Tag: storage services
From leading data and research-rich university seats of learning -... Source: RealWire
I don’t know why I keep hearing this.
There’s simply no evidence to support this fear.
In fact, there’s solid evidence that says mobile devices are not a significant—or even moderate—risk factor. Every year, I check the Identity Theft Resource Center’s database of personally identifying information (PII) breaches, which require disclosure by both state and federal laws.
I’m sure many losses go unreported, and the database doesn’t cover corporate information not containing PII.
But if mobile devices were a conduit to data loss, they should show up in this database. Mobile-linked breaches haven’t shown up in previous years, and they didn’t show up again in 2016—despite the fact that nearly everyone these days uses a smartphone. What does show up? Paper records, thumb drives, external hard drives, laptops, hacks into databases and storage systems, and successful phishing attempts. Many of the reported breaches involve lost papers, drives, and laptops, where a data thief probably wasn’t involved.
But many involve active hacking of IT systems where data theft is the goal.
And some involve insiders (contractors and ex-employees) steal data to use themselves, bring to new employers, or—least often—sell to others. None of the lost, stolen, or compromised devices were smartphones or tablets.
That’s probably because encrypted devices need not be reported; they’re presumed safe. iPhones and iPads have long encrypted their contents, and professional-grade Android devices have done that in recent years.
In both cases, a simple IT policy can enforce that encryption.
It doesn’t take a fancy mobile security tool; Microsoft Exchange can do the trick. Well, there was one data breach involving a smartphone: A former hospital manager, after resigning, took patient-identifying information by forwarding certain documents such as patient lists to her personal email account.
She had work email set up on her personal smartphone—a common BYOD scenario—and simply forwarded the work emails to her personal email account.
That’s not a mobile-specific issue—she could have done that from a work computer or a home computer. IT’s remedy for this case is the same no matter the device running the email app: Use restricted email accounts where possible and data loss prevention (DLP) tools where not to identify and perhaps prevent such odd email usage.
And don’t distribute PII or other sensitive information in routine documents in the first place! Also not in the breach list were the cloud storage services that IT managers fret about after they’re done worrying about mobile devices: Apple iCloud Drive, Box, Dropbox, Google Drive, and Microsoft OneDrive. But that omission may be misleading because if a lost (unencrypted) laptop has stored the access credentials for such services—which is common—then the data on that cloud drive is available to a data thief, just as the locally stored data is.
The Identity Theft Resource Center database doesn’t go into great detail of each case, but because a lost (unencrypted) laptop is presumed to be a data breach, that breach extends to any data on that laptop, including cloud-accessed data. Still, we didn’t see cases of these popular cloud storage services as the specific vector of a data breach—despite frequent IT fears to the contrary. In this day and age, IT pros have plenty of security threats to deal with.
Active hacking is the biggest threat, of course, and should get the lion’s share of the resources. The client side should be addressed but not dwelled on. Of the clients in use, mobile is the least risky.
Based on the actual risks, a good place to start is securing laptops, then external drives that people use when they don’t have access to a corporate cloud storage service.
Those devices compromise the biggest client risk.
Encryption is your main line of defense for these devices—for cloud storage, too. For the much smaller risk posed by mobile devices, mobile management tools are both mature and effective; there’s no excuse not to have them in place already.
Having your laptop stolen is traumatic; having the thief gain access to your sensitive documents could be catastrophic.
To avert the possibility of catastrophe, use an encryption tool to protect your most important files. With Steganos Safe 18, you can create any number of encrypted storage containers.
Steganos combines an impressive variety of security options with an interface that's very easy to use.
Your $39.95 purchase lets you install Steganos Safe on up to five PCs.
This is a one-time cost, which is a common model for encryption tools.
Editors' Choice utility Folder Lock also costs $39.95, and Ranquel Technologies CryptoForge goes for $39.70. You'll pay $45 for Cypherix PC, and $59.95 for CryptoExpert. Note, though, that those are single licenses.
The five-license Steganos package is quite a bargain.
In addition to being available a standalone product, Steganos Safe is an integral part of the full Steganos Privacy Suite.
This suite also includes Steganos Password Manager 18 and a number of other useful tools.
What Is Encryption?
Throughout history, rulers and generals have needed to communicate their plans in secret, and their enemies have devoted great resources to cracking their secret communication systems.
A cipher that simply replaces every letter with a different letter or symbol is easy enough to crack based on letter frequency.
France's Louis XIV used a system called The Great Cipher, which held out for 200 years before anyone cracked it.
Father-son team Antoine and Bonaventure Rossignol conceived the idea of encoding syllables rather than letters, and letting multiple code numbers represent the same syllable.
They also included nulls, numbers that contributed nothing to the cipher.
But even this long-unbroken cipher pales in comparison with modern encryption technology.
Advanced Encryption Standard (AES), the US government's official standard, runs blocks of data through multiple transformations, typically using a 256-bit key.
Bruce Schneier's Blowfish algorithm should be even tougher to crack, as it uses a 448-byte key.
Whatever the size of the key, you must get it to the recipient somehow, and that process is the weakest point in the system.
If your enemy obtains the key, whatever its size, you lose. Public Key Infrastructure (PKI) cryptography has no such weakness.
Each user has two keys, a public key that's visible to anybody and a private key that nobody else has.
If I encrypt a file with your public key, you can decrypt it with the private key.
Conversely, if I encrypt a file with my private key, the fact that you can decrypt it with my public key proves it came from me—a digital signature.
Getting Started with Steganos Safe
The Steganos encryption utility's installation is quick and simple. Once finished, it shows you a simple main window that has two big buttons, one to create a new safe and one to open a hidden safe.
When a safe is open, it looks and acts precisely like a disk drive. You can move files into and out of it, create new documents, edit documents in place, and so on.
But once you close the safe, its contents become totally inaccessible. Nobody can unlock it without the password, not even Steganos.
Like Editors' Choice tools CertainSafe Digital Safety Deposit Box, AxCrypt, and Folder Lock, Steganos uses AES for all encryption. However, it cranks the key size up from the usual 256 bits to 384 bits.
CryptoExpert and CryptoForge offer four different algorithms, and Advanced Encryption Package goes over the top with 17 choices.
Few users have the knowledge to make an informed choice of algorithm, so I see no problem sticking with AES.
Steganos warns if you try to close a safe while you still have files from the safe open for editing.
In addition to the basic safe, Steganos can optionally create portable safes and cloud safes.
I'll cover each safe type separately.
Create a Safe
The process of creating a new safe for storing your sensitive documents is quite simple, with a wizard that walks you through the steps. You start by assigning a name and drive letter to the safe—the program's main window shows you the name.
By default, Steganos creates the file representing your safe in a subfolder of the Documents folder, but you can override that default to put it wherever you want, including on a network drive.
Next, you define the safe's capacity, from a minimum of 2MB to a maximum that depends on your operating system. Unlike Cypherix PE and CryptoExpert, with Steganos the initial capacity doesn't have to be a hard limit. You can create a safe whose size grows dynamically.
Folder Lock works a bit differently. While you must set a maximum size at creation, it only uses as much space as its current content requires.
A newly created Cypherix volume requires formatting. With Steganos, the safe is ready for use immediately.
The next step is to select a password.
If you've created a master password for Steganos Password Manager, the password dialog should look familiar.
Steganos rates password strength as you type.
If you wish, you can define the password by clicking a sequence of pictures rather than typing it in.
There's also an option to enter the password using a virtual keyboard.
Folder Lock and InterCrypto Advanced Encryption Package 2016 also offer a virtual keyboard.
Here's a useful option. You can choose to store the password on a removable drive, making that drive effectively the safe's key.
By default, a safe opened in this way closes automatically when you remove the key.
It's not two-factor authentication, as you can still unlock the safe using just the password, but it's certainly convenient.
In a similar situation, you can configure InterCrypto CryptoExpert 8 to require both the master password and the USB key.
Digging into the program's settings, you can simplify the process by disabling advanced wizard options.
If you do so, Steganos chooses default values for each new safe's drive letter and filename.
There's a special option that only appears for safes smaller than 3MB.
If you've chosen an acceptable size, a link appears explaining how you can create a hidden safe.
Steganos can hide a small-enough safe inside a video, audio, or executable file.
After creating the safe, you click it, choose Hide from the menu, and select a carrier file.
Steganos stuffs the entire safe into the carrier, without affecting the carrier's ability to function as a program or audio/video file.
To open it, you click Open a Hidden Safe on the main window, select the carrier, and enter the password. Just don't forget where you hid the safe.
For additional security, consider creating a portable safe that you only bring out when you need to access it.
The process is similar. You start by selecting the target device, which can be a USB storage device or an optical drive. You define the size and create a password, just as for a regular safe.
But then the process diverges.
Steganos creates and opens what it calls a prepackaging drive, using the drive letter of your choice.
Showing its age, the tool warns that portable safes don't support Windows NT 4.0 or Windows 95/98/Me. You click to open the prepackaging drive and drag the desired files into it. When you click Next, Steganos creates the necessary files on the target device. You're done!
If the size of the portable safe is less than about 512MB, Steganos creates what it calls a SelfSafe by default.
As with the hidden option for regular safes, you won't even see this as a choice if your desired size is too large.
The SelfSafe is a single executable file called SteganosPortableSafe.exe that contains both the necessary decryption code and the data representing the safe's contents. Otherwise, it stores the contents in a folder called Portable_Safe and adds a file called usbstarter.exe.
Either way, launching the file lets you enter the password and open the portable safe.
In testing, I did run into one surprise; a portable safe is not completely portable.
It requires the Steganos encryption engine. You can only open and work with your portable safe on a PC where you've installed the program.
As noted, you can open a portable safe on any PC where you've installed Steganos Safe.
Creating a cloud safe is another way to share your encrypted files between PCs.
Steganos supports the cloud storage services Dropbox, Google Drive, or Microsoft OneDrive. Whichever you choose, you must install that cloud service's desktop app.
The help points out that Google Drive and OneDrive must re-sync the entire safe when there's any change, while DropBox can selectively sync changes only.
My test PC didn't have any of the desktop apps installed, and the cloud safe creation dialog reflected this fact.
For testing purposes, I installed the Dropbox app.
As with a regular safe, you select a name and drive letter and then choose the safe's size.
For a cloud safe, you don't get the option to have the safe expand as needed.
Create your password, wait for the safe's initialization, and you're ready to go.
The safe syncs to the cloud each time you close it, and you can use it on any PC that has both Steganos and the proper cloud app installed.
Click a safe and click Settings to bring up the administration dialog. Here you can change the password, name, and file location for the safe, but that's not all. On the main page of the dialog you can color-code the safe, and choose whether Windows should see it as a local drive or a removable drive. On the Events tab, you can choose whether to open the safe when you log on, and whether to close it on events such as screen saver activation or going into standby.
There's an option to define an action that occurs after the safe opens, and after it closes.
For example, you could configure it to automatically launch a file that resides within the safe after opening it, or automatically make a backup copy after closing it.
Perhaps most interesting is the Safe in a Safe feature.
This defines a separate safe, hidden within the normal safe, occupying a user-defined percentage of available space, and having its own password.
Depending on which password you use to open the safe, you either open the Safe in a Safe, or the original safe that contains it.
Sneaky! But take care.
If you overfill the outer safe, its contents can wipe out the super-secret Safe in a Safe.
It's all well and good to put your most sensitive files into an encrypted safe, but if you leave the unencrypted originals on disk, you haven't accomplished much, security-wise.
Even if you delete the originals, they're not really gone, because their data remains on disk until new data overwrites it.
For true privacy, you must use a secure deletion tool that overwrites file data before deletion, something like this program's file-shredder component.
The easiest way to use the shredder is to right-click a file or folder and choose Destroy from the menu that appears.
Steganos overwrites the file's data once and then deletes it.
This should be sufficient to foil software-based file recovery systems, though it would still be theoretically possible for a hardware-based forensic tool to get back some or all of the data.
Folder Lock, by contrast, lets you choose up to 35 overwrite passes, which is overkill, as there's no added benefit after seven passes.
Launching the full File Shredder from the main window's menu reveals that it does more than just securely delete files.
As with Folder Lock, Steganos can overwrite all the free space on a disk.
Doing so wipes out all traces of previously deleted files, in effect shredding them ex post facto.
This can be a lengthy process, so you may want to use the scheduler to set it for a time when you're not using the computer. You can also schedule daily or weekly free space shredding. Note that if you stop and restart the free space shredding process, it skips quickly past previously shredded areas.
Finally, there's the Complete Shredder nuclear option.
Choose this to completely wipe out all data on a drive, including partition data.
A drive that's been shredded in this way must be formatted before you can do anything with it. Like shredding free space, this process can take quite a while.
By observation, you can't shred the active Windows volume, which makes sense. When I tried, there was no error message, but it did nothing.
Comprehensive Encrypted Storage
Steganos Safe 18 focuses on the singular task of creating encrypted storage containers for your sensitive files, and it does that task very well.
It's easier to use than most of its competitors, and its Safe in Safe and hidden safe options are unique. You can only use its portable safe and cloud safe features on PCs that have the program installed, but your purchase gets you five licenses.
However, Folder Lock does most of what Steganos does, and quite a lot more.
It features include encryption of individual files and folders, secure storage of private data, a history cleaner, and (at an extra cost) secure online backup.
AxCrypt Premium is even easier to use than Steganos, and supports public key cryptography.
And CertainSafe Digital Safety Deposit Box protects your cloud-stored encrypted files against any possibility of a data breach.
These three are our Editors' Choice products for encryption, but Steganos is a worthy contender.
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
Münich-based software publisher Steganos is all about privacy. The company offers encryption, VPN, secure deletion, and other privacy-related tools. Naturally, the lineup includes a password manager. Steganos Password Manager 18 doesn't have the high-end features that typify the very best password managers, though, and even its more mundane features didn't always work in testing.
Your one-time payment of $24.95 gets you licenses to install the application on up to five PCs. The licenses don't expire, but they also don't automatically update to the next version. You can also tie any number of iOS or Android devices to your account. This pricing is a bit hard to compare with the competition. RoboForm Desktop is also a one-time fee, $29.95 in this case, but it doesn't sync across multiple devices. Dashlane costs $39.99 per year and puts no limits on the number of PC, macOS, Android and iOS devices. Just one dollar per month lets you use LastPass Premium on all your devices. And of course, some competitors, such as LogMeOnce Password Management Suite Premium, are completely free.
When you go to download Steganos, you're likely to find that it comes with a trial of the full Steganos Privacy suite. This suite includes, among other things, a file shredder, several forms of encryption, and the Steganos Online Shield VPN. In this review, I focus strictly on the password manager.
Once you've installed the product, it opens to a big, empty window, with instructions on how to proceed. With Steganos, you can create multiple password databases, which it calls keychains. Multiple users on one PC could have their own keychains. But nothing happens until you select New from the File menu, to create your first keychain.
As with most password managers, Steganos starts you off with the creation of a master password. You can type it using a virtual keyboard, or create it using the unusual PicPass feature. I'll go into detail about those below. As you type in your password, Steganos fills in five lock icons, and displays a description of your password's strength. At one lock, it says, "This password can probably be guessed." If you make it to five locks, it declares, "This password cannot be identified by intelligence agencies." Interestingly, it also reports the number of word fragments found in the password.
There's also an option to store the master password on a USB device. This isn't precisely two-factor authentication, since the USB device replaces the master password for authentication. In addition, you can't sync with mobile devices if you choose USB authentication. True Key and LogMeOnce Password Management Suite Ultimate both allow authentication using multiple other factors, without the need for a master password. In fact, passwordless login is the default for LogMeOnce.
Steganos installs the necessary browser extension in Internet Explorer automatically, and there's a menu option to install it in Chrome. Firefox is also supported, but in testing I could not get the extension to load. Even after reinstallation, Firefox reported the extension as corrupt. An Edge extension is in the works, pending approval by Microsoft. True Key by Intel Security is the only competitor I've encountered that has a working extension for Microsoft Edge.
Dashlane, Sticky Password Premium, and most password managers that let you sync your passwords across multiple devices handle syncing internally. Not Steganos. If you want to sync between devices, you must configure it to store your keychain in your existing cloud storage services. It supports Dropbox, Google Drive, and OneDrive, as well as the Europe-centric Magenta Cloud. Setting up the connection is simple enough, and of course your data is encrypted before it's sent to the cloud. Still, this might be a good time to toughen up the password on your cloud storage.
There is one more option for syncing among devices, but it's not something most users would want to mess with. If you choose File export, Steganos saves your data in a portable, shareable form. Importing that data on another PC isn't so tough, but getting it onto an Android or iOS device is a pain.
Password Capture and Replay
Like almost all password managers, Steganos notices when you log in to a secure site and offers to save your credentials. Some products slide in a notification at the top of the browser window, some create a popup within the browser, and others use a totally separate popup. Steganos is among the last group, and I found that its popup consistently got stuck behind the browser. You can give the new entry a friendly name at this time, but you can't assign it to a category.
If you're switching to a new password manager, the ability to import passwords from the product you're leaving behind is a big plus. LastPass can import from more than 30 competitors, and KeePass from nearly 40. Steganos imports from just two, KeePass 2.34 and 1Password; to me these seem like odd choices.
Dashlane, LastPass, Password Boss Premium, and True Key don't just import passwords stored insecurely in your browsers. They also delete those passwords from the browser, and turn off browser-based password capture. Alas, Steganos doesn't import from browsers at all.
When you revisit a secure site, the default behavior is for Steganos to automatically fill in the saved credentials. You can turn off this behavior and manually call on the browser extension when you want it to fill in the data. As is typical, if you have multiple sets of credentials saved, it offers a menu.
While most websites use standard login screens, easily understood by password managers, some of them march to a different drummer. If you run into a login that Steganos doesn't capture automatically, you can do it manually. Just sign out, reenter your credentials, and (in Chrome) choose "Save form to keychain" from the toolbar button's menu. In testing, I found that in IE the equivalent Save Form button did not work. LastPass, Sticky Password, and RoboForm Everywhere 7 have a similar ability to capture passwords on demand.
Many password managers turn your data into a menu of saved websites. Just click the toolbar button and choose a site to both navigate there and log in. With Steganos, you open the main application window and launch from there.
The Steganos application must be running any time you want to use its browser extensions. That's a bit different from many competing products. I kept accidentally shutting it down, when all I really wanted to do was get it out of the way. The correct way to handle that situation is to minimize the application down to its tiny desktop widget. From the widget, you can restore the main window, or drag/drop the username and password for the selected login.
When you're editing one of your saved password entries, you can invoke the built-in password generator to provide a strong new password. However, it's up to you to go to the site and put your new password in place. Steganos doesn't automatically offer the password generator when you're setting up a new online account, either.
The password generator defaults to creating 16-character passwords, which is good. But it only uses uppercase letters, lowercase letters, and digits, by default. I advise adding special characters to the mix. Interestingly, Steganos seeds its random number generator before each password generation event by using your own mouse movements.
As noted, you can assign a friendly name at the time Steganos captures a set of login credentials. That name is what appears in the main window's password list. When you click an item in the list, its details appear at right. You can click Edit to change those details—all except the friendly name. To change that name, you must right-click it in the list.
To start, all your passwords simply appear directly below the root of the tree. If you prefer a more organized approach, you can create any number of categories, which become branches in the tree display. You can even create nested categories, something that few password managers allow. RoboForm, Sticky Password, and LastPass 4.0 Premium are among the few that permit multilevel categories.
I assumed that organizing my saved logins would be a simple matter of dragging them in to the desired category, the way you do with LastPass. It's not. Instead, you right-click the entry and select its new location in the tree.
With LastPass, Dashlane 4, LogMeOnce, and other Web-centric password managers, you can log into your password database from any computer. Steganos requires installation of its app on a PC, and doesn't make your cloud-connected database available without it.
However, if you anticipate needing to use the app on an unfamiliar computer, you can create a portable edition on any USB device. Just select the keychain, select the device, and you're done. Any future changes you make in the main app don't appear in the portable edition, so you should recreate the portable edition frequently. In addition, all the data in the portable edition is read-only.
PicPass and Virtual Keyboard
Some people have no trouble remembering a strong password based on a favorite song or quote. Others are more visual, and for those people Steganos offers PicPass. When you choose to define or redefine your master password using PicPass, you start with a grid of 36 photos or 36 symbols. You proceed to click on as many of the pictures as you think you can remember, and then repeat that same pattern of picture-clicks.
However, there's a catch. The 36 pictures correspond to the 10 digits and 26 uppercase letters, and your fancy pattern of clicks gets translated into a mundane password like 1UB3OX. Steganos doesn't hide this fact; it even offers to display the generated password. Yes, you can make the PicPass process tougher by having Steganos scramble the picture locations, but doing so just makes it harder for you to get the right sequence. It doesn't make the password itself more resistant to brute-force cracking.
Limited Web Form Filling
Steganos lets you store a very limited set of personal data, little more than name, address, email, phone, and birthdate. There's no option to store multiple profiles such as you get with LastPass, Dashlane, and others. And there's certainly no ability to create multiple instances of data fields the way you can in RoboForm. You can enter data for any number of bank accounts and credit cards, and sync these between your devices, but the app does not use these to fill Web forms.
In testing, I found that the Web form-filling feature worked correctly in Chrome, but didn't work in Internet Explorer. In some cases, it immediately filled personal data into the form's fields. In other cases, I had to select "Fill form now" from the toolbar button's menu.
If you want to use Steganos for logging into secure sites on your mobile devices, you must configure your account to use one of its cloud storage options. Install the free Steganos Mobile Privacy from the Google Play store or Apple App Store, connect it with your cloud storage, and enter your master password. You're ready to go.
I installed the app on a Nexus 9, just to get a feel for it. The PC edition's tree display is absent, so you have to either dig down to the entry you want or use the handy search box. Tapping an entry opens the corresponding website in the app's internal browser and logs you in. There's no integration with other browsers installed on the device.
Like the portable edition, the mobile edition is read-only. If you want to add or edit password entries, credit card data, or anything else, you must do it on your PC. But if all you want is quick mobile access to your secure websites, it does the job.
You Can Do Better
It's nice to see a password manager that charges a one-time fee rather than a per-year subscription, but there are disadvantages, too. That yearly subscription pays other vendors for things like server space to hold your encrypted data. With Steganos Password Manager 18, you supply that storage yourself, in the form of an account with one of the big cloud storage providers. Steganos also lacks the advanced features found in the very best password managers. In testing, even the simpler features it does contain didn't always work perfectly.
If the low, one-time price really resonated with you, you're probably better off getting one of our top free password managers instead. For those willing to pay a bit, we've identified several password managers worthy of the title Editors' Choice. LastPass 4.0 Premium costs just a dollar a month, and it has tons of features. LogMeOnce Password Management Suite Ultimate 5.2 beats all the competition feature-wise, with some security elements not found in any competitor. Dashlane 4 goes for streamlined ease of use, with advanced features including an actionable password strength report, secure password sharing, and account inheritance.
But a full-scale security suite does much more than just protect against the various types of malware.
Symantec Norton Security Premium contains virtually every security component you can imagine, and a number of them are Editors' Choice products in their own right.
It lets you install Norton security on up to 10 Windows, Android, macOS, and iOS devices.
If you need to protect a large collection of diverse devices, look no further. A 10-license one-year subscription for Norton Security Premium costs $89.99, and includes 25GB of hosted online backup.
Bitdefender Total Security Multi-Device 2017 gives you five licenses for that price, or ten for $10 more. Kaspersky is a little more expensive, with five licenses for $99.99.
And for the same price as Norton, McAfee lets you install protection on every device in your household. Required ReadingMy typical pattern when reviewing a security product line is to start with the standalone antivirus and then summarize the antivirus review as part of my review of the full security suite.
If there's an even bigger mega-suite in the mix, I summarize the entry-level suite review. However, I'm going to take a different path this time. This product has precisely the same excellent security components as Symantec Norton Security Deluxe.
These include top-scoring antivirus, award-winning Android security, no-hassle firewall, consistently accurate phishing protection, a full security suite for macOS, and more.
The Premium edition adds five more licenses along with parental control and online backup, neither of which is tightly coupled to the suite's other components. Please read my review of the Deluxe edition first, then come back here for my evaluation of the added Premium features. Online and Local BackupSecurity suite vendors like to promote that their products include online backup—it gives them a nice check mark in the features table. However, all too many of them simply offer a branded version of some partner product that their users could get for free directly from the partner.
Check Point ZoneAlarm Extreme Security 2017 offers 5GB of backup space that you could just as easily get directly from IDrive, for example. Norton's Windows-specific backup component is a completely in-house product, and sells separately for $49.99 per year. PCMag's Max Eddy didn't think much of Norton Online Backup, comparing it unfavorably with other standalone backup services.
But compared with backup components in other security suites, it looks pretty good. The online backup component comes pre-configured with a default backup set that defines what to back up, where to store backed-up files, and when to run the backup.
It includes files in and below the Documents folder for each user, but specifically omits possibly massive video files and email files by default. You can edit this backup set to fit your own needs, or create any number of additional backup sets. The default destination for your backed-up files is Norton's secure online storage, but you can also back up locally. While CD/DVD backup was removed in this edition due to low usage, any other drive that shows up in Windows Explorer is a fair target.
That includes local hard drives, remote drives, network drives, and even some cloud storage services.
The backup system in Kaspersky Total Security doesn't come with online storage, but you can link it to your Dropbox account. By default, backup occurs automatically when your computer is idle.
That's probably best for ongoing maintenance, but you may want to manually launch the first backup when you're done with your system for the day, as the first time can take a while.
Subsequent backups only transmit new and changed files, so they run much faster. You can also schedule a backup set to run on a weekly or monthly schedule. You can also choose to throttle back the bandwidth used for backup, an option that's only needed if you don't choose to back up during idle time. The restore feature also comes pre-configured with logical defaults.
It restores files from the most recent backup (though you can choose another) to their original locations (though you can select a different destination).
By default, it waits for you to search out the file or files you want to recover. You can optionally browse all backed-up files, or restore the entire backup set.
And you can access your backup sets as if they were local files and folders by opening the Norton Backup Drive in Windows Explorer. Webroot SecureAnywhere Internet Security Complete also offers 25GB of hosted storage for backing up and syncing files.
It keeps up to ten versions of files and lets you create links to securely share backed-up files.
BullGuard Premium Protection also lets you share files from its 25GB of online backup. Norton just keeps the latest version, and secure sharing has been dropped in the current version.
Few consumers actually used the feature, and it made overall security more complex, according to my Symantec contact. The fanciest backup system in the world won't help if it never gets used. Norton makes backup almost effortless, which is as it should be. Parental ControlYour Norton Security Premium subscription also includes Symantec Norton Family Premier, a $49.99 value if purchased separately. Yes, the combined price of Norton Online Backup and Norton Family Premier is greater than the price of this entire suite, and much greater than the $10 you spend to upgrade from Norton Family Delux.
That's a great deal. As with Net Nanny, Qustodio Parental Control 2015, and other modern parental control systems, all configuration and reporting takes place online, with a small client app on each Windows, Android, or iOS device, to handle local monitoring and enforcement of House Rules.
Sorry, Mac users, this component isn't for you. To get started, you log in to your Norton account online and create a profile for each child.
The profile includes name, birth year, gender, and an optional photo or avatar. You can also add personal information that you don't want the child to share online. Next, you add a device that the child uses or, if it's a PC, the child's Windows user account. You can install the local Norton Family parental control agent on the current device or email a link. Keep going until you've created a profile for each of your kids; there's no specific limit on the number of child profiles or devices. With that task out of the way, it's time to define House Rules for each profile.
First up is Web Supervision, which manages content filtering.
Based on the child's age, Norton selects from the 47 content categories and determines whether to block those categories or just give the child a warning. You can pick your own custom set of categories and choose to block, warn, or just silently monitor.
ContentWatch Net Nanny 7 is even more flexible, letting you choose allow, block, or warn separately for each category. When Norton blocks access to a site, it displays the reason.
The child can send parents a message explaining the attempt to visit the site, or report that the site is categorized incorrectly.
If a child proceeds to the site despite a warning, parents get notification. Norton actually checks page content if necessary.
I found that it allowed access to a short-story website but blocked its erotic stories.
It filters secure (HTTPS) traffic, so kids won't evade it by using a secure anonymizing proxy.
And it didn't cave to a simple three-word network command that disconnects some less-clever parental control systems.
I couldn't find any sites that should have been blocked but weren't. Forcing Safe Search has become difficult now that popular search portals enforce use of HTTS.
Bitdefender and Trend Micro simply dropped that feature from parental control, though Trend Micro Maximum Security attempts to cover up naughty pictures in search results. Norton has taken a different tack.
Search Supervision enforces Safe Search on Ask, YouTube, Google, Bing, and Yahoo.
It does so using a browser extension, so a clever child might work around this restriction. Your child can turn off Safe Search and briefly see inappropriate links or pictures until the browser extension turns it on again. Video Supervision keeps track of the videos your child watches on YouTube or Hulu.
Social Media Supervision simply tracks the existence of your child's Facebook account and reports if the child used a spurious age to set up the account, or posted personal information. All of the components I've mentioned thus far are enabled by default, but Time Supervision is not.
Turning this feature on automatically schedules when the child can use the device and sets a daily maximum for screen time, based on the child's age.
For example, my imaginary 13-year-old's schedule allowed access from 6 a.m. until 9 p.m. daily, and until 10 p.m. on Friday and Saturday.
Screen time was capped at two hours for weekdays, five hours on the weekend.
If you want to tweak these settings, you must edit each day separately. You can also choose whether to cut off access or just issue a warning. Kids can check their remaining time by clicking the Norton Family icon in the notification area.
There's also an option to send a request for more time.
Android devices can still be used after hours, but Norton prevents all app activity other than calling emergency contacts. Note that time scheduling applies separately to each device the child uses.
The equivalent feature in Net Nanny is cross-device, so your kid can't time out on the PC and just switch to Android. Mobile Parental ControlThree more components become available when you assign an Android device to the child's profile.
Android protection is equivalent to Norton Family Parental Control (for Android). Some mobile parental control systems offer geofencing, meaning you can get notification when your child enters or leaves a specific location. Norton's Location Supervision doesn't do that, but if you enable it the child's device reports its position periodically, and you can view current and past locations on a map. App Supervision lists all non-default apps installed on the child's Android device.
See something you don't like? Just check the box to block use of that app. I couldn't actively test the advanced Text Supervision feature, because my Android test devices all lack cellular data connection. Here's how it works.
In the default Monitored mode, the child can text with any contact that's not specifically blocked. Norton logs all text conversations with unknown contacts. Parents can review the conversations and mark the contact as Blocked or Unmonitored.
In Blocked mode, unknowns can't contact your child at all until and unless you mark them as Unmonitored.
In Unmonitored mode, all contacts not specifically marked as Blocked are permitted, with no logging. If your child uses an iOS device, you can still install Norton's parental control, the equivalent of Norton Family Parental Control (for iPhone). However, there's just not much to it. You do get content filtering, but it only works in the app's internal browser.
During installation, the app explains how to set up Restrictions so your child can't use Safari or Chrome, disable Norton, or download other browsers. Once that's done, you get the full power of Web Supervision. Location Supervision is also available, just as it is on Android.
Video Supervision and Search Supervision both work. However, on an iOS device there's no Time Supervision, Mobile App Supervision, Text Message Supervision, or Social Media supervision.
If you really need full-powered parental control on iOS devices, look to Editors' Choice Kaspersky Safe Kids (for iPhone). Parental Reporting and NotificationSo far I've just talked about how you use Norton to define and enforce House Rules.
The other half of the equation is what Norton calls Activities—the logs of what your children have been up to.
The Activities summary shows the same eight types of supervision, with an overview of the latest activity. You can filter the summary to just look at one device, in which case you'll see a message stating "This feature is not supported" for categories that don't apply to that device. Clicking on one of the panel opens a more detailed view, and in most cases you can drill down even farther.
For example, the Web Supervision summary shows the most-used categories.
Clicking it gets a full list of all sites visited, warned, or blocked.
And clicking a specific site displays that site's categories, a thumbnail, and any message that the child sent.
Search Supervision displays a word cloud of search words in the summary and lists precise search terms when you click. On the Video Supervision summary, you see thumbnails of the videos your child has watched.
Drilling down lists the videos, along with the device used for viewing and a date/time stamp.
And clicking an item in that list lets you view the video's description or jump straight to the video itself. Your Norton Family account can have more than one designated parent—that makes sense, but it's not a common feature. Parents get email notification of quite a few events.
These include visiting a blocked site, sending information that was defined as personal, and installing an app that blocks Norton Family, among other things. You can turn off any or all of these if they get to be too much. As you can see, this is an extremely comprehensive parental control system, its only weakness being the limited iOS support.
As a standalone product, it's an Editors' Choice. A Star-Studded SuiteIf Symantec Norton Security Premium were a movie, it would have a star-studded cast.
Its antivirus component is an Editors' Choice, as is parental control system.
As a separate product, its Android security app is also an Editors' Choice.
Various components earn excellent scores in independent lab tests and in our own tests.
And it even offers a full security suite for macOS, something few competitors accomplish. Norton Security Premium is an Editors' Choice for cross-platform multi-device suites, and it's a great choice as long as its ten licenses suffice for your needs.
If your household needs security for even more devices, consider our other Editors' Choice in this area, McAfee LiveSafe.
It doesn't score as well as Norton in testing, but you can use it on every device in your household, no limits. Sub-Ratings:Note: These sub-ratings contribute to a product's overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.Firewall: Antivirus: Performance: Privacy: Parental Control: Back to top PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
Even as encryption goes mainstream with secure messaging tools, more websites adopting HTTPS by default, and cloud storage services allowing easier file encryption, sending an encrypted email message is still a challenge. While GPG Sync, a new open source project from First Look Code, doesn't simplify the process of sending encrypted messages, it does "make using encrypted email within an organization less obnoxious for everyone," wrote Micah Lee, a technologist with First Look Code, the software arm of First Look Media. GPG Sync is designed for organizations already doing the heavy lifting by using the public key cryptography implementation GPG (Gnu Privacy Guard) to encrypt email messages. Using GPG is a multistep affair, first creating the user's key, then regularly importing the keys of other users, and verifying the keys actually belong to the correct person. Making sure everyone has the most current key for everyone else is an unwieldy task. New keys are issued to new users as they join, so they need to be imported.
If existing users revoke keys and transition to new keys, other users need to refresh the keys to make sure they are not accidentally using the older keys.
This is the problem GPG Sync solves, by making sure each of the users have up-to-date public keys as defined by a centrally managed list. The project takes a very straightforward approach.
A single trusted person maintains a list of GPG fingerprints used by the organization, which is digitally signed by an "authority key." Each user's copy of GPG Sync recognizes the authority key's fingerprint and knows the URL of where the signed list is stored.
The software automatically makes sure the user has the most current list and references it to refresh all of the nonrevoked keys from a key server. "Now each member of your organization will have up-to-date public keys for each other member, and key changes will be transitioned smoothly without any further work or interaction," Lee wrote on the project's GitHub page. GPG Sync plays a similar role as S/MIME or certificate authorities in many organizations and is a simpler alternative for organizations that don't want to set up a central authority. It's hard enough using GPG for encrypting emails, so simplifying key management is a real benefit. The caveat is that organizations must already have users set up to encrypt messages with PGP. While there are teams using open source security implementations like OpenPGP, many organizations concerned about encrypted email often prefer commercial offerings, such as Virtru.
The platform sits on top of the organization's existing email system, making it possible for users to send and receive encrypted messages without changing their workflow.
Virtru also provides a secure process for non-Virtru users to access encrypted messages. Projects like GPG Sync are beneficial for the overall open source security ecosystem because they simplify parts of an existing workflow. Making it easier to handle different steps makes the prospect of adopting GPG less daunting. Secure communications suffer from the chicken-and-egg problem. Users like the idea of sending secure messages, but they need to make sure the people they are communicating with are on the same service.
In the world of secure text messaging, users wind up with multiple apps on their mobile devices and have to remember which contact is on which platform to be able to communicate.
Apple encrypting iMessage end-to-end solved that problem for a lot of iOS users, and services like ProtonMail offers free encrypted webmail, but there's still a lot left to do to bring encryption to the masses.
Shadow IT used to describe an unapproved wireless router or server set up by employees to help them work, but with the advent of the cloud, the problem has moved online. The IT professionals worried most about cloud storage services and web-based email services, with 35 percent warning that the former, and 27 percent that the latter, were vulnerable to attack. Messaging services and financial applications are the greatest concerns for 9 percent and 8 percent of IT professionals, respectively, according to the survey. Much of the problem for SMBs is that IT departments at the companies tend to be, unsurprisingly, smaller.
IT staff at such firms typically struggle to keep systems up and running, and security often takes a back seat, Tsai said."An IT department of one is not that uncommon," he said. "They have to keep the lights on, keep systems running and configure cloud services."The shortage of staff shows. While 61 percent of IT professionals said that their company adequately invests in data security, less than half conduct regular security audits of their systems and only 28 percent are trying to improve data security.IT professionals can take some basic, low-cost steps to reduce the use of shadow cloud services, Tsai said.
Training can teach workers the dangers of using unapproved services, and establishing a policy can act as a guidepost for employees, he said."Just having a policy and reviewing your policy to make sure that [the use of cloud services] is covered is a good step," he said. "Then, people know they have a course of action and that they actually have rules to follow."Finally, companies should review the cloud services that workers want to use, which can remove the primary reason that employees circumvent security policy, he said.