ScreenWings can block malicious programs from taking screenshots

We have talked about quite a few screenshot tools here, the most recent of which is Free Shooter. Let’s take a look at a freeware anti-screenshot tool, ScreenWings. First of all, we need to answer a question: why do we need such an application. Short answer, privacy.

There are many kinds of malware out there on the internet, some of which are intended to steal user information. While most target user credentials, i.e., your username and password, low-level malware like screen loggers may capture a screenshot of the content on your monitor and secretly send it to the malware creator.

There is also the case where someone else who has physical access to the system may capture screenshots, or may install software that does so automatically.

ScreenWings can block malicious programs from taking screenshots

So, let’s say a screen logger infects your computer, and even if your password is obscured by the password field box, your username which is normally an email address becomes compromised. Well, technically such a malware can take screenshots of other information too, like your email inbox, bank statement, social network, private information and anything you do online. This is the problem that ScreenWings tries to address.

How to use ScreenWings

It is a portable application which means you can carry it with you on a USB Flash drive and use it to secure your data even on a publicly accessible computer. The program does not require administrator privileges to run so any user can use it. Extract the archive that you downloaded, run the EXE and you should see a small pop-up window appear.

This minuscule interface has a monitor icon which has a colorful Windows logo inside it. Click on it: the logo should disappear and the monitor icon should appear black. This means ScreenWings is in anti-screen shot mode. Click on the monitor icon in ScreenWings to disable the protection, and you can resume capturing screenshots as normal.

That’s it, how simple was that? There are no settings or menus that you need to tinker with.

Testing the protection

To test whether it blocks screenshots, use the Print Screen key, or Snipping tool or any other tool and it should block the screen capture. When you try to paste the clipboard content after using trying to capture the screenshot, you will see just see a blank screenshot which is black (no text or picture appears). That’s the proof you need. This works with all applications, system-wide.

Now for a bit of good news and bad news. The Good news is that ScreenWings has a Ghost mode, which can be used from the Command line. It makes the program run silently in the background without the pop-up and automatically enables the protection. Bad news? It’s not available in the free version, which is meant for non-commercial usage.

The program is compatible with Windows 7 and above and runs on basically any hardware. The developer claims that ScreenWings can protect up to six screens, so multi-monitor setups are supported as well.

The application is about 3.28MB in size, and uses about 60MB of RAM, which is quite acceptable for the level of protection that it offers.

Closing Words

ScreenWings is a specialized problem to protect against a special kind of threat. While that means that only some users will find it useful, those who do may use it on any system that runs Windows, even on public computer systems as it does not require elevated rights to run.

Now you: do you use specialized security software?

Thank you for being a Ghacks reader. The post ScreenWings can block malicious programs from taking screenshots appeared first on gHacks Technology News.

KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files

Manually deleting file and folder leftover by an uninstallation, is quite the chore.  I have used various uninstaller tools in the past to clean the remnants to keep systems clean and tidy.

KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files

You probably already know about my stance on registry and system cleaning tools.

We’re not going over the same topic now. Rather, we will be looking at a new open source program called KpRm, which can detect and remove a ton of malware tools. This can be helpful after you have disinfected malware from a system. The name of the program probably stands for Kernel-Panic removal (tool?), because Kernel-Panic are the developers of the program.  The application does not detect or delete real-time antivirus programs, it only removes the standalone malware removal tools that are listed on its official page.

Note: I used a Windows 10 VM for testing KpRm for 2 reasons. One, because you need to disable your antivirus when using the program, otherwise it could potentially cause issues and I wasn’t comfortable with this on my main OS. Two, it’s never a good idea to test security related programs on your primary computer.

Let’s dive in to KpRm. I decided to use the program to remove AdwCleaner, Autoruns, and Emsisoft Emergency Kit, all of which I have used in the past on systems. All of these are portable applications.

KpRm has a simple interface. The main window has a few options that you can select, the primary of which is “Delete Tools”; select it and hit the run button. The program will begin scanning for the malware removal tools on your computer, and delete them. Once the process is completed, KpRm opens the report file that it saves to document the process. This is a text document that contains the log of what actions were taken by the program including the names and folders of the malware tools that were detected and deleted.

KpRm scan

One odd thing that I noticed during the testing process was that KpRm deleted its own executable (KpRm) after finishing the cleaning operation. This was really annoying since I had to copy it over and over while testing it.

An interesting observation

KpRm failed to delete the Emsisoft Emergency Kit folder and its contents in my test.

KpRm scan 1

That’s probably because I copied the EEK folder from my main Windows 10 to the virtual machine’s downloads folder. But, the other tools were located in the Downloads folder too, so why did KpRm delete those and completely miss EEK? My guess was KpRm is probably set to detect the “EEK folder” inside its default location C:EEK, which is why it didn’t scan the Downloads directory.

To put this to the test, I copied the Emergency Kit folder to the C drive, and then ran KpRm again. And this time it found and deleted it just fine. Based on this, we can assume that the application only searches known locations where the malware removal tools usually run from and deletes them.

KpRm scan 2

Advanced options

KpRm has some additional tools which can be handy. However, I’d advise not using these unless absolutely necessary. You can use the restore point options to delete or create system restore points. It also has a registry backup tool but to restore it you’ll need to use a different tool called KPLive (also from the same developers).

The final option is the Restore system settings toggle which is sort of a post-malware disinfection tool that resets the DNS, Winsock, hides hidden and protected files, and displays known file extensions.

Closing Words

I would have preferred it if the tool had a scan for tools option, rather than deleting them outright. EEK for example can be updated without re-downloading the entire package, and serves as a secondary scanner.  A scan option and a results page much like the quarantine option in antivirus programs which you can go over, and delete items from manually, would make KpRm even better.

Another thing that I think is missing is a dry-run mode to determine what the program will do when it is run in earnest.

Thank you for being a Ghacks reader. The post KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files appeared first on gHacks Technology News.

How to determine if a Google Chrome extension is safe

When it comes to online security, you can never be too careful; this guide isn’t about antivirus programs, firewalls or VPNs though, as it is about Chrome extensions.

Just because an extension is on the Chrome web store doesn’t mean it is safe to use. There have been many cases of malicious add-ons which have been taken down in the past after they were installed by millions of Chrome users in some cases.

Note: The guide provides additional information on checking whether Chrome extensions are (likely) safe to use. You can check out Martin’s guide on verifying Chrome extensions, and there especially the part on looking at the source.

How to determine if a Google Chrome extension is safe

Google Chrome extension reviews

We will focus on steps that you may undertake before installing extensions. It is often easier to determine if an extension is shady or outright malicious if you have installed it as it may be the cause for visible unwanted changes or activity such as hijacking search engines, displaying advertisement or popups, or showing other behavior that was not mentioned in the extension’s description.

Users who known JavaScript may also check the source of the extension. Check out Martin’s guide linked above for information on how to do that.

Web Store page

Analyze the extension’s listing and see if it rings some alarm bells. Broken grammar or English may be seen as warning signs but since developers from all over the world publish extensions on the Store, some may be written by non-English natives. Bad grammar or spelling mistakes may not be used as an indicator. Irrelevant screenshots or very odd descriptions, on the other hand are all tell-tale signs of a malicious extension. These are quite rare though.

Logos

Malware developers resort to all sorts of tricks to infect users, and one of these is to use the logo (icon) of popular brands or applications. Sometimes, people get fooled by these and think it’s from the company which makes the actual software. Pay attention to the developer name and click on it to see their other extensions.

Developer’s Website and Contact

Does the extension have its own web page? Visit it to learn more about it and maybe something about the developer. We recommend using a content blocker when visiting these sites to avoid issues if the site is specifically prepared to attack decvices.

Not all extensions have a web page, but most do, at least for support requests/FAQs.  Is there a contact option on the Chrome web store page which lets you email the developer? If there is one it’s a good sign, but an absence of one doesn’t mean it’s a fake extension.

Google Chrome extension developer website

Privacy Policy

This is perhaps the most overlooked one? Who reads the privacy policy? You should, because unlike website registrations or software agreements, you’re not shown the privacy policy for an extension when you install it. But it may exist as a loophole for the developer to get out of a legal dispute, should one arise. You accept the policy the second you install the extension.

Use Control + F and search for words like data, collect, track, personal, etc, in privacy policies. Your browser should highlight the sentences which contain the word and you should read what it says.

If the policy is upfront about the data they collect, think about if it’s worth using the extension at the cost of privacy. I’ll give you a hint: It’s never acceptable.

Obviously, developers and companies with ill-intent may add whatever they like to the privacy policy.

Permissions

When you click the install button, read the pop-up which lists the permissions the extension requires. Permissions may give important clues; an add-on for a visual enhancement (like a theme) shouldn’t require permissions like “Communicate with cooperating websites”. That means it could be sending data, your personal data, to some server.

Google Chrome extension permissions

Reviews

These are big red flags if you know how to identify legit ones. Does an extension have reviews? Are they all 5-star reviews? That’s suspicious. Look at the publishing date of each review. If you find that they were all posted on the same day it may be fishy. Look at the text as well, if they look more or less the same, or if the usernames only contain random characters, alarm bells should go off and you should look deeper.

Take a look at the screenshot here. What do you see?

How to determine if a Google Chrome extension is safe or not

Did the reviewers copy/pasted the comment? It’s possible, but it wasn’t in this case. The extension had multiple reviews which used the same comments over and over. In fact, there was more than one review left by the same user. Is it possible the extension has hijacked the user to post these reviews? Or were they paid for? Regardless of this, I’d recommend avoiding such extensions to be on the safe side.

It may be a good idea to check whether the developer has commented on any of the user reviews. Go over the next few pages.

Search for similar extensions, watch out for the clones

The screenshot which you saw above is actually not from the original extension. I bet you weren’t expecting that? It was from a clone of another extension which had a similar name, same features, slightly different description, an identical privacy policy.

How to tell if a Google Chrome extension is safe
How to tell if a Google Chrome extension is safe 2

It was alarming. The worst part was that the original add-on was about 2.15 MB in size while the clone was about 4.26 MB. If it was a clone, what’s the extra size for? That is scary. So search the web store using similar keywords  (or the name of the extension), check out the results. Look at the add-on’s published date, the older one is obviously the original.

Again, if you known JavaScript, you could analyze the code to find out why the clone has a size that is nearly double the size of the original. It could be something as simple as an uncompressed image that is used as a logo or additional code that may be used for malicious or invasive practices.

Open Source

If the extension is open source, it is likely that it could be safe. But I wouldn’t take it for granted. You should go to the page where the source code is published to see if it actually exists. You should also check when the last commit was made on the source code page. If the extension was updated recently, but the source code wasn’t, the extension may no longer be open source and possibly open to privacy and security issues.

Search across Social networks

You could try Googling for the extension’s name to see whether any issues, recommendations or reviews were posted by users on social networks. This gives you an idea of real-world usage of the extension.

If you do come across suspicious extensions, do yourself and everyone a favor, and report it to Google.

Some tips I mentioned here aren’t necessarily restricted to Chrome extensions, they apply to extensions for other browsers such as Firefox as well.

Thank you for being a Ghacks reader. The post How to determine if a Google Chrome extension is safe appeared first on gHacks Technology News.

Malwarebytes 4.0 for Windows launches

Malwarebytes released Malwarebytes 4.0, a new version of the company’s security program, for Microsoft Windows systems on November 4, 2019.

The new version of the program includes the company’s new Katana Engine, a new user interface, and other improvements. You may want to check out our first look of Malwarebytes 4.0 which we published in August 2019.

Malwarebytes 4.0 is offered as a Free and Premium version just like previous versions. Premium users, including those with lifetime keys, may upgrade to the new version for free.

The new version can be downloaded from the official Malwarebytes website. The default installer requires an active Internet connection; users who need an offline installer can download it by following the link in the second post on this page.

Note: Malwarebytes 4.0 is not compatible anymore with pre-Windows 7 operating systems. The company recommends that users stay on Malwarebytes 3.x as it will continue to be supported.

The new version has several issues. Users who run Windows Firewall Control (which Malwarebytes acquired some time ago) will notice that Malwarebytes Self-Protection module will prevent the firewall tool from opening. Other issues include that Controlled Folder Access blocks certain advanced installer options on Windows machines and GUI issues with high DPI and certain screen resolutions.

The company’s browser extension, Malwarebytes Browser Guard, exited Beta recently as well.

Malwarebytes 4.0

malwarebytes premium 4.0

The very first thing that Windows users who install the new Malwarebytes 4.0 may notice is not the new interface but that the product registers itself as the system’s main antivirus solution in the Windows Defender Security Center.

Malwarebytes believes that its product is ready for the responsibility thanks to the integration of the new Katana engine in the new program version.

The new Malwarebytes Katana engine provides superior malware detection for zero hour threats in particular while improving performance for faster Scans.

It remains to be seen how good the new engine really is. Malwarebytes promises expanded malware detection, improved zero-hour detection, and improved signature-less behavioral detection.

Users who don’t want the program to be registered as the primary security solution may disable it in the options under Security.

Tip: Malwarebytes collects usage and threat statistics by default. Open the program settings and disable the option under General to disable this.

The new interface puts the focus on protection settings, the detection history, and the scanner. You may change real-time protection settings right then and there by toggling the “Web Protection”, “Malware Protection”, “Ransomware Protection”, and “Exploit Protection options. Note that these are only available in the Premium version of the product.

A click on a section opens it in an overlay on the screen. Scan starts a scan of the system right away while a click anywhere on the Scanner widget opens the scan interface. If you want to run a custom scan you need to do that.

malwarebytes premium scan

A click on “advanced scanners” on the page that opens and on the next page on custom scan displays the available options (including a scan for rootkits).

The Real-time protection section displays the number of threats blocked on the local device and globally. The latest Malwarebytes blog post is highlighted on the page as well.

The new interface looks more streamlined but that comes at the expense of functionality. If you want to check out previous reports and scans, you cannot do that anymore straight from the main interface. You have to click on the scanner widget to access these reports.

Memory use has been quite high on a test system. The three Malwarebytes processes mbam.exe, MBAMService.exe and mbramtray.exe used nearly 450 Megabytes of memory (with MBAMService.exe using 317 Megabytes alone).

Closing Words

Tests will show how good Malwarebytes 4.0 really is. The program has been streamlined but memory usage is still, maybe even more so than before, an issue. It is usually a good idea to wait with the upgrade until known issues are taken care off.

Users who upgraded from version 2.x to the initial version 3.0 may remember that it too had stability and performance issues in the beginning.

Now You: Have you tried version 4.0 of Malwarebytes? What is your take?

Thank you for being a Ghacks reader. The post Malwarebytes 4.0 for Windows launches appeared first on gHacks Technology News.

Microsoft releases emergency Internet Explorer security update

Microsoft released an out-of-band emergency security update for Internet Explorer on September 23, 2019 for all supported versions of Windows.

The emergency update is only available on the Microsoft Update Catalog website at the time of writing and not through Windows Update or WSUS.

Some support articles provide little information. The Windows 10 update description simply states “
Updates to improve security when using Internet Explorer” without going into further detail. The page links to the Security Update Guide which, after some digging, leads to the CVE of the vulnerability.

internet explorer security out of band

The support page for the cumulative update for Internet Explorer offers more information and a direct link to the CVE.

It states:

This security update resolves a vulnerability in Internet Explorer. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

The same information is provided on the CVE page as well. Microsoft notes that an attacker could take control of the attacked system if the attack succeeds which would allow the attacker to install or remove programs, view, change or delete files, or create new user accounts.

The security issue is exploited actively according to Microsoft; an attacker could create a specifically prepared website to exploit the issue in Internet Explorer.

Microsoft published a workaround to protect systems if the released updates cannot be installed at this point. The workaround may reduce functionality “for components or features that rely on jscript.dll”.

The commands need to be run from an elevated command prompt.

Workaround for 32-bit systems:

  • takeown /f %windir%system32jscript.dll
  • cacls %windir%system32jscript.dll /E /P everyone:N

Workaround for 64-bit systems:

  • takeown /f %windir%syswow64jscript.dll
  • cacls %windir%syswow64jscript.dll /E /P everyone:N
  • takeown /f %windir%system32jscript.dll
  • cacls %windir%system32jscript.dll /E /P everyone:N

The workaround can be undone by running the following commands from an elevated command prompt:

Undo 32-bit:

  • cacls %windir%system32jscript.dll /E /R everyone

Undo 64-bit

  • cacls %windir%system32jscript.dll /E /R everyone
  • cacls %windir%syswow64jscript.dll /E /R everyone

List of updates that fix the vulnerability:

What about Windows Updates?

Microsoft has not released the update via Windows Update or WSUS. Susan Bradley notes that the company could release the update on September 24, 2019 via Windows Update and WSUS but that has not been confirmed by Microsoft.

It is a bit puzzling that Microsoft releases an out-of-band security update that addresses an issue that is exploited in the wild but chooses to release it as an update that needs to be downloaded and installed manually only.

Closing Words

Should or should not you install the update right away? It is a security update but it is only available via the Microsoft Update Catalog website at the time of writing.

I still would recommend installing it but you should create a system backup, e.g. using Macrium Reflect or Paragon Backup & Recover Free, before you do so as one never knows these days updates introduce unwanted side effects or issues of their own.

Now You: install or wait, what is your position?

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post Microsoft releases emergency Internet Explorer security update appeared first on gHacks Technology News.

WinOTP Authenticator is an open-source alternative for WinAuth

Some days ago, we told you about Authenticator, an open-source 2-step verification app for iOS. The app generates codes for two-factor authentication use. Many web services support 2FA to add another layer of security to the user authentication process.

Today, it’s the turn of an equally simple Windows app called WinOTP Authenticator. It is a UWP app, and hence exclusive to Windows 10.

A brief history about the app: about a year ago an app called “Authenticator for Windows” was removed from the Windows Store. This was a proprietary app and was one of the few available for Windows Phone/Windows 10. The author open-sourced the app shortly after hoping that someone would resurrect it, and that’s exactly what happened a few months ago.

WinOTP Authenticator is an open source 2-factor verification app for Windows 10

How to add an account to WinOTP Authenticator

This process is slightly different from a phone 2FA app where you’d point the camera at the QR code on the screen and are done with it. The app works by entering the “secret key” manually which is identical to the process on mobile devices if you select the manual way during setup.

Here is how it works:

  1. Enter the name of the account’s website in the Service box (for e.g. Microsoft, Google, Apple, etc). This is just for your reference and you may pick anything you want. It is advised to pick a descriptive name to help with identification.
  2. Type your account’s username in the corresponding field. This can be whatever you want to as well.
  3. Finally, enter the long code from the website’s 2-step authentication settings.
  4. Click on the save button.

WinOTP Authenticator

Note: There is an alternative way. The program says that you can drag the QR-code that is displayed on the screen on to the interface of WinOTP Authenticator and it should read the code. I tried it a couple of dozen times with different services, but it did not work.

TOTP timer bar

Instead of a circle (which fills up or disappears) that you are maybe used to when you use mobile devices to generate the authentication code, WinOTP Authenticator displays a horizontal bar that progresses from the left to the right to indicate when the displayed code will expire.

Copy to clipboard

WinOTP Authenticator displays the TOTP codes for all of your added accounts on the home page. To copy a code to the clipboard just click on it. There is a setting which clears the clipboard when a copied code expires; this is enabled by default and there is little reason to disable it unless you need more time.

Note: The Sync with OneDrive option causes WinOTP Authenticator to crash, at least for me.

You can reorder or delete accounts by clicking on the pencil button on the start bar. Remember to disable 2FA from your account’s settings on the website before deleting it from the app as you may run into authentication issues otherwise. You can toggle the app to sync the time using NTP; this is important since 2-factor codes are time based.

Apart from the QR Code and OneDrive issues (which are on the developer’s roadmap), the app worked without issues. It offers a convenient option to log in to websites with click and paste.

I stumbled upon this app while looking for a WinAuth alternative and it has been a fine replacement. Normally I wouldn’t recommend using a PC app for 2-factor authentication because anyone who has access to the PC will have access to the 2FA codes. But, many people have a PC that is private (at home or work), in which case it can be a pretty secure option especially if you use encryption to further protect it from unauthorized access. I’d still recommend using a phone app/email for 2FAs as a fallback (and don’t forget those recovery/backup codes).

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post WinOTP Authenticator is an open-source alternative for WinAuth appeared first on gHacks Technology News.

KeePass 2.43 Password Manager released

A new version of the password manager KeePass was released on September 10, 2019. KeePass Password Safe 2.43 is an update for the 2.x version of the password manager that introduces new features and improvements.

KeePass should notify users that the new version is available if update checks have not been disabled. Users may download the new version from the official repository and install it over the existing installation.

The application is available for Windows officially; ports are available to use the password database on other platforms, e.g. with Strongbox or KeePasssium on iOS, or the cross-platform client KeePassXC.

Tip: if you are new to KeePass, check out our review of KeePass.

KeePass 2.43

keepass password safe 2.43

KeePass 2.43 does not introduce major new features to the application but some may still be of interest to users.

One of those changes improves the password generator. KeePass provides options to create custom passwords by specifying character sets. Some of these sets list only some of the characters that KeePass may pick when the set is selected. While that is not a problem for letters or digits, it may be a problem for special characters.

keepass password generator

You may now hover over these sets to have all supported characters displayed in a popup.

A new intermediate step has been added to the password quality bar; just open any entry in KeePass and you will see the new quality bar. The bar is an estimation of the strength of the password based on certain patterns.

keepass password quality

KeePass users may change the default password options to make sure that certain rules related to size and character sets are always followed.

The password manager is set up to exclude itself from Windows Error Reporting in that new version.

Auto-Type received some love in the new version. The feature sends an automated sequence of keypresses to any open program window. KeePass 2.43 improves the sending of modifier keys, characters that use Ctrl-Alt or AltGr, and improves compatibility with VMware Remote Console and Dameware Mini Remote Control.

Another key-related change is support for setting up function keys without modifiers as system-wide hot keys.

Other than those already mentioned, there is a new option to use Esc to deselect main menu items, the linking of username suggestions to the display of usernames in the main window, and improvements to the automatic scrolling performance.

You can check out the entire KeePass 2.43 changelog here.

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post KeePass 2.43 Password Manager released appeared first on gHacks Technology News.

Authenticator is an open-source 2-step verification app for iOS

When it comes to iOS, open-source apps are something of a rarity but that doesn’t mean they don’t exist.

If you’re looking for an alternative for Google Authenticator, Microsoft Authenticator, LastPass Authenticator, or Authy, you may want to give Authenticator a chance.

Authenticator for iOS

Authenticator is an open-source 2-step verification app for iOS

Why? Do you really want to hand over the two-factor authentication process to these big companies or proprietary software?

This is a TOTP (time-based one-time password) app and does not require an Internet connection because of that. The app is probably one of the simplest that you will come across in the niche; it just has the option to add/remove accounts and that is about it.

Well, the only other option that is available is the “Digit Grouping”. You can either choose to display the codes in 3 x 2-digit pair groups, or 2 x 3-digit groups. Once you have installed Authenticator on your iPhone or iPad, you will see a nearly blank screen with a few buttons on start.

Adding an account to Authenticator

Authenticator supports adding accounts using QR codes and manually adding accounts.

Refer to your email/social network account’s website to set up 2-step verification. Once you get to the page where you are asked to scan a “QR code”, run Authenticator and tap on the + button to add an account. Point the camera to the QR code on the computer’s screen.

The app should add the account, and display the 6-digit code for it on the screen. Now, most websites which you’re setting up 2-step authentication for will require you to enter the TOTP to confirm that it has been configured correctly.

Authenticator open-source 2-step verification app for iOS

Manually setting up 2FA tokens:

Tap on the plus button, and then on the edit button (note and pencil icon) on the top and you will see a screen which asks for the following:

You can obtain the secret key for your account from its associated website. You can set TOTP or Counter based tokens, and set it to 6, 7 or 8 digits, SHA-1, SHA-256 or SHA-512.

Where it lacks and shines

Personally, I would have liked it if the app asked me for a PIN code or password to unlock the 2FA database. An extra layer of security is always a good idea even if it would rely on TouchID or the device’s PIN.

You may reduce the issue by setting the screen timeout to the minimum and not the 2-minute default on iOS.

On the bright side, it does not store your 2FA tokens in the cloud in any form. There is no way to backup (or export) your tokens on the other hand. And the fact that Authenticator is open source, unlike nearly every iOS 2-factor authentication app out there, makes it priceless in my opinion.

A 2-step verification enabled account is nearly hacker-proof, read Martin’s article for more information.

Here’s some advice regarding 2FA apps.

  • Use an open source app whenever possible.
  • Do not use SMS based 2-factor verification systems (I think Yahoo still uses this) as the text message protocol is not secure.
  • Use an app which works completely offline if possible; this is not only better as it will work in regions with bad Internet reception or if the mobile provider has issues, it is also better for security as you eliminate transfers and don’t risk losing access to accounts if you lose your phone or device.
  • It is not a good idea to use the password manager for 2FA as well if the manager supports it as you would put all eggs in a basket. At the very least, make sure you’re using separate databases for your 2FAs and passwords. But I’d use separate apps for 2FA and passwords. In case of cloud-based password managers that also support 2FA, think about it. If the password database or service is breached, so is your 2FA.
  • Always have backup or recovery codes at hand in case something goes terribly wrong. Most services support these during creation.

Now You: Do you use two-factor authentication apps?

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post Authenticator is an open-source 2-step verification app for iOS appeared first on gHacks Technology News.

Microsoft: 2-factor authentication blocks 99.9% of account attacks effectively

What is the best protection against attacks on accounts? Microsoft believes that it is 2-factor authentication, and the company has stats to back it up. Microsoft says that 2-factor authentication, sometimes also called two-step verification or multi-factor authentication, blocks 99.9% of automated attacks.

Microsoft notices over 300 million fraudulent sign-in attempts every day to company cloud services, 167 million daily malware attacks, and over 4000 daily ransomware attacks against organizations.

microsoft two-factor authentication

The most effective form of protection against automated attacks is to enable multi-factor authentication if the service supports it according to Microsoft. Not all services do but if it is supported, users should enable it to protect their accounts against the majority of attacks automatically says Microsoft.

We have published several guides in the past that walk you through the steps of setting up two-factor authentication for certain services. Here is a short selection:

Last month, Group Program Manager for Identity Security and Protection at Microsoft Alex Weinert, published an article on Microsoft’s Tech Community website in which he concluded that passwords alone do not matter anymore.

He provided a list of common attack types, their frequency and difficulty, how users might assist attackers, and whether the password mattered. Passwords don’t matter in most of them according to Weinert’s analysis.

Take phishing attacks as an example: difficulty is easy according to the table as it requires sending out emails to an email list that may look like they come from respected organizations, may provide entertainment, or make the recipient curious. Tools are readily available and users fall for this even today. The password plays no role but it may be stolen by the attacker in the process depending on the attack.

Does that mean that it does not really matter which password you select? Weinert believes that secure passwords are still relevant as they block certain attack types such as brute forcing. Adding multi-factor authentication to the mix improves the protection significantly as attackers won’t be able to sign-in to the service as they will fail to pass the two-factor authentication screen. Passwords may also still play a role as attackers may try to sign-in to other services using them.

Microsoft’s intention is not entirely altruistic. The company started to push what it calls passwordless authentication solutions some time ago. You can download a whitepaper from the linked website which offers additional reasoning why passwords are no longer enough to keep account secure as well as a list of solutions that Microsoft created.

Now You: what is your take on Microsoft’s analysis and multi-factor authentication? (via ZDNet)

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post Microsoft: 2-factor authentication blocks 99.9% of account attacks effectively appeared first on gHacks Technology News.

First Look at Malwarebytes 4

Malwarebytes, maker of the security application Malwarebytes, released the first beta version of the upcoming major release Malwarebytes 4 to the public.

Anyone may download and install the beta version. Existing users should note that the new version will be installed over the old even if the current installation of Malwarebytes is a stable version (except for previous version 4.x releases). It is recommended to install the beta on non-production machines only to avoid any issues.

You could also remove any existing installation of Malwarebytes before installing the new one to start with a clean plate.

Malwarebytes 4 First Look

malwarebytes 4 beta

The first thing that veteran users of Malwarebytes will notice when they start the program for the first time is that the user interface has been redesigned completely.

Malwarebytes opens the dashboard that display the detection history, scan options, and real-time protection settings on the screen. The largest part of the screen is an ad for the Premium version of the product.

A click on Scan starts a scan of the system for malware and other unwanted programs right away. You may also click on the widget instead (and not the scan button) to open the interface without running a scan.

The scan interface has been redesigned as well.

malwarebytes scan

You can pause and cancel scans here, or switch to the scan scheduler and reports tab. The scheduler displays scheduled scan tasks and reports the results of previous system scans.

When you open the scanner interface without clicking on scan, you get options to open advanced scanners. There you find options to run a quick or custom scan, the latter supports the selection of target drives or folders, to include a scan for rootkits, and to change the handling of potentially unwanted programs and potentially unwanted modifications.

malwarebytes 4 custom scan

The Malwarebytes 4 Beta changelog highlights that the company added a new detection engine to the security program that “improves zero-hour detection” and “dynamically extends detection to mutating malware”. Malwarebytes notes that scans should run faster than in previous versions and that performance has been improved in the new version as well.

Scans did not take long on a test system and it is certainly possible that scan time improved but one would have to run benchmarks to confirm the impression.

Malwarebytes 4 displays banners at the bottom of the screen when scans run. All highlighted features that are only available in the Premium version of Malwarebytes and suggested to upgrade to it. There is no way to disable these in the free version and since they change quite frequently, can become a source of annoyance.

Real-time protection modules can be enabled or disabled right from the main dashboard. A click on the widget opens the real-time protection overview. It lists the items that real-time protection stopped in the last month and divides them further into the four categories “malicious sites”, “malware & PUPs”, ransomware, and exploits.

malwarebytes 4 free settings

Options to toggle certain protections right then and there are provided as well. The page features a security news widget that was not active at the time of testing. It is likely that Malwarebytes will highlight new blog posts and announcements using it.

The settings provide a good range of options. Note that Malwarebytes submits usage and threat statistics to the company by default; you can disable that under General > Usage and threat statistics.

Options to manage automatic updates, Windows Explorer integration, notifications, scan, quarantine and Windows Security Center integration options, and more can be managed here.

Tip: there is a Malwarebytes for Firefox extension.

Free users

Functionality is limited for non-premium users. Malwarebytes 4.x disables scheduled scans, all real-time protection modules, and several preferences and options in the Settings.

In other words: Malwarebytes 4.x Free supports on-demand scanning only just like previous versions.

Closing Words

The new interface looks a lot cleaner than the old but that comes at the expense of some information that is no longer displayed on the dashboard. The Malwarebytes 3.x dashboard listed information about previous scans and updates, the new dashboard does not display the information anymore.

Another change is that you cannot jump to reports right away anymore. You need to click on scanner and then on reports to access the data.

Some of Malwarebytes recent acquisitions, Windows Firewall Control maker Binisoft in particular, are not integrated in the client.

The three Malwarebytes processes MBAMService.exe, mbamtray.exe and mbam.exe use still quite a bit of RAM but the situation has improved since the release of the first Malwarebytes 3.x version which used a lot of it.

Now You: What is your take on the new Malwarebytes 4.0 version? (via Techdows)

Ghacks needs you. You can find out how to support us here (https://www.ghacks.net/support/) or support the site directly by becoming a Patreon (https://www.patreon.com/ghacks/). Thank you for being a Ghacks reader. The post First Look at Malwarebytes 4 appeared first on gHacks Technology News.