Why Google with F-Secure Search?

F-Secure's latest version of AV includes a safe search.  This is good and returns us back a year or more when we had this.

 

But I do not believe the NSA is the only devil on the Internet.  Google, Yahoo, Bing, Facebook, and other vendors hoover up our personal data like NSA-wannabes.  Why not use Duckduckgo or Ixquick, search companies which are not on a Blues Brothers mission from God to use our personal data for corporate profit? 

Best Answer

Answers

  • NikKNikK Posts: 931

    I believe the reason is rather simple: Google is probably the best and most accurate search engine.

     

    "Wondering what makes F-Secure Search so good? First of all, the web-link ratings are powered by F-Secure’s own best-in-class reputation engine. If you have ever tried F-Secure’s Browsing Protection you will be familiar with how this works. We F-Secure fellows are extremely proud of the hard work and effort that we have put into making our Labs engines as amazing as it is today.

     

    On top of that, to develop this product we partnered with one of the industry’s best and most popular search giants – Google. I’m sure we don’t need to explain how accurate Google’s search results are or how popular Google has become until people use the word ‘Google’ as an verb in their daily conversations."

     

    From http://safeandsavvy.f-secure.com/2013/11/11/introducing-safe-search/

     

    A personal note:

    I've tried replacing Google with other search engines but the truth is I tend to go back to Google for the simple reason that it gives me better search results.

    An advice: First search with other engines. If unhappy with the results, then try Google. Or simply search through an anonymous Web Proxy.

    PS. Watch out for computer versions of Freedome that'll be released in 2014. "Vanish from trackers. And set your location to be anywhere in the world"

  • NikK wrote "I believe the reason is rather simple: Google is probably the best and most accurate search engine."

    So when is F-Secure going to announce its partnership with the NSA?  Maybe the partnership will be described as Data Fellows.  After all, the NSA has the most comprehensive data.

     

    I guess I disagree with the opinion of Mikko, Bruce Schneier, and others that data collection is unacceptable when performed by governments, but acceptable when performed by corporations.  I think both are unacceptable.

     

    Thanks for the tip regarding Freedome, but it appears to be app-only, i.e. only for smart phones, tablets, and Windows 8.  I mainly use desktops and laptops running 7 or Linux.

     

    P.S. For those who thought that the above was a little too serious, know that Data Fellows was the first name of F-Secure.

  • ChrissyChrissy Posts: 439

    Regarding Freedome, I'll have to check with you about the PC/Mac versions, as it seems that rolling out the mobile versions is the current priority.  But I'm anxious to get that eventual PC verison myself Smiley Wink

  • NikK wrote "I see your point and the answer is Never !! Another good thing to read: Policeware (good or bad?)"

    F-Secure's policy on refusing to kow-tow to government or mafia organizations is a prime reason why I use its AV (the other is its superb protection as measured by AV-TEST and AV-Comparatives), though I am more concerned about Russian cyber-criminals.  And, of course, allowing a back-door for governments might allow cyber-criminals to enter via the same door.

    NikK wrote "Spying however is not the same as tracking"

    Google has become a quasi-monopoly.  I think many Google employees and users still believe in its fairy tale of "Don't be evil" as if slogans actually meant something.  Glass (and other cyborg wear) will be incorporated into Google's other data tracking actions.  Yes, Google will back into it, as compared to the NSA's assertive walk forward, but the results will be the same.

    Did you hear that Google CEO Eric Schmidt visited North Korea in January 2013?  He was not on any diplomatic mission.  The only plausible explanation is that he wants North Korea to allow a Google Maps Car to travel North Korean roads.  Google would make a killing (via Google ads) on users wanting to vicariously visit North Korea.  Given how North Korea imprisons, tortures, and executes its people, that makes Schmidt a Quisling or Kuusinen.

    The Guardian article, "Eric Schmidt in North Korea: Google chairman's step into the unknown," reported on Schmidt's excellent adventure in North Korea.

    I apologize to the moderator for my political rant.

  • PaiviPaivi Posts: 80

    We are planning to release the desktop version of Freedome in few months. We keep you posted when a beta version is available for testing.

  • NikKNikK Posts: 931

    Thanks Paivi for that information, looking forward to it!

     

    @baroque-quest 

    BTW, besides NoScript(which I remember you use) there's also Ghostery which is more focused on tracking. If you set the options to block all tracker categories it'll for example make the NoScript option "Temporarily allow all on this page" safer to use regarding tracking. Here's an example where I've temporarily allowed all scripts with NoScript, but Ghostery still blocks the one from Google. As you can see at the bottom of the screenshot I've verified it with Developer Tools - Network(F12), selecting "JS"(JavaScript). The Google script is not in the list. Only if I allow it in Ghostery too does it show up there. I really like that!

    Ghostery.png

     

    Internet Explorer 9 and later has a similar built-in function called Tracking Protection. What I think most people don't know is that you don't need to use a Tracking Protection List to benefit from its features. You just enable the pre-defined "Your Personalized List" and set it to automatically block. When something is blocked you'll see a blue icon to the right in the address bar. Click on it and you have the option to unblock the blocked content for that specific site. It basically works the same way as Active-X Filtering does.

  • NikK wrote "besides NoScript(which I remember you use)"

     

    Yes, I do, along with Duckduckgo.  I also did not install Flash on Firefox (I have that on IE for watching video).  I use Firefox for relatively safe surfing.  I also installed EMET 4.1.  Darn the torpedoes, uh, malware; full speed ahead!

     

    Thanks for the references to Ghostery and Tracking Protection.  The graphical example you gave for Ghostery was most enlightening.  Time to play with it!

     

    P.S. F-Secure's website blocks the word composed of 'd' and 'a' and 'm' and 'n'?

  • NikKNikK Posts: 931

    EMET is a great protection! If you haven't seen this I suggest you take a look: Security products that complement F-Secure AV/IS 

     

    I never install add-ons in IE but I decided to try Ghostery. Guess what, F-Secure blocked the download. I see the Online Safety statistics increase the count for "Potentially harmful web sites blocked" for every download attempt. Since I can't download the file I scanned the download URL on VirusTotal  The reason according to herdprotect is that it "has been known to bundle potentially unwanted software". A typical thing that I assume Malwarbytes Anti-Malware would've picked up if F-Secure hadn't. (I have both on real-time protection)

    NOTE that this is only for IE and NOT for the Firefox add-on. The Firefox version is clean on VirusTotal so no worries!

     

    A Ghostery advice: don't check "Enable GhostRank" as it collects data. It claims to collect only anonymous data, but I prefer not collecting anything.

     

    Regarding Plugins in Firefox one safer option is to set them to "Ask to activate". IE has the similar Active-X Filtering.

     

    Regarding IE and Tracking Protection I forgot to mention that you should set the Number of websites to 3 which is the minimum. It's represented by the "Used By" column in the list. I think it's buggy so you have to click the Refresh button to get an updated list. It's good but not as good as Ghostery IMO.

     

    IE the safest browser? 

    Probably unlike many others I prefer IE as my "safest" browser. IE has a lot of security settings, probably too many to change individually. But it's when you set Security Level for the Internet Zone to High they really come in to play, along with Blocking all cookies for the Internet Zone.

    Then you add sites or domains as "Trusted Sites" and set these to Security Level Medium or Medium-High. The only problem is that some sites also have scripts from different domains, so you need some skills to set it up properly. For example: for this community it isn't enough to allow *.f-secure.com you also need to allow fsecured.i.lithium.com because this site is based on the Lithium platform. Developer Tools(F12) is a great help for this, but certain sites as Facebook is perhaps to complex for this approach.

    If a site doesn't work due to the High security setting and I don't want to add it as a Trusted Site, I run it with default security settings in Sandboxie.

     

    In fact, when a zero-day vulnerability is detected Microsofts recommendations usually is to install EMET and switch the Security Level to High. So why not always use that Smiley Wink

  • SimonSimon Posts: 2,572

    So, this EMET thing - if I install it, what will it actually do?  Can I just use it's default setting, and forget it, or will it keep pestering me every time I want to do something on the PC?

  • NikKNikK Posts: 931

    I've described EMET here (below Malwarebytes) Click the "Spoiler" for more info. There's also troubleshooting tips and a link to an extensive review.

     

    Short answer Yes, install and forget. If any of the programs EMET monitors are exploited with the "techniques"(mitigations) activated for that specific program, EMET will stop that process and alert. If you never come across an exploit you'll never notice EMETs presence, besides its systray icon.

    If you're unsure about using maximum settings, then use the recommended settings.

  • NikK wrote "I assume Malwarbytes Anti-Malware would've picked up if F-Secure hadn't. (I have both on real-time protection)"

     

    I was trying to determine if F-Secure had a problem with MBAM Pro.  So it does not.  You are a wealth of information!  Smiley Happy

  • Simon wrote "Can I just use it's default setting"

     

    I strongly recommend taking the default (recommended) settings until you are familiar with EMET.  Last Patch Tuesday or the one before it had two updates for EMET 4.5.1.  These updates broke EMET (with custom settings) on my systems and those of others (IE would not start, with EMET complaining of caller mitigation; I ended up uninstalling EMET, uninstalling the two NET 4.5.1 updates, reinstalling the two NET 4.5.1 updates, and reinstalling EMET).  My professional opinion (with the operative word here being "opinion") is that EMET is a little touchy with respect to NET.  Make sure you have all current NET updates before installing EMET.  If you install a fresh copy of W-7, Microsoft Updates will skip NET 4.0 and go straight to 4.5.1.  By the way, EMET 4.1 is the most recent.

     

    "will it keep pestering me every time I want to do something on the PC"

     

    As NikK said, you will rarely notice that it is running.  It is not like UAC.  It does add a few seconds to start-up, however.

  • SimonSimon Posts: 2,572

    @baroque-quest wrote:

    Simon wrote "Can I just use it's default setting"

     

    I strongly recommend taking the default (recommended) settings until you are familiar with EMET.  Last Patch Tuesday or the one before it had two updates for EMET 4.5.1.  These updates broke EMET (with custom settings) on my systems and those of others (IE would not start, with EMET complaining of caller mitigation; I ended up uninstalling EMET, uninstalling the two NET 4.5.1 updates, reinstalling the two NET 4.5.1 updates, and reinstalling EMET).  My professional opinion (with the operative word here being "opinion") is that EMET is a little touchy with respect to NET.  Make sure you have all current NET updates before installing EMET.  If you install a fresh copy of W-7, Microsoft Updates will skip NET 4.0 and go straight to 4.5.1.  By the way, EMET 4.1 is the most recent.

     

    "will it keep pestering me every time I want to do something on the PC"

     

    As NikK said, you will rarely notice that it is running.  It is not like UAC.  It does add a few seconds to start-up, however.


     

    Thanks for the advice, but I've had to uninstall it, as it crashed my Outlook 2007 every time the PC started.  All oif the boxes are ticked for Outlook, so I don't know what's going wrong, but to be honest, I've lived without it all this time, so I can't really be bothered to investigate it too deeply.

  • NikKNikK Posts: 931

    If you change your mind (and to other people reading this):

     

    If a program isn't compatible with an EMET mitigation, take a note of which mitigation it was and uncheck it for that program. For example I sometimes had Caller Mitigations when using the preview pane in windows explorer or when double-clicking certain file types in windows explorer. That's why I wrote this (from previous link):

     

    EMET troubleshooting

    I recommend to launch and test all programs monitored by EMET: test locally and on trusted sites(for programs that uses internet). Test compatibility with windows explorer preview pane and double-clicking file types in windows explorer for any incompatible caller mitigations etc. That way you'll get rid of any incompatible settings and EMET false alerts.

    If you add programs yourself, it's a good idea to only add one program at a time and test it as described above. If any pre-defined program(or programs you've added yourself) is not compatible with all EMET mitigations, it will crash(EMET ending the process). Find out the type of mitigation EMET detected for that program, and uncheck that mitigation for the program in EMET, and try again. The type of mitigation detected is shown in the EMET pop-up alert and can also be found in Windows Event Viewer.

  • SimonSimon Posts: 2,572

    I consider myself an 'average user', with enough knowledge to get me by, and to sometimes be able to help others with the basics.  EMET seem too much like hard work to me, so I doubt I'll change my mind, but good luck to anyone else who tries it.  :)

  • NikKNikK Posts: 931

    Well It's not for everyone and probably the reason why not so many "average users" have heard of it.

     

    I just read an (to me ;-) interesting related article, to demonstrate how much more difficult it is to bypass EMET. If you succeed you can get awarded with $100,000

     

    http://threatpost.com/latest-microsoft-100000-bounty-winner-bypasses-aslr-dep-mitigations/104328

  • BlackcatBlackcat Posts: 511

    So yet another reminder that there is no single security measure that is 100% infallible.

     

    Yes, EMET can be a very useful free tool but there is a potentially a very large userbase without technical knowledge where configuring EMET correctly would be an impossibility for them.

     

    Overall, the average user popping in here for help has enough problems in uninstalling their old AV and then installing F-Secure correctly; configuring EMET would be totally beyond them. 

     

     

  • NikKNikK Posts: 931

    I agree! So we might as well also mention Malwarebytes Anti-Exploit as an alternative to EMET (which I remember you also mentioned before, Blackcat). It's much easier and more targeted to the "average user". It's also free but still in Beta. (maybe that's why it's free?!)

     

    As a fresh example why it's good to have an exploit blocker - Yesterdays critical Adobe Flash Player zero-day vulnerability. As mentioned in Malwarebytes blog :

     

    "Basic security measures such as keeping your computer up-to-date, running antivirus and anti-malware solutions go a long way but still leave a small window open for zero-day attacks. Exploit mitigation software such as Microsoft’s EMET or our own Malwarebytes Anti-Exploit aim at closing that gap."

     

     

  • BlackcatBlackcat Posts: 511

    Malwarebytes Anti-Exploit has regressed" to an alpha-candidate because the code "has been completely re-architected and (now) works as a Windows Service; https://forums.malwarebytes.org/index.php?showtopic=141741

     

    An alternative anti-exploit product, which I have been running for a few months now is SurfRight's HitmanPro.Alert., as it has CryptoGuard protection; http://www.surfright.nl/en/alert/cryptoguard

     

    But a new version 3 will be released in beta form in a week's time. 

     

    SnapCrab_NoName_2014-2-21_16-53-7_No-00.png

     

    SnapCrab_NoName_2014-2-21_16-53-25_No-00.png

     

     "Safe browsing (Intruder scan), CryptoGuard, Keystroke encryption, Webcam notifier, Hollow Process blocker and Vaccination against vm-aware malware are all in the free version. These are all signature-less features and ensure that you are alerted in case of banking trojans, crypto-ransomware (like Cryptolocker), Remote Access Trojan (RAT) or other malware on your system" . But the exploit protection will require a paid license.

     

    http://www.surfright.nl/en/home/press/surfright-announces-alert-3

     

    http://dl.surfright.nl/Alert-3/HitmanPro-Alert-3-Datasheet.pdf

     

    http://blog.check-and-secure.com/hitmanpro-alert-cyber-vaccine-volume-3-announced/

     

    Looks promising.

     

  • NikKNikK Posts: 931

    Indeed it looks promising, thanks for the information @Blackcat 

    The comparison is impressive:

     

    exploitComparison.png

  • BlackcatBlackcat Posts: 511
    Should be released in next couple of days.
  • NikKNikK Posts: 931

    Blackcat, do you know if it's compatible with EMET, or if it's best used without it?

     

    Regarding EMET, a report was released a few days ago saying "we found ways to bypass all of the protections in EMET". A good thing is that EMET 5.0 will be improved because of this. A bad thing that it still might be possible to bypass EMET protection for determined attackers. EMET 5.0 Beta was released 25 Feb 

    http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/

     

    From the Conclusions section in the report PDF:

    However, as was seen in our research, deploying EMET does mean attackers have to work a little bit harder; payloads need to be customized, and EMET bypass research needs to be conducted. Thus, EMET is good for the price (free), but it canbe bypassed by determined attackers. Microsoft freely admits that it is not a prefect protection, and comments from Microsoft speakers at conference talks admit that as well. The objective of EMET is not perfection, but to raise the cost of exploitation. So the question really is not can EMET be bypassed. Rather, does EMET sufficiently raise the cost of exploitation? The answer to that is likely dependent upon the value of the data being protected. For organizations with data of significant value, we submit that EMET does not sufficiently stop customized exploits.

  • BlackcatBlackcat Posts: 511

    Hi NikK

     

    yes it fully compatible with EMET Smiley Wink

     

    And all recommendations from Bromium's paper are already in Alert 3, including deep-hooks-only (NtProtectVirtualMemory) and full 64-bit ROP detection. 

     

    SnapCrab_NoName_2014-2-26_22-6-59_No-00.png

     

    The "currently known" and "most exploits" limitations of EMET are history when using Alert 3.0.

     

    EMET 5.0 here; http://www.youtube.com/watch?v=lP9Vtg1FvEQ

     

    Overall, at this stage Hitman Pro Alert 3 seems a much easier and better bet of the two. Roll on the gold version.

  • NikKNikK Posts: 931

    Great, thanks!

     

    Yes, but in that case why not use both was my thought. EMET also has website certificate protection, for IE that is.

    I'll follow the development for Alert on WildersSecurity (which I assume you already do ;-)

    A summary of the most interesting facts in my eyes:

     

    • Safe browsing (Intruder scan), CryptoGuard, Keystroke encryption, Webcam notifier, Hollow Process blocker and Vaccination against vm-aware malware are all free. These are all signature-less features and ensure that you are alerted in case of banking trojans, crypto-ransomware (like Cryptolocker), Remote Access Trojan (RAT) or other malware on your system. These features are free and remain free.
    • Only the exploit mitigation feature requires a license. If you already have a HitmanPro license, then you get exploit mitigation for free. Alert and HitmanPro use the same license.
    • Full compatibility with both EMET and MBAE. Alert can get mitigation profiles from the cloud for optimal configuration and compatibility.
    • If you use Sandboxie you have to add \Device\NamedPipe\hmpalert to Full Access
This discussion has been closed.