The agreement reflects the success of the companyrsquo;s existing integration with PayPal Invoicing, which streamlines the process by which law firms accept clientsrsquo; funds. Used within LexisNexis Visualfiles, the fast, easy and customer friendly solution has proved especially popular when combined with leading eSignature product Adobe Sign.
As invoice details can be forwarded to clients electronically, the PayPal integration... Source: RealWire
Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA.
Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to leave a comment, please click here
I always tell them the same thing: It's difficult for a free CA to actually provide any security assurance.
There is no free lunch.I was reminded of this maxim when I read a recent article from HashedOut revealing that the popular, free Let's Encrypt has issued more than 15,000 digital certificates with the word "PayPal" in the subject name. PayPal itself doesn't use Let's Encrypt, so it's likely that most of these digital certificates are related to phishing attacks (according to HashedOut's analysis, that would be a whopping 96.7 percent of them).To read this article in full or to leave a comment, please click here
I try my best to review the latest security suite and antivirus releases from all the security companies, but occasionally I miss one. The 2016 product line from TrustPort slipped past me. I hoped that with two years of innovation rather than the usual one, I would see remarkable improvements in TrustPort Internet Security Sphere, which fared poorly in my last review. Sadly, it didn't score any better than when I last reviewed it in 2015.
At $37.95 per year for three licenses (or $29.95 for a single license), TrustPort is significantly less expensive than most competing products. Bitdefender, Kaspersky, and Norton all cost just a little more than twice as much. On the other hand, those three are much more effective than TrustPort. For the same price, McAfee Internet Security lets you install protection on every Windows, Mac, Android, and iOS device in your household.
The main window for Trustport's antivirus features a single row of five square buttons, while the full suite has two rows of five, to accommodate its additional features. The six green buttons turn components like the real-time scanner and parental control on and off. Blue buttons invoke actions such as running a scan or checking for updates. It's a different arrangement of square buttons from the version I reviewed previously, and a different color scheme, but not a lot else has changed, appearance-wise.
Shared Antivirus Features
This suite's antivirus protection includes everything found in TrustPort Antivirus Sphere, plus an additional Web scanner component. Please read that review for full details of features common to both. I'll summarize here and focus on the suite's additional antivirus abilities.
Several high ratings from the independent testing labs marks a highly effective antivirus. Alas, only one of the labs that I follow includes TrustPort. In its RAP (Reactive And Proactive) test, Virus Bulletin scored TrustPort at 85.34 percent, a little above the average score. But that's not enough data for me to come up with an aggregate lab rating. On a scale of 10 possible points, Kaspersky Internet Security earned an impressive aggregate score of 9.8, while Norton managed 9.7 points.
In my own hands-on malware-blocking test, TrustPort detected 87 percent of the samples and earned 8.5 of 10 possible points. That's one of the lower scores among products I've tested with this sample set. Webroot SecureAnywhere Internet Security Plus, Comodo, G Data, and a few others detected every single sample. Webroot, Comodo, and PC Matic earned a perfect 10 points in this test.
My malicious URL blocking test uses very new malware-hosting URLs. Products get equal credit for blocking all access to the URL and for eliminating the malicious executable during download. Handicapped by lack of any Web-based protection, TrustPort's antivirus managed to wipe out 70 percent of the samples during download. When I tested the suite, its Web scanner blocked access to 21 percent of the URLs, and the real-time antivirus took care of another 55 percent. The total protection rate of 76 percent is still pretty low. Tested in the same way, Symantec Norton Security Deluxe blocked 98 percent of the samples.
Other Shared Features
The antivirus includes a feature called Anti-Exploit, but it's not about blocking attacks that exploit unpatched vulnerabilities, as you might expect. Rather, it looks for suspicious activity, things like programs attempting to manipulate other programs. In its default silent state, it doesn't do anything at all. When I took it out of silent mode and tested it with some valid programs, it found 40 percent of them to be suspicious. To get those programs working, I had to add them to the trusted list.
Next I switched from Anti-Exploit to an alternate tool called Application Inspector and tested again with a collection of valid programs. The Application Inspector flagged 30 percent of them for a different set of suspicious behaviors than Anti-Exploit did. You're better off just leaving this feature in its silent, do-nothing mode.
Clicking the Extra Applications button doesn't actually get you any extra applications, at least not in the standalone antivirus. Rather, it offers access to two different but equally complicated techniques for creating a bootable antivirus. You can use a bootable antivirus to clear up malware infestations that resist normal disinfection. However, the options offered by TrustPort are just too complex for the average user. The full security suite does offer extra applications, which I'll describe below.
Poor Phishing Protection
Phishing is the practice of creating fake versions of sensitive websites and hoping some poor chump takes the bait. Victim who log in to a fake PayPal site, for example, have just given away their credentials to their real PayPal account. These fraudulent sites get blacklisted and taken down quickly, but the fraudsters just reopen with a new fake site.
To test phishing protection, I use the newest phishing URLs I can find, preferably ones that have been reported as fraudulent but not yet analyzed and blacklisted. I try to visit each in a browser protected by the product under test, and in another browser protected by Norton, which has a long history of effective phishing detection. I also launch each URL in Chrome, Firefox, and Internet Explorer, relying on each browser's built-in fraud detection.
The first time TrustPort blocked anything, it popped up the standard notification it uses when it detects malware in a file. I resolved to track such events separately from times when the Web scanner denied all access the fraudulent site. But I didn't need to do that. Not once did I see a page replaced by the Web scanner's warning window. In addition, I found that even when TrustPort reported that it found phishing, the fraudulent page was completely accessible, and I had no trouble entering my (fake) credentials.
Very few products can match Norton's detection rate in this test. Of all recent products, ZoneAlarm tied Norton, while Webroot, Kaspersky, and Bitdefender Internet Security 2017 did a little better. Every other product lagged Norton's detection rate, some by a little, some by a lot.
TrustPort falls in the "by a lot" category. Its detection rate came in 66 percentage points behind Norton's. Chrome and Internet Explorer also beat TrustPort by a wide margin. This is a poor showing.
TrustPort's firewall handled the basic task of fending off outside attack just as well as Windows Firewall. It put the system's ports in stealth mode, making them invisible from the outside, and fended off my port scans and other Web-based attacks. In a recent test, G Data Internet Security 2017 went even further, presenting a notification that it blocked a port scan attack.
Of course, merely doing as well as Windows Firewall isn't a huge accomplishment. Most personal firewalls, TrustPort included, also take control of how programs connect to the Internet and network. Early personal firewalls foisted decision-making on the poor, uninformed user. Should I allow netwhatever.exe to connect with the computer at IP address 126.96.36.199 over port 80? Who knows! Some products, ZoneAlarm among them, cut down on these popups by maintaining a huge database of known good programs and automatically configuring permissions for those.
Norton takes this concept to the next level. If a process isn't in the database, Norton doesn't ask the user what to do. Rather, it monitors that process extra-closely for any suspicious network activity. That's much better than relying on the untrained user for important security decisions.
TrustPort offers four levels of firewall protection, but if you read the text associated with each, it doesn't actually recommend any of them. The default level is called Use Firewall Rules, but the text states this is only recommended for experienced users. The description of the less-strict Enable Outgoing Connections level includes a warning that it can't defend against Trojans and spyware. And there's no point in the options that block or allow all network traffic. For testing, I stuck with the default, Use Firewall Rules.
In this mode, TrustPort is totally old-school. It did correctly pop up a query about my hand-coded browser's use of the network, and it managed to detect a couple leak test programs trying to evade its view. But it also popped up queries for numerous internal Windows components. A user who accepted the default action, blocking that process from Internet access now and forever, would wind up disabling parts of Windows.
Fixing a program blocked in error is also tough with this suite. You click Advanced Configuration, find the Firewall section, and open the Filter Definitions page. Scrolling past dozens and dozens of confusing default rules, you'll eventually find application-specific rules. You could jump in and edit the rule that's blocking the program, but you're better off just deleting the entry and choosing to allow access next time the firewall asks.
Protection against exploit attacks is often a firewall feature. I tested TrustPort's protection by hitting the test system with several dozen exploits generated by the CORE Impact penetration tool. Its Web protection component jumped in to block 30 percent of them, identifying all but one of the exploit attacks by name. Tested in the same way, G Data blocked 50 percent of the exploits. Norton has the best score in this test. It blocked 63 percent of them, all at the network level, before any portion of the exploit reached the test system.
I always investigate methods that a nefarious coder might use to disable firewall protection. TrustPort doesn't seem to store anything in the Registry, so there's no way I could flip the Off switch. I tried to kill its six processes using Task Manager, with no result beyond six Access Denied messages.
However, like G Data, F-Secure Internet Security, and a few others, TrustPort doesn't protect its essential Windows services. I set the Startup Type for all six to disabled and rebooted the system. On reboot, TrustPort didn't run at all. Comodo also didn't protect its services, but on reboot it reported the problem and offered to fix it automatically.
This firewall handles the same tasks that the built-in Windows Firewall does, which is no great feat. Its program control component pops up queries about Windows components; a hapless user who chooses the default block action may disable part of Windows. And the firewall isn't properly hardened against attack. It's not an impressive showing.
See How We Test Security Software
Clicking the big Extra applications button on the main window lets you launch Portunes (rhymes with fortunes) and Skytale (rhymes with Italy). Portunes offers static storage for your passwords and other important data. Skytale encrypts messages. And neither is very useful.
Portunes stores passwords, credit cards, contacts, addresses, and more. You define what it calls a PIN to protect the collection. Last time I reviewed this product, it required a four-digit PIN; now you can enter a respectable master password. That's an improvement, albeit a minor one.
However, Portunes doesn't have any password management features other than including passwords among the things it stores. You can, if you wish, sync your data between multiple installations. To do so, you give Portunes access to your Dropbox account.
As for Skytale, it's easy enough to use. Type or paste in some text, click Encrypt, enter a password, and email or otherwise transmit the resulting gibberish to the recipient, sending the password separately. The catch is, the recipient must also be a TrustPort users. Quite a few encryption utilities don't have that kind of limitation. Some let you create a self-decrypting EXE file, while others offer a free decryption-only tool. Without any similar feature, Skytale isn't terribly useful.
Optimalize Your PC
"Optimalize" may not be precisely English, but it's what the button says. Clicking it launches TrustPort Optima, a simple tune-up utility that deletes temporary files, wipes out useless and erroneous Registry entries, and defragments your disk drives.
You start by clicking Analyze. On my test system, this step went quite quickly for the temporary files and Registry data, but it took quite a while to finish analyzing disk fragmentation. In a similar fashion, the actual cleanup of temp files and Registry went quickly, while defragmentation took quite a bit longer. You can click for a retro view that shows the defrag process as it happens.
If you rely on Web-based mail for your personal email account, you probably don't see much spam, as the major webmail providers filter it out. Likewise, your business email account probably gets filtered at the email server. Given that few people need a spam filter these days, and that my antispam testing was the most lengthy and laborious of all my tests, I dropped that hands-on test last year.
That's a good thing for TrustPort. The last time I reviewed this suite's spam filter, I found it to be quite dismal. It noticeably slowed the process of downloading email, and certain messages caused it to hang, cured only by quickly turning spam filtering off and on again. And its accuracy was terrible. We can hope that the designers have tuned this component since that time.
The spam filter supports Outlook, Outlook Express, Windows Mail, Thunderbird, and The Bat!, but not Windows Live Mail (the replacement for Outlook Express and Windows Mail). Even with these supported email clients, you still must define a message rule to put the spam in its own folder.
You can manually add email addresses or domains to the whitelist or blacklist. However, there's no option to automatically whitelist addresses to which you send mail, or import the address book to the whitelist, the way you can with ESET, Trend Micro Internet Security, and others.
Spam filtering in Check Point ZoneAlarm Extreme Security 2017 is extremely comprehensive and boasts pages and pages of configuration choices. I'm happier with a reduced set of choices, things users can actually understand. TrustPort's advanced spam filter settings are decidedly reduced—there are just four of them—but the average user will get no benefit from meddling with these.
Not everyone has kids, and not every parent wants a parental control utility. For those who do want it, having parental control integrated with the security suite can be convenient. That is, if the parental control component does its job.
TrustPort's Parental Lock is a content filter, nothing more. If you turn it on by clicking its button on the main window, it immediately starts filtering access to websites in five categories: Violence, Porn, Warez, Hacking, and Spyware. You can tweak the configuration to also filter out seven more categories, among them Chat, Shopping, and Drugs.
By default, the filter applies to all users. It's possible to configure it one way for your teen and another way for your toddler, but it's far from easy. Doing so requires using the arcane Windows Select Users dialog. Guys, couldn't you just give Mom and Dad a simple list of user accounts?
In testing, I found that quite a few seriously raunchy sites got past the filter. It doesn't handle secure sites, so any HTTPS porn sites slipped right through. Logging in through a secure anonymizing proxy lifted any limitations by the content filter.
This so-called parental control system is worse than useless. If you want a suite that includes a full-functioning parental control system, look to Norton, Kaspersky, or ZoneAlarm.
More Drag Than Most
The days of resource-hogging security suites that bogged down performance are gone. Users wouldn't accept it, and security companies changed their ways. Few modern suites put a noticeable drag on performance. Even so, there's still a range, and in my hands-on testing TrustPort's performance drag came in on the high side.
Getting all the protective components of a security suite loaded can have an impact on the time it takes to boot up your PC. My boot time test waits for 10 seconds in a row with less than five percent CPU usage, defining that as the time the system is ready for use. Subtracting the start of the boot process, as reported by Windows, yields the boot time. I ran this test 20 times before installing TrustPort and 20 more times afterward, then compared the averages.
The result was so high that I tried again, this time watching the process closely. I found that at each reboot, the firewall was popping up queries about system processes. I manually rebooted the system over and over, responding to all the popups until they stopped coming. When I re-ran the test it still showed a 54 percent increase in boot time. That's one of the biggest impacts among current products. Fortunately, most of us don't reboot any more than we're forced to.
I also measure the suite's impact on simple file manipulation. One test times a script that moves and copies a mixed collection of files between drives. Averaging multiple runs with and without the suite, I found the script took 28 percent longer with TrustPort present. That's a little more than the current average of 23 percent. On the plus side, it didn't exhibit any measurable drag on another script that repeatedly zips and unzips those files.
The average of TrustPort's three performance scores is 27 percent, one of the largest among current products, but I didn't actively notice the test systems seeming slow. At the other end of the spectrum, Webroot had no measurable effect on any of the three tests. Norton averaged just five percent drag, which is quite good.
Typically I'd conclude by summarizing the good and bad points of TrustPort Internet Security Sphere, but there's just not much I can say on the plus side. The independent labs don't rate it, and it fared poorly in our hands-on tests. Its firewall pops up warnings even for Windows internal processes, and it isn't defended against hacking. And the parental control system is worse than useless.
Forget about this suite. Look instead to one of our Editors' Choice security suite products. For a basic security suite, those are Bitdefender Internet Security and Kaspersky Internet Security.
Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.
Credentials from the likes of Facebook, Viber, Youtube, WhatsApp, Uber, Snapchat, WeChat,Instagram and Twitter will also be sucked up and sent to unknown parties . Antivirus firm Dr Web says says the app is standard fare in terms of malicious Android apps but is unusual in that the code has been offered up for free, something that will likely result in the creation of more malicious apps. "When an SMS message arrives, the trojan turns off all sounds and vibrations, sends the message content to the cybercriminals, and attempts to delete the original messages from the list of incoming SMS," Dr Web researchers wrote. "As a result, a user could miss not only bank notifications about the unplanned transactions but also other incoming messages. "In general, the [capabilities] of this trojan are quite standard for modern Android bankers, however, as cybercriminals created it with publicly available information, one can anticipate that many trojans similar to it will appear." Harvested device data is shipped to attackers' command and control servers and appears on adminstrator panels from where the application can be controlled. The app can also steal all phone contacts, track user location, and create phishing dialogues. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
Image: Lawrence. Those subtle intrusions across the line open avenues for phishers; chevron popups can be faked and 'block' and 'allow' buttons turned into malicious clickable links, for example. In 2005, a remote code execution flaw affecting Firefox was dug up which abused favicons, the untrusted icons websites set that appear in tabs and bookmarks. The line of death deteriorated in 2012 when Microsoft moved Windows 8 Internet Explorer to its full screen minimalistic immersive mode. Lawrence, then program lead for Internet Explorer with Microsoft, opposed the move and says it made the line of death indistinguishable from content, . "... because it (Internet Explorer) was designed with a philosophy of 'content over chrome', there were no reliable trustworthy pixels," he says. "I begged for a persistent trust badge to adorn the bottom-right of the screen - showing a security origin and a lock - but was overruled." He says one Microsoft security wonk built a "visually-perfect" Paypal phishing site that duped the browser and threw fake indicators. "It was terrifying stuff, mitigated only by the hope that no one would use the new mode." The breaching of the line of death is a boon to picture-in-picture phishing attacks, in which attackers create what appear to be fully functional browsers within a browser.
Immaculate reproductions of browsers including the trusted sections above the line of death have been created that fool even eagle-eyed researchers. Microsoft's own security researchers in 2007 would find picture-in-picture attacks to be virtually perfect.
The team of four wrote, in a paper titled An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks wrote in the paper [PDF] that the attack vector was so compelling it beat all other phishing techniques including homograph tricks in which letters of legitimate URLs are replaced with visually similar equivalents from, for example, the Cyrillic alphabet. Everything is untrusted: The line of death dies in HTML5.
Image: Lawrence. Picture-in-picture attacks also rendered ineffective the then-new extended validation SSL certificate scheme for determining malicious sites.
Extended validation, now mainstream, displays a green address bar padlock for participating and verified sites.
The inconvenient research spooked one large certificate vendor then in talks with Redmond over buddying up for the then new certificates. The line of death receded further with the advent of HTML 5, which brought with it the ability for websites, and phishers, to push browsers into fullscreen mode which wiped any line between trusted and untrusted content. And the line is all-but-absent on mobile devices, where simplicity and minimalism is king. "We are seeing a lot more hits on phishing links in mobile because it is so much harder to extract necessary information," Sophos senior technology consultant Sean Richmond tells El Reg . "Expanding the URLs is more difficult and it is harder to get the information users need to make decisions, so security awareness can suffer." Email apps are similarly breaching the line of death. Outlook's modern versions place a trusted message of "this message is from a trusted sender" within the untrusted email contents window, allowing phishers to replicate the notice. "Security UI is hard," Lawrence says. ® Sponsored: Customer Identity and Access Management
The logged keypresses would be siphoned off to a website called limitlessproducts.org. Shames was eventually snared by FBI agents after selling his software from a PayPal account that was registered in his real name, according to court documents obtained by The Register.
That PayPal account was connected to an email address – firstname.lastname@example.org – that answered support queries for the malware and was also the contact address for the domain name limitlessproducts.org.
Shames had registered that domain under his real name and home address, too. An ice hockey fan and one-time country club waiter, Shames built the software nasty while he was in high school, according to the DA's office. When he graduated from Langley High, in Fairfax, Virginia, he continued to develop and peddle his malware online from his JMU dorm room in Shenandoah Hall. According to his LinkedIn page, Shames, a 3.7 GPA student of Great Falls, Virginia, worked as an intern at Northrup Grummond from 2015 to August of last year, developing front-end website code and backend Java software and managing a MySQL database.
Spyware author Zach Shames "I am a Junior at James Madison University working towards a degree in Computer Science," the malware author boasts on his personal website. "I am really interested in developing cool new programs and I want to expand my skills to make me a more well-rounded programmer.
I have been programming for the past six years, and in my spare time I do freelance design jobs and coding for various programs/websites.
I am passionate about anything and everything internet and technology." Here's how passionate he was.
According to prosecutors, "Shames developed malicious software, known as a keylogger, that allowed users to steal sensitive information, such a passwords and banking credentials, from a victim’s computer. "Shames sold his keylogger to over 3,000 users who, in turn, used it to infect over 16,000 victim computers.
Shames developed the initial versions of his keylogger while attending high school in Northern Virginia, and continued to modify and market the illegal product from his college dorm room." The kid will be sentenced on June 16. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub