In addition, all versions were examined in terms of whether the PE files are signed with a valid certificate.
|
|
- Allen Holmes
- 7 years ago
- Views:
Transcription
1 20th November 2015 created by Markus Selinger Self-Protection in Windows Applications: How Secure are PDF Readers, Java and Browsers? Well-known Windows software is repeatedly criticized for being an Achilles' heel for exploits. That is why AV-TEST tested the latest Windows software and also browsers, file archiving applications or PDF readers in terms of whether they deploy the additional protection technologies DEP & ASLR and digitally sign all executable files. The result is encouraging, yet it is also a wake-up call for some manufacturers. In many statistics, well-known applications, such as the Adobe Reader or Java, for instance, are cited as an Achilles' heel for malware. Manufacturers of software security software, and even Microsoft, are always admonishing other software producers. But is it in fact true that Windows applications have too many vulnerabilities and do not deploy the available DEP & ASLR selfprotection for files? And what about the use of Microsoft Authenticode Code Signing technology, which issues a type of digital certificate for files, thus making them easily identifiable? These are all questions to which the labs at AV-TEST can provide competent answers. Just under 20 popular applications in the lab check AV-TEST recently examined the latest security suites repeatedly in terms of their self-protection and once again revealed many vulnerabilities. In the second major test, the lab examined whether the Windows applications deploy the technologies for selfprotection. This involved examining popular PDF readers, browsers, office programs, file archivers, graphics software and Java versions. Wherever available, each application was examined in the 32-bit and 64-bit version under a 32-bit and 64-bit Windows system: - PDF readers: Adobe Reader, Foxit Reader, PDF-X-Change Editor - Browsers: Chrome, Firefox, Opera - Office packages: Free Office, Libre Office, Microsoft Office, Open Office, WPS Office - File archivers: 7Zip, WinRAR - Java: the latest updates of Version 5 to 8 - Graphics software: ACDSee, GIMP, IrfanView, Paint.Net In the test, only the user-mode PE (portable executable) files for 32- & 64-bit versions were placed under scrutiny. All the other files were irrelevant for the test. The PE files include, for example:.exe or any "executable" program or module.dll or "dynamic link library", a program library.sys or "system" software.drv or "driver", a driver file for a device In addition, all versions were examined in terms of whether the PE files are signed with a valid certificate. Important: On the particular 32-and 64-bit applications, the lab always examined all PE-files, regardless of whether they work with 32 or 64 bits. Because even in the 64-bit version, files also work in the background with 32-bits. The converse naturally applies as well. Also important is the fact that several software providers equip individual files with special protection that is not compatible with DEP & ASLR. That is why they cannot reach 100% in the tests. The self-protection could be better Among the most well-known applications with negative headlines are the Adobe Reader and Java. If we look at the evaluation table, however, these applications are almost model citizens in the use of DEP & ASLR. This trend is clearly visible especially in the Java versions. Whereas up to the old Version 6, the technology was not even used, now already as of Version 7, it is used seamlessly up to the Version 8 Update 60 available in the test.
2 For the major browsers, there is also widespread, but certainly not full-range, deployment of DEP & ASLR. While Firefox achieves a 100% deployment rate in Version , in Version , the average drops below 90%. The Opera browser perfectly utilizes DEP & ASLR in connection with the 32-bit files. The one existing 64-bit file is in turn ignored. Unfortunately, the Internet Explorer is not on the list. This is because it is so deeply embedded into the Windows operating system, the files used cannot be clearly isolated. An assessment would thus only be very vague and is therefore rejected by the laboratory. For the office applications, the use could not be more heterogeneous. Microsoft Office 2016 relies almost entirely on the protection, WPS Office uses the additional protection above 80%, Libre Office uses it partially, but Free Office doesn't use it at all: 0 percent. Open Office only protects its 32-bit files. For the 64-bit files, the deployment is zero. For the frequently-used open source software packages 7Zip and GIMP, disastrously, not a single file is additionally protected. But other software packages like ACDSee Ultimate or IrfanView do not use DEP & ASLR consistently either. Files without a signature can be a risk The next phase of the test examined whether all PE files have a signature along with a valid certificate. Along with an additional hash value, these help towards securely identifying a file. If a file is not equipped with this information, a security suite cannot precisely determine whether the file exists as an original or whether it is a manipulated file. This often results in error messages to the user, or even blocked applications for security reasons. Security solutions do have additional tools for checking the file, such as a sandbox, but that's additional time and effort and wasted performance, which does not have to be. After all, applications such as Adobe Reader have often been harnessed to break into PCs. For this purpose, cyber-criminals will seek out any vulnerability and exploit it. Unsigned files are also considered by experts to be potential vulnerabilities. In this context, especially in the case of the Adobe Reader, it is baffling as to why only the 64-bit files are cleanly signed, whereas up to 50% of the 32-bit files are not. The files of PDF-Exchange are only completely signed in the 32-bit version. For the Foxit Reader, on the other hand, everything is in perfect order. For the browsers, only Chrome and Opera had no unsigned files whatsoever. For Firefox, there are still individual unsigned files. The Internet Explorer was not included in the testing for reasons already mentioned under DEP & ASLR. Microsoft Office with an expired certificate In the segment involving Office applications, Free Office does not sign any files and Open Office hardly any. WPS Office and Libre Office have 5 to 10 percent unsigned files on board. For Microsoft Office 2016, while there were no unsigned files, one of the files in fact had an invalid certificate. This circumstance is all the more reprehensible, because after all, the Authenticode Code Signing technology comes from Microsoft, and the manufacturer should set an example with all its products. An inquiry submitted to Microsoft remained unanswered at the time this article was published. For the file archiving applications, the situation in terms of signatures is almost identical to the use of DEP & ASLR: For 7Zip, not one single file is signed, for WinRAR only a few files. Java is also frequently the target of attackers, as it is deployed on many devices. Only in Version 7 were all of the files cleanly signed. In Version 6 and 8, there continue to be individual unsigned 32- and 64-bit files. Conspicuous open source software The frequently-recommended graphics application GIMP is an open source software. In all its versions, roughly 50 to 70 percent of its files are unsigned. Yet other graphics programs are not exactly paragons of reliability either, although the number of unsigned files is significantly lower. Thus, there were unsigned files in all the other applications examined, such as IrfanView, Paint.Net or ACDSee. In ACDSee, even 2 files in the 64-bit version work with expired certificates. Conclusion: Better than expected To date, this type of testing has not been undertaken on this scale by any other laboratory. Compared to the findings with the current test of self-protection for antivirus software, and disregarding open source software, the following picture emerges: DEP & ASLR are relatively well implemented in most Windows applications. On average, even better than in the latest security software! But some manufacturers could do a better job of implementing the protection and simply sign their files. The laboratory will be repeating the test after a certain interval. Then we will see whether the manufacturers heed the call for more security.
3 It is somewhat conspicuous that for open source software, such as 7Zip, GIMP or Open Office, the final files are often not equipped with DEP & ASLR or file signatures. This is perhaps due to the open group of programmers and the resulting frequent files revisions. The leaders of these projects urgently need to come up with a solution, so that otherwise good software will not get a bad reputation. It ought to be easy to implement DEP & ASLR, and after all, the signatures don't cost a fortune from certificate providers. Good quality management provides for more security The additional protection technologies of DEP & ASLR are actually known to every programmer. What's more, the signing of files has been part of due diligence for a long time now. Unfortunately, there is an apparent lack of good quality management prior to publishing the applications. Surely it is not rocket science to check a folder full of files for the use of DEP & ASLR. Even non-programmers quickly find checking tools for this task on the web. There are PowerShell scripts for DEP & ASLR checking. In terms of signatures, there is the command line tool Sigcheck from the Microsoft Sysinternals Suite, for checking entire folders and their files for signatures in just a few seconds. If this is so easy to come by for users, then it should be a standard operating procedure for programmers or managers in companies. After all, they have much more comprehensive professional tools at their disposal. Yet in this area, all too often, good, independent quality management appears to be lacking. In software firms, products and updates undergo function checks prior to each release. Perhaps there and then is the time for someone to simply check the files for DEP, ASLR and signatures, in the interest of security. Maik Morgenstern, CTO AV-TEST GmbH Self-protection in Windows applications: are software manufacturers diligent about implementing DEP, ASLR and signed files?
4 PDF readers, browser & Office applications are quite well protected with DEP & ASLR, save a few exceptions (AV-TEST, 10/2015).
5 For file archivers, Java versions and graphics software, DEP & ASLR protection technology is missing on some products (AV-TEST, 10/2015).
6 Check of signatures & certificates: on MS-Office 2016, there is even a signed file with an expired certificate.
7 Signature check for Windows applications: unsigned files are a potential security risk. Copyright 2015 by AV-TEST GmbH, Klewitzstr. 7, Magdeburg, Germany Phone +49 (0) , Fax +49 (0) ,
Endurance Test: Does antivirus software slow
23rd April 2015 created by Markus Selinger Endurance Test: Does antivirus software slow down PCs? Critics maintain that protection software for Windows really puts the brakes on PCs. In a 14-month, extremely
More informationTest of the Antivirus Software For antivirus solutions, the test was divided up into two typical infection scenarios.
29th July 2014 created by Markus Selinger 17 software packages in a repair performance test after malware attacks Can antivirus software packages or recovery/clean-up tools completely clean and repair
More information10 Security Packages for Mac OS X: No less than 5 products achieved a perfect score of 100 percent in detection (AV-TEST April 2015).
28th April 2015 created by Markus Selinger Mac OS X under attack 10 security packages put to the test The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of
More informationSecurity Suites for Mac OS X: For on-demand detection, only four products achieved the 100-percent mark (AV-TEST August 2014).
18th September 2014 created by Markus Selinger Mac OS X in the Crosshairs 18 Malware Scanners Put to the Test For a long time, Mac OS users believed they were safe, that there was no malware for their
More informationPatch Management Solutions Test
Patch Management Solutions Test A test commissioned by Kaspersky Lab and performed by AV-TEST GmbH Date of the report: 5 th June, 2013, last update: 19 th July, 2013 Executive Summary From May to July
More information26 Protection Programs Undergo Our First Test Using Windows 8
Test: Internet Security Packages 1/2013 26 Protection Programs Undergo Our First Test Using Windows 8 Windows 8 is considered to be a secure system thanks to its internal protection package containing
More informationDetection of Linux malware
5th October 2015 created by Markus Selinger Linux: 16 Security Packages Against Windows and Linux Malware Put to the Test As Linux PCs are increasingly used to connect Windows PCs, they ought to use a
More informationDirector Test Research: David Walkiewicz
7th August 2015 created by Markus Selinger Test: Parental control software for Windows and Mac OS X Those who don't want their children to be exposed to early unattended lessons in the birds and the bees
More informationEndpoint Business Products Testing Report. Performed by AV-Test GmbH
Business Products Testing Report Performed by AV-Test GmbH January 2011 1 Business Products Testing Report - Performed by AV-Test GmbH Executive Summary Overview During November 2010, AV-Test performed
More informationDETERMINATION OF THE PERFORMANCE
DETERMINATION OF THE PERFORMANCE OF ANDROID ANTI-MALWARE SCANNERS AV-TEST GmbH Klewitzstr. 7 39112 Magdeburg Germany www.av-test.org 1 CONTENT Determination of the Performance of Android Anti-Malware Scanners...
More informationCODE SIGNING. Why Developers Need to Digitally Sign Code and Applications. +1-888-690-2424 entrust.com
CODE SIGNING Why Developers Need to Digitally Sign Code and Applications +1-888-690-2424 entrust.com Table of contents Why Code Sign? Page 3 What is Code Signing? Page 4 Verifying Code Authenticity Page
More informationWhite Paper. Java Security. What You Need to Know, and How to Protect Yourself. 800.266.7798 www.inductiveautomation.com
White Paper Java Security What You Need to Know, and How to Protect Yourself Java Security: What You Need to Know, and How to Protect Yourself Ignition HMI, SCADA and MES software by Inductive Automation
More informationAn Introduction to CODE SIGNING
An Introduction to CODE SIGNING CONTENTS. 1 What is Code Signing. 03 2 Code Signing Certificates 101...05 3 Why & When to Digitally Sign Code.09 4 Self Signing vs. Publicly Trusted...12 5 Code Signing
More informationSpeeding up PDF display in Acrobat
Speeding up PDF Display (Firefox 2) Speeding up PDF display in Acrobat WHY CHANGE THE PDF DISPLAY BEHAVIOUR?...1 FIREFOX 2...2 INTERNET EXPLORER 7...5 Why change the PDF display behaviour? Why? Because
More informationZscaler Cloud Web Gateway Test
Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the
More informationClient System Requirements for Brainloop Secure Dataroom as of Version 8.30
Client System Requirements for Brainloop Secure Dataroom as of Version 8.30 Copyright Brainloop AG, 2004-2014. All rights reserved. Document version 2.0 All trademarks referred to in this document are
More informationThree Ways to Secure Virtual Applications
WHITE PAPER Detect, Scan, Prioritize, and Remediate Vulnerabilities Table of Contents Subtitle 1 Headline 3 Headline 3 Sub-Headline 3 ConcIusion 3 About BeyondTrust 4 2 2013. BeyondTrust Software, Inc.
More informationPDF Primer PDF. White Paper
White Paper PDF Primer PDF What is PDF and what is it good for? How does PDF manage content? How is a PDF file structured? What are its capabilities? What are its limitations? Version: 1.0 Date: October
More informationMSOW. MSO for the Web MSONet Workstation Configuration Guide
MSOW MSO for the Web MSONet Workstation Configuration Guide For personal and public computer users accessing MSOW Practitioner Home Page (PHP) and Primary Source Verification (PSV) Updated June 4, 2013
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationMaking Client-side Java Secure with Bromium vsentry
Making Client-side Java Secure with Bromium vsentry Making Client-side Java Secure Client-side Java has become somewhat of an IT pariah, primarily as a result of the growing list of Java vulnerabilities
More informationMaking the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION
Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION MOST OF THE IMPORTANT DATA LOSS VECTORS DEPEND ON COPYING files in order to compromise
More informationEverything You Need to Know to Use Your Personal Digital Certificate at the Health Science Center. Word
Everything You Need to Know to Use Your Personal Digital Certificate at the Health Science Center Word When properly used, personal digital certificates allow the user to be definitively identified as
More informationClosing the Antivirus Protection Gap
A comparative study on effective endpoint protection strategies May 2012 WP-EN-05-07-12 Introduction Corporate economic concerns have put increased pressure on already limited IT resources in recent years
More informationPublicly trusted certification authorities (CAs) confirm signers identities and bind their public key to a code signing certificate.
Code Signing Code signing is the process of digitally signing executables and scripts to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since
More informationTaking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e
B e s t P r a c t i c e s G u i d e It s a fact of business today: because of the economy, most organizations are asking everyone, including the IT staff, to do more with less. But tight budgets and the
More informationVirtual Environment Protection Test Report
Virtual Environment Protection Test Report A test commissioned by Kaspersky Lab and performed by AV-Test GmbH Date of the report: May 10 th, 2012, last update: May 14 th, 2012 Executive Summary In March
More informationDiscussing Windows XP Migration with Management The Top 5 Threats to Business
July 2013 Discussing Windows XP Migration with Management The Top 5 Threats to Business The need to migrate from soon-to-be-obsolete Windows XP in terms that a non-technical business manager/executive
More informationKaspersky Whitelisting Database Test
Kaspersky Whitelisting Database Test A test commissioned by Kaspersky Lab and performed by AV-Test GmbH Date of the report: February 14 th, 2013, last update: April 4 th, 2013 Summary During November 2012
More informationHTML5 and security on the new web
HTML5 and security on the new web By James Lyne, Director of Technology Strategy There are lots of changes happening to the key technologies that power the web. The new version of HTML, the dominant web
More informationBarTender Web Print Server
The World's Leading Software for Label, Barcode, RFID & Card Printing White Paper BarTender Web Print Server Web-based Software for Printing Barcodes, Labels, ID Cards and more. Contents Introduction to
More informationEnabling Java and ActiveX Settings of Internet Explorer:
Enabling Java and ActiveX Settings of Internet Explorer: Enabling Java and Active X Settings varies for different versions of Internet Explorer. The setting can be done based on the browser you are using:
More informationFeature List for Kaspersky Password Manager
Feature List for Kaspersky Password Manager Overview... Features by Platform...3 Feature Descriptions...4 Glossary...7 PAGE Feature List for Kaspersky Password Manager Overview Kaspersky Password Manager
More informationFive Tips to Reduce Risk From Modern Web Threats
Five Tips to Reduce Risk From Modern Web Threats By Chris McCormack, Senior Product Marketing Manager and Chester Wisniewski, Senior Security Advisor Modern web threats can infect your network, subvert
More informationAdobe Acrobat 9 Digital Signatures, Changes and Improvements
Technical White Paper Updated for Adobe Acrobat and Adobe Reader 9.1 CONTENTS Introduction 1 Indication of overall validity state 3 Revision tracking in Signature panel 7 Change in status of forms that
More informationIn order to get the most out of your Bert Rodgers courses, it is important to ensure that your computer meets some minimum system requirements.
System Requirements In order to get the most out of your Bert Rodgers courses, it is important to ensure that your computer meets some minimum system requirements. Please select your preferred or current
More informationCookies and Your Privacy
White Paper - October 2009 Cookies and Your Privacy Anyone who uses computers today should be concerned about privacy and security. Any time your computer connects to the outside world, you run the risk
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationCAS CLOUD WEB USER GUIDE. UAB College of Arts and Science Cloud Storage Service
CAS CLOUD WEB USER GUIDE UAB College of Arts and Science Cloud Storage Service Windows Version, April 2014 Table of Contents Introduction... 1 UAB Software Policies... 1 System Requirements... 2 Supported
More informationSoftware Aulas 091 094 Curso 2015 2016
Adobe Acrobat 8 Professional Italiano, Español, Nederlands 8.1 Adobe Systems Adobe Acrobat 8.1.0 Professional 8.0 Adobe Systems Adobe Acrobat Reader DC Español 15.10 Adobe Systems Incorporated Adobe AIR
More informationDrag and Drop in HTML5
Drag and Drop in HTML5 T-111.5502 Seminar on Media Technology B P Final Report Hannu Järvinen Department of Media Technology Aalto University, P.O. Box 15400, 00076 Aalto hannu.jarvinen@aalto.fi Abstract
More informationPrint File Formats: A Comparative Analysis of EMF, OpenXPS and PDF for Enterprise Printing
White paper Print File Formats: A Comparative Analysis of EMF, OpenXPS and PDF for Enterprise Printing A technical comparison, analysis and evaluation of the three most widely adopted print file formats
More informationGENERAL TRAINING ACCOUNTS
GENERAL What is Box at Fresno State? Box at Fresno State is a simple, reliable, and secure online file storage and sharing service. Box provides secure access to files at work, off campus and from most
More informationBackground. How much does EMET cost? What is the license fee? EMET is freely available from Microsoft without material cost.
Microsoft s Enhanced Mitigation Experience Toolkit (EMET) is an enhancement to the Windows operating system that stops broad classes of malware from executing. EMET implements a set of anti-exploitation
More informationM O D E R N S O F T W A R E
A Client s Guide To M O D E R N S O F T W A R E Init() As software developers we see our fair share of software atrocities. Systems we re hired to fix, systems we need to integrate with or build upon,
More informationIt s Time to Think Differently About Network Security. Franklyn Jones CMO, Spikes Security
It s Time to Think Differently About Network Security Franklyn Jones CMO, Spikes Security Disturbing cyber security investment trend Global Market 2015 - $105B 2020 - $170B Proac
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationA GUIDE TO LABORATORY REPORT WRITING ILLINOIS INSTITUTE OF TECHNOLOGY THE COLLEGE WRITING PROGRAM
AT THE ILLINOIS INSTITUTE OF TECHNOLOGY THE COLLEGE WRITING PROGRAM www.iit.edu/~writer writer@charlie.cns.iit.edu FALL 1999 Table of Contents Table of Contents... 2 Introduction... 3 Need for Report Writing...
More informationINF O R M A T IO N AB O UT websignatureoffice
INFORMATION ABOUT websignatureoffice Overview websignatureoffice is a fully web-based signature solution that allows you to sign read-only PDF/A documents. With it, different people can sign online in
More informationFirst time users: Download and install Basic PAYE Tools
Basic PAYE Tools First time users: Download and install Basic PAYE Tools You can use this guide from 2nd April 2015 Updated: 2 nd April 2015 1 Contents Introduction.............................................................
More informationA Best Practice Approach to Third Party Patching
A Best Practice Approach to Third Party Patching Mike Grueber Senior Product Manager 1 Effective patch management is essential 90% of successful attacks occurred against previously known vulnerabilities
More informationCubase Pro 8.5 Cubase Artist 8.5
Cubase Pro 8.5 Cubase Artist 8.5 Read me December 2015 Steinberg Media Technologies GmbH Table of contents Welcome... 3 Welcome to Cubase!... 3 What is new in Cubase Pro 8.5 and Cubase Artist 8.5?... 4
More informationThe evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions
The evolution of virtual endpoint security Comparing vsentry with traditional endpoint virtualization security solutions Executive Summary First generation endpoint virtualization based security solutions
More informationKASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS
KASPERSKY FRAUD PREVENTION PLATFORM COVERING ONLINE AND MOBILE BANKING RISKS ONLINE PAYMENTS ARE VERY POPULAR BUT NOT SECURE of people regularly use online banking, online shopping or 98% e-payment services
More informationNotes on how to migrate wikis from SharePoint 2007 to SharePoint 2010
Notes on how to migrate wikis from SharePoint 2007 to SharePoint 2010 This document describes the most important steps in migrating wikis from SharePoint 2007 to SharePoint 2010. Following this, we will
More informationYou need to be assigned and logged in to the system by the Records Management Service in order to use it.
Guidance for using the Records Management Service software The software can be used to undertake the following tasks:- 1. Sending information about the boxes to be transferred to the Records Centre. 2.
More informationWhy are thesis proposals necessary? The Purpose of having thesis proposals is threefold. First, it is to ensure that you are prepared to undertake the
Guidelines for writing a successful MSc Thesis Proposal Prof. Dr. Afaf El-Ansary Biochemistry department King Saud University Why are thesis proposals necessary? The Purpose of having thesis proposals
More informationCandidate FAQs & User Guide for the ALSG Learning Site www.alsg.org/vle
Candidate FAQs & User Guide for the ALSG Learning Site www.alsg.org/vle ALSG 2014: Candidate FAQs: Last updated 14/01/2015 Page 1 of 14 FAQ s 1. Introduction 2. What are the minimum hardware specifications?
More informationSynergis Software 18 South 5 TH Street, Suite 100 Quakertown, PA 18951 +1 215.302.3000, 800.836.5440 www.synergissoftware.com version 20150330
Synergis Software 18 South 5 TH Street, Suite 100 Quakertown, PA 18951 +1 215.302.3000, 800.836.5440 www.synergissoftware.com version 20150330 CONTENTS Contents... 2 Overview... 2 Adept Server... 3 Adept
More informationThe Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director sfrei@secunia.com
The Fundamental Failures of End-Point Security Stefan Frei Research Analyst Director sfrei@secunia.com Agenda The Changing Threat Environment Malware Tools & Services Why Cybercriminals Need No 0-Days
More informationUser Guidelines for QFES e-lodgement
Guidelines to assist with electronically registering, submitting, receiving and viewing applications for QFES Referral Agency Advice under the Sustainable Planning Act 2009. State of Queensland (Queensland
More informationSmithfield State High School
Tropical North Learning Academy Smithfield State High School BYOd Scheme Policy and Handbook Contents Foreword... 3 elearning vision... 3 What is a Bring Your Own Device (BYOd) scheme?... 3 Participation
More informationUpdate on the SAP GUI Family. Q3/2014 Public
Update on the SAP GUI Family Q3/2014 Public Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject
More informationPerformance Optimization Guide
Performance Optimization Guide Publication Date: July 06, 2016 Copyright Metalogix International GmbH, 2001-2016. All Rights Reserved. This software is protected by copyright law and international treaties.
More informationTHOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6
THOMSON REUTERS C-TRACK E-FILING SOFTWARE AS A SERVICE SERVICE DEFINITION FOR G-CLOUD 6 C-Track E-Filing is a stand-alone component of the C-Track product suite which can easily integrate with the C-Track
More informationUsing Entrust certificates with Adobe PDF files and forms
Entrust Managed Services PKI Using Entrust certificates with Adobe PDF files and forms Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or
More informationInstructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app
Instructions for Configuring Your Browser Settings and Online Security FAQ s ios8 Settings for iphone and ipad app General Settings The following browser settings and plug-ins are required to properly
More informationUp to 5 pages - Static site $800.00 $84.00 $12.00
FULL SERVICE RATES Basic Site Design/Deployment Hosting* Domain Name* Up to 5 pages - Static site $350.00 $84.00 $12.00 Includes: Original design or custom build from template and site outline 2 sets of
More informationHosted Exchange for Business
Your complete guide to Hosted Exchange Hosted Exchange for Business 1 Table of Contents Hosted Desk- 3 What is Hosted Exchange? 3 What are the benefits of Hosted Exchange? 4 How easy is it to migrate to
More informationSoftware, Shareware and Opensource CSCU9B2
Software, Shareware and Opensource CSCU9B2 1 Contents Commercial software vs Freeware vs Open Source software Licences GNU GPL Open source Common software examples Sources, Safety and Risks 2 Pay, Try,
More informationWindows 8 Malware Protection Test Report
Windows 8 Malware Protection Test Report A test commissioned by Kaspersky Lab and performed by AV-Test GmbH Date of the report: January 11 th, 2013, last update: January 11 th, 2013 Executive Summary In
More informationSOFTWARE UPDATER A unique tool to protect your business against known threats
SOFTWARE UPDATER A unique tool to protect your business against known threats OVERVIEW This document explains the functionality of Software Updater. What it is, what it does, how it works, what gets patched
More informationToken User Guide. Version 1.0/ July 2013
Token User Guide Version 1.0/ July 2013 Index Overview... 3 Usage requirements... 4 KIT contents... 5 Smart Card installation... 6 Reader driver installation... 7 In the case of Windows XP... 7 In the
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationPerfect PDF 8 Premium
Perfect PDF 8 Premium Test results ( gut Good, sehr gut very good) refer to versions 7, 6 and 5 of Perfect PDF. Professionally create, convert, edit and view PDF, PDF/A and XPS files Perfect PDF 8 Premium
More informationManage Traps in a VDI Environment. Traps Administrator s Guide. Version 3.3. Copyright 2007-2015 Palo Alto Networks
Manage Traps in a VDI Environment Traps Administrator s Guide Version 3.3 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationVerification of digitally signed PDFs
Verification of digitally signed PDFs Configuring Adobe Reader to verify digitally signed PDFs This document is freely redistributable. You can find the latest version at: http://www.netlock.hu/useren
More informationThis Month s Tips & Tricks Topic: PDF Digital Signatures - Part 1: The Basics
This Month s Tips & Tricks Topic: PDF Digital Signatures - Part 1: The Basics January, 2011 All PDF-XChange Products allow you to digitally sign your PDF as you create PDF files from any windows based
More informationAcronis Digital Assets Research Findings: Unveiling Backup & Recovery Practices across Europe
Acronis Digital Assets Research Findings: Unveiling Backup & Recovery Practices across Europe March 2010 Contents - Executive Summary: Count the cost of a lost day - Methodology - Research Finding 1: Companies
More informationParallels Containers for Windows 6.0
Parallels Containers for Windows 6.0 Readme June 30, 2014 Copyright 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved. Contents About This Document... 3 About Parallels Containers
More informationIslington ebooks Help / FAQs
Islington ebooks Help / FAQs How does the ebook Service work? Using your Library Card and pin, an Islington Libraries user can login into a secure ebook service and select up to 4 ebooks to download at
More informationThe Importance of Relevance in Intranet Communications
The Importance of Relevance in Intranet Communications A Claromentis white paper Ro 1 The desire to leverage intranet communications is one of the principal reasons for intranet deployment in a wide range
More informationMiradore Management Suite Application support for Patch Management
Miradore Management Suite Application support for Patch Management This is a list of supported applications in Q1/2016. New software and software versions are added continuously. Vendor Product Min Version
More informationavast! Free Antivirus 7.0 Quick Start Guide avast! Free Antivirus 7.0 Quick Start Guide
avast! Free Antivirus 7.0 Quick Start Guide 1 Welcome to avast! Free Antivirus 7.0 The new avast! Antivirus 7.0 brings a range of new features and improvements which make it even faster and even less resource-hungry
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationCIAOPS Office 365 and SharePoint Guide
1 CIAOPS Office 365 and SharePoint Guide Getting Started Introduction The CIAOPS SharePoint Guide was created in 2008 to fill a void in the market for material about Windows SharePoint Service v3. Being
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationYOUR SECRET WEAPON IN THE WAR AGAINST PAPER: ADOBE ACROBAT AND PDF
YOUR SECRET WEAPON IN THE WAR AGAINST PAPER: ADOBE ACROBAT AND PDF By: Bryan M. Sims, Principal, Sims Law Firm, Ltd. Nerino J. Petro, Practice Management Advisor, State Bar of Wisconsin One of the facts
More informationNaviCell Data Visualization Python API
NaviCell Data Visualization Python API Tutorial - Version 1.0 The NaviCell Data Visualization Python API is a Python module that let computational biologists write programs to interact with the molecular
More informationVirtual Desktops Security Test Report
Virtual Desktops Security Test Report A test commissioned by Kaspersky Lab and performed by AV-TEST GmbH Date of the report: May 19 th, 214 Executive Summary AV-TEST performed a comparative review (January
More informationAnti-Virus Comparative
Anti-Virus Comparative Performance Test Impact of Security Software on System Performance Language: English April 2016 Last Revision: 23 th May 2016 Table of Contents 1. Introduction 3 2. Tested products
More informationKerala Commercial Taxes Department DIGITAL SIGNATURE -FAQ
Kerala Commercial Taxes Department DIGITAL SIGNATURE -FAQ ITMC Release Date-03042013 Digital Signature FAQ 1. Which are the digital documents in KVATIS for which Digital Signature is mandatory? 8FA Online
More informationWINDOWS UPDATES AND MAJOR BUILDS
WINDOWS UPDATES AND MAJOR BUILDS Updates install automatically, and you can t pick and choose Another big change with Window 10 is that there will be automatic updates, so there s less chance of you missing
More informationHOW IT WORKS E-SIGNLIVE 1 INTRODUCTION 2 OVERVIEW
HOW IT WORKS E-SIGNLIVE 1 INTRODUCTION With e-signlive, Silanis hosted service, you can invite other people to conveniently and securely sign documents over the web. Your documents can be easily signed
More informationRelease Bulletin EAServer 6.3.1 for HP-UX Itanium and IBM AIX
Release Bulletin EAServer 6.3.1 for HP-UX Itanium and IBM AIX Document ID: DC01639-01-0631-02 Last revised: July 2011 Copyright 2011 by Sybase, Inc. All rights reserved. Sybase trademarks can be viewed
More informationCommissioners Deanna Tanner Okun, Chairman Charlotte R. Lane Daniel R. Pearson Shara L. Aranoff Irving A. Williamson Dean A.
The U.S. International Trade Commission is an independent, nonpartisan, quasi-judicial federal agency that provides trade expertise to both the legislative and executive branches of government, determines
More information