don't have that kind of limitation. Some let you create a self-decrypting EXE file, while others offer a free decryption-only tool. Without any similar feature, Skytale isn't terribly useful.
Optimalize Your PC
"Optimalize" may not be precisely English, but it's what the button says. Clicking it launches TrustPort Optima, a simple tune-up utility that deletes temporary files, wipes out useless and erroneous Registry entries, and defragments your disk drives.
You start by clicking Analyze. On my test system, this step went quite quickly for the temporary files and Registry data, but it took quite a while to finish analyzing disk fragmentation. In a similar fashion, the actual cleanup of temp files and Registry went quickly, while defragmentation took quite a bit longer. You can click for a retro view that shows the defrag process as it happens.
If you rely on Web-based mail for your personal email account, you probably don't see much spam, as the major webmail providers filter it out. Likewise, your business email account probably gets filtered at the email server. Given that few people need a spam filter these days, and that my antispam testing was the most lengthy and laborious of all my tests, I dropped that hands-on test last year.
That's a good thing for TrustPort. The last time I reviewed this suite's spam filter, I found it to be quite dismal. It noticeably slowed the process of downloading email, and certain messages caused it to hang, cured only by quickly turning spam filtering off and on again. And its accuracy was terrible. We can hope that the designers have tuned this component since that time.
The spam filter supports Outlook, Outlook Express, Windows Mail, Thunderbird, and The Bat!, but not Windows Live Mail (the replacement for Outlook Express and Windows Mail). Even with these supported email clients, you still must define a message rule to put the spam in its own folder.
You can manually add email addresses or domains to the whitelist or blacklist. However, there's no option to automatically whitelist addresses to which you send mail, or import the address book to the whitelist, the way you can with ESET, Trend Micro Internet Security, and others.
Spam filtering in Check Point ZoneAlarm Extreme Security 2017 is extremely comprehensive and boasts pages and pages of configuration choices. I'm happier with a reduced set of choices, things users can actually understand. TrustPort's advanced spam filter settings are decidedly reduced—there are just four of them—but the average user will get no benefit from meddling with these.
Not everyone has kids, and not every parent wants a parental control utility. For those who do want it, having parental control integrated with the security suite can be convenient. That is, if the parental control component does its job.
TrustPort's Parental Lock is a content filter, nothing more. If you turn it on by clicking its button on the main window, it immediately starts filtering access to websites in five categories: Violence, Porn, Warez, Hacking, and Spyware. You can tweak the configuration to also filter out seven more categories, among them Chat, Shopping, and Drugs.
By default, the filter applies to all users. It's possible to configure it one way for your teen and another way for your toddler, but it's far from easy. Doing so requires using the arcane Windows Select Users dialog. Guys, couldn't you just give Mom and Dad a simple list of user accounts?
In testing, I found that quite a few seriously raunchy sites got past the filter. It doesn't handle secure sites, so any HTTPS porn sites slipped right through. Logging in through a secure anonymizing proxy lifted any limitations by the content filter.
This so-called parental control system is worse than useless. If you want a suite that includes a full-functioning parental control system, look to Norton, Kaspersky, or ZoneAlarm.
More Drag Than Most
The days of resource-hogging security suites that bogged down performance are gone. Users wouldn't accept it, and security companies changed their ways. Few modern suites put a noticeable drag on performance. Even so, there's still a range, and in my hands-on testing TrustPort's performance drag came in on the high side.
Getting all the protective components of a security suite loaded can have an impact on the time it takes to boot up your PC. My boot time test waits for 10 seconds in a row with less than five percent CPU usage, defining that as the time the system is ready for use. Subtracting the start of the boot process, as reported by Windows, yields the boot time. I ran this test 20 times before installing TrustPort and 20 more times afterward, then compared the averages.
The result was so high that I tried again, this time watching the process closely. I found that at each reboot, the firewall was popping up queries about system processes. I manually rebooted the system over and over, responding to all the popups until they stopped coming. When I re-ran the test it still showed a 54 percent increase in boot time. That's one of the biggest impacts among current products. Fortunately, most of us don't reboot any more than we're forced to.
I also measure the suite's impact on simple file manipulation. One test times a script that moves and copies a mixed collection of files between drives. Averaging multiple runs with and without the suite, I found the script took 28 percent longer with TrustPort present. That's a little more than the current average of 23 percent. On the plus side, it didn't exhibit any measurable drag on another script that repeatedly zips and unzips those files.
The average of TrustPort's three performance scores is 27 percent, one of the largest among current products, but I didn't actively notice the test systems seeming slow. At the other end of the spectrum, Webroot had no measurable effect on any of the three tests. Norton averaged just five percent drag, which is quite good.
Typically I'd conclude by summarizing the good and bad points of TrustPort Internet Security Sphere, but there's just not much I can say on the plus side. The independent labs don't rate it, and it fared poorly in our hands-on tests. Its firewall pops up warnings even for Windows internal processes, and it isn't defended against hacking. And the parental control system is worse than useless.
Forget about this suite. Look instead to one of our Editors' Choice security suite products. For a basic security suite, those are Bitdefender Internet Security and Kaspersky Internet Security.
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
When you can get a seriously full-featured, security-conscious password manager for free, what would entice you to pay? How about even more features, and no limits on existing features? LogMeOnce Password Management Suite Ultimate 5.2 pulls out all the stops, removing limits on the number of shares and beneficiaries, and adding advanced features that include anti-theft and an unusual selfie-based two-factor authentication system. A few quirks in its mobile editions are still being ironed out, but overall, it's a feature-packed password powerhouse.
At $39 per year, LogMeOnce Ultimate costs the same as Dashlane 4.0. Sticky Password goes for $29.99 per year, and LastPass for just $12. But this big, sprawling utility has a ton of features, including some I haven't seen in any competing product.
The free edition doesn't impose any limits on the number of saved passwords, or of synced devices. If you're interested in the product but not sure if you want to pay for it, go ahead and install the free edition, and familiarize yourself with its impressive capabilities. You can upgrade to Ultimate any time the free edition's limits begin to chafe.
The free LogMeOnce Password Management Suite Premium 5.2 is loaded with features, enough that it outperforms many competing products that aren't free. I'll summarize its capabilities here, or you can read my full review of the free edition for more details.
LogMeOnce runs strictly as a browser extension, so it's not limited to a specific platform. If your browser supports extensions, you can use it on Windows, macOS, or even Linux. There are also apps for Android and iOS.
Just about every password manager starts off by asking you to define a strong master password, something that you can remember but that nobody could guess. LogMeOnce now offers password-less authentication as its default. To set this up, you pair your smartphone or mobile device with your LogMeOnce account. Now when you log in on your desktop, you verify when prompted on the mobile device, using a PIN, a fingerprint, or what the company calls PhotoLogin.
Those who've upgraded to Ultimate get more information along with the request for PIN, fingerprint, or PhotoLogin. Swipe left to see the requester's email address, GPS location, IP address, and more, or swipe right to view the location on a map. If you get an unexpected login request, this data may help you figure out who's trolling you.
For PhotoLogin, LogMeOnce snaps a photo with the webcam and sends it to the device. You simply verify that the photo is what you expected. If the computer has no webcam, you can compare a visual one-time password that's sent along with the photo. It's also possible to use PhotoLogin on the mobile device itself, but this isn't quite as secure. It involves you verifying that you are seeing the photo you just snapped; it's a bit self-referential. When I mentioned this to the developers, they quickly modified on-device PhotoLogin to also require entering a PIN.
The free edition captures logins (which it calls applications) as you enter them, and offers to play back your saved credentials when you revisit the site. It also includes a catalog of almost 4,500 known websites. Choose one of these and you can be sure that LogMeOnce will handle it, even if it uses a non-standard login page. However, if you somehow manage to find an oddball login that's not in the catalog, you can't just capture all form fields the way you do with LastPass or Sticky Password Premium. Clicking the browser toolbar button displays all your saved websites. Clicking one of them navigates to the site and logs in.
The password generator defaults to creating 15-character passwords, using all character sets, which yields a very tough password. It also rates any password you type, estimating how long it would take to crack. By default, you must change your master password every three months, without re-using previous passwords. Those using Ultimate can change the password expiry time, in a range from one month to one year.
You can use Google Authenticator, or a workalike such as Duo Mobile or Twilio Authy, for two-factor authentication. Other options in the free edition include receiving a one-time passcode via email, SMS, or voice call. In an unusual move, LogMeOnce charges two credits for each SMS authentication and four credits for each voice call. Those using Ultimate get an allowance of 50 credits per month, with the option to purchase more, $10 for 1,000 credits. I'll cover the Ultimate edition's additional two-factor options below.
An interesting feature called Mugshot gives you a look at anyone who tries to log in on a lost or stolen phone. On any failed login attempt, it snaps photos with the front and rear cameras and sends them to your online dashboard, along with the device's GPS location and IP address. Using this information, you may be able to locate and recover the device. Upgrading to Ultimate gets you a more complete anti-theft system.
LogMeOnce stores personal, address, phone, and company data, for use in filling Web forms. You can save multiple instances of each data type. New since my last review, it also saves and fills credit card data. Like Dashlane, it helpfully displays the saved cards as images, using the color and bank name you specified. It doesn't have the flexibility of form-filling whiz RoboForm Everywhere 7, but it does the job.
Like LastPass and Dashlane, LogMeOnce can display a list of all your passwords, with a strength rating for each, and a flag for any duplicates. In addition, its report page offers several other views on your security, some of which aren't functional in the free edition. If you find you've got weak or duplicate passwords, just click the link next to each one to go change it. For many popular websites, LogMeOnce can even automate the password change process, something few competing products manage.
LogMeOnce includes the ability to securely share passwords with other users. You can choose whether the recipient gets to see the shared password, or just to use it for logging in. There's also an option to define a beneficiary who will receive either your whole account or a specific password in the event of your death. The free edition allows one whole-account beneficiary, five password beneficiaries, and five shared passwords. In the Ultimate edition, there are no such limits.
A productivity dock along the bottom of the screen displays a baker's dozen of live icons that expand when you mouse over them. You can use these icons to quickly reach important features like mugshot or security scorecard. That is, you can if you've paid for the product. Those using the free edition just get a reminder that the productivity dock is only for paid users.
Selfie Two-Factor Authentication
Upgrading to Ultimate unlocks several additional options for two-factor authentication, the most unusual of which is Selfie-2FA. It works like this. You log in to the browser extension, either with the default password-less authentication or a master password. LogMeOnce snaps a webcam photo and sends it to the mobile device you've specified for Selfie-2FA. If the received photo matches what you expected, you simply tap to authorize. MasterCard is exploring a similar type of selfie-based authentication.
What if you're using a desktop device with no webcam? In this case, LogMeOnce sends a generic image with a visual one-time password at the bottom. If the OTP on your mobile device matches the one on your browser, you simply tap to authorize. It's less tech-sexy than using a selfie, but it totally works.
My LogMeOnce contact pointed out that you can make it even harder for an attacker to beat this system by being unpredictable. Just keep changing which of your devices is the one authorized to respond to Selfie-2FA.
Those who've paid for the program can prepare a USB flash drive for use as a physical second authentication factor. There's also an option to add an X.509 Certificate as an authentication factor, but this is more logical in a business setting.
You can enable as many of the two-factor options as you wish, and log in using whichever is logical at the time. For example, if you logging in on a mobile device with no socket for your USB authentication key, you could opt to receive a code via SMS or email, or get a code from Google Authenticator. True Key by Intel Security also offers multiple authentication options, but goes further by letting you require more than just two of them for authentication.
Device Management and Anti-Theft
The free edition receives the GPS location of any failed login attempt, but the paid edition lets you check device location whenever you like. The Device Map page in the Security section displays the location of all your registered devices. Clicking on a device gets you more information, along with a button that remotely logs out of any active LogMeOnce session on the device.
The separate Device Management page lists all the devices you've configured for use with LogMeOnce. If you've lost or replaced a device, you can remove it from the list, thereby disconnecting it from your account. You can flip a switch to define whether each mobile device can accept password-less login requests.
When you select a device from the list, other actions become available. You can send a request to locate a mobile device. A Details tab displays a huge amount of information for iOS devices, quite a bit less for Android devices. However, for Android devices only, you can view a list of installed apps.
The Commands tab appears for both Android and iOS devices, but the available commands differ. You can remotely cause an Android smartphone to ring at top volume, handy in case you've simply misplaced it, and you can lock it remotely using the system lockscreen. You can even change the lockscreen password remotely before locking it down.
On both Android and iOS, you can send a message, perhaps something like, "I've seen your mugshot, phone thief, and I'm coming for you!" But don't get too excited about this feature. Unless you've enabled viewing notifications on the device's lockscreen, the only way a phone thief could read the message would be by logging in to LogMeOnce, which shouldn't be possible.
That brings me to the final command, available on iOS and Android, the Kill-Pill. This dramatically named feature simply wipes all personal LogMeOnce data. I sent the Kill-Pill command to my Apple iPad Air and watched as LogMeOnce reverted to the initial setup screen, with no sign of my email address or any other configuration data. Oddly, sending the same command to my Nexus 9 never worked; it timed out repeatedly in my testing. My company contact confirmed that while the feature works on most Android devices, it doesn't yet work on a Nexus 9. Gotta love Android fragmentation!
Using a trusted mobile device as part of the authentication process is becoming more and more common. Like LogMeOnce in password-less mode, oneID skips the master password in favor of device-based authentication. You can configure True Key to use other forms of authentication, including a trusted device, in place of a master password. But LogMeOnce is the only product I've seen that adds anti-theft features to protect the security of that trusted device. It's a smart move.
Even the free edition of LogMeOnce lists all your passwords ordered by strength, rates your total security status, and displays what it calls a hybrid identity score. If you've paid, you also get an overall password strength rating, with a breakdown of statistics such as the number of passwords of at least 15 characters, and the number that contain at least one of each character type.
The Live PasswordTracker chart is another paid-only feature. It takes two weeks to get a baseline for reporting, so I didn't see its full capabilities. For starters, it charts a solid line that's your overall password strength each day. If you're using the product correctly, that line should only go up. It also charts what the company calls a heartbeat line. Solid line segments represent days that you used LogMeOnce, dotted segments days that you did not. The line's height above the axis is based on the strength of the passwords you used on that day. The purpose of the chart is to encourage you in proper password hygiene, replacing weak passwords with strong ones and always relying on the password manager to keep track.
A Few Oddities
In testing the free edition, I glossed over the few little quirks I ran into, given the fantastic features that you get for free. Running into those same quirks—and a few new ones—in the paid edition, I'm slightly less forgiving.
LogMeOnce is a work in progress, in a good way. While working on this review, I confused the PhotoLogin feature with what was then called Photo-2FA. Overnight, the developers renamed it to Selfie-2FA, to avoid confusion. Because I mused about the possibility of an unauthorized person picking up a phone that was left unlocked, they changed the local-only PhotoLogin to also require PIN entry. This is an agile team, indeed.
On the other hand, I also ran into some oddities that aren't yet fixed. I couldn't make the Kill-Pill personal data erasure work on my Android device. To use Selfie-2FA from my all-in-one desktop PC, I had to crank the webcam brightness to the max, so high that Skype images appeared washed out. On an iPad, the iOS edition runs in the dated 2x mode, just a blown-up version of the iPhone edition. And even though a paid account should be ad-free, the "Go ad-free" link still appears, and I saw ads on some mobile screens. Pending updates for the Android and iOS apps should fix at least some of these oddities. Overall, though, this utility's breadth of features and its inclusion of innovative, security-focused features overshadows these few quirks.
LogMeOnce Password Management Suite Ultimate takes the vast feature set of the free LogMeOnce password manager and kicks it up to the next level. I haven't seen another product offering selfie-based two-factor authentication, or a built in anti-theft system. It lacks the ability to manage password for applications, but it checks just about every other box. On the flip side, you get almost all of these features in the free edition, and for some the vast array of features may prove off-putting.
LastPass Premium comes the closest to matching LogMeOnce's breadth of functionality, though with the latest edition LogMeOnce has taken a significant lead. For those who are more into simplicity and ease than a prodigious number of features, Dashlane 4 does everything you could want, with flair. LogMeOnce joins these two as an Editors' Choice for commercial password managers.
That argument is stronger for open source than it is for closed source." Perry also worried aloud about targeted backdoors delivered to specific users. "The iOS App Store is at a significant disadvantage there even compared to Google Play," he told us. "Each iOS app is re-encrypted specifically for the user with Apple's DRM, making it technically impossible to verify that the package you installed matches the official one." He said that Apple has "created the perfect platform for delivering targeted backdoors to specific users.
I don't like banking on iOS for those reasons." Google hostile to freedom In order to solve the Android security mess, Google is taking steps that hurt user freedom, and make Android vulnerable to compelled backdoors, Perry argued. The fragmentation of the Android ecosystem into multiple OEMs, who distribute their own versions of the operating system, has resulted in rampant insecurity. Without financial incentives to push security updates to users' phones, OEMs by and large abandon users to their fate. Under pressure from many quarters to solve this problem, Google is working to improve Android security, but Perry criticised Google's release and development process as increasingly opaque. Android platform is effectively moving to a 'Look but don't touch' Shared Source model that Microsoft tried in the early 2000s," Perry wrote in his blog post. "However, instead of being explicit about this, Google appears to be doing it surreptitiously. "It is a very deeply disturbing trend." Copperhead to the rescue Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." Daniel Micay, Copperhead's lead developer, welcomed Perry's prototype. "It will be nice to have somewhere to direct technical users that cannot live without Google Play," he told Ars in an e-mail. By default, Copperhead eschews Google Play, and Micay himself refuses to use any Google Apps. Enlarge / A general outline of Copperhead's main features. "Mike Perry is interested in doing things properly which is why [the prototype] goes through the effort of not breaking verified boot or depending on leaving an insecure recovery image," Micay said. "The rough edges can be smoothed out over time." Mission Improbable, but useable today The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router. The prototype is the second of its kind.
Back in April, 2014, Perry proposed his first Android device optimised for privacy and security—then nicknamed Mission Impossible.
The earlier prototype consisted of a 2013 Google Nexus tablet running Cyanogenmod. Perry emphasised that the Tor Project has no plans to get into the hardware business, but hopes the prototype will provoke discussion and innovation. He pointed to the Neo900, which bills itself as "The truly open smartphone that cares about your privacy"—a project, he said, that came about in part due to the "Mission Impossible" blog post two years ago. "What I’ve found is that posts like this one energise the Android hobbyist/free software ecosystem, and make us aware of each other and common purpose," Perry told Ars. "It also shows Google and others what gaps there are in Android for Tor support, and raises awareness about the dangers the ecosystem faces." Ars readers looking for a weekend project will find the complete Mission Improbable installation instructions on GitHub. J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK
That doesn’t bode well for users of the internet starting next week. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the report says. “Malicious actors have new tools—IoT botnets—that will almost certainly be used in the coming quarter.” That includes the infamous Mirai botnet whose code has been made public and that is responsible for some of the largest DDoS attacks ever – perhaps more than 1Tbps—including two that were mitigated by Akamai. In past years these attacks have been used to take down gamer sites at Christmas, just in time to frustrate people who have just received new gaming platforms.
Famously, both Xbox Live and Sony Playstation were disrupted by DDoS attacks in 2014. Mirai has kept a low profile since it knocked DNS service provider Dyn for a loop last month, but that doesn’t mean it won’t be back, Akamai says. The type of person who likely launched that attack is the type likely to use MIrai for a follow-up to the 2014 attacks.
The Dyn IoT DDoS flood was pinned on gamers who wanted to take down a gaming site, likely Playstation Network. According to Lance James, the chief scientist at Flashpoint, the attack was, “teenagers losing their emotions over videogames,” who “took down more than even the attackers hoped to take down.” DDoS attacks in general have been on the rise, the Akamai report says, up 71% over Q3 last year. The good news is that some forms of DDoS seem to be on the wane, network time protocol (NTP) attacks in particular. That’s because the open NTP servers used to reflect and amplify attack traffic are getting cleaned up, so there are few of them off of which to bounce traffic.
The number of attacks has grown over time but the amount of traffic generated by each has gotten less.
The average size of an NTP attack in June 2014 was greater than 40Gbps.
This June it was 700Mbps. When these attacks were on the rise, the vulnerable servers being used to carry them out became apparent, leading their owners or third party observers to take note and secure them. “It appears that June was the critical inflection point, when not only did available NTP reflection bandwidth shrink, but botnet owners pivoted to other protocols for their traffic,” Akamai says. Meanwhile, UDP fragmentation attacks accounted for nearly a quarter (24.56%) of all DDoS attacks observed by Akamai in the third quarter.
These attacks send fraudulent fragmented packets to the target server, but they are designed so they cannot be reassembled.
That chews up processor time on the server, eventually leading to it becoming overwhelmed. But Akamai says the recent success of IoT botnets means they will be used more until defenders find a way to defeat them. “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever,” Akamai says. This story, "Akamai warns: Look for IoT devices to attack during Thanksgiving, Christmas" was originally published by Network World.
It also compared a typical Android smartphone to rivals Apple and Microsoft.
According to Google, 39 out of 39 pre-installed apps are from Apple on iPhone 7, and 39 out of 47 pre-installed apps on the Microsoft Lumia 550 are from Microsoft. In a blog post on Thursday, Google general counsel Kent Walker said: "The response we filed today shows how the Android ecosystem carefully balances the interests of users, developers, hardware makers, and mobile network operators.
Android hasn’t hurt competition, it’s expanded it." The 100-plus page response to the commission focuses on metrics in an attempt to add weight to the claim that it hasn't abused any competitive advantage. Walker said: The commission’s case is based on the idea that Android doesn’t compete with Apple’s iOS. We don’t see it that way.
In fact, 89 percent of respondents to the commission’s own market survey confirmed that Android and Apple compete.
To ignore competition with Apple is to miss the defining feature of today’s competitive smartphone landscape. Walker claimed that possible remedies to resolve the case could create fragmentation in the mobile ecosystem. "The commission’s preliminary findings underestimate the importance of developers," he said. Walker continued: The commission argues that we shouldn’t offer some Google apps as part of a suite. No manufacturer is obliged to preload any Google apps on an Android phone.
But we do offer manufacturers a suite of apps so that when you buy a new phone, you can access a familiar set of basic services.
Android’s competitors, including Apple’s iPhone and Microsoft’s Windows phone, not only do the same, but they allow much less choice. Vestager can fine the search behemoth up to 10 percent of its global turnover—around $7.4 billion (£5.9 billion)—if she finds Google guilty of wrongdoing. Google is currently appealing against a similar case in Russia after authorities fined the company approximately 438 million rubles ($6.8 million, £5.25 million) in an almost identical Android antitrust case earlier this year. Yandex, Russia's biggest search engine and the main complainant in that case, is also one of four complainants in the EU case.
Google rivals Microsoft, Nokia, and Oracle—under the Fairsearch umbrella organisation—lodged the first complaint against Android in 2013. Fairsearch said in a statement to Ars: Google says there's no problem because Android is 'open.' The truth is that Android is today a closed operating system, and any claim to the contrary is disingenuous.
Any manufacturer or network operator seeking to differentiate its devices or services is prevented from doing so by the web of Google's contractual restrictions. Google imposes severe sanctions on those who defy its insistence on conformity.
For example, a phone maker that offers even a few phones that do not comply with Google's straitjacket faces a cut-off from all of Google’s branded products. US ad-blocking firm Disconnect and Aptoide, a rival Portuguese Android app store, have also complained. None had responded to requests for comment from Ars at time of publication. Google separately faces antitrust charges on favouring its own search services and price comparison offerings over those of its rivals and for allegedly breaching competition rules with its mammoth ad business. Last week, Google rebuffed both of those charges. This post originated on Ars Technica UK
The 2017 edition of Symantec Norton Security Deluxe continues a long tradition of top-notch security, as confirmed by independent labs and my own hands-on testing and evaluation.
Installed in Windows, it's a top-tier security suite, and Mac users also get a suite, not just an antivirus.
As for the Android edition, it's an Editors' Choice.
Support for iOS is pretty limited, but that's typical. Overall, the suite is excellent, but it's just shy of an Editors' Choice award. A $79.99 per year Norton subscription lets you install Norton's security products on up to five Windows, Android, macOS, or iOS devices. Webroot charges the same for five licenses, while Trend Micro lists for $89.95.
For about the same as Trend Micro's price, you can install McAfee's top-level security software on all the devices in your household. Oh, and for that rare individual who just has one device, Norton Security Standard protects a single PC or Mac for $59.99 per year. You'll find that all of these prices are frequently discounted, sometimes deeply. As with many cross-platform multi-device suites, Norton's online console is central to managing and installing protection. You start by creating your account and entering your license key.
At that point you can download and install Norton Security for your Windows system. You can also extend protection for up to four other devices.
I'll go into detail about protection on other platforms later in this review. Appearance-wise, there's not much change since last year.
The main window still features four panels devoted to Security, Identity, Performance, and More Norton.
Clicking a panel slides down the whole panel row, revealing additional icons related to the panel you clicked.
For example, when you click Security, you get icons for Scans, LiveUpdate, History, and Advanced. Most of the new developments are invisible. New Protection LayersKeeping up with the very latest malware innovations requires expertise, study, and analysis. Having researchers perform that analysis can take too long, so a couple of years ago Symantec launched an initiative focusing on machine learning.
According to my Symantec contact, the team "consists of 10 PhDs and two research Engineers from top schools, with combined 100+ years of experience in applied machine learning." That's quite a brain trust. Symantec has always taken a layered approach to system protection.
At the network level, Norton fends off attacks and blocks contact with malicious websites.
If a malicious file makes it onto your disk, the antivirus scan may wipe it out. Other factors such as file prevalence and behavior-based blocking come into play. The current product line adds several new layers to the protection mix. Proactive Exploit Protection actively prevents exploit techniques such as heap spray and ROP (Return Oriented Programming).
Threat Emulation handles malware that has been encrypted, packed, or obfuscated by running it in a controlled environment and evaluating it after it self-decrypts, much like Check Point ZoneAlarm Extreme Security 2017's similar feature.
And a predictive machine-learning algorithm aims to catch even the freshest and most innovative malware. These new layers aren't visible to the user (or even the expert).
But they help Norton keep malware out of your system. Shared AntivirusAfter a brief hiatus, Symantec again offers antivirus product, Symantec Norton AntiVirus Basic.
Feature-wise, the suite's antivirus protection is identical. However, where users of the standalone antivirus must rely on FAQs and forums for support, the suite adds a full range of tech support, and a Virus Protection Promise—if Symantec's tech support agents can't rid your system of pesky malware, the company will refund your money.
But as far as features go, the suite's antivirus protection is identical. Read my review for all the juicy antivirus details. Norton doesn't participate with all of the independent testing labs that I follow, but those that do include it give it high marks.
In the three-part test performed by AV-Test Institute, it got top marks for malware protection and low false positives, though it slipped in performance, taking 5 of 6 possible points.
Its total of 17 points is good, but Trend Micro Maximum Security, Bitdefender, and Kaspersky managed 18 of 18 possible points in the latest test.
There's nothing second-rate about a perfect AAA rating from Simon Edwards Labs, though.
And Norton is one of a very few products to pass two tests performed by MRG-Effitas.
Its aggregate lab score, 9.7 points out of a possible 10, beats all others except Kaspersky Total Security. Norton also did very well in my own hands-on tests.
Its detection rate of 97 percent and malware-blocking score of 9.7 are among the best, though Webroot did manage a perfect 10 points. When I tested Norton with 100 very recent malware-hosting URLs, it blocked 98 percent of the malware downloads.
In some cases, its Web-based protection kept the browser from even visiting the malicious URL, but mostly the Download Insight feature eliminated the malware payload. Only Avira Antivirus Pro 2016 has done better in recent tests, with 99 percent protection. I use Norton as a touchstone for measuring antiphishing success, reporting the difference between the tested product's protection rate and Norton's. Webroot, Bitdefender Internet Security 2017, and Kaspersky are the only recent products that have done better than Norton.
And of course it's significantly more accurate than the phishing protection built into Chrome, Firefox, and Internet Explorer. Other Shared FeaturesDespite the word Basic in its name, Norton's standalone antivirus offers a lot more than just the basics.
It doesn't include full firewall functionality, but in testing, its Intrusion Prevention component did an impressive job blocking exploit attacks, stopping them at the network level and identifying many of them by name. You'll also find a complete antispam component that filters POP3 email accounts and integrates with Microsoft Outlook. A Norton Insight scan lists all the files on your computer, along with the trust level for each, prevalence among Norton users, and impact on system resources.
The antivirus scanner uses Norton Insight results to avoid scanning known and trusted files.
The Norton Safe Web browser extension uses red, yellow, and green icons to flag safe, iffy, and dangerous links in search results. You can click through for a full report on just why a given site got the rating it did. The Symantec Norton Identity Safe password manager is free for anyone to use, but having it integrated with your Norton protection is convenient.
It handles all basic password manager functions and syncs across all your devices, though it lacks advanced features like two-factor authentication and secure password sharing. Several of the shared features aim to improve your system's performance. Using the startup manager, you can reversibly disable programs from launching at startup, or set them to launch after a delay.
The File Cleanup tool wipes temporary files that waste space.
There's even a disk defragger, in case you don't have Windows optimizing disk fragmentation in the background. See How We Test Security Software Intelligent FirewallAs noted, the standalone antivirus includes a powerful Intrusion Prevention tool, a feature more commonly associated with firewall protection. With the suite, you get a complete two-way firewall. The built-in Windows firewall completely handles the task of stealthing your PC's ports and preventing outside attack.
Any firewall that aims to replace the built-in needs to do at least as well. Norton passed my port-scan and other Web-based tests with flying colors. What you don't get with the Windows firewall is control over how programs access the Internet and network.
Don't worry; Norton won't bombard you with confusing queries about what ports and IP addresses a given program should be allowed to access.
It handles such matters internally, automatically assigning network permissions to the vast number of known and trusted programs in its online database. When Norton encounters an unknown program attempting Internet access, it cranks up the sensitivity of its behavior-based malware detection for that program, and keeps an eye on its connections.
If the program misbehaves, Norton cuts its connection and eliminates it.
This isn't quite the same as the journal and rollback technology that McAfee and Webroot SecureAnywhere Internet Security Complete apply to unknown programs, but it's effective. I always do my best to disable firewall protection using techniques that would be available to a malware coder. Norton doesn't expose any significant settings in the Registry, so that route is out.
Both of its processes resist termination.
And its single Windows service can't be stopped or disabled.
It's worth noting that this isn't always the case.
I completely disabled all processes and services for ThreatTrack Vipre Internet Security Pro 2016, for example.
And while the majority of McAfee's 14 processes and 13 services resisted attack, quite a few succumbed. Excellent Android ProtectionNorton's standalone antivirus is PC-specific. With the suite, you can cover your Mac, Android, and iOS devices as well.
Click More Norton in the program's main window, then click the Show Me How button to get started.
Sign in to your Norton account and enter the email address used on the device you want to protect. Unlike the similar feature in McAfee LiveSafe, you don't have to choose the platform.
Clicking the emailed link on the device automatically selects the proper download. On an Android device, you get Norton Security and Antivirus (for Android).
Along with Bitdefender Mobile Security and Antivirus, this product is an Editors' Choice for Android security. Please read our review of that product for a deep dive into its features.
I'll summarize here. Note that the Android app has gotten a significant user interface redesign since our review, and more new features are due in the coming weeks. Immediately after installation, the antivirus runs an update and a scan. You also must activate the app for Device Administration in order to make use of its anti-theft features, and give it Accessibility permission so it can scan apps on Google Play. Norton scans for malicious and risky apps, as expected. More interestingly, its App Advisor works inside Google Play, checking every app you tap and reporting the risk level.
Tap the small notification at the bottom to see details of App Advisor's findings. Norton's extensive set of anti-theft features can be triggered either by logging in to the Web console or by sending coded SMS commands. Naturally you can use it to locate, lock, or wipe the device, and the scream feature helps find a misplaced device at home. When you lock the device, it displays a contact message of your choice, so someone who finds your lost device can arrange to return it. The Sneak Peek feature lets you remotely (and silently) snap a photo of whoever is holding the device. When you lock a lost or stolen device, it automatically snaps a photo every 10 minutes, and reports its location every five minutes. You can also remotely back up your contacts before resorting to the Wipe command, which performs a factory reset. There's a link to install the free separate App Lock app, and another to install a trial of the Norton WiFi Privacy VPN (Virtual Private Network).
It offers call blocking on Android smartphones.
And you can extend protection to another device directly from within the Android app. Suite for macOSIt's fairly common for multi-platform suites to give macOS short shrift, but Norton doesn't follow that trend. Norton Security on a Mac is a full security suite, not just antivirus. My Norton contacts say that the definition file size is down by two thirds in the current edition, which means faster scans and lower memory usage. As expected, the antivirus component scans files on access, on demand, and on schedule.
It can also scan inside ZIP files.
The full-scale firewall blocks dangerous network connections and controls how programs access the network.
The related Vulnerability Protection feature blocks port scan attacks and attacks attempting to exploit system vulnerabilities. Norton's Safe Web website reputation monitor installs in Chrome, Firefox, and Safari, marking up search results and optionally blocking access to dangerous sites, just as with the Windows edition. Phishing protection is likewise parallel to what you get with Windows. The File Guard feature aims to protect your most important files from unauthorized modification. You can set it to guard up to 250 specific files.
It doesn't protect an entire folder the way Trend Micro's Folder Shield or Bitdefender's Data Shield do.
Files under guard can't be opened, moved, copied, or deleted. You can optionally let system processes like Finder and Spotlight manage guarded files.
If you want to manipulate or modify a file that's under guard, you simply enter your password in the popup notification. Find Your iOS Devices You may want to think twice about using up one of your five licenses to protect an iOS device, as the feature set on iOS is seriously limited. Norton does offer to back up your contacts, just as it does under Android. You can use the Web portal to locate your iOS device.
And you can trigger a loud alarm to help find a nearby device.
Is it under the sofa? Or in that scruffy guy's backpack? But that's the extend of anti-theft. You can't lock or wipe the device, and you certainly can't snap a sneak peek photo. The iOS version does offer one unusual feature.
As long as you're using a device with microphone and speakers, say, a laptop or another mobile device, you can make an Internet call to the lost or stolen device. Note, though, that this won't work if the device is locked with a PIN or passcode. That's the extent of mobile security on iOS devices. No Performance WorriesAround 10 years ago, Norton had a reputation for being a resource hog, offering security at the expense of performance.
The developers quashed that reputation by spiffing up the suite's performance, and they continue to work toward less and less performance impact. I check performance using three tests that measure boot time, the time to move and copy a ton of files between drives, and the time to zip and unzip that same collection of files.
I average the results of multiple tests with no suite installed, then install the suite and average another round of testing. Norton's results were outstanding, quite a bit better than last year's.
They were so outstanding that, just to be sure, I uninstalled the product and repeated the whole process.
The results were the same within a few percent. Norton had no measurable effect on the boot time test or zip/unzip test.
The file move and copy test took 16 percent longer with Norton watching over the test system, well below the current average of 24 percent.
It's pretty clear that you don't have to worry about Norton dragging down your system's performance. Overshadowed by PremierAntivirus protection in Norton Internet Security Deluxe is excellent, with very high marks in my hands-on tests and in independent lab tests.
Its phishing protection is so good that I use it as a touchstone for evaluating other products.
Add a self-sufficient, tough firewall and a straightforward antispam tool and you've got a fine suite for your Windows devices. Norton's Android security product is an Editors' Choice, and it offers more under macOS than many.
Granted, it doesn't do a lot on iOS devices, but they do tend to need less protection. The main reason this product isn't an Editors' Choice for cross-platform multi-device suite is that its big brother, Norton Internet Security Premier, is significantly better.
For just $10 more, Premier gets you twice as many licenses, plus some significant added features.
It's a seriously better deal, well worth an Editors' Choice. Our other top pick in this category, McAfee LiveSafe, doesn't offer quite the stellar protection that Norton does, but a single subscription lets you install protection on every device in your household. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: n/a Back to top PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
In particular, on securing and defending the Internet of Things. Speaking to an audience of about 50 network industry executives this afternoon, Phipps highlighted three security challenges for the IoT: data loss, particularly with last week’s Yahoo! hack of half a billion user accounts; hijacking, such as the controversial Jeep hack published a little while ago; and consumer products, particularly, with the latter, medical device hacks of items including pacemakers and insulin pumps. Phipps also highlighted how Ken Munro of PenTest Partners had “made children’s toys swear” by hacking them, which drew general laughs. Building on that point of how a trivial hack can lead to bigger things - in the case of Munro and an IoT kettle, the host Wi-Fi network's authentication keys - however, Phipps warned: “The attacker needs to overwhelm you in just one place to be successful.
If it delivers on the promises of the hype, IoT looks like something that will be integrated into our home life, transportation, cities, and … even improving our health." “I think this is a Wild West industry” thundered Paul Tindall of Sepura, following on from Phipps, opening a talk that focused on IoT security beyond the simple headlines. “It is fragmented and that makes security harder to apply." "If you consider the fragmentation of the standards as well," he continued, "you cannot trust security due to the fact that you’re using an unusual standard. We’ve got to apply proper governance around this.” Take the example of a body-worn sensor such as a Fitbit health monitor which generates data about you, he said. "I think I own that data.
At some point that data is aggregated and [the aggregating party] is going to fuse that data with data from other sources.
If you wrap context around those sources you turn that into valuable information.
I don’t know who owns that information.
Actually, I think that gets really complicated from a legal point of view.” The legal side of things was a point that was returned to later on. So what could possibly go wrong? Adrian Winkles of Anglia Ruskin University, an information security lecturer, said: “IoT security is not device security.
IoT is end-to-end.
It has many different facets, many different faces.
There’s a whole raft of things we have to think about.” The DDoSing of Things Referring to the recent DDoS of Brian Krebs, which was powered by an IoT botnet – “cameras, lightbulbs and thermostats” all generating 990Gbps of traffic, “which would take most government websites down” - he contrasted what people think they have, in terms of networked devices, with what they actually have in terms of traffic types.
In brief, your devices generate far more information about you than the ordinary punter ever realises. Winkles summed it up neatly: “Security is like a stack of Swiss cheese.
Each slices covers up holes in the slices below it.” “You could make a financial difference by building security in,” added Winkles, who quoted NIST: “The cost of fixing a bug in the field is $30k vs $5k during coding.” As for baking proper infosec practices into the Internet of Things, Winkles was forthright about taking a top-down approach: There’s an argument that says you start from the boardroom.
The pressure to be first to market doesn’t feature security.
The pressure to reduce costs? If you ignore security, you do so at your peril; it's going to cost you more in the long run.
Educate boardroom and senior management to build security in from the start.
Appoint a Chief Information Security Officer. What I’m touting is bottom up and top down.
The end message is to build security in. Finally, in the first half of the afternoon, Laurence Kalman, a lawyer from international law firm Olswang, spoke about the legal problems the Internet of Things throws up. “Privacy and security are what’s got everyone talking,” he said. Much of the data generated by IoT devices “is also personal data”, including a vast range of data about “an individual." This includes things such as “driving habits” in the case of smart satnavs and other sensitive data. As his slide deck put it, “the success of the IoT both from an individual device and application perspective, and more broadly as something we accept into our lives, will come down to users' confidence.” There is no law of the IoT as such, said Kalman. “Having said that, IOT has attracted significant focus from regulators,” he continued, highlighting how the EU has issued consultations and solicited other expressions of interest from the industry. “Europe could be a very productive place to do business on the IOT,” he concluded. What about the detail-slurpage? What about data ownership? “Who owns data in the IOT? The answer is, it’s complicated.
From a legal perspective, the question of ownership isn’t a simple one to answer.
There’s no property rights in it, as such.
There might be intellectual property in data if you do certain things to do it to take it beyond a certain piece of information.
Complications of data, databases, might attract copyright protection… you could see these IP rights arising at some point in the IOT value chain but its not the case that each part of IOT data will have ownership attached to it in the first place.” The Data Protection Act “has very broad application” to the IOT, he said. “In the IOT world, where there's thousands of devices and infrastructure at various stages of the chain, its very easy for infrastructure owners to fall within that domain.” In particular, it could be “the device manufacturer”, or “the social network that disseminates that data” or even “the health insurer who takes that data and offers a product from it”. “There’s no cyber security regulation as such that applies to IOT stakeholders as such,” concluded Kalman. He said the EU’s new GDPR would apply from 25 May 2016, noting that the E-Privacy Directive is currently under review and that the Network and Information Security Directive will also come into play for IoT manufacturers. One questioner from the floor touched on an area that drew great interest from the assembled audience. “Quite often I can see a conflict between business processes that need audit trails and the desire to delete data.” Kalman, answering, said: “The tendency up until now is that there’s been little focus on” what data do I need.
That sort of good housekeeping “have had less focus and that will have to change with the regulatory direction we’re receiving.
Businesses are going to have to work out where the balance lies.” ®
That left me needing to repeatedly explain to software conspiracy theorists why Norton didn't show up in my roundup of the best antivirus products.
Apparently those commenters and I weren't the only ones who missed the antivirus, as Symantec has brought it back, very successfully. Norton AntiVirus Basic is a winner. With a list price of $39.99 per year to protect one computer against malware, Norton AntiVirus Basic is more expensive than some of the company's other products on a per-device basis, but it's completely in line with its standalone antivirus competition.
Symantec Norton Security Premium, on the other hand, protects up to 10 devices for $89.99 per year, and includes 25GB of hosted online backup. Note that AntiVirus Basic is currently on sale for half its list price. I asked my Symantec contact why the company decided to bring back a standalone antivirus tool. "We saw there was a need for a low-cost, robust, PC-focused solution," he answered. "This need is not adequately addressed by freeware.
This product is primarily aimed at the value-oriented, tech-minded user who may already have a firewall, backup system, and so on." He went on to point out that Norton AntiVirus Basic offers the same enterprise-grade protection found in the suite. The suite offers full-scale tech support, with a guarantee that support agents will do everything necessary to keep your system virus-free, or your money back.
That guarantee doesn't come with Norton AntiVirus Basic, however.
In fact, tech support for this product is limited to self-help and community forums.
That's probably fine for the value-oriented, tech-minded customer mentioned above, but it is one drawback to the product. Note that Norton AntiVirus Basic isn't yet available in all markets.
If you're in Australia, Canada, France, Germany the US, or the UK, you can get it.
If you're elsewhere, you may have to wait a bit. Quick Install, Intensive ScanWhen you launch the Norton installer, it downloads the very latest version of the software, including the latest antivirus definitions.
I like that. Why doesn't every antivirus install the latest definitions, rather than prompting the user to update after installation is finished? Once Norton is installed, it is totally ready to go. Well, almost.
A little while after the installation, you get a prompt to enable the Norton extensions in your browsers.
I'll talk more about the extensions themselves later on. Norton walks you through the process of installing the extensions, with explanatory panels and animated arrows. The main window itself is laid out much like the Norton suite, with four big buttons across the bottom and a panel above that reflects your security status.
If the green You Are Protected notification changes to You Are At Risk in red, just click the Fix Now button to set things right. A full scan of my standard clean test system took almost an hour and a quarter, whereas the average scan time for recent products is about 45 minutes.
It was thorough, for sure, checking more than 250,000 items.
I also ran a Norton Insight scan, which found 88 percent of the files on this system to be among those that should be trusted, not scanned.
A repeat of that full scan took just 10 minutes. This product includes Norton Power Eraser, a more aggressive scanner that aims to root out really persistent malware.
If you think the regular scan may have left something behind, a scan with Norton Power Eraser should fix it. Excellent Lab ResultsSymantec doesn't submit the Norton antivirus to all the labs I follow, but those that do include it in testing give it excellent marks. Like Kaspersky Anti-Virus (2017), Symantec doesn't participate in certification testing by ICSA Labs. Neither of these two have been rated in Virus Bulletin's RAP (reactive and protective) test lately, either. AV-Test Institute rates antivirus products on protection against malware attack, low performance impact, and minimal false positives, assigning up to six points in each of the three areas.
Symantec aced the protection and false positive components of the tests but lost a half-point in performance, for a total of 17.5. Kaspersky managed a perfect 18 in this test, while Bitdefender Antivirus Plus 2016 slipped to 17 in the latest report. I track five of the many tests regularly performed by AV-Comparatives.
Bitdefender and Kaspersky earned the top rating in all five of these tests.
Due to a long-standing disagreement over testing methodology, Symantec doesn't participate in this lab's testing. However, it received AAA certification, the best of five certification levels, from Simon Edwards Labs. Kaspersky also rated AAA, as did a few others. This year I've added a pair of tests by MRG-Effitas to my collection. One specifically focuses on banking malware, the other on the whole range of malware.
The majority of products simply fail these tests.
Symantec, Kaspersky, ESET, and Webroot SecureAnywhere AntiVirus (2016) are the only products that passed the banking malware test.
In the full-range test, products earn Level 1 certification if they completely prevent installation of every malware sample, or Level 2 certification if they remediate all malware infestations within a set time. Nobody got Level 1 certification in the latest round of testing. Kaspersky, Symantec, and Webroot were among the very few that managed Level 2 certification. Overall, Symantec's lab results beat out most competing products. With three labs reporting, my aggregate calculation yields a score of 9.7 points, out of a possible ten.
See the chart linked above for details. Kaspersky tops this chart, with 9.9 points for testing by four labs. Excellent Malware BlockingIn addition to closely following reports from the independent testing labs, I also run my own hands-on tests.
If my results don't jibe with the labs, I give the lab results more weight.
In this case, I didn't have to, as Norton performed equally well in my tests. For most products, my malware blocking test begins the moment I open the folder that contains my collection of malware samples.
The minor file access that occurs when Windows Explorer checks the file's details is enough to trigger on-access scanning.
Indeed, Norton eliminated 52 percent of the samples at this point.
That's actually on the low side. Kaspersky wiped out over 70 percent on sight, and Emsisoft Anti-Malware 11.0 caught over 80 percent. However, when I started launching the samples that survived that initial massacre, Norton proved its worth.
In almost every case, it either blocked the malware from launching or caught it based on behavior and completely reversed the malware's effects on the system. With 97 percent detection and 9.7 of 10 possible points, Norton scored very well. Webroot took the brass ring on this test, with a perfect 10 points. The samples in my malware-blocking test necessarily remain the same for many months, because it takes me weeks of work to prepare a new set.
For another view of each product's protective ability, I try to launch malware-hosting URLs from a feed supplied daily by MRG-Effitas.
I note whether the product diverted the browser away from the dangerous URL, wiped out the malware during or right after download, or sat idly without doing anything useful. I keep at this test until I accumulate data for 100 verified malicious URLs. Norton demonstrated excellent protective abilities, blocking fully 98 percent of the malicious downloads.
In most cases, the Download Insight component did the job, quite visibly.
It interrupted the download for known malware, but in many cases it performed on-the-fly analysis after the download, which identified the file as malicious. Only Avira Antivirus Pro 2016 has scored better here, with 99 percent protection, all by fending off the malware-hosting URL completely. Excellent Phishing ProtectionFor many years, Norton's browser extension has done a great job protecting users from phishing websites, fraudulent sites that try to steal login credentials by masquerading as PayPal, eBay, banks, and so on.
In fact, when I test antiphishing solutions, rather than give them a straight percentage rating I report on how their detection rate compares with Norton's. For this test, I set up five browsers, one protected by the product under test, one by Norton, and one by the built-in antiphishing components in Chrome, Firefox, and Internet Explorer.
I scrape the Web for the newest reported phishing sites, as much as possible using sites too new to have been blacklisted.
I do this because phishing sites are ephemeral.
By the time they're blacklisted, they may well be gone. Norton, like all the best phishing fighters, uses real time analysis to supplement its blacklist. I launch each one in all five browsers simultaneously.
If any of the browsers displays an error page, I discard that URL.
And of course, if the link is not actually a phishing attack, I discard it.
As with the malicious URL blocking test, I aim for at least 100 URLs. In this case, Norton itself is the product under test, which is a bit different.
To get its score against the three browsers, I averaged the difference from all of the other tests I've performed. Norton's detection rate came in 53 percent better than Firefox, 35 percent better than Internet Explorer, and 23 percent better than Chrome. Nearly a quarter of recent products fared worse than all three browsers in this test. Few products come close to Norton's accuracy, and even fewer do better. Webroot beat Norton's detection rate by 1 percentage point, and Bitdefender managed 2 percent better than Norton. Kaspersky came out at the top, with a detection rate 4 percentage points better than Norton's. Intrusion PreventionI typically think of intrusion prevention as a feature that goes with firewall protection, but it doesn't in any way require a firewall.
In fact this product, which has no firewall, has the same powerful intrusion prevention found in the Norton suite. My Symantec contact explained, "We couldn't imagine delivering a product under the Norton brand without including intrusion prevention." I tested this feature using about 30 exploits generated by the CORE Impact penetration tool.
An exploit attack attempts to gain control of the victim's operating system or of an important app by taking advantage of a security hole in its target. Norton aims to block these attacks at the network level, before even a trace reaches the protected PC. I found that after the first couple of exploits were caught, I started getting error messages for all the rest.
Sure enough, Norton's Intrusion AutoBlock noticed multiple exploits from the same IP address and set itself to block all traffic from that address for a half-hour.
I had to disable this feature in order to continue my test. Norton blocked 63 percent of the attacks overall.
For 37 percent, it identified the attack by name, and reported a generic name for another 26 percent. Norton's performance in this test is better than most competing products, and it catches the attacks at the network level where many competitors resort to eliminating the exploit's payload file. See How We Test Security Software Bonus FeaturesI've already mentioned the Norton Insight scan, which speeds up antivirus scanning by identifying known good files that don't require scanning. Norton Insight lists all of the files it checked, along with the trust level, the prevalence of that file in the network of Norton users, and the item's impact on system resources. Here's a surprising bonus feature—this antivirus includes the same antispam component found in the full Norton suite.
It filters POP3 email accounts and integrates with Microsoft Outlook, automatically tossing spam messages into their own folder.
If you're among the rare few who don't get spam filtered out by your email or webmail provider, this is a handy bonus. The Norton toolbar manages such things as keeping your browser from accessing malicious or fraudulent websites.
It also marks up search results with color-coded icons, green, yellow, and red for safe, iffy, and dangerous, as well as a special Norton Secured marker for verified shopping sites.
If you want to know just why Norton flags a site as red or yellow, you can click through for a detailed report. You can optionally install Norton Safe Search as your search provider, and make it your home page as well. Norton AntiVirus comes with the Symantec Norton Identity Safe password manager as a bonus.
It's true that you can get Identity Safe for free, but having it bundled with your antivirus is convenient.
There's also a link to Symantec's online password generator in the antivirus. Disk fragmentation isn't such a problem these days, now that modern Windows versions handle defragmenting in the background.
If you're using an old version, Norton's Disk Optimization component can help.
If your disk is only minimally fragmented, the tool doesn't waste time tweaking it. If your PC's pace is seriously dragging, you can put a spring back into its step with a tune-up utility. Norton's File Cleanup component doesn't come close to the abilities of those purpose-built tools, but it is a quick and easy way to wipe temporary files, both for Windows and for Internet Explorer. As time goes on, many of us tend to accumulate applications that launch at startup and then hang around using up memory and other system resources.
The more of these you have, the longer it takes to boot your system, too. Norton's Startup Manager lists all programs that launch at startup, identifying the resource usage of each as well as its prevalence in the community of Norton users. You can reversibly disable any of them that don't really need to launch at every boot, or delay launching some, to speed the process. Note that some standalone tune-up utilities also provide this feature. Great Antivirus and MoreI'm pleased with the return of Symantec Norton AntiVirus Basic.
It earned excellent test scores across the board, both with the independent testing labs and in all of our hands-on tests.
Bonus features like intrusion prevention, password management, and spam filtering make it even better.
It's an excellent addition to Symantec's security line, which for the last few years has consisted only of suites. Norton AntiVirus Basic joins the extensive pantheon of antivirus Editors' Choice products.
Its fellow honorees are Bitdefender Antivirus Plus, Kaspersky Anti-Virus, McAfee AntiVirus Plus, and Webroot SecureAnywhere Antivirus. Yes, there really are that many excellent choices when it comes to antivirus. Back to top PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.