Wednesday, August 22, 2012

GuardedID 3


GuardedID is a $30 app from StrikeforceTechnologies that encrypts everything the user types before sending the data to the Web browser. The goal is to prevent malicious keyloggers that may be on the user's computer from intercepting sensitive information such as login credentials, financial information such as credit card numbers, and other sensitive data.

Many malware attacks rely on keyloggers to intercept keystrokes, which are then transmitted to a remote server. Attackers can use the harvested data to launch further attacks, such as identity theft or financial fraud. Keyloggers are stealthy, and most users aren't even aware their computers are infected. Some of these malicious programs can bypass the antivirus, so having security software installed doesn't automatically translate to being protected. Strikeforce just assumes that the computers are already infected, and proactively protects users with GuardedID.

There have been many instances recently where one employee at a company was infected with a keylogger, giving attackers access to the company's bank accounts and other sensitive information. IT departments can get bulk licenses to protect all the machines, or at the very least, the ones used to access sensitive data.

An annual software license for GuardedID covers two computers and is available for $29.99. Users can download the software and try it for free for 30 days. I tested GuardedID version 3 premium build 3.1.1049, and not the free trial.

Getting Started
As soon as the installation process completed, the installer program launched a page in the Web browser with the GuardedID toolbar visible in the top left corner. In case the toolbar was not visible, the user could enable it by clicking on the link, "Make toolbar appear." The page has other links to activate the software (entering the license key) and access help files.

GuardedID protects most Windows applications, including Web browsers, Microsoft Office applications, tax and accounting programs, financial sites, and IM and chat programs. I tested various Websites in the browser, two chat programs, and Microsoft Excel as part of the review.

GuardedID protects itself from attackers. It hooks into the operating system's Event Viewer and logs messages if the GuardedID keyboard driver is ever modified (such as by malicious keyloggers and spyware). If something is changed, the software displays an "Unknown Driver Warning" to alert the user of the problem.

Browser-Specific Installation
GuardedID protects Internet Explorer and Mozilla Firefox but not Google Chrome. When running the installer, it detects which browsers are on the machine and installs the protection software for one or both browsers. I first ran the installation on a machine with Internet Explorer only to install only the IE version of the toolbar. I verified this by installing Firefox afterwards. I re-ran the installation program in order to get the toolbar in both IE and Firefox. I just wish a Chrome version had been available.

Going Through the Paces
GuardedID monitors every page that is loaded in the browser and looks for input fields and other text areas. If it finds one, the GuardedID icon on the toolbar turns green, the active input field (the cursor appears in the field) is highlighted green. The highlight is a great visual cue that whatever is typed within that field is being encrypted (128-bit) and protected from malicious snoops. ?

GuardedID is "on" only for the active text field, so the remaining text fields on the page aren't highlighted. When the user moves to a new field, that field is then highlighted. When I clicked on other parts of the site or started typing in the URL bar, the GuardedID icon on the toolbar switched "off" to red and none of the fields were highlighted.

It took a while to get used to the constant switching on and off while I navigated around the page, but it is not a distraction and actually works pretty well.

For most of the sites I tested, which included several banking sites, search engines, social networking sites, and e-commerce sites, GuardedID turned on immediately as the page loaded, with the a field (search, username, first name, etc) on the page highlighted in green. On a few of the sites, there was a bit of a lag between when the page loaded and when the protection kicked in. There were two sites, a bank's website for credit card holders, and a Web-based chat window, that didn't trigger the protection automatically. I suspect it has to do with how the page was coded than issues with the software. As soon as I clicked on the field to type, GuardedID turned on, so the fact that it didn't auto-detect wasn't a problem. The sites had no trouble with sites built in Java, which was an improvement from earlier versions.

The tool also has an "anti-clickjack" option, which detects whether the website has any hidden frame elements that could trick users into clicking on malicious links. If the software finds frame elements, it draws a red box around them. There are two techniques commonly used in clickjacking: "Opacity" refers to when an invisible malicious page is overlayed over another site. "Positional" refers to when the malicious link is hidden because it is surrounded with legitimate content. GuardedID detects both.

Testing With the Keylogger
I downloaded a commercial keylogger (Beyond Kelogger from Supremtec) and four non-commercial (shall we say, "not legitimate") keyloggers onto the test machine to see what GuardedID was doing. The test was simple: type on the computer in one of the applications? Web browser, IM chat, or Excel?and look at what was captured with the keylogger.

After verifying that the keystrokes were being captured, I opened up the Web browser to see GuardedID in action. I went to Google, Amazon, and Google Docs. On each site, I verified that GuardedID auto-enabled the protection. When I started typing in the input field, the keylogger's log screen displayed a series of numbers. There didn't appear to be a pattern such as a number assigned to a specific letter.

It is worth mentioning that many keyloggers are capable of logging other things, such as taking screenshots, storing clipboard contents, saving IM conversations, and poking through the browser history. GuardedID is specifically focused on just keystrokes, nothing else.

Protect Yourself
GuardedID encrypts everything the user types on the machine in order to protect the data. The browser toolbar makes it easy to protect email and website communications. Since GuardedID also works offline, users are protected even if they don't know whether the computer is infected. The lack of Chrome and Mac OS X support is disappointing, but the simple tool is lightweight and does not distract users from getting work done. For a business, this tool is useful for ensuring all data is safe from snoops that have gotten between the keyboard and the screen.

More Encryption Reviews:
??? GuardedID 3
??? Enigma
??? OkayFreedom
??? 1Password for Windows
??? KeePass
?? more

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/z5FO_8BKjPg/0,2817,2408796,00.asp

john derbyshire kinkade thomas kinkade paintings easter bunny navy jet crash virginia beach isiah thomas passover

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.