14.6 C
London
Tuesday, September 26, 2017
Home Tags Port Scan

Tag: Port Scan

Enlarge / Will Barack Obama order a major cyber-reprisal against Russia for election hacks before he leaves office? A CNN report suggests the response will be a softball.Photo by Carsten Koall/Getty Images reader comments 28 Share this story According to a CNN report, officials within the Obama administration have said that retaliatory measures against Russia for interference in the US election will happen very soon—perhaps as early as today.

But the response is expected to be "proportional" and include diplomatic measures and sanctions.
It's not clear whether there will be any sort of response in kind against the Russian leadership's computer systems and data. A proportional response, however, likely won't do anything to deter future efforts to use hacking and information campaigns to affect US politics or other aspects of government.

That's according to Dave Aitel, the founder of the security firm Immunity and a former NSA research scientist.
In a recent interview with Ars, Aitel said he believed that the US would take some sort of retaliatory action in the final weeks of Obama's presidency. "We're in a unique position where [President Barack] Obama can lay a haymaker down," he said, "and then Trump has to stand up.

And Obama has nothing to restrain him." Aitel predicted that the US response "will be big enough that it intimidates a nation-state.
It's like we are the only nuclear power." And he said the US response needs to be substantial, because the methods used to hack the DNC and John Podesta and the related information operations used to disrupt the campaign of Hillary Clinton are within the skill set of a team of penetration testers or anyone else with a moderate amount of technical skill. "Anybody could have done this," Aitel said. "That's the more concerning factor—it's less about what Russia did and more about, have we built a fragile democracy?" The US' judicial system, he noted, is particularly vulnerable as well. "Someone could start messing with court cases very easily.
It could be a billion-dollar problem." Go big or go... nowhere? Launching the sort of "big" response Aitel advocates for, however, would require acting in a way that doesn't escalate beyond the digital.

As Aitel himself pointed out, "Our [the US'] specialty is the hard stuff"—things like Stuxnet.

But much of what the US could do—or the National Security Agency, in particular—is in the realm of the cyber-physical, as in disabling infrastructure—actions that could be seen as too drastic or as an act of war. Early leaks from the Obama administration claim the CIA was planning some sort of "covert" operation against Russia (though not terribly covert, as information on the planned operation was given to NBC News).
It now seems like those operations have either been sidelined or have failed outright.
So President Obama's options at this point may be extremely limited. The measures that CNN reports are in the works are expected to include naming individuals involved in information operations, including the hacking and leaking of the e-mails of the Democratic National Committee and Hillary Clinton presidential campaign chairman John Podesta—the same sort of "name and shame" approach the US took with China over hacking by members of the People's Liberation Army.

The US response will not likely include indictments, but direct financial sanctions may be involved. The reports of the White House plan drew a response yesterday from Russia's Foreign Ministry.

Foreign Ministry Spokesperson Maria Zakharova said, "The outgoing US administration has not given up on its hope of dealing one last blow to relations with Russia, which it has already destroyed. Using obviously inspired leaks in the US media, it is trying to threaten us again with expansion of anti-Russian sanctions, 'diplomatic' measures, and even subversion of our computer systems." Zakharova claimed that the Department of Homeland Security's alleged port scan of the systems of the Georgia secretary of state were evidence of a "White House-orchestrated provocation" trying to shift blame to Russia.
She added, "We can only add that if Washington takes new hostile steps, it will receive an answer.

This applies to any actions against Russian diplomatic missions in the United States, which will immediately backfire at US diplomats in Russia."
Only a handful of brands have as much weight in the security suite as Symantec's Norton.

The 2017 edition of Symantec Norton Security Deluxe continues a long tradition of top-notch security, as confirmed by independent labs and my own hands-on testing and evaluation.
Installed in Windows, it's a top-tier security suite, and Mac users also get a suite, not just an antivirus.

As for the Android edition, it's an Editors' Choice.
Support for iOS is pretty limited, but that's typical. Overall, the suite is excellent, but it's just shy of an Editors' Choice award. A $79.99 per year Norton subscription lets you install Norton's security products on up to five Windows, Android, macOS, or iOS devices. Webroot charges the same for five licenses, while Trend Micro lists for $89.95.

For about the same as Trend Micro's price, you can install McAfee's top-level security software on all the devices in your household. Oh, and for that rare individual who just has one device, Norton Security Standard protects a single PC or Mac for $59.99 per year. You'll find that all of these prices are frequently discounted, sometimes deeply. As with many cross-platform multi-device suites, Norton's online console is central to managing and installing protection. You start by creating your account and entering your license key.

At that point you can download and install Norton Security for your Windows system. You can also extend protection for up to four other devices.
I'll go into detail about protection on other platforms later in this review. Appearance-wise, there's not much change since last year.

The main window still features four panels devoted to Security, Identity, Performance, and More Norton.

Clicking a panel slides down the whole panel row, revealing additional icons related to the panel you clicked.

For example, when you click Security, you get icons for Scans, LiveUpdate, History, and Advanced. Most of the new developments are invisible. New Protection LayersKeeping up with the very latest malware innovations requires expertise, study, and analysis. Having researchers perform that analysis can take too long, so a couple of years ago Symantec launched an initiative focusing on machine learning.

According to my Symantec contact, the team "consists of 10 PhDs and two research Engineers from top schools, with combined 100+ years of experience in applied machine learning." That's quite a brain trust. Symantec has always taken a layered approach to system protection.

At the network level, Norton fends off attacks and blocks contact with malicious websites.
If a malicious file makes it onto your disk, the antivirus scan may wipe it out. Other factors such as file prevalence and behavior-based blocking come into play. The current product line adds several new layers to the protection mix. Proactive Exploit Protection actively prevents exploit techniques such as heap spray and ROP (Return Oriented Programming).

Threat Emulation handles malware that has been encrypted, packed, or obfuscated by running it in a controlled environment and evaluating it after it self-decrypts, much like Check Point ZoneAlarm Extreme Security 2017's similar feature.

And a predictive machine-learning algorithm aims to catch even the freshest and most innovative malware. These new layers aren't visible to the user (or even the expert).

But they help Norton keep malware out of your system. Shared AntivirusAfter a brief hiatus, Symantec again offers antivirus product, Symantec Norton AntiVirus Basic.

Feature-wise, the suite's antivirus protection is identical. However, where users of the standalone antivirus must rely on FAQs and forums for support, the suite adds a full range of tech support, and a Virus Protection Promise—if Symantec's tech support agents can't rid your system of pesky malware, the company will refund your money.

But as far as features go, the suite's antivirus protection is identical. Read my review for all the juicy antivirus details. Norton doesn't participate with all of the independent testing labs that I follow, but those that do include it give it high marks.
In the three-part test performed by AV-Test Institute, it got top marks for malware protection and low false positives, though it slipped in performance, taking 5 of 6 possible points.
Its total of 17 points is good, but Trend Micro Maximum Security, Bitdefender, and Kaspersky managed 18 of 18 possible points in the latest test.

There's nothing second-rate about a perfect AAA rating from Simon Edwards Labs, though.

And Norton is one of a very few products to pass two tests performed by MRG-Effitas.
Its aggregate lab score, 9.7 points out of a possible 10, beats all others except Kaspersky Total Security. Norton also did very well in my own hands-on tests.
Its detection rate of 97 percent and malware-blocking score of 9.7 are among the best, though Webroot did manage a perfect 10 points. When I tested Norton with 100 very recent malware-hosting URLs, it blocked 98 percent of the malware downloads.
In some cases, its Web-based protection kept the browser from even visiting the malicious URL, but mostly the Download Insight feature eliminated the malware payload. Only Avira Antivirus Pro 2016 has done better in recent tests, with 99 percent protection. I use Norton as a touchstone for measuring antiphishing success, reporting the difference between the tested product's protection rate and Norton's. Webroot, Bitdefender Internet Security 2017, and Kaspersky are the only recent products that have done better than Norton.

And of course it's significantly more accurate than the phishing protection built into Chrome, Firefox, and Internet Explorer. Other Shared FeaturesDespite the word Basic in its name, Norton's standalone antivirus offers a lot more than just the basics.
It doesn't include full firewall functionality, but in testing, its Intrusion Prevention component did an impressive job blocking exploit attacks, stopping them at the network level and identifying many of them by name. You'll also find a complete antispam component that filters POP3 email accounts and integrates with Microsoft Outlook. A Norton Insight scan lists all the files on your computer, along with the trust level for each, prevalence among Norton users, and impact on system resources.

The antivirus scanner uses Norton Insight results to avoid scanning known and trusted files.

The Norton Safe Web browser extension uses red, yellow, and green icons to flag safe, iffy, and dangerous links in search results. You can click through for a full report on just why a given site got the rating it did. The Symantec Norton Identity Safe password manager is free for anyone to use, but having it integrated with your Norton protection is convenient.
It handles all basic password manager functions and syncs across all your devices, though it lacks advanced features like two-factor authentication and secure password sharing. Several of the shared features aim to improve your system's performance. Using the startup manager, you can reversibly disable programs from launching at startup, or set them to launch after a delay.

The File Cleanup tool wipes temporary files that waste space.

There's even a disk defragger, in case you don't have Windows optimizing disk fragmentation in the background. See How We Test Security Software Intelligent FirewallAs noted, the standalone antivirus includes a powerful Intrusion Prevention tool, a feature more commonly associated with firewall protection. With the suite, you get a complete two-way firewall. The built-in Windows firewall completely handles the task of stealthing your PC's ports and preventing outside attack.

Any firewall that aims to replace the built-in needs to do at least as well. Norton passed my port-scan and other Web-based tests with flying colors. What you don't get with the Windows firewall is control over how programs access the Internet and network.

Don't worry; Norton won't bombard you with confusing queries about what ports and IP addresses a given program should be allowed to access.
It handles such matters internally, automatically assigning network permissions to the vast number of known and trusted programs in its online database. When Norton encounters an unknown program attempting Internet access, it cranks up the sensitivity of its behavior-based malware detection for that program, and keeps an eye on its connections.
If the program misbehaves, Norton cuts its connection and eliminates it.

This isn't quite the same as the journal and rollback technology that McAfee and Webroot SecureAnywhere Internet Security Complete apply to unknown programs, but it's effective. I always do my best to disable firewall protection using techniques that would be available to a malware coder. Norton doesn't expose any significant settings in the Registry, so that route is out.

Both of its processes resist termination.

And its single Windows service can't be stopped or disabled.
It's worth noting that this isn't always the case.
I completely disabled all processes and services for ThreatTrack Vipre Internet Security Pro 2016, for example.

And while the majority of McAfee's 14 processes and 13 services resisted attack, quite a few succumbed. Excellent Android ProtectionNorton's standalone antivirus is PC-specific. With the suite, you can cover your Mac, Android, and iOS devices as well.

Click More Norton in the program's main window, then click the Show Me How button to get started.
Sign in to your Norton account and enter the email address used on the device you want to protect. Unlike the similar feature in McAfee LiveSafe, you don't have to choose the platform.

Clicking the emailed link on the device automatically selects the proper download. On an Android device, you get Norton Security and Antivirus (for Android).

Along with Bitdefender Mobile Security and Antivirus, this product is an Editors' Choice for Android security. Please read our review of that product for a deep dive into its features.
I'll summarize here. Note that the Android app has gotten a significant user interface redesign since our review, and more new features are due in the coming weeks. Immediately after installation, the antivirus runs an update and a scan. You also must activate the app for Device Administration in order to make use of its anti-theft features, and give it Accessibility permission so it can scan apps on Google Play. Norton scans for malicious and risky apps, as expected. More interestingly, its App Advisor works inside Google Play, checking every app you tap and reporting the risk level.

Tap the small notification at the bottom to see details of App Advisor's findings. Norton's extensive set of anti-theft features can be triggered either by logging in to the Web console or by sending coded SMS commands. Naturally you can use it to locate, lock, or wipe the device, and the scream feature helps find a misplaced device at home. When you lock the device, it displays a contact message of your choice, so someone who finds your lost device can arrange to return it. The Sneak Peek feature lets you remotely (and silently) snap a photo of whoever is holding the device. When you lock a lost or stolen device, it automatically snaps a photo every 10 minutes, and reports its location every five minutes. You can also remotely back up your contacts before resorting to the Wipe command, which performs a factory reset. There's a link to install the free separate App Lock app, and another to install a trial of the Norton WiFi Privacy VPN (Virtual Private Network).
It offers call blocking on Android smartphones.

And you can extend protection to another device directly from within the Android app. Suite for macOSIt's fairly common for multi-platform suites to give macOS short shrift, but Norton doesn't follow that trend. Norton Security on a Mac is a full security suite, not just antivirus. My Norton contacts say that the definition file size is down by two thirds in the current edition, which means faster scans and lower memory usage. As expected, the antivirus component scans files on access, on demand, and on schedule.
It can also scan inside ZIP files.

The full-scale firewall blocks dangerous network connections and controls how programs access the network.

The related Vulnerability Protection feature blocks port scan attacks and attacks attempting to exploit system vulnerabilities. Norton's Safe Web website reputation monitor installs in Chrome, Firefox, and Safari, marking up search results and optionally blocking access to dangerous sites, just as with the Windows edition. Phishing protection is likewise parallel to what you get with Windows. The File Guard feature aims to protect your most important files from unauthorized modification. You can set it to guard up to 250 specific files.
It doesn't protect an entire folder the way Trend Micro's Folder Shield or Bitdefender's Data Shield do.

Files under guard can't be opened, moved, copied, or deleted. You can optionally let system processes like Finder and Spotlight manage guarded files.
If you want to manipulate or modify a file that's under guard, you simply enter your password in the popup notification. Find Your iOS Devices You may want to think twice about using up one of your five licenses to protect an iOS device, as the feature set on iOS is seriously limited. Norton does offer to back up your contacts, just as it does under Android. You can use the Web portal to locate your iOS device.

And you can trigger a loud alarm to help find a nearby device.
Is it under the sofa? Or in that scruffy guy's backpack? But that's the extend of anti-theft. You can't lock or wipe the device, and you certainly can't snap a sneak peek photo. The iOS version does offer one unusual feature.

As long as you're using a device with microphone and speakers, say, a laptop or another mobile device, you can make an Internet call to the lost or stolen device. Note, though, that this won't work if the device is locked with a PIN or passcode. That's the extent of mobile security on iOS devices. No Performance WorriesAround 10 years ago, Norton had a reputation for being a resource hog, offering security at the expense of performance.

The developers quashed that reputation by spiffing up the suite's performance, and they continue to work toward less and less performance impact. I check performance using three tests that measure boot time, the time to move and copy a ton of files between drives, and the time to zip and unzip that same collection of files.
I average the results of multiple tests with no suite installed, then install the suite and average another round of testing. Norton's results were outstanding, quite a bit better than last year's.

They were so outstanding that, just to be sure, I uninstalled the product and repeated the whole process.

The results were the same within a few percent. Norton had no measurable effect on the boot time test or zip/unzip test.

The file move and copy test took 16 percent longer with Norton watching over the test system, well below the current average of 24 percent.
It's pretty clear that you don't have to worry about Norton dragging down your system's performance. Overshadowed by PremierAntivirus protection in Norton Internet Security Deluxe is excellent, with very high marks in my hands-on tests and in independent lab tests.
Its phishing protection is so good that I use it as a touchstone for evaluating other products.

Add a self-sufficient, tough firewall and a straightforward antispam tool and you've got a fine suite for your Windows devices. Norton's Android security product is an Editors' Choice, and it offers more under macOS than many.

Granted, it doesn't do a lot on iOS devices, but they do tend to need less protection. The main reason this product isn't an Editors' Choice for cross-platform multi-device suite is that its big brother, Norton Internet Security Premier, is significantly better.

For just $10 more, Premier gets you twice as many licenses, plus some significant added features.
It's a seriously better deal, well worth an Editors' Choice. Our other top pick in this category, McAfee LiveSafe, doesn't offer quite the stellar protection that Norton does, but a single subscription lets you install protection on every device in your household. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: n/a Back to top PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.
If you had a personal computer in the late 90s, you probably thought that firewall protection was something that businesses needed, not consumers.
It took the ZoneAlarm crew years to get out the message that consumers need firewall protection too.

F...
Meanwhile, two MEEELION Dota 2 users leaked ... from vBulletin forum Steam's Dota 2 forums have leaked a couple of million user names with MD5-hashed passwords, which at least serves as a salutary reminder that since there's a patch out, get patching. The patches cover server-side request forgery bugs in vBulletin 3.8.9, 3.8.10 beta, 4.2.3, 4.2.4 beta, and 5.2.3. Attackers could exploit the bug to get access to services such as email, the memory cache, and other services. In this advisory, Dawid Golunski who found the bug means an “unauthenticated attacker could perform a port scan of the internal services as well as execute arbitrary system commands on a target vBulletin host with a locally installed Zabbix Agent monitoring service.” The problem is in how vBulletin lets forum users upload media files: while the software tries to prevent posters from using HTTP redirects, “there is one place in the vBulletin codebase that accepts redirects from the target server specified in a user-provided link.” The advisory includes proof-of-concept code. That patch comes as Leakedsource.com warned about the breach of the Dota 2 forums. That breach was based on a simple SQL injection attack, and there looks to be a serious failure about how the Dota 2 forums were configured. Passwords were stored as MD5 hashes, and Leakedsource.com claims it's already converted 80 per cent of the more than 1.9 million passwords back to their plaintext. The advisory is here, along with the ability to search for your name in the list. If you're there, and you've reused that password, you know what to do. ® Sponsored: Global DDoS threat landscape report