Phishing test didn’t work

Penny2
Penny2 Posts: 4 New Member

Recently acquired Freedome on £22pa deal, when I tried to test phishing through the Amtso site it replied that the protection hadn’t worked and to contact you. Please advise.

Comments

  • Ukko
    Ukko Posts: 3,727 Superuser

    Hello,

     

    My own unofficial suggestion: your connection to testpage was under HTTPS-protocol. As result, Freedome do not intercept such traffic (break SSL-connection). Possible to check this by switch protocol from HTTPS to HTTP;

    Or re-check Freedome with one of next F-Secure test-websites:

    https://community.f-secure.com/t5/Home-Security/Safe-Browsing/m-p/88818#M3178

     

    As potential official response about related concern:

    https://community.f-secure.com/t5/Protection/PSB-Freedome-VPN-IOS-dosen-t/td-p/101429

    ^ discussed there.

     

    Thanks!

     

  • Penny2
    Penny2 Posts: 4 New Member

    Thanks, these sites were blocked. Strange thing is I was sent to the original testing site through the Freedome site. So I am confused. If the original testing site didn’t work, but the ones you sent me did, how can I be sure that Freedome will block all malicious sites?

    Thanks for your time.

  • Ukko
    Ukko Posts: 3,727 Superuser

    Penny2 wrote:

    Thanks, these sites were blocked. Strange thing is I was sent to the original testing site through the Freedome site. So I am confused. If the original testing site didn’t work, but the ones you sent me did, how can I be sure that Freedome will block all malicious sites?

    Thanks for your time.


    Hello,

     

    Sorry for my long reply.

     

    In short: good to use another layer (as addition to F-Secure Freedome VPN) as another type of security software (like F-Secure SAFE/F-Secure Internet Security or so). Because main design of F-Secure Freedome is VPN-software/service (ability to use 'strange' public Wi-Fi networks with more secure-state; AND as potential point -> certain Virtual Location and it's 'not your' IP). Other things with Freedome is 'additional' security features (which can be there with limitations and exceptions).

     

    Just as clarification: I'm also only F-Secure user (their home solutions) and not an official F-Secure staff. So it will be only my own unofficial feelings. And will be good if any official responses from F-Secure Freedome comes too.

     

    • AMTSO phishing testpage is third-party website (another company); Anti-Malware Testing Standards Organization (AMTSO™). Purpose is 'ability to provide some validations for users that supported security solution is work' (design). Previously AMTSO webpage was under HTTP protocol; Currently it switched to HTTPS-protocol (secure connection). And potential explanation (official feedback by F-Secure) possible to read there: https://community.f-secure.com/t5/Protection/PSB-Freedome-VPN-IOS-dosen-t/m-p/101803/highlight/true#M767 . But I'm not sure how it will be sorted.
    • F-Secure Freedome mainly work as VPN-service. Where Tracking/Browsing Protection features are additional security features to main design. And potentially it block (by blocking access to website) only during HTTP-connection (potential Knowledgebase-articles about such concern about Tracking Protection feature: first example-article and What is Tracking Protection). With meanings that blocking website under HTTPS-connection should be with interception your traffic (break secure connection; SSL-design).  This is not always good. OR it can be with more safe tweaks/configuration - but which maybe not reasonable to use with F-Secure Freedome (or maybe not possible).
    how can I be sure that Freedome will block all malicious sites?

    Maybe answer can be with different-points for certain platforms (Windows, iOS, Android...) and some other limitations.

     

    But, generally, F-Secure Freedome is not certain security solution which will block all malicious websites. Usually, it should be covered by main security solution like F-Secure SAFE, F-Secure Internet Security with browsing protection modules. BUT:

    • Freedome will block all known malicious (and suspicious)-rated websites which works under HTTP.
    • possible to use F-Secure Tracker Mapper feature (as temporary log-list for blocked 'items' - if there is any blocked data). Or just as 'visible' count of blocked harmful-rated websites or tracking-attempts under UI. Kind of 'visible' count that Freedome perform some actions.

    Potentially, opening known harmful-rated website under HTTPS-protocol -> possible with active F-Secure Freedome. With such situation -- good to use not only F-Secure Freedome VPN software/service - but also some common security solutions (F-Secure SAFE/IS or any other solutions from other companies with abilities to provide more layers). It's anyway should be useful.

     

    I able to suspect that many harmful/malicious websites still with HTTP (but it, most likely, exception already). F-Secure Freedome will block all of them (known for F-Secure) - when Freedome is active.

    If harmful-rated page is opened with HTTPS -> so, I'm not sure what is official statement of F-Secure Freedome Team about such situation. Except, that they should suggest to use additional direct security software. As quote about Freedome design:

     

    Some of your browsing happens over encrypted communications (HTTPS/TLS/SSL), and in those cases Freedome cannot decrypt the communications and remove the tracking cookies. As an example, you most likely appreciate that Freedome does not intervene your safe online banking connection. 

    But, not sure, does such situation with Freedome/blocking harmful-rated-websites/HTTPS is expected anyway. Since for block it - not always required to decrypt the communications.

     

    Also, possible to check some Knowledge base articles:

    https://community.f-secure.com/t5/F-Secure/tkb-p/freedome@tkb

    Maybe it covered with some of them (?!). Or just as 'more information' about Freedome.

     

    Thanks!

  • Penny2
    Penny2 Posts: 4 New Member

    Thanks for your long and thoughtful reply. Sadly the operating mechanisms of the internet are a bit of a mystery to me, so I wasn’t able to fully follow your explanation, although I gather that Freedome should work to protect most me from most malicious sites, both when I am at home and if I use a free wi fi connection in the Uk or abroad. As I am paying for this service I want it to be as secure as possible so need to weigh up whether or not it is doing what I expect and If I am getting value for money. As you say hopefully a Customer Service person from FS Secure will be able to reassure me.

  • Näsäviisas
    Näsäviisas Posts: 784 Superuser

    I'm not customer service person, but only user of F-S apps.
    On the Finnish forum is similar case.
    The reply is in English:
    F-S Productdevelopment is aware of this problem with Amtso and Freedome.
    They are working with this problem and they try to find a solution so soon as possible.
    This problem arise from those changes on there own (Amtso) testsites.

    If you want more security, buy Safe too.

    Näsäviisas

  • Penny2
    Penny2 Posts: 4 New Member

    Thanks.

  • Hi Penny2 and Ukko,

     

    We're aware of this and our Freedome team is working on solving this issue. This occurs due to the changes done at the AMTSO test site. AMTSO test stopped working as AMTSO moved it to work as HTTPS only – and we don’t see even the full URL of the page then, only the domain part.

     

    As we do not do Man-In-The-Middle attack to the HTTPS traffic in our service to respect and ensure the privacy of our users, we can’t block that. We’re working on replacing the test. Scanning HTTPS traffic would be possible with a browser plugin, but as Freedome works on the network level and not within a browser, it is not an option now either. F-Secure Safe has browser plugin too for Android, Windows and Mac.

This discussion has been closed.
Feedback on New Design