Panda Internet Security 2016 Review – Doesn’t Live Up to Expectations – Softpedia News

Panda Internet Security 2016 is a feature-rich anti-malware application that includes a real-time safeguard against incoming threats, multiple scan modes, a quarantine manager, and a lot of extra components made to facilitate total computer protection.

It offers support for Windows, Mac, Android and iOS devices. Internet Security is part of a lineup for av solutions from developer Panda Security, where each tool comes bundled with more features than the last.

Differences between the four Panda editions

On Windows systems, Panda Free Antivirus 2016, ensures computer protection against all types of malware. It contains a USB protection module, a monitor for active processes, and a rescue kit component for creating bootable USB drives. It's free to use.

Panda Antivirus Pro 2016 adds a virtual keyboard to keep your credentials safe from keyloggers and other hijackers, anti-phishing for blocking fraudulent websites, wireless network protection to block intruders, firewall, and application control. It's now available at $32.99 / €32.99, temporarily discounted from $43.99 / €32.99, excluding VAT.

Panda Internet Security 2016 also has a parental control feature to block inappropriate content, along with online backup via Mozy (requires account, not free). It's now available at $38.49 / €38.49, temporarily discounted from $54.99 / €54.99, excluding VAT.

Panda Global Protection 2016 has all of the above plus a PC tuneup utility that removes junk files from the system and Internet Explorer, a startup manager, an anti-theft component that locates lost or stolen devices via a Panda account, a password manager and data shredder, along with 20GB cloud drive provided by Panda and backups for your contacts (Gold members only). It's now available at $46.19 / €46.19, temporarily discounted from $76.99 / €76.99, excluding VAT.

New interface with Start menu

The 2016 version of Panda Internet Security gets a new look which blends well with the Windows 10 appearance. The main application window has a white background and different shades of blue for the tiles. You can enter customization mode to be able to remove most of these tiles, change their order via drag-and-drop, or add new ones. Similar to Windows, the tool lists all features in a Start menu.

The new look of Panda Internet Security 2016 blends well with Windows 10

The new look of Panda Internet Security 2016 blends well with Windows 10 Scanner and scan settings

In the main window you can check out total scanned files, items in the quarantine, and blocked threats. There are three scan modes available: full mode for all hard disks, quick mode for critical areas, and custom mode. Any of them can be scheduled to run daily, weekly or monthly.

During the scanner, you can pause the job or schedule the PC to shut down on task completion. On threat detection, Panda either sends the items to the quarantine or removes them from the HDD. In the quarantine you can find out the item's original location and look up descriptions about threats on the developer's website, in order to decide whether you want to permanently remove the files or restore them to the disk.

When it comes to the real-time guard settings (i.e. permanent protection), you can disable it, exclude compressed files from scans, turn off behavioral blocking and analysis, set the tool to ask for confirmation before neutralizing a virus, deactivate PUPs detection, hide warnings on threat detection, or specify the number of seconds during which suspicious files are blocked until confirmation is retrieved from the Panda cloud.

For on-demand scans it's possible to include archives in scan jobs, turn off PUPs detection, and ask the program to scan after cache synchronization. Plus, you can empty the quarantine automatically (every three days, week or month), exclude any files, folders or file extensions, as well as delete files restored from the quarantine (these are auto excluded from future scans if you restore them to the disk).

Firewall with program control and intrusion prevention

The Panda firewall protects the computer from network-based intrusions (such as UDP floods), blocks processes, and monitors connections and shared resources between your PC and others in LAN. It can be configured for home, work or public places, and it handles events silently, without displaying any notifications.

It has a list with predefined processes that it filters inbound and outbound connections for, in addition to another list with rules recommended by the developers (e.g. deny inbound connections for NetBIOS over public networks and for Remote Desktop).

However, you can edit these properties, remove the entries from the list, or add new ones by filling out some information: display name, programs, action (allow or deny inbound or outbound connections), protocol (TCP, UDP or both), remote ports, and addresses (IP, MAC or all). Rules can be exported to file to import them later.

As far as intrusion prevention is concerned, you can either stick to the default configuration or disable some features: IP explicit path, land attack, SYN flood, TCP port scan and flag check, IP and TCP header length check, UDP flood and port scan, Smart ARP, OS detection, ICMP Drop unsolicited responses, Small PMTU, Smurf, fragmentation control. The ones you can enable are Smart DNS and DHCP, and ICMP no echo requests.

Process monitor and USB protection

The process monitor shows the processes of currently running applications, along with the total executed processes, those accessing the Internet, blocked ones, and those of medium or high threat level. You can find out their classification level (secure or insecure), number of HTTP connections established, and date of discovery.

The USB protection component monitors your machine's USB ports, identifies all new devices, and prevents them from running the autoplay feature, which is a popular virus infection method (like the Conficker worm). It works not only for USB removable drives, but also for CDs and DVDs. Panda shows a systray notification on new device detection and offers to scan it.

Furthermore, it can permanently disable the autorun.inf file on the removable device (i.e. vaccination), thus preventing it from being read, deleted or modified, in order to block any possible infections on the computer via autoplay (this is an irreversible operation). Panda can auto perform this action for every USB drive inserted in the PC. Plus, you can disable scan suggestions or disable the whole USB protection module.

Wi-Fi protection and rescue kit

The Wi-Fi protection feature oversees your Internet connections and lists all remote devices connected to the same network as you. This way, you can find out if unauthorized users have decrypted your wireless password and are connected to your network. It also shows which devices are linked to which network.

It's possible to find out the remote device's IP and MAC address, manufacturer and timestamp, in addition to the router address, encryption type, authentication mode, and signal. You can disable notifications when connecting to networks with security issues, ask the program to report only networks with low security, exclude any networks from notifications, or deny PC access to any linked device.

The rescue kit is capable of creating a rescue USB drive that can be used to boot infected computers. It can also download, install and run Panda Cloud Cleaner to find and remove malware.

Parental control

The parental control module enables parents, teachers and employees to set restrictions to others using the current computer when surfing the web. Only administrators have access to this feature and they can configure settings for the current administrative account or other PC users.

Panda has a few predefined filters in this regard and gives you the possibility to browse a long list of content types to deny access to: advertisements and popups, alcohol and tobacco, anonymizers, chat, forums and newsgroups, criminal activity, and so on. Moreover, you can deny access to all webpages classified as unknown (which are not part of the list), as well as create two lists with addresses and domains to always allow and deny access to.

Panda Internet Security 2016: View parental control statistics

Panda Internet Security 2016: View parental control statistics

The effects are immediately applied to all your web browsers, and Panda shows a notification with the blocked page and reason. Since this module is only applicable to the current computer, don't forget to set a password to the Panda Internet Security console if you're setting restrictions to the administrative account.

In the console you can check out various statistics collected by the application, namely the most visited websites and categories, along with the denied websites and categories. This information can be filtered for each PC user and for the current day, week or month.

Data shield and application control

Data shield is a security feature that protects specific data from programs attempting to access it, and lets you manage permissions for specific applications. It defends the Documents folder along with Office documents, images, audio and video files by default. However, you can remove folders from the list and add custom ones, as well as edit the file extensions identified by each group or create new groups with custom file formats to protect.

Likewise, you can remove the default programs from the list, change their permission, or add new ones by indicating its launch file and permission: allow or deny access when attempting to access the protected data. It shows a systray message every time an unknown program (any unlisted app) tries to access the protected folders and asks you what to do.

Information about last access attempts can be inspected in the av console, namely the name, full path, date and time for each blocked process. You can forbid access to safe applications anytime, or instruct Panda to deny access to all unknown programs without user confirmation.

The application control component may look the same as the previously described programs list. The difference is that, in the data shield you can set permissions to processes only when they try to access the protected folders you indicate, while application control enables you to allow or deny access to programs when they try to run. Just like before, Panda automatically blocks tools with "deny" permission and shows a systray notification every time an unknown program attempts to run, asking you what to do.

Safe browsing, virtual keyboard, and general settings

The safe browsing module keeps track of URLs you're trying to access on your web browsers and notifies you of reported phishing websites designed to steal your credentials. The av console shows the recorded URLs, reason and date, total blocked links, malware, phishing and fraud, along with URLs allowed by the user. As far as settings are concerned, you can create a list with allowed addresses and domains.

The virtual keyboard enables you to securely type email accounts, user names and passwords on social networking or banking websites, for example, in case anyone installed a keylogger on your computer.

As far as general settings go, you can log in with your Panda account, set a password for accessing the av console, check for updates (these are performed automatically), disable notifications when playing a game or working with another app in full screen, change proxy settings, generate an advanced report, and hide the Panda news notification.

All important events, such as scan, firewall, wireless network and data shield activity, are recorded to reports, which can be printed or exported to file.

Testing the malware detection ratio and scan speed

We tested Panda's malware detection ratio and scan time on an Intel Core i5-4570S CPU @ 2.90hz with 8GB RAM and 111GB SSD Kingston SV300S37A120G, running Windows 10 Pro 64-bit. The target was a 2.36GB folder filled with 8,502 infected files.

Unfortunately, the real-time guard was completely unresponsive during our tests. It didn't react when we extracted the files from the password-protected archive, opening their folder, selecting them, or running them.

We asked Panda to run a custom scan with default settings on the 2.36GB folder. The task took the mind-bending time of 8 hours to finish, after which the av identified and quarantined 6,293 files, leaving behind 2,209 files. We ran three more scans after this, and Panda found and quarantined a few more files with each scan. In the end, it left behind 1,969 items, which means that, overall, it had a malware detection ratio of roughly 77%. CPU and RAM consumption was barely noticeable during this time.

In the following stage our of evaluation, we re-tested the scan time. A critical area scan on the 111GB SSD took 4 minutes, while a custom scan on the Windows directory (23.6GB) took 20 minutes. 

The Good It's available for Windows, Mac, Android and iOS devices. The interface blends well with the Windows 10 look and its options are easy to find. Any module can be disabled and tiles can be removed from the console. 

The parental control and firewall components worked smoothly in our tests. The data shield immediately reacted when unknown programs tried to access the protected folders.

It has a comprehensive help manual that explains most parts of the program.

The Bad As previously mentioned, Panda shows a notification message for the data shield module whenever an unknown application tries to access the protected directories, and it asks you what to do: allow or deny. However, although it doesn't inform you of this, it remembers the choice you make for that process, adds it to the permissions list, and sets its permission type. This means that it will automatically allow or deny access to that program whenever it tries to access the protected folders, until you go to the console panel to revert settings. In other words, Panda doesn't implement two options in the tray message for allowing/denying access only once and always.

The application control module worked well in our tests when denying access to programs that were on the list. However, it didn't prompt us for action whenever an unknown application tried to run, and it didn't deny access when we asked it to do this automatically, except in one case: when we tried opening Panda's virtual keyboard. Plus, just like in the case of the data shield, Panda doesn't have two options for allowing/denying access only once and always.

The safe browsing component missed a few phishing websites in our tests.

It took 8 hours to scan a 2.36GB folder with infected files in our tests (the scanner was a lot faster on different parts of the computer afterward). It had a malware detection ratio of roughly 77%.

While the real-time guard was enabled and Panda was idle, other running applications had a slower response time on Windows 10 and Windows 7.

On a minor note, it's not possible to create, edit or delete categories in parental control.

The Truth Panda Internet Security was difficult for us to test due to the previously described issues. It seems like the developers focused so much on the new look and extra security features that they lost track of Panda Internet Security's main mission: speedy and effective anti-malware protection. We can only hope that the software program gets better in future revisions.

However, you don't have to take our word for it. You can download and test Panda Internet Security 2016 for yourself (the first 30 days are free). Before doing so, make sure to check out our gallery with screenshots for the UI and tests!

NOTE: You can also check out our previous Panda Internet Security 2013 review.

Battling the pirates of the Gulf’s TV airwaves –

Piracy is not a new crime. Most people can recall at some point in their lives turning down a side street in a busy city, or walking along a beach while on holiday, and seeing a sheet laid out on the ground with a selection of pirated DVDs in flimsy, plastic sleeves. Few would choose to watch them, even if they were legal, because the quality was known to be so poor.

But today, technological advances means pirates are more sophisticated. Gone are the days when they brazenly spread their wares on the road; now, they use clever software to hide their locations, steal high-quality content and devise seemingly above-board digital portals to distribute illegally obtained product.

It takes minutes browsing the internet to find scores of websites purporting to broadcast TV programmes otherwise unavailable in that country, or selling cut-price subscriptions to mainstream TV packages.

Yet in most countries across the world, including in the GCC, it is illegal to copy, distribute or broadcast any television channel, programme or clip without the consent of the copyright owner. To watch a pay TV channel, for example, through an unauthorised card sharing or ‘set-top’ box without a proper subscription from the licensed operator, is illegal and considered an infringement of copyright.

So is using an online portal that is not registered to provide services within that particular territory or region — and anyone caught using or providing such services risks being fined or even imprisoned.

In the Gulf, TV piracy is estimated to cost the industry more than AED1.8bn ($500m) a year, according to the UAE’s Department for Economic Development (DED), and the Anti-Piracy Coalition — a group of Middle East-based broadcasters and satellite providers — is ramping up efforts to bring the perpetrators to justice.

The coalition, whose members include pay TV network OSN, MBC Group, the Motion Picture Association of America, du, STN, Arabsat and others, says the biggest effect of piracy is not just the huge revenue loss that occurs across the content and distribution industry — for instance, broadcasters pay up to $300m to acquire the right to broadcast sports events and are unable to recover this investment if pirates air them illegally. It is also the inevitable damage to the whole of the country’s economy if a chunk of its population unwittingly or otherwise helps to finance an illicit trade.

“Governments in the region are beginning to recognise that the economic impact of piracy is not limited to the private sector but also the wider economy,” says David Butorac, chief executive of OSN and one of the Anti-Piracy Coalition’s most prominent members.

“Piracy is a black market economy worth hundreds of billions of dollars in the Gulf, where it is prevalent. These are organised crime groups employing tonnes of people, taking them away from mainstream jobs and affecting the creative and production industries the UAE government in particular is so keen to nurture [through the establishment of new free zones such as Dubai’s International Media Production Zone].”

Butorac adds: “New techniques are constantly being adopted by illegal operators. It is important for everyone to understand the various forms piracy takes and uphold the rights of the authorised providers who invest in such content.”

The coalition says TV decoder boxes, which are used to illegally decrypt pay TV channels, have been proliferating in the Gulf market, prompting aggressive awareness raising campaigns to try to stop the entry and sale of the devices. But, unfortunately, they continue to be available on the black market, along with third-party software, card-sharing programmes and other mechanisms to help viewers easily access pirated material.

In March, the DED and OSN launched a campaign, Do the Right Thing, warning the public against enabling TV piracy by buying unlicensed set-top boxes or illegally downloading programmes. The campaign was aired by 1,200 television broadcasts on more than 20 channels and had 225 radio plays, according to OSN.

Meanwhile, Dubai Police’s Criminal Investigation Department (CID) is clamping down on illegal operators. In recent months it has conducted around 47 raids, Butorac claims, on stores selling pirate TV devices and shut down a string of illegal Internet Protocol Television (IPTV) portals.

Earlier in August, the Dubai Courts imposed a fine of AED50,000 ($13,613) on a distributor of UKTV Abroad packages, an unlicensed IPTV service operating in the UAE, in a ruling Butorac says will help significantly in the fight against piracy. The court ordered that all digital set-top boxes be confiscated from the dealer, a British national. Other well-known IPTV services in the UAE include IP888 TV, Prime TV and Expat TV.

In Abu Dhabi in June, a shop caught selling television subscription packages illegally was fined AED200,000 and ordered to shut down for one year. The business had been selling subscriptions and set-top boxes for Indian provider Dish TV. The Indian manager was deported. In May, officers in Sharjah raided and shut down three stores selling cut-price TV packages.

The Anti-Piracy Coalition has highlighted Indian “overspill” networks as a particular problem as, though not illegal in themselves, they are not authorised to operate in the Gulf. However, the large number of expats coming from the Indian subcontinent provides a strong market for underground distributors of such services — the coalition claims at least 50 percent of Indian families living in the GCC are using pirated receivers for networks such as Dish TV, Airtel, Digital TV, Sun Direct and Tata Sky.

Elsewhere across the Gulf, stores selling illegal hardware have been shut down, including in Qatar, Bahrain and Saudi Arabia — the latter of which was identified as a global black spot for piracy in 2010, when the International Intellectual Property Alliance (IIPA) recommended that Saudi Arabia be removed from the US Trade Representative (USTR)’s Priority Watch List that year because of progress on combating copyright and software piracy. However, in 2013 it was returned to the list because of what the IIPA deemed “unacceptably high piracy rates, the government’s own use of pirated software and a general lack of deterrent enforcement actions”.

Saudi Arabia is working with the Anti-Piracy Coalition and the UAE government to tackle the issue and is now recognised as one of the most proactive in the Gulf.

“Saudi Customs is by far the best regime in the Gulf in protecting IP as evidenced in their proactive seizures in a transparent manner and strong cooperation with rights holders,” says Scott Butler, chairman of the Arabian Anti-Piracy Alliance (AAA).

It is not just English or Indian language content — Arabic language content is swarming the black market, too. According to the latest Digital TV Middle East and North Africa report by Digital TV Research, there are 34.3 million Arabic-speaking free-to-air satellite TV homes in the region and at least 10 percent of these homes also receive pirated premium satellite TV signals. This represents considerable revenue loss to the genuine players, the report notes.

Since the Egyptian authorities became members at the end of last year, the Anti-Piracy Coalition has extended its operations to cover Arabic films. It confirms the certification and ownership of each new film with the Egyptian Chamber of Commerce and reports any breaches of intellectual property rights to the satellite distributors that host suspect channels.

Hanya Atallah, copyright management manager at Arab Media Corporation, told a coalition meeting earlier this year: “Piracy of Arabic content causes tremendous damage to the whole media production sector, particularly here in Egypt. 

“We now know that piracy of both non-Arabic and Arabic content is basically perpetrated by the same group of people. What started as piracy of Hollywood content then mushroomed into whole TV channels airing only pirated, Egyptian Arabic films, and is now stretching to include Arabic — mainly Egyptian, but also Syrian and Turkish — TV series.  The sooner the legitimate members of the media sector and broadcasting sector in MENA cooperate to tackle this scourge, the better.”

Mazen Hayek, official spokesperson for MBC Group, insists piracy “is not increasing” — in part thanks to the efforts of the coalition and GCC governments. “We have reliable ways of tracing rogue operators and have succeeded in counterbalancing the piracy momentum by telling everyone involved that they’re not going to get away with it.”

But it’s still there, he says. “And it’s not only bad for the image of our companies and our regions; it’s an affront on the intellectual property rights of the film and TV studios, content producers, actors and actresses and directors. So it’s a matter of principle for all of us driving this and that’s why we want to send a strong message.”

The ultimate goal is to eradicate piracy, and for that countries need three crucial pillars, says Hayek. These are: clear laws governing the distribution and use of IP, robust law enforcement agencies, and a fast-track, specialised judiciary. On top of this, he says, you need an industry coalition willing to go all the way to stop piracy, and a legal framework that enables all these bodies to cooperate with one another.

“The UAE has very strict rules on IP, counterfeit merchandise, cybercrime and media and sets a valuable benchmark for the region. But other countries need to be more efficient — they need better IP laws and tougher enforcement agencies.”

The AAA’s Butler says: “There is a wide disparity between the effectiveness of various regimes in the GCC in combating counterfeit. The UAE and Kingdom of Saudi Arabia are both leading in terms of overall effectiveness. The authorities are all very vigilant in combating counterfeit, and it has been our experience that the UAE judiciary also routinely issues judgements of deterrence against IP infringements. Similarly, the Saudi ministries are effective in combating copyright and trademark violations.

“More can always be done. The rights holders have an obligation to assist the authorities in complaints and training. Often the counterfeit looks very similar to the original and the authorities need assistance from the rights holders in stamping out this menace.”

But there are serious obstacles to achieving that goal. MBC Group CEO Sam Barnett says: “Piracy is unlikely to be eradicated. Given the popularity of the content, people will always try to find easy ways to access it.”

A major challenge at present is the companies that operate under an otherwise “legitimate” guise, but which provide support and services to the pirates, he says, pointing to the coalition’s recent industry monitoring on the subject, found on its website, which lists which companies are providing the most support to pirates.

“There are some surprising results. Until the so-called ‘legitimate’ companies stop doing business with pirates it is difficult both ethically and legally to make a strong case for steps against consumers.” 

Constantly evolving technology is another difficulty.

“Sophisticated technology makes it easier for pirates to hide their locations behind proxy settings and offer arguably better quality services, but of course it goes both ways,” Hayek says. “The same technology can be used by investigators to track them down and dismantle them.”

An arguably more complicated challenge is changing the consumer’s attitude and viewing habits. An employee of a pirate IPTV channel based outside the UAE, who asked not to be named for obvious reasons, points out that many expats in the UAE and elsewhere in the Gulf use virtual private networks (VPNs) to illegally watch TV produced back home. “However, people prefer to watch on a box via their TV, hence the reason these so-called ‘pirate boxes’ were being sold in the UAE as they had a remote control and you could change channel up and down, access a TV guide and generally have an easy experience than you would otherwise.”

OSN, the source claims, has suffered over the years as its own (legitimate) pay TV boxes were allegedly easy to clone. “They kept having to change cards and boxes and increase security to stamp it out, which I think they have now.”

In a reply to those comments, Butorac says: “The views by the ‘undisclosed source [in Spain]’ are baseless, ill-informed and a deliberate effort to undermine the concerted efforts of the government and the private sector pay-TV providers to fight all forms of TV piracy,”

“OSN has exclusive rights to its own channels and several third party channels as well as exclusive rights to content for the MENA region. The illegal IPTV content providers do not pay royalties to the legitimate content right-holders or the broadcasters, and as their websites show, even offer on-demand content in territories in which OSN holds exclusive rights.”

The source notes: “Part of OSN’s argument [in trying to force illegal boxes out of the marketplace] is that the network provides great entertainment for our customers so they don’t need illegal TV.

“But in my opinion, it is nothing to do with having or not having OSN; it’s about having local TV from home. OSN seems to think that if people didn’t have these boxes they would all have OSN, which is wrong as OSN is full of USA TV series and little UK stuff.”

Butorac says: “One of the arguments used against us is that the reason people go to pirates is that they are cheaper and offer a wider variety of services in the region. But I would argue that of course they can charge lower prices, they are illegal. They don’t have to pay for acquisition rights and staff.

“Just like a pirate newspaper would not have to pay journalists to write the stories as it would steal them from elsewhere, so of course it wouldn’t cost as much to run the operation and it could afford to charge less.  

“When we are investing heavily in new content and technology to constantly improve our offer, we are prepared to fight people abusing the system.”

Hayek believes most viewers “pay their subscriptions and go through the right channels; it’s a minority who consume pirated content and many of those do not even know it’s a crime.”

Thus, raising awareness among the general public is a key plank of the coalition’s plan: if you are a pirate with nobody to sell to, you will go out of business. Ultimately, the coalition believes tougher action should be taken against consumers that consume content illegally.

“The fight against piracy will never end,” concludes Butorac. “It is the same with the fight to protect all types of intellectual property. But we have invested significantly in the infrastructure needed to tackle this and are confident that the vast majority of pirate operators will be eradicated.”

Hayek adds: “The message is clear: piracy is not the route and it is a crime, not some minor infringement of IP rights.

“We are moving from total darkness to total light gradually. We can’t do this in one night but so far our efforts are showing results and that is encouraging. We are sending a strong message that we will not allow this to go unpunished.”

Big OPM breach-services contract set to drop any day now Obama, Xi headed for … – Politico

With help from Joseph Marks, Nolan D. McCaskill and David Perera

$500M OPM DATA-BREACH SERVICES CONTRACT IS IMMINENT — In the next few days, the feds will award a contract worth around $500 million to provide credit monitoring and other services to victims of the Office of Personnel Management breach, a General Services Administration official told POLITICO on Tuesday. The services would include “data breach analysis services, credit monitoring services, identity monitoring services, identity theft insurance, identity restoration services, as well as website services and call center services,” according to an earlier announcement. A refresher:

LLOYD DOGGETT CAMPAIGNING AGAINST EXPERIAN TO GET IT: The Texas congressman last week wrote a letter to the Defense Department suggesting that Experian isn’t suitable to provide fraud-protection services due to a lawsuit filed last month in California by customers who allege that the company negligently sold consumer information to a Vietnamese fraud artist and failed to inform anyone about it.

Why is Doggett so averse to Experian, and why did he write to the Defense Department? His office wouldn’t say. But the identity protection firm CSID, the major subcontractor for victims of a smaller OPM breach revealed in June, is based in Austin, which the Democratic Doggett partially represents. A CSID spokeswoman said the company is not eligible to compete for a prime slot on the new data-breach contract. CSID could serve as a subcontractor, as it did for the firm Winvale in the earlier contract. The Pro story:

The pushback: Experian is “the premier provider of services that protect consumers from fraud,” the company’s vice president of data breach solutions, Mike Bruemmer, said, adding that “the fact that we are involved in frivolous litigation that is completely without merit has no bearing on our ability to provide identity protection services.”

HAPPY WEDNESDAY and welcome to Morning Cybersecurity! Say hello to the crayfish species named after Edward Snowden: Then send your thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

COMING UP THIS WEEK: SUSAN RICE VISITS CHINA — With the turbulent Chinese economy shaking up the U.S. stock market, the state visit from Chinese President Xi Jinping next month could focus on economic matters and move alleged Chinese hacking down on the agenda. But cyber could be at or near the top of National Security Adviser Susan Rice’s list when she voyages to China later this week. In the past, Rice has made the connection between Chinese hacking and the economy. “Cyber-enabled economic espionage hurts China as well as the U.S., because American businesses are increasingly concerned about the costs of doing business in China. If meaningful action is not taken now, this behavior will undermine the economic relationship that benefits both our nations,” she said in a 2013 speech: POLITICO on Rice’s visit:

WHITE HOUSE: OBAMA WON’T ‘PULL ANY PUNCHES’ WHEN XI VISITS — Responding to GOP presidential candidate Scott Walker — who said this week that the administration should cancel Chinese President Xi Jinping’s visit over hacking and other offenses — deputy White House press secretary Eric Schultz said President Barack Obama didn’t “pull any punches” in his own visit last year and wouldn’t this time either. “I can tell you that we have high-level interactions, such as next month’s visit, precisely so that we have the opportunities for the president to resolve, or, if not possible, narrow our differences with the Chinese,” Schultz told reporters Tuesday. “It is through engagement with China that the United States has been able to make progress on issues that are important to U.S. businesses and to the American people.”

CHINA SUSPECTED IN NEW GITHUB ATTACK — Chinese authorities are again suspected of pressuring GitHub following a brief DDoS attack Tuesday morning that followed the weekend disappearance of several anti-censorship tools from the open source repository. China’s history of pressuring the site dates to March, when it launched a days-long, crippling DDoS attack against the site over its hosting of anti-censorship services posted by Tuesday’s attack only lasted two hours, but suspicions immediately turned to China. “I would bet my first born that the [Chinese] authorities are behind this,” said pseudonymous GreatFire co-founder Charlie Smith via email. Smith said that just days earlier, police pressured the Chinese developer of a virtual private network and proxy routing service to remove the tools from GitHub.

The developer, who goes by the handle of “clowwindy,” apparently complied, replacing software code with a terse “Removed according to regulations.” Clowwindy tweeted about his visit from the police, but the account is now set to private. Attempts to reach the developer and the Chinese Embassy in the U.S. for comment went unanswered. China has cracked down on use of circumvention technology such as VPNs to sidestep censorship machinery embedded in the Chinese Internet known as the Great Firewall. “I would expect that there will be a complete crackdown on as many circumvention tools as can be attacked,” Smith said. The DDoS attack, Smith said, was likely a follow-up attempt by Beijing to target other tools hosted on the repository. GitHub did not return multiple requests for comment. More from GreatFire:

YOU’VE GOT (CLASSIFIED?) MAIL: A POLITICO REVIEW OF SENSITIVE CLINTON EMAILS — Some of the emails exchanged on former Secretary of State Hillary Clinton’s private server that appear most sensitive were neither labeled “SECRET” nor “CONFIDENTIAL,” according to a POLITICO review of the 63 emails now formally identified as classified on the State Department’s website and two emails Fox News has said are potentially classified. The Democratic presidential front-runner has maintained that no emails were marked as classified at the time she received them.

— And the State Department IG called out U.S. diplomats in Japan, including U.S. Ambassador Caroline Kennedy, for using private email accounts to conduct official business. According to the report, released to the public Tuesday in redacted form, “OIG identified instances where emails labeled Sensitive but Unclassified were sent from, or received by, personal email accounts."

NCCOE DRAFTS GUIDANCE FOR UTILITIES — NIST’s National Cybersecurity Center of Excellence is out with a draft guide for energy utilities to improve their identity and access management practices. Identity management — enrolling employees into company systems — often gets done piecemeal by different departments each controlling a particular slice, such as physical access, operational systems and information technology. “Yet, unauthorized access to any one of these systems could affect the entire company,” notes NIST. Comments on the draft are due by Oct. 23. More from NIST:

MILITARY PROSECUTIONS FOR ASHLEY MADISON USERS UNLIKELY — Will they or won’t they is the question facing Defense Department officials as they confront some 10,000 .mil addresses in the Ashley Madison dump. Merely signing up for the cheating site isn’t proof of infidelity, which is a crime under military law, service officials stressed to Shane Harris at the Daily Beast. “One official, who asked to remain anonymous in order to speak candidly about military proceedings, said going down the list of would-be cheaters who (however stupidly) used their military email addresses to open Ashley Madison accounts would amount to ‘a witch hunt,’” Harris reported, adding that it would be exceptionally time consuming, too.

There is some precedent for such an investigation, though. Writing for Wired, Kim Zetter found a 2012 email — released by the hackers — from a Marine Corps prosecutor to Mike Dacks, general counsel for Avid Life Media, Ashley Madison’s parent company. The email described a plan to subpoena Ashley Madison customer records for an adultery investigation. Dacks noted in an email to Avid Life CEO Noel Biderman that this was a “novel request” that the company ought to fight, prompting Biderman to ask if Ashley Madison could get some public relations value out of it. It’s not clear how the case was resolved, Zetter writes.

ANOTHER REASON FOR HTTPS NOW! — Cybersecurity researcher Jonathan Mayer says he encountered a Dulles Airport Wi-Fi hotspot operated by AT&T that injected ads into his Web browsing sessions during a recent trip. On-the-spot investigation showed the hotspot was injecting JavaScript into webpages accessed through a normal http connection, Mayer wrote in a Tuesday blog post. Internet traffic delivered over secure http — you probably know it better as https — “is immune, since it’s end-to-end secure,” he added. Major browser makers are attempting to make https the Internet default, a goal that received a boost in June when the federal government committed to upgrading all its public-facing websites to https only. More from Mayer:


— Sven Sakkov, Estonia’s undersecretary for defense policy since 2008, will be the next director of NATO’s Cooperative Cyber Defense Center of Excellence in Tallinn starting Thursday, the center announced Tuesday. Sakkov will succeed Col. Artur Suzik of the Estonian Defense forces, who has led the center since 2012. The NATO center hosts the annual Locked Shields cyber defense exercise, the largest such live fire exercise worldwide. It also hosts the Tallinn Manual process, a collection of academics and experts examining how international law and norms ought to apply in cyberspace.


— The SEC won’t punish Target over its 2013 data breach, the retailer reported in its quarterly results document.

— An audit concluded that the state of California is highly vulnerable to hackers. POLITICO Pro:

— The Defense Department is asking for a $132 million reprogramming for its share of the OPM hack recovery.

— A forthcoming Lexington Institute study recommends six steps for DoD to secure its networks. From the think tank:

— Safeguards against drones flying into other aircraft might make them more hackable. Defense One:

— A Carnegie Mellon student pleaded guilty to crimes associated with planning to plant malicious software on hundreds of thousands of Android phones. The Associated Press:

— Malvertising is up a whopping 325 percent in the past year, says Cyphort.

— Hunter Biden says that Ashley Madison account isn’t his. The Hill:

That’s all for today. Who knew crayfish could be so pretty?

Stay in touch with the whole team: Joseph Marks ([email protected], @Joseph_Marks_); David Perera ([email protected], @daveperera); Tim Starks ([email protected], @timstarks); and Shaun Waterman ([email protected], @WatermanReports).

Street Gangs, Tax Fraud and ‘Drop Hoes’ – Krebs on Security


Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service (IRS). The arrests highlight the dramatic shift in gang activity in recent years from high-risk drug dealing to identity fraud — a far less risky yet equally lucrative crime.

cashgrafAccording to a story last week at CBS in Los Angeles, some 32 members of the so-called Insane Crip gang and their associates were charged with 283 counts of criminal conspiracy, 299 counts of identity theft, 226 counts of grand theft and 58 counts of attempted theft. Together, they are accused of operating a $14.3 million identity theft and tax fraud scheme.

In Elizabeth, N.J., 14 members of a street gang were arrested in a 49-count indictment charging the defendants with a range of “white-collar crimes,” including filing false tax returns and manufacturing fake gift cards to collect thousands of dollars. According to, the money from the scams was used to support members of the 111 Neighborhood Crips and to aid other gang members who were in jail or prison.

“All 14 defendants face charges under New Jersey’s Racketeer Influenced and Corrupt Organizations (RICO) statute,” NJ’s Tom Haydon writes. “Defendants allegedly bought stolen identities of real people for use in the preparation of fraudulent W-2 forms. Those forms were used for fraudulent income tax returns filed early in the tax season.”

Tax return fraud costs consumers and the U.S. Treasury more than $6 billion annually, according the U.S. Government Accountability Office. And that number is by all accounts conservative. It should not be a surprise that street gangs are fast becoming the foot soldiers of cybercrime, which very often requires small armies of highly mobile individuals who can fan out across cities to cash out stolen credit cards and cash in on hijacked identities.

Tax fraud has become such an ingrained part of the modern gang culture that there is a growing set list of anthems to the crime — a type of rap music that evokes the Narcocorrido ballads of the Mexican drug cartels in that it glorifies making money from identity theft, credit card fraud and tax return fraud.


A key component of cashing out tax return fraud involves recruiting unwitting or willing accomplices to receive the fraudulent refunds. Earlier this year, I wrote about Isha Sesay, a Pennsylvania woman who was arrested for receiving phony IRS refunds on behalf of at least two tax fraud victims — including Mike Kasper, the guy who helped expose the IRS’s pervasive authentication weaknesses and later testified to Congress about his ordeal.

Turns out, the sorts of gang members arrested in the above-mentioned crime sweeps have a different nickname for people like Ms. Sesay: Instead of money mules, they’re derisively known as “drop hoes.” In cybercriminal parlance, a “drop” is a person who can be recruited to help forward stolen funds or merchandise on to the criminals, providing a pivotal buffer against the cops for the thieves.

In this Youtube video (not safe for work), a self-styled rapper calling himself “J-Creek” opines about not being able to find enough drop hoes to help him cash out $40,000 in phony tax refund deposits to prepaid debit cards. It’s been a while since I’ve listened to pop music (let alone rap) but I think this work speaks for itself (if rather lewdly).

The artists allegedly responsible for the tax fraud paean,

The artists allegedly responsible for the tax fraud paean, “Drop Hoes.”

Here are a few choice quotes from the song (I cut out much of it, and someone please correct me if I somehow butchered the lyrics here). I think my all-time favorite line is the one about the role of Intuit’s TurboTax: “She got them stacks then went tax on the turbo.”

Without further ado:

“Tax season again
I need a drop hoe bitch
I wanna be your boyfriend”


“I wanna drop hoe
I mean a drop hoe
That’s waitin’ on the debit card to hit the box hoe”

“Shorty gotta a whole crib and a new range
Said her home girl came with a few names
Told me all a nigga need is a laptop
And she gonna show me what to do to make a tax drop”

“Got a check for forty grand she goin’ buy a hummer
Ball hard got it all from playin’ with numbers
Told her when she break me off I’ma buy a crib
And take it straight to the kit to teach her how to whip”

“I ain’t tryna be on trial resident of the state
You think I’m probably going down federal pen
Scared of money stay broke nigga fuck you
And I’ma steal your information on the dub too [W-2]”

“Bitch gimme nuff to fly stay sky high
Man I own a mother fucker on the Wi-Fi
Momma let that money flow cause she got mo
Hey fuck a dime piece bro I want a drop hoe”


“Shorty got big bank with four cars
Say she need an address she got more cards
Wanna be hood rich honey I’ma show you
Told me get a date of birth don’t forget the Social”

“Oh that’s all I gotta do you can bet that
Meet me at the Amscot I need a check cashed
Tryna’ find a drop hoe it ain’t hard
You can look for new rims and a paint job”

“Keep her hair done nails done nice clothes
Curly two strain twists on a micro
More money than you can spend but she get it in
Say she got a boyfriend but he in the pen”

“Thats everybody’s bitch Im’a bite though
I’m the type a nigga give you what you ask fo
Told that bitch I’m comin home like a furlough
She got them stacks then went tax on the turbo”

This is the latest in a series of stories I’ve been writing over the past few years about the growing menace of tax refund fraud. For more in this series, see this link.

By far, my favorite tax return fraudster is Lance Ealy, an Ohio scam artist who went on the lam after being convicted for tax refund fraud, and proceeded to lead U.S. Marshals on a multi-state chase — all the while continuing to file phony tax refund requests in the names of people already in jail (individuals that Ealy compensated by topping up their prison commissary funds).

Tags: drop hoes, Isha Sesay, Lance Ealy, Mike Kasper, tax refund fraud, tax return fraud, turbotax

Stage Stores (SSI) Closing Outlets to Right the Ship –

stage stores stock, outlet stores, stips malls, retail stocks, online shopping

Nearly every city has a Stage brand store, and you probably don't know they are related and part of the Stage Store mother ship, but Bealls, Peebles, Palais Royal, Goodys and Stage stores reside in 450 outlets in every NFL city in America aiming at the midsize, midmarket consumer and are about as representative of consumer demand as a franchise could be.

Today, Stage Stores (SSI) missed numbers, lowered guidance, and is closing stores, knocking shares down 30% in morning trade. I think this is a case of management needing to swallow hard and cut fat as the consumer changes the way they buy — and I expect Stage to invest more money in the online sales product mix and technology in general, a smart move for the company as we head into Q4 2015.

Cutting 90 stores out of 450 cuts a large swath across the retail landscape for Stage Stores, but it really is not surprising as the days of shoppers browsing smaller strip mall locations is replaced by pc or mobile browsing. I have always liked following SSI because they are balls-on accurate as a proxy for consumer sentiment and demand. I love this small-cap company for that reason, and they seem to be doing the correct thing here.

Shares are down 43% for the year with today's miss, but the irony is even with this sell off SSI is above the lows of 2008 when we had a global collapse in stock prices across the board, I think it tells much about how well the stock performs in any environment.

The challenge lies ahead for SSI as they enter the new era of Amazon (AMZN) and software that is eating the world. The skill set of these managers lies in the margin capability and finding a grasp of the mid-market consumer that they can execute quarter after quarter. Jeez, I sound like a pitch man, but I have never owned this stock or been paid to write about them — I just admire them from afar. But what I am really looking at through this lens is the actionable consumer behavior needed to be a market observer in retail and consumer demand itself.

Look for CEO Glazer to pivot SSI and find a way to leverage his customer base and margin capabilities, Stage Store is the kind of stock we follow at, not because it is an explosive growth stock, but because it gives us a window to the ever changing consumer and a chance to right our observation ship.


Steve Kanaval is the author of the upcoming's Small-Cap Throwdown, a premium newsletter designed to help investors identify the best small-cap stocks to add to your portfolio and trading ideas to profit off them. The first issue pits the hottest beverage small-cap stocks against each other to find a winner. Sign-up here for a free issue today!




DISCLOSURE: The views and opinions expressed in this article are those of the authors, and do not represent the views of Readers should not consider statements made by the author as formal recommendations and should consult their financial advisor before making any investment decisions. To read our full disclosure, please go to:

Liked What You Read? Join as a contributor and get eyeballs on your content FOR FREE!

Torrent Site Proxies are Slandered with Suspicious Ads and Malware – SPAMfighter News (press release) reported on 6th August, 2015 quoting a warning of security experts as saying "new research reveals that torrent site proxies, which are often used to access blocked sites, are widespread with malware and suspicious ads. More than 99% were found to insert their own code from a sample of over 6,000 sites." published news on 7th August, 2015 quoting Gabor Szathmari, a British security researcher, as saying "proxy sites will help users access their favorite torrent site but not without first subjecting them to advertisements loaded with viruses. Operators of proxy site and torrent sites, which they leech off, are often paid to broadcast these ads. If genuine websites can not host these vague ads, then logically sites which operate in a legal gray area will perhaps agree to take a paycheck instead."

Szathmari added that the Pirate Bay, ExtraTorrent, Kick Torrents and other major piracy players have become aware of the issue and began blocking infamous proxy and mirror sites. published a report on 6th August, 2015 quoting Szathmari as saying "99.7 of the tested torrent mirrors are inserting additional JavaScript into the web browsing traffic and most of these scripts serve content with malicious intent like malware and click-fraud."

The researcher says that several researched proxies are suspicious because they use code which is either complicated or has a lot of random redirects. These scripts pretty much use the domain name.

The team of ExtraTorrent said that it is a serious thing about malware and they have been fighting against it for a long time.

In the meantime, the Kicka**Torrents team inform their users not to provide their details to proxy websites because they can be misused and hacked.

The clear solution for troubled downloaders is to simply avoid all proxy and mirror sites because sometimes they might be tempting. However, actual torrent sites are not much better: The Pirate Bay has tolerated years of criticism for ads which redirect users to infamous phishing sites that is visible as online sex dens. Even Popcorn Time, the crowned successor to conventionally shady pirate sites, has been forced to consider security errors.

» SPAMfighter News - 20-08-2015

Torrent Site Proxies are Slandered with Suspicious Ads and Malware – SPAMfighter News (press release) reported on 6th August, 2015 quoting a warning of security experts as saying "new research reveals that torrent site proxies, which are often used to access blocked sites, are widespread with malware and suspicious ads. More than 99% were found to insert their own code from a sample of over 6,000 sites." published news on 7th August, 2015 quoting Gabor Szathmari, a British security researcher, as saying "proxy sites will help users access their favorite torrent site but not without first subjecting them to advertisements loaded with viruses. Operators of proxy site and torrent sites, which they leech off, are often paid to broadcast these ads. If genuine websites can not host these vague ads, then logically sites which operate in a legal gray area will perhaps agree to take a paycheck instead."

Szathmari added that the Pirate Bay, ExtraTorrent, Kick Torrents and other major piracy players have become aware of the issue and began blocking infamous proxy and mirror sites. published a report on 6th August, 2015 quoting Szathmari as saying "99.7 of the tested torrent mirrors are inserting additional JavaScript into the web browsing traffic and most of these scripts serve content with malicious intent like malware and click-fraud."

The researcher says that several researched proxies are suspicious because they use code which is either complicated or has a lot of random redirects. These scripts pretty much use the domain name.

The team of ExtraTorrent said that it is a serious thing about malware and they have been fighting against it for a long time.

In the meantime, the Kicka**Torrents team inform their users not to provide their details to proxy websites because they can be misused and hacked.

The clear solution for troubled downloaders is to simply avoid all proxy and mirror sites because sometimes they might be tempting. However, actual torrent sites are not much better: The Pirate Bay has tolerated years of criticism for ads which redirect users to infamous phishing sites that is visible as online sex dens. Even Popcorn Time, the crowned successor to conventionally shady pirate sites, has been forced to consider security errors.

» SPAMfighter News - 20-08-2015

Browser gets foxy at hiding its tracks – Sydney Morning Herald

Outfoxed: Firefox's enhanced browser will make it harder for advertisers to track you online.

Outfoxed: Firefox's enhanced browser will make it harder for advertisers to track you online.

Rather than just cover your tracks on your computer, Firefox's enhanced private browsing mode will make it harder for advertisers to track you online.

Most web browsers feature a "private browsing" or "incognito" mode, which can create a false sense of security. Enabling these modes doesn't actually mask your identify as you surf the web, nor does it hide your activities from your employer or internet service provider. Instead, these modes only delete the telltale signs of your web surfing habits from your computer – such as your browsing history and temporary files like cookies – to hide your activities from other people using that computer.

Popular web browser Firefox is beta testing an enhanced private browsing mode that both erases your tracks on your computer and foils some tricks used by advertisers to track you online. While Firefox and other browsers support the "Do Not Track" standard, many websites refuse to respect this feature so more aggressive anti-tracking measures are required.

Firefox's improved private browsing mode will block elements on web pages used to track people between websites, such as tracking cookies and social media buttons. It may also combat browser fingerprinting – a popular trick with advertisers which examines your installed plugins, fonts and advanced settings to build a detailed profile used to track you even when tracking cookies are disabled.

While attempting to foil advertisers, Firefox's private browsing mode is not designed to avoid employer and government surveillance or to bypass metadata retention schemes. The privacy mode will not mask your location and IP address like a Virtual Private Network. Nor will it sidestep website filtering in the way a VPN or proxy server can reroute your web traffic.

There is already a range of browser plugins designed to address privacy concerns, from Electronic Frontier Foundation's basic Privacy Badger to advanced privacy plugins like Ghostery and Disconnect. Meanwhile privacy-focused search engines like DuckDuckGo, Ixquick and StartPage offer an alternative to Google.

Tips for Optimal <b>Browsing</b> : Remove Zalmos SSL Web <b>Proxy</b> For <b>…</b>

Zalmos SSL Web Proxy For Free extension is very unwanted. 
Users of Google Chrome, Mozilla Firefox, Internet Explorer are suffering a lot from Zalmos SSL Web Proxy For Free. This nasty extension can secretly gets on your PC as a part of your wanted freeware from online and spontaneously installs itself on the target browsers as an extension. A lot of victims report that Zalmos SSL Web Proxy For Free delivers unstoppable adverts on their browsing webpage. And randomly, they are redirected to dubious websites, forcing them to install their corrupted software.

Know more about this annoying Zalmos SSL Web Proxy For Free.   Zalmos SSL Web Proxy For Free will ruin your browsing experience by displaying ads and underling random texts with spam hyperlinks. You are suggested not to click on these ads or links. Or you may be taken to malicious websites setting you up to give access of your PC to hackers, like "Your PC is infected with potential malware, call 1800 number for online assistance at once".

 Once your computer is compromised by Zalmos SSL Web Proxy For Free, additive vicious programs would come after Zalmos SSL Web Proxy For Free, showing up on your PC system without your permission, maybe dealingapp adware, browser hijacker or ransomware CryptoLocker.

And the most terrible issue you have to face is that your every online activities like browsing history, usernames and passwords input and credit card details could be collected by Zalmos SSL Web Proxy For Free with help of tracking cookies generated by Zalmos SSL Web Proxy For Free.

You can remove Zalmos SSL Web Proxy For Free completely by following the steps below precisely.

Guide to Remove Zalmos SSL Web Proxy For Free Completely and Correctly
>>> Guide I : Remove Zalmos SSL Web Proxy For Free completely with the Official Removal Tool Spyhunter (HOT)
>>> Guide II: Get Rid of Zalmos SSL Web Proxy For Free Manually on your own

Guide I : Remove Zalmos SSL Web Proxy For Free once for all with the Automatic Removal Tool Spyhunter (HOT)

In order to remove Zalmos SSL Web Proxy For Free from your machine system, it’s strongly recommended to download and install the official malware removal tool Spyhunter to accomplish it. SpyHunter is a powerful, real-time anti-spyware application certified by West Coast Labs’ Checkmark Certification System and designed to detect, remove and block spyware, rootkits, adware, keyloggers, cookies, trojans, worms and other types of malware.

1. Download The Automatic Removal Tool to end your nightmare

(You have 2 options for you: click Save or Run to install the program. You are suggested to save it on the desktop if you choose Save so that you can immediately start the free scan by clicking the desktop icon.)
2. The pop-up window box below needs your permission for the setup wizard. Please click Run.

Continue to follow the setup wizard to install the Automatic Removal Tool.

It may take a while to download all the files. Please be patient. 

No More Hesitation. Time to scan your PC. Please click Start New Scan/ Scan Computer Now!

Click Fix Threats to remove Zalmos SSL Web Proxy For Free and other unwanted programs completely.

Guide II: Get Rid of Zalmos SSL Web Proxy For Free Manually on your own
Step 1.End up all suspicious related process running the Task Manager

( Tip: If you are not so familiar with computer and want to remove Zalmos SSL Web Proxy For Free easily and safely, you can choose Professional Malware Removal Tool Spyhunter to fix it for you. )

Step 2. Remove related extension/add-on from browsers

Google Chrome :

1. Click on Customize icon (Wrench or 3 bar icon) -> Choose Settings -> Go to Extensions tab;
2. Locate Zalmos SSL Web Proxy For Free and select it -> click Trash button.

 Mozilla Firefox : 

1. Click on the orange Firefox button on the upper left corner of the browser -> hit Add-ons;
2. Go to Extensions tab ->select Zalmos SSL Web Proxy For Free->Click Remove;
3. If it pops up, click Restart and your tabs will be saved and restored.

Internet Explorer :

1. Click on the Tools -> select Manage Add-ons;
2. Go to Toolbars and Extensions tab ->right click on Zalmos SSL Web Proxy For Free-> select Disable in the drop-down menu;

Step 3.Disable any suspicious start up items from Zalmos SSL Web Proxy For Free

 Windows Xp

Click Start menu -> click Run -> type: msconfig in the Run box -> click OK to open the System Configuration Utility -> Disable all possible start up items generated from Zalmos SSL Web Proxy For Free.

Windows Vista or Windows7

click start menu->type msconfig in the search bar -> open System Configuration Utility -> Disable all possible start up items generated from Zalmos SSL Web Proxy For Free.

Windows 8

1) Press Ctrl +Alt+Delete and select Task Manager
2) When access Task Manager, click Start up tab.
3) Locate and disable suspicious start up item according to the directory.

Step 4: Go to the Registry Editor and remove all related registry entries:

1. Click Start and Type "Run" in Search programs and files box and press Enter
2. Type "regedit" in the Run box and click "OK"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ BrowserSafeguard \ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0

Step 5:Restart your computer to take effect.


The longer Zalmos SSL Web Proxy For Free stays on you PC, the more threats it can bring up. The speedy removal of Zalmos SSL Web Proxy For Free is necessary to clean up your PC and regain a privacy browsing environment. If you are not a computer savvy and spend too much time removing Zalmos SSL Web Proxy For Free manually and still have not any progress, you can get help from the Spyhunter. Download and install anti-spyware Spyhunter to remove Zalmos SSL Web Proxy For Free spontaneously for you. 

Burning off your digital fingerprints to protect your online privacy – Sydney Morning Herald

Your web browser leaves a trail of fingerprints as you surf the internet.

Your web browser leaves a trail of fingerprints as you surf the internet.

In an effort to cover your digital tracks, privacy software like TrackOFF is turning its attention to your web browser's incriminating fingerprints.

Between metadata retention, intrusive advertising and the piracy crackdown, Australians are more interested than ever in protecting their privacy online. There are all kinds of tricks for evading tracking and achieving a certain level of anonymity – such as VPNs, proxy servers and proxy chains – but they don't always address the fact that your browser can betray you.

When you visit a website it requests information about your browser so it can serve up an optimised page. The queries go far beyond asking whether you're using Internet Explorer, Chrome, Firefox or Safari – they also check granular details such as which plugins and fonts you have installed.

All this information paints quite a detailed picture, known as your browser fingerprint. This digital fingerprint can be used to track you even if you've blocked cookies, disabled plugins and bounced all your traffic via an obscure VPN server in Switzerland.

Browser fingerprinting isn't just a theoretical threat to privacy, advertisers are already taking advantage of it. They also use an advanced technique known as HTML5 canvas fingerprinting, asking your browser to render an image and then studying the image's characteristics to build an even more detailed profile – helping track you across websites.

Your fingerprint alone probably isn't enough to lead someone to your front door, but it's certainly useful when cross-referencing data in order to track people down. Browser fingerprints certainly fit the description of metadata. If your fingerprint was kept on file then supposedly anonymous web browsing via a VPN might still be traced back to you.

Cover your tracks

Despite the clear threat to privacy, browser fingerprinting hasn't received a lot of mainstream attention. New privacy software TrackOFF is one of the first consumer-focused privacy tools to incorporate browser fingerprinting countermeasures.

Supporting Internet Explorer, Chrome and Firefox on Windows, TrackOFF is a privacy suite which lets you control cookies, manage your browser history and mask your browser fingerprint. Rather than just trying to hide your fingerprint it spoofs those details, basically lying to websites in order to create a mixed trail of fake fingerprints. It achieves this without disabling JavaScript, Flash or other browser features on which you might rely.

After a free trial, TrackOFF costs US$30 per year to protect three computers. You might consider this money well-spent if you're not tech-savvy enough to manually install fingerprinting countermeasures and other privacy tools, or you just don't want to mess around with installing multiple plugins and disabling browser features.

Do It Yourself

TrackOFF is an easy set n' forget solution, but if you'd rather go it alone there are a few tricks to help hide your browser fingerprint.

One option is to block attempts to read your fingerprint. You'll find browser plugins to stop HTML5 canvas fingerprinting, plus you can look to advanced plugins like NoScript and SafeScript which give you granular control over JavaScript and other browser features.

Sometimes these efforts can be counter-productive by making your browser more distinctive. Another option is to make your browser fingerprint as generic as possible. Using the TOR browser presents a more generic fingerprint, but TOR is slow, it disables advanced browser features and it's generally overkill for everyday web surfing.

Another extreme option is to spin up a fresh install of your operating system as a virtual machine and use the default browser with all the default settings.

An easier technique might be to follow TrackOFF's example and regularly change your fingerprint. Simply tweaking it might not be enough, don't assume that disabling a few plugins or just spoofing your User Agent will do the trick. Some browser plugins offer more granular control over fingerprint spoofing, but you'll also need to address tracking cookies and other privacy threats if you're serious about covering your tracks.

How concerned are you about your online privacy and what do you do to protect it?