Mostonet Privacy Suite V7.02

Transcript

Mostonet Privacy Suite 7.02 Mostonet Privacy Suite Table of contents Introduction................................................................................................................3 News.....................................................................................................................3 Minimum requirements............................................................................................4 Configuration..............................................................................................................4 Security..................................................................................................................6 Privacy.................................................................................................................12 Clean Up..............................................................................................................18 Network...............................................................................................................20 Advanced features.....................................................................................................21 AntiVirus...............................................................................................................22 Proactive defence..................................................................................................26 Temporary Files....................................................................................................33 Updates................................................................................................................34 Sharing files..........................................................................................................35 Wi-Fi Sense..........................................................................................................37 Web filtering.........................................................................................................40 Pocket modality....................................................................................................41 FAQ..........................................................................................................................42 License.................................................................................................................47 Donations.............................................................................................................49 2 / 50 Mostonet Privacy Suite Introduction Mostonet Privacy Suite is the first security suite designed entirely Made in Italy to help the common user to limit the outbound communications made by systems operational telemetry as the latest versions of Windows. But in simple terms what that means? To answer this question we need to take a step back. Since 2001 with the advent of cloud computing, big data and their data centers managed by multinational private software, the PC has become a sort of increasingly dependent terminal from these remote storage technologies. With the rise of social networks, the TV and the media in general have contributed, for about a decade, to spread among the masses the concept of sharing ingolosendo users on gratuity and comfort, the undeniable times of this new way of being protagonists, interconnected, "social". The advent of smartphones with large computational capabilities at competitive prices telemetry and operating systems on PC now remaining at a lower spread, made sure to interconnect and share both at home and at work, their daily lives by exposing these habits to stakeout to involuntary times. This is the telemetry. Register for statistical purposes, performance and not only the uses that users make a device so that the producer can not only improve performance and reliability but also, optionally resell these statistics to third parties. This is the business that lies behind the apparent generosity of the programs and services we use daily. The price to pay is the lack of confidentiality and individual privacy. If it is not possible to intervene in a personal and immediate approach education so that every one of us has in front of this "social society" is possible at least to ensure that part of the flow of this information sent without our knowledge is interrupted. Mostonet Privacy Suite in addition to seeking to immunize Windows systems against execution of extortion software (called ransomware or CryptoWorms, their natural evolution) allows you to minimize the leakage of sensitive personal telemetry data. Also in versions for use in non-commercial (Private and Portable) you can use the open-source ClamAV antivirus engine to detect and eradicate malware and programs Ad-ware also active in memory in operating systems unfortunately already compromised. For more information please refer to the FAQ section of the guide. News Creating Mostonet Privacy Suite has required a great effort, did the planning, debugging and unfortunately the occassional family for the significant time invested. However from version to version, it tried to limit the bugs to a minimum, where possible tightening the rules and logics of operation with the aim to find a good compromise between convenience and confidentiality Also within the company (workstations in Active Directory domains etc ..) In line with the original ideology, this software is: - Free of advertising - Free of Spyware - Free of Telemetry - Free of Ad-ware - Free of Worm / Trojan / Virus 3 / 50 Mostonet Privacy Suite - Free of malicious code - Free from bugs / intentional backdoor. Available versions The current version of Suite is completely free and present in three versions for three separate areas: - Private (in use): For the common user, for home use and provided with Setup - Portable: can be used in emergency situations for computer scientists, engineers, systems analysts - Commercial: anti-malware free open-source version of scanner (ClamAV). Significant new features and improvements over the previous generation: - Enhanced: anti-ransomware rules to inhibit upload and exploits via Script Integrated: rule against improper use of the Command Line Interface. Integrated: compatibility with Windows Defender rule ATP Updated: rule to further block traffic telemetry DiagTrack service Minimum requirements Mostonet Privacy Suite was written with the goal of being as much as possible lightweight, efficient and totally independent of the .NET platform until it will be possible. The Suite is designed to be performed even in greatly compromised operating systems, corrupted, infected and with very little available RAM. Hardware required characteristics: - Processor: Intel, AMD, or compatible with x86 or amd64 architecture - OS: Windows 32 and 64 bit (from NT 4.0 to 10) - RAM: 2 MB for Mostonet Shield if active. 9 MB for Mostonet Privacy Suite if it is started. 260 MB only during scans with ClamAV. - SPACE: 13 MB for the standard installation of the Suite. 200 MB with anti-malware definitions of ClamAV - EXTERNAL LIBRARIES: VC RUNTIME: no NET FRAMEWORK: no Configuration MAIN PANEL AND RAPID SETTINGS The Suite is essentially divided into four main areas: - Security - Privacy - Cleaning 4 / 50 Mostonet Privacy Suite - Network As in the figure below: All of these areas as a whole make it possible to have a Windows platform more resistant to intrusions, to a blackmail malware (ransomware), to traditional malware and telemetry. QUICK CONFIGURATION: FOR USERS TO PRIME WEAPONS Starting from this version of the suite is designed to meet the needs of users with little time available or with little experience. With a simple click and answering simple questions proposals will not get balanced configurations between privacy and security in a short time and without any technical knowledge on the subject. Quick Setup is an always-on feature and allows you to configure all settings on the fly and the rules contained Suite in: Security, Anti-Virus, Privacy, Network and Proactive Defense. The figure below: With Quick configuration you will also return to the default settings of the operating system factory No answer to the first initial question. All with the maximum simplicity and operational safety. MANUAL CONFIGURATION: FOR ADVANCED USERS For advanced users, who want to give up the automatism of the Quick Configuration here is, in sequence, basic operations to achieve an optimum configuration with a good balance between privacy and hardening operating system. Here's an example of optimal configuration against the telemetry of the Windows platform. 1) Press Updates -> Update IP telemetry list and Anti-Ransomware ... and then press Exit 2) Press Security -> Enhance Security .. (recommended) .. and then press Exit 5 / 50 Mostonet Privacy Suite 3) Press Privacy -> Improves privacy .. (recommended) ... and then press Exit 4) Press Proactive Defense -> Enable monitoring critical rules with Mostonet Shield ... and then press Exit 5) Press Filters -> Configure rules ... (Recommended) -> Scale privacy ... (more compatible choice) ... and then press Exit and Exit again. 6) Restart your computer (if possible). Restrictive advanced configuration for protection against ransomware (the malware to blackmail) 1) Press Updates -> Update IP telemetry list and Anti-Ransomware ... and then press Exit 2) Press Proactive Defense -> Enable basic security rules against malware extortion ... and then press Exit N.B: anti-ransomware rules heavily restrict the installation / uninstallation of programs and execution also legitimate. See section: FAQ for contraindications. Relative configuration anti-malware with open-source ClamAV engine 1) Press Updates -> Update integrated antivirus definitions ... and then press Exit 2) Press Security -> anti-malware options and other rules 3) Adjust the effectiveness of the anti-malware engine through the three available options: - Enable heuristic engine and thorough scan - Disable quarantine and delete the infected files directly - Locate PUP and Ad-ware in addition to standard malware - Scan within compressed files and archives Detailed explanations of these three options are visible in the section: Advanced Features -> Anti-virus Security PANEL FEATURES: SAFETY The Security tab allows you to configure the Windows platform balancing features and protection at a good compromise. Using options also Recommended a novice user can make their environment less tolerant to intrusion. The specialized technical or systems engineers can instead set on or off at will each rule preparing high reliability and compliance with corporate directives on safety in this way Workstation. Here's what the Security screen: Main controls 6 / 50 Mostonet Privacy Suite - Improve system security by balancing comfort and durability: the sect Safety rules with an excellent feature / protection - Restore Defaults: Restores all the rules previously septate on system defaults. - Exit: Go back to the main screen Emergency uninstall (only displayed in Windows Safe Mode) The emergency uninstallation allows you to start the Windows Installer service in Safe Mode allowing the user or system administrator to easily remove obsolete programs, defaultive toolbar or even in safe mode option normally unavailable. These options are enabled only if the suite detects to be run from within Windows in Safe Mode. - Emergency: allow uninstalling programs in Safe mode: lets you run Windows Installer in Safe Mode to remove programs / toolbar - Emergency: allow uninstalling programs in safe mode with networking: lets you run Windows Installer in Safe Mode with Networking. Limitation of access to shared files and Wi-Fi Sense configuration (only in Windows 10 prior to the Anniversary Update) Access to shared files or disks residing on workstations registered in Active Directory is a crucial aspect of the security of a corporate network. By setting to On the rule: access via C $ a remote LAN workstations do so only Users with administrative rights can apply after proper authentication, access to the network of another user of a workstation file system. However it is possible to inhibit the remote access to the file system of a well to users' workstations administrators manually by disabling the File and Printer Sharing in the TCP / IP protocol in the Network and Sharing Center as explained in section: Always file sharing in this guide, in Advanced features. Wi-Fi sensor functionality was introduced with Windows 10 with significant implications relative comfort at the expense of their network privacy. a deepening is present in Advanced Features -> Wi-Fi sensor of this guide. Legend of septate rules in the system Depending on how the rules are set the panel displays three different status indicators, with three different colors. The denomination is as follows reflecting the rule configuration: DEFAULT: that is original and conform to typical factory settings of a Windows default. CUSTOM: user-changed ie, by the system or by an active malware in the system. RECOMMENDED: equivalent to a good relationship between security and functionality. List and brief explanation of the rules in the Security: - USB Installation / WebKeyboard advertising: blocking of a very particular type of USB devices which 7 / 50 Mostonet Privacy Suite by default they are not blocked by Windows even with Autorun disabled. Similar to known BadUSB devices, once inserted open the Run menu and with a emulated virtual keyboard write in a Web address with an opening also Sending emulated, the browser in a completely automated. No currently default Policy is able to block this type of devices. See them at work is amazing how dangerous. This is what happens when the rule is active: - Exploitation of backdoor Accessibility: for precautionary reasons will not be disclosed in this guide details mentioned on the type of vulnerability. However his presence standard is recommended to users and system enabling to remedy the stated rule. Mostonet Shield, if activated, emits a warning on occasions this critical rule is not properly configured. - Automatic closing programs during shutdown: This rule is aimed at demanding users to specialized technicians. During shutdown or rebooting the system automatically close all open programs, without being processed documents inhibiting confirmation closed mask. It 's more a tweak that setting of genuine security. - Access to C $ remote files even to the casual user this rule as opposed to the previous year is instead specifically intended for systems engineers. It allows you to restrict access to only users with Administrator rights to the workstation file system qual'ora domain present in a file and printer sharing is enabled in the protocol TCP / IP network configuration. In contrast, with the appropriate credentials, all users Anonymous and guest can also groped access. Secondary rules relating to safety (anti-malware options and other rules) Here are the rules relating to the advanced screen and the anti-virus engine configuration: - Communications identification SSDP service: identifies the services and devices network that use the SSDP discovery protocol, such as UPnP devices. Also it announces SSDP devices and services running on the local computer. If this function is deemed unnecessary or unused this service can be disabled. UPnP devices can pose a security risk. 8 / 50 Mostonet Privacy Suite - Communications DmWapPushService service: Windows 10 default service manager Partial keylogging of typed text and included in part in telemetric records located in: C: \ ProgramData \ Microsoft \ Diagnosis \ ETLLogs \ AutoLogger \ AutoLogger-DiagtrackListener.etl This file, hidden and protected with special permissions can be read from the Event Viewer. (Eventvwr.exe) Mostonet Shield, if activated, emits a warning on occasions this critical rule is not properly configured. N.B: it is important to keep in mind that the service related to Asimov keyloggers (DmWapPushService) It is not reset even if you reset the rule setting Default since this service, precaution is uninstalled from the system due to the high invasiveness. However, that fact could be restored in the event of: - Updating to Build successive system via Windows Update as already happened in the past - With the function: Restore the system in case you want to restore the Windows platform to the original factory conditions, including telemetry. - Communications Service Windows Update P2P: Windows 10 includes options relating to the sharing of updates with P2P technology, similar to the torrent protocol. Basically, after you download an update from the Microsoft server, Windows 10 automatically share with those who still have not downloaded, lightening the load on our servers, the Redmond company and offering - the next - increased download speed. However mainly on Italian networks bandwidth consumption in upload it is remarkable. - Communications router AllJoin service: Windows 10 allows you to manage communications of IoT devices compatible with the standards drawn up by Allseen consortium. If in your network does not have similar devices is recommended to set to NO this rule. More information can be found on: Allseen Alliance - Information Collection Service ETW IE: Windows 10 service collects and records events that are generated when using Internet Explorer. Except for reasons related to the debugging or performance analysis it is recommended to set Off this rule. ETW stands for Event Tracing for Windows. - Communications CDPSvc service: This Windows 10 stands for Connected Device Platform Service. Specific information on this service are very rare or They were detected. In the absence of certain documentation it is recommended to set the rule to NO. - Communications Service Wi-Fi Sensor: The default rules allow you to automatically log to wireless networks available in the vicinity, even when we do not know the credentials. Access to Wi-Fi networks is done by using passwords shared by other users and stored in encrypted form on Microsoft servers. For this reason, as a precaution on your network or to avoid falling victim to specially monitored networks and made available, we recommend setting to NO the stated rule. For safety it is recommended to perform a manual check for every user reading this documentation in the section: Advanced features -> Wi-Fi sensor guide following to ensure that the Disabling was successful. This feature is no longer available in Windows 10 Anniversary Update July 2016 and probably it will not be reintroduced in the next Build. - Communications OneSyncSvc service: Windows 10 to use this service is essential App of the Mail and Calendar integrated into the operating system. ELEVATING OF ADMINISTRATIVE PRIVILEGES The advent of more and more abrupt crypto-low-level malware (bootkit) has made it essential for the immediate introduction of this new 9 / 50 Mostonet Privacy Suite denial of Administrative functionality. The bootkit that we analyze are a hybrid between crypto-modern worms and viruses 80 years that modify the first PC boot sector, said Master Boot Record (MBR). Modifying the master boot record is done by editing the Bootstrap Loader Code, that is, the set of machine language instructions (Assembly) that are performed before the computer can locate and load into memory the next startup areas. In the example below briefly we analyze the behavior of the Crypto-bootkits Petya-called Mischa with a simple qualitative simulation: 1) After obtaining administrator privileges following the execution of an infected file not signed, the user carelessly executed, Petya overwrites the Master Boot Record directing the loading of the computer to a disk region specifically written by the worm containing a small malicious kernel. 2) After this operation to induce the forced restart of the PC, the worm causes a blue screen error. 3) The next time the PC is restarted, the modified Master Boot Record does not tip over to the Windows boot sectors but to a small micro-kernel malicious. At this stage it is shown a false disk check. 4) At the end of this phase, the worm via its kernel encrypts the MFT, the Master File Table, the allocation table of an NTFS volume file making virtually inaccessible files. When the operation here is the screen that appears each time you start your PC: Pressing any text the crypt-worm shows the instructions to pay the ransom. 10 / 50 Mostonet Privacy Suite 5) If in the very first stage the user had denied the act to ensure the consent of the worm running with full rights, the malware would run the other party named Mischa in User mode by encrypting all your files current but not modifying the boot sector. For the user, the damage would still be significant. This is just one example of the bootkit. In modern operating systems with UEFI Secure Boot Bios type of damage would be identical with regard to the failed launch of the operating system and encryption of the MFT. The difference would be the failure to appear, on many machines, the "Skull" message of worms with related payment instructions. The problem of ransomware is constantly growing and new methods are devised to violate and encrypt user and business computers. Currently existing bootkit as Petya manage to evade the anti-ransomware of Mostonet Privacy Suite and many other rules anti-commercial ransom in many situations, such as if performed by infected USB sticks. Inhibit any bootkits raising only signed executables: To avoid even this possibility, this version of the Suite waiting for softer solutions has decided to adopt a Strategy of the most stringent ever using extremely restrictive but effective Windows setting. The union of the two types of prevention: anti-ransomware rules and granting administrator rights only signed and verified files It should ensure a more extremely robust working environment although much more limited as regards the execution of programs legitimate unsigned. This setting is not its Mostonet Privacy Suite but is present in the Windows Group Policy. The Suite ease it simply the real-time activation / deactivation for your convenience. When an unsigned or revoked digital signature program, the error message is executed is as follows. 11 / 50 Mostonet Privacy Suite The user in this case has no possibility of choice. The program unsigned not only it is not high to acquire administrative rights but is also interrupted. N.B: This extremely rigid setting can be inconvenient in locations where there is the possibility of bumping in many legitimate software unsigned because auto products. In housewives stations instead they are generally software "craccati" or signature invalid who suffer the worst consequences. It is recommended to activate this option only in locations where operational safety is in first place and where all programs used in production are signed by the proposers. Privacy PANEL FEATURES: PRIVACY The Privacy panel is the backbone of the entire suite. Configures the Windows platform balancing functionality and user privacy at a good compromise. The recommended options are designed taking into account the needs both novice users, is the most experienced who want to have with a few click an operating system with a higher level of confidentiality. The recommended options are usually also good for technicians and systems engineers who wish for example to set up business domains managed by Active Directory Secure Workstation with ease. The rules as a whole make it possible to greatly limit the invasive telemetry named Asimov. Here's what the Privacy screen: Main controls: - Improves user manual balancing privacy and confidentiality: sets the Privacy rules with an excellent feature / protection. 12 / 50 Mostonet Privacy Suite - Restore Defaults: Restores all the rules previously septate on system defaults. - Exit: Go back to the main screen Legend of septate rules in the system Depending on how the rules are set the panel displays three different status indicators, with three different colors. The denomination is as follows reflecting the rule configuration: DEFAULT: that is original and conform to typical factory settings of a Windows default. CUSTOM: user-changed ie, by the system or by an active malware in the system. RECOMMENDED: equivalent to a good relationship between security and functionality. The number of rules available varies depending on the Windows platform on which you go to work. On XP platform such are small and minimally disturb privacy. Unlike the latest Windows release their numbers not only it has increased enormously, but it has also increased the quality and the amount of monitored information and the output. The rules shown in the figure are those of the series in a Windows 10 operating system. As you can see some services, such as text Registration typed from the keyboard are particularly intrusive and so it is best to slow. For fairness it should be informed that some options, such as that mentioned above, can be deactivated by a special posted by Microsoft panel: Notification Center -> All Settings -> Privacy. Suite not only simplifies access to these basic settings but naturally goes much further, activating other well hidden options, custom and difficult to manage without a streamlined interface. List and brief explanation of the rules in the Policy: - Communications service Windows SmartScreen: introduced for the first time in Windows 8 in 2011 this control feature resides in Explorer.exe Windows 8 and later and is not present in Windows 7 and earlier. Functionally, you can see that Explorer opens a communication outgoing TCP to check that the executable file downloaded from the Internet is not present in the list of harmful programs established by Microsoft. Although the order may be noble, indirectly allow Microsoft to compile statistics with relative IP User-run programs. Recommended rules in this rule is set to NO. Here SmartScreen in action: 13 / 50 Mostonet Privacy Suite - Communications LSASS service: important service especially for the verification of digital signatures of executable programs. Recommended settings in the rule is set to YES and related communications are permitted. - Communications Windows Store service: useful service to install additional optional software on your Store Windows official. Recommended settings in the rule is set to YES and related communications are permitted. - Communications UPnP service: This service called Universal Plug and Play allows easy opening the doors to the outside to devices / programs that exploit or also using this feature. Because of the potential danger of this Protocol and the Windows platform service is Recommended disabled in rules. - Communications service OneDrive Windows: Use all of OneDrive cloud features such as storing personal files. As in the private sector or business this option might be useful to store your data by setting rules Recommended this rule is not disabled. N.B: it is important to keep in mind that the files once stored in the Cloud becomes accessible by the user at any time and with extreme comfort, but the latter no longer their exclusive property. - Communications service Rangefinders Asimov: surely one of the most important rules and fundamentals of the entire suite. The Telemetry Asimov introduced officially during the development of Insider versions of Windows 10 and never removed even in the OEM, and Enterprise RTM of the Windows platform It is in itself the goal of the entire suite. Its inhibition allows to maintain an output data stream comparable at level 0 (Safety) present in the versions Enterprise, further stiffening the default level on Windows platforms Enterprise level. Recommended settings in the rule is set to NO and almost all of its external communications are inhibited. The totality can never be achieved because of mutations and continuous updates to the platform itself. In fact, update after update, telemetry can change, improve, reactivate and change IP to its supporting server. - Communications Service Device Inventory: This rule inhibit recording and sending information relating to the compatibility of programs and drivers on the Intentory Collector by system. Recommended settings in this rule is set to NO and communication is inhibited. - Communications Service Steps Recorder: disables monitoring and the possibility to make screenshots by the PSR Program (Problem Step Recorder) which is activated in case of crashes or problems. Recommended settings in this rule is set to NO and the creation of screenshots and additional information can be sent to the outside is inhibited. - Communications Service Registration typed text: critical and fundamental rule for user privacy. It enables to inhibit the recording of keyboard keys pressed by the user in many situations. And 'essentially a keylogger linked to telemetry Asimov through the service: DmWapPushService and Diagtrack but downsized to only work in certain system areas. Recommended settings in this rule is set to NO and registration of keys by the user is inhibited. 14 / 50 Mostonet Privacy Suite - Communications service SmartScreen via Browser: using the browser as a communication channel TCP, SmartScreen makes sure that the executable file downloaded from the Internet is not present in the list of harmful programs established by Microsoft. Although the order may be noble, indirectly allow Microsoft to compile statistics with related IP of the user executed programs. Recommended rules in this rule is set to NO. - Communications service vending Feedback: This rule allows you to inhibit the automatic sending of feedback generated by the user or by the system. Recommended settings in this rule is set to NO and the automatic sending of information is inhibited. - Communications service: this rule Geolocation allows you to adjust the use of Geolocation. Although this feature can be useful in some situations was noted as this functionality is activated automatically when the Windows platform goes into stand-by or during the lock screen for unclear reasons. As a precaution in this rule Recommended settings is set to NO. - ID Communications Ads service and Skyhost: This rule allows you to inhibit the communication of its linked to your account ID and used for reasons such as Advertising in the Start menu. In addition to the surprise, launching the App Video Skype has been noticed a remarkable anomalous traffic outbound exercised by Skyhost.exe file, for this reason Recommended settings in this rule is set to NO and automatically send all this information is inhibited . N.B: if you want to use the Skype platform on Windows 10 and later is recommended to install and use Skype Desktop version. See additional rules >> With this feature you can view and edit additional equally important rules not shown on the main screen. As shown in the figure below, these rules are anything but secondary monitor in real time the rules state function exposed just above. Not all operating systems have these secondary rules. In the example it is related to Windows 10 rules. Here are the other rules: - Communications of Diagtrack monitoring service : one of the services responsible for managing and sending data collected by telemetry Asimov Windows. Formed by a later service called: User Experiences and related telemetry is the most exposed part of the whole telemetry engine. Applying the rules of this service Recommended is completely uninstalled. 15 / 50 Mostonet Privacy Suite N.B: it is important to keep in mind that the service related to Telemetry Asimov (Diagtrack) It is not reset even if you reset the rule setting as Default, this service, as a precaution is uninstalled from the system due to the high invasiveness. However, that fact could be restored in the event of: - Updating to Build successive system via Windows Update as already happened in the past - System Update by installing recommended updates telemetry (on Windows 7, 8 and 8.1) - With the function: Restore the system in case you want to restore the Windows 10 platform to the original factory conditions, including telemetry. - Communications Service History File: This rule allows you to inhibit the storage of programs and recently opened files at every change of user session or after each system restart. Recommended settings in this rule is set to NO and permanent storage of history is inhibited. - Communications Service Data Collection: This rule inhibit DcpSvc service capabilities acronym for DataCollectionPublishingService. This service, if properly invoked, the App allows third parties to send upload data in the Cloud. It does not affect the default App as OneDrive, Google Drive, Dropbox. The recommended settings this service is disabled. - Remote communication assistant Cortana and Bing: This rule not only to inhibit all server functionality Cortana but also to block communications perpetually outgoing SearchUI.exe process. Unfortunately at this stage of development even when Cortana is explicitly disabled by the user from the privacy options offered by the system, its process does not stop communicate outside. For this reason in the options Recommended Assistant is disabled and inhibited its communications. - Communications service devices Configuration: This service enables the detection, download and installation of software related to the device. However, especially in the enterprise if the driver downloaded from Windows Update is flawed or incorrect complications may arise. At the time the inhibition of this service is not faulty. Recommended settings in just to try to cushion the driver installation is not suitable for Windows Update this service is disabled on startup, so the rule is set to NO. Limitations and differences in the Windows platform when Recommended settings In most cases and for most users, there are no obvious limitations in the use of Windows 10 daily with the activation of all the Recommended settings. On a practical level inhibited capabilities include: - Cortana - Geolocation - Feedback - Telemetry Asimov While as regards 7,8,8.1 versions concern: - Forced Updates to Windows 10. (GWX or other methods against his own consent) - Telemetry Asimov (Diagtrack installed via Automatic Updates) - Feedback In Vista, XP and earlier, only functions from the less impact. As for Cortana, being integrated in the search menu, the latter will only be local, as in previous versions of Windows. Cortana also can not communicate with the outside even if disabled as the default setting and can not interact with the user. 16 / 50 Mostonet Privacy Suite It will use almost a classic Windows look like Windows 7 and earlier. Real practical example Here are the outbound connections to the Internet in a Windows 10 system with default settings without the user doing anything special. Outgoing connections are the initials [ESTABLISHED]. As you can see Cortana is turned on and the "search in Windows and the Web" is available. N.B: Connections [TIME_WAIT] were connections that shortly before the screenshots were also in [ESTABLISHED] and have been put on hold to be re-opened or closed permanently. But remember that you are not doing anything in particular, and is not sailing it searching for information on the Internet. Fig. Below: But here is a system with Windows 10 platform with options Privacy septate on Recommended. As you can see, following the outgoing connections reboot are drastically reduced, Example connections are non-existent [ESTABLISHED] because the user, the example is not doing anything particularly it surfing the Internet, just as in older versions of Windows. 17 / 50 Mostonet Privacy Suite The allowed automatic outgoing connections are those relating to: - Windows Update - LSASS for the control of digital certificates in programs - Windows license check Fig. Below for the difference: In this case the Windows Search is only strictly local. No communication or research done outside. TEST VERIFICATION OF NETWORK CONNECTION This option enables the Windows platform to check whether the Internet connection is active and set correctly. To do so the platform makes a call to the Microsoft DNS: dns.msftncsi.com and through the withdrawal of the file: ncsi.txt from www.msftncsi.com If all these steps are successful it means that your Internet connection is properly set and then the system displays the network connection icon without the yellow sign that indicates only the presence of a possible local network but no Internet connection . Since the IP of the PC that verifies the connection is registered, for privacy reasons, you can avoid this behavior by displaying always the network connection icon without the yellow sign and by inhibition with Microsoft server connection occurs. To achieve this simply activate the rule: Disable Network in Microsoft NCSI tests by setting the rule to Yes. Clean Up PANEL FEATURES: CLEAN UP The Clean panel allows the user to perform a thorough cleaning suitable for the removal 18 / 50 Mostonet Privacy Suite personal traces related to program categories. However, as specified in the FAQ, this process does not conform to free up disk space as other software used for this task and much more sophisticated. The task of this module is to remove history of open documents in the most common programs. The categories of programs interested in the removal of any traces are divided into category. The main categories are: - Internet Browser: contains the most common and reclaiming them in your history and other sensitive areas browser. - Explorer: contains the OS areas that "remember" user actions - Multimedia: contains the standard multimedia programs in Windows - Office: it includes the most common programs on the market relative to productivity The programs are located in the relevant categories, not present on your system are automatically Off and its cleaning is not performed. To clean a single category, including all related programs simply press the title that identifies the group. For example by pressing: Internet Browser you can clean in one fell swoop the most sensitive areas to privacy on all browsers and managed effectively naturally present in your system. Here's what the Clean panel: MAIN CONTROLS: - Clean automatically at risk privacy areas: it cleans history and many other aspects of the most common programs and sensitive areas of the system - Exit: Go back to the main screen RECLAMATION MANUAL PERSONALIZED: For advanced users and the most demanding system builders can be individually detected and cleaned each active program. Just move the mouse over it by clicking on the program name. The cleaning will be well targeted to the individual program. Currently there are no key combinations for individual programs. 19 / 50 Mostonet Privacy Suite Then use the default pointing device or the touch on the touch screen at the desired program by clicking on it. Network PANEL FEATURES: NETWORK The network panel is redesigned to offer, in addition to the classic functions of monitoring the status of the connections, also access to the filtering of Web pages. From this version you can set filters for system protection against: - Hacked sites - Propagating malware sites - Sites of compromised banner advertising (malvertising) Setting a High security, or if you have children at home who use the station you can prohibit access to: - Adult sites prohibited to minors not suitable setting a High security level that also includes all of the average level filters. Here is the main screen: MAIN CONTROLS: - Set up rules for safer Internet surfing (Recommended) With this feature you can set the rules, and this version, the filters that allow you to restrict your outgoing communications of many factory App featured as standard in the operating system and provide protection against compromised sites, malignant and propagating malware. Also as you mentioned earlier you can also filter sites not suitable for minors. Further information can be found in Advanced Features -> Navigation Filters - View network connections for potential intrusions This feature allows you to test the state of the Internet, the presence or absence of network problems and check for incoming connections / output identifying suspect in most cases the form or the program that generated them. 20 / 50 Mostonet Privacy Suite When you view all active network connection, the screen output is identical to appropriately set Netstat command to see what process has also opened the outgoing connection. Here is a sample output entirely invented: TCP 192.168.1.2:1092 195.110.124.188:23 ESTABLISHED 4088 [Moprisuite.exe] Without going too much into the technical details you can see that the [moprisuite.exe] program with unique PID [4088] in your computer [192.168.1.2] has opened an outbound connection [ESTABLISHED] to the remote server: [195110124188] on the remote server port: [23] and holding open his port: [1092] to receive in turn instructions or data packets as updates. This feature is useful for diagnosing the status of their network and to identify in most situations suspicious communications to the outside. The term [LISTENING] means that a given process is listening but did not establish any communication output, therefore, the immediate is not a problem as no real brings the outside was open. The results of each command appear in its window below. The results can be copied and pasted elsewhere via the mouse and the keyboard shortcut: Ctrl + C (copy) and CTRL + V (paste elsewhere). - Exit: Go back to the main screen Advanced features Having outlined all the basic functionality of the Suite, we move on to advanced features which together can help the user to automatically solve many situations. Anti-ransomware rules The suite itself is not content to set the settings of Privacy and Security that would allow a Windows platform more respectful of user privacy and "hardening" a local security level, but allows in a small way to inhibit the initiation of most part of a blackmail malware that encrypt user data and request a ransom in Bit Coin, known as ransomware. Unlike previous versions of custom rules allow you to put a stop also to some variations, but not all, of third and fourth generation especially if received via ZIP email the main source of infection, at least in Italy. This is different when the infection starts from a 0-day exploit for example injected into a banner or on a Web page. They stop the malware startup is much more difficult. Among the most famous ransomware circulating in Italy are: - Cryptolocker, - CBT Locker - Cryptxxx - Locky - TorrentLocker - Cerber - TeslaCrypt (for which the authors thankfully they closed the project and released the decryption master key). while among the bootkit to low-level encryption that modify the MBR, we have: - Petya (with Mischa in User mode) - Satan 21 / 50 Mostonet Privacy Suite Scanner open-source anti-malware In addition, the Suite includes open-source stable version of the anti-malware engine ClamAV integrating power and functionality. ClamAV can be exploited as an emergency manual anti-malware even in Command Prompt mode qual'ora the Suite shell is compromised or infected. Since this version also the average detection rate rose from just 32% to 81% by stiffening the preconfigured options scanning. However, even the false-positive rate increased from 1% to 5%. To overcome this problem the "suspicious" files are not deleted; they are quarantined in the folder: \ bin \ quarantine where it is installed or performed the Suite. In addition to this version you can be displayed easily printable reports or archived after each scan. Self-repair in case of failure Starting from this version of the suite is able to repair itself, ensuring the application of the rules relating to security and user privacy even on occasions almost all of its files are out of use. The Suite to work requires only of its executable and file: msvbvm60.dll qual'ora is not already in the system. In many cases, the Suite can be started even without this file but on occasions it is already present and protected in the Windows System32 folder. Pocket mode at low screen resolutions At times you need to start a Windows platform in safe mode equipped with a video resolution much lower than the standard. In the earliest versions of the suite this made the control panel, cut and used only partially. Now as soon as the resolution changes, for example because of a crash and on the video driver in User Mode reboot etc .., Suite changes its appearance in a compact and perfectly usable in its basic functions. More security in the area commercial / institutional / government The version called "Commercial" Suite lacks the ClamAV anti-malware module. only it includes the external module free: pskill.exe of Sysinternal used only in the Suite update operations. The anti-malware scanner was not included both for legal reasons and is possibly to do so that anti-malware scans do not detect erroneously as infected files completely harmless and useful in a business setting. AntiVirus ANTIVIRUS OPEN-SOUCE The integrated AntiVirus uses the motor free and open-source ClamAV, integrated aesthetically in the Suite that removes viruses, worms, and Ad-ware and spy software in many situations. Starting from this version the level of recognition has risen from an average of 32% to about 81%. This simply by setting more stringent and targeted default scan options. However, even the false positive rate has increased by '1% to about 5%. To partially overcome this problem, in this version, the Quarantine is implemented for all the infected and suspicious files. Infected files unlike before are no longer deleted directly but moved to quarantine allowing an easier recovery in case of incorrect detection. Here's what the AntiVirus screen: 22 / 50 Mostonet Privacy Suite MAIN CONTROLS: - Scan memory for the presence of malicious programs: quarantines also active malware in memory on the operating system. - Scan unit files: scan a single unit with automatic quarantine of infected / suspicious files. Useful for analyzing storage devices connected via USB such as: - Smartphone - USB Pens - External HDD - MicroSD etc .. - Digital Cameras - Camcorders etc .. - Stop: command only appears during the start of a scan - Exit: Go back to the main screen ENHANCEMENT OF ANTI-VIRUS ENGINE Starting from this version of the Suite, the engine Anti-Virus can be honed bringing the recognition rate from 32% to about 81% of the previous versions. This is possible by activating scanning options located in: Safety -> anti-malware options and other rules However, although the recognition rate is much higher, even the annual growth rate of false positives has a significant and annoying at times increase. For these reasons, by default the deep scans are disabled. The figure below: 23 / 50 Mostonet Privacy Suite This is especially useful in the enterprise where the loss of important files exchanged for infected files is not tolerated. By detailing the three options are: - Enable heuristic engine and thorough scan: allows you to greatly increase the malware detection rate from 32% to 81% recognition. However, although the jump is remarkable in terms of recognition, including the rate of false positives, that is harmless for infected files exchanged salt exponentially from 1% to 5-8%. In the enterprise, this can be a problem since they can be eliminated such important files or viable for production. Enable this option carefully. - Disable quarantine and delete the infected files directly: this option allows you to delete an infected file directly without going through quarantine. In this way any virus copies are permanently deleted, but also any mistaken for harmless infected files are deleted directly. The quarantine is useful to view the suspicious files and repair if necessary if incorrect. When activated, the recovery of an innocuous file can be difficult. - Locate PUP and Ad-ware in addition to standard malware detects even those programs that are not directly considered malware but that may violate user privacy by injecting advertising, tracing the user or allowing a legal administrator total control of the station. Some software for remote remote control can be considered as malware if this option is enabled. Do not activate it if company policy does not allow it. MANAGING QUARANTINE AND FILES IDENTIFIED How best to use the Quarantine Physically, the quarantine is located in the folder: \ bin \ quarantine where you installed or performed the Suite. Example: C: \ Mostonet \ Privacy Suite \ bin \ quarantine Inside this folder you can find the infected file / suspicion renamed with a double extension, the original and the fictitious extension ".sospetto". Example: fattura.pdf.sospetto 24 / 50 Mostonet Privacy Suite Along with the infected file with a dummy extension ".sospetto" it creates a text file with the same name can be easily opened with Notepad .txt extension indicating the original folder where the suspect file resided before being moved to quarantine. The text file has a name similar to the example: Example: fattura.pdf.sospetto.txt How to recover a harmless file mistaken for infected from quarantine To retrieve a harmless file mistaken for infected follow these steps: - Enter the folder: \ bin \ quarantine from Windows Explorer (Example: C: \ Mostonet \ Privacy Suite \ bin \ quarantine) - Identify the harmless file. (Example: fattura.pdf.sospetto) - Rename the file using harmless or F2 DX button on it and then Rename, removing the double dummy extension: ".sospetto" - Open the respective .txt files to read the exact location, the directory where the original file resided. - Move the file to the original folder. As such "false positives" contribute by sending harmless files to ClamAV team to prevent the file from being put in quarantine All of you can contribute effectively to improving the open-source ClamAV scanning engine helping the developer community. To do so does not need to be a programmer at all, just need a little 'patience to help make the most efficient and accurate recognition database. By helping yourself and others who can stumble into the same problem. To report to the ClamAV team a harmless file incorrectly identified as malware, you can send a sample so that in the following scanner updates stumble again in the error. The operation is easy, safe and helps many users who daily use ClamAV in their systems. Here are the steps: - Log on to the link for false positives on the official website: https://www.clamav.net/reports/fp - Fill out the form in a way that is more appropriate to consider filling in the mandatory fields. - Attach the suspicious file (if it does not contain personal information, invoices or documents) - After that press the button on the site: Upload False Positive Report. N.B: to let privacy ticked off the box: Do not pubblish my name live on the web site. How to contribute by sending infected files and verified VirusTotal.com not recognized by ClamAV Also in this case the help of all the users is valuable and useful. Also in this case not needed at all to be a programmer, it serves only a little 'patience to help make the most efficient and accurate recognition database. The operation is easy, safe and helps many users who daily use ClamAV in their systems. Here is the procedure to determine roughly where the potentially infected file is already known: - Access VirusTotal.com (or similar services): https://www.virustotal.com/ - Press the button: "Choose File" in the Web page and enter the suspicious file undetected. - To upload completed await the results of the scan. If the file is actually infected for most of the scanners, but not by ClamAV perform the following steps: - Log on to the link for sending new infected files on the official website: https://www.clamav.net/reports/malware - Fill out the form in a way that is more appropriate to consider filling in the mandatory fields. - Attach the suspicious file (if it does not contain personal information, invoices or documents) - After that press the button on the site: "Submit Malware Report." 25 / 50 Mostonet Privacy Suite N.B: in this case about their privacy left unchecked the box: "Do not pubblish my name" always on the Web site. After a bit 'of time even the Suite will benefit when updating their virus definitions. Proactive defence The Proactive Defense panel allows the user not only to monitor real-time editing inopportune critical settings on your privacy but also to instruct the system to render ineffective the execution of most of ransomware (to blackmail software) in circulation today. DEFEND ITSELF FROM CRYPTO-WORMS: THE NEW WEAPON OF CYBER-CRIME A Ransomware is a type of malware that restricts access to the device that infects, demanding a ransom to be paid (ransom in English) to remove the limitation. A Crypto-worm instead is its direct evolution, since it incorporates both the features of extortion Ransomware is the high typical level of propagation of a worm such as a vehicle taking advantage of USB devices propagation or 0-day vulnerabilities in network protocols, systems operating or programs. The earliest forms of ransomware simply blocked the device, displaying intimidating messages, using as a psychological weapon logos of police forces across the world; as Reveton malware, rather than current generally encrypt user files, making them unreadable. Photos, documents, audio, video, even on network devices and external, shared folders, and sometimes even in the Cloud if its mapped folder is available. Everything is encrypted with an RSA key usually of considerable length (up to 2048 bit) transferred to the cyber-criminals to start encryption server. The aim is to later ask for a ransom, usually at the end of encryption, by payment by means of virtual currency Bit Coin or currency to return the plain encrypted file. Initially popular in Russia, ransomware attacks are now perpetrated around the world. How to restrict the execution of malicious programs The mode of infection of a Windows-based system, generally occurs in two ways. The most widespread in Italy involves the inbox. Fake PDF with double disguised extension by invoices, compressed ZIP file. 26 / 50 Mostonet Privacy Suite In this case the opening of the fake document, which is automatically extracted and executed in a temporary folder after double clicking on it, leads to the execution of the malware. The encryption process is immediate. In this case the process is blocked by Anti-Cryptoworms rules immediately after extracting the file. Exactly at the moment when the fake document is executed. As shown: Another mode of infection and even more sophisticated than the last. Exploits of these vulnerabilities 0-day. Ie flaws in server or Web sites sometimes harmless, or by displaying modified to be malicious banner ads called malvertising, which force the user's Internet browser to download and run the malicious code. Block this form of infection is much more difficult especially if the malware is processed directly into memory. In most cases the rules Anti-Cryptoworms manage to block this form of automated attack viewing usually a generic error message similar to the following: N.B: despite the commitment to create ad hoc rules to stop this type of malware, it should be emphasized that not all CryptoWorms can be stopped. Vulnerability 0-day or next-generation new enforcement tactics can bypass this important defense mechanism. For that rely solely on technical tools to protect their data is madness. For home use, common sense combined with a regular backup of your data can save your digital life from losing everything. Contraindications and side effects in installing legitimate programs Other times, especially when the user to install legitimate software, they may not be properly installed if the system are active Anti-Cryptoworms rules. This is a contraindication stringent rules. 27 / 50 Mostonet Privacy Suite the symptoms are usually: - The installation of the legitimate program crashes. - The installation fails with an error code or message. . the installation does not start at all without displaying anything on the screen. To avoid these problems temporarily disable Anti-Cryptoworms rules: proactive defense -> Remove rules in the panel Suite reactivate them immediately after installation. Here's where: MAIN CONTROLS: - Enable monitoring critical rules with Mostonet Shield: Activate a record of the critical rules control module - Deactivate: deactivate the resident protection for critical rules - Enable basic security rules against malware extortion: Activate the specific prevention rules against ransomware and unknown malware. - Remove rules: This item is activated when the basic protection is enabled. Deactivates the preventive protection - Disable software critical system areas: extremely important command in the event of serious infection. Try to reset the Policy that the restrictions imposed by the malware to restrict access to many useful system tools like Task Manager and the Windows Registry and tries to inhibit the execution of programs in all areas of the bootable operating system, especially in the most unusual areas. Proceed with caution and only in extreme cases because it may disable legitimate programs. - Exit: Go back to the main screen MOSTONET SHIELD: DETECTION CHANGES TO PRIVACY Besides trying to put a stop to CryptoWorms (a self replicating ransom software), Suite seeks, through a small module resident in memory, to alert you qual'ora be activated voluntarily or involuntarily harming settings privacy as the built-in keylogger Telemetry Asimov in Windows 10. 28 / 50 Mostonet Privacy Suite The figure below: This security module is designed to give greater freedom of configuration and high compatibility with most AntiVirus software and HIPS modules (preventive AI) on the market. His job is only to signal the activation of rules and privacy settings considered extremely harmful. The monitored critical rules are: - Of Diagtrack monitoring service Communications: Explanation: One of the services responsible for managing and sending data collected by telemetry Asimov Windows. Formed by a later service called: User Experiences and related telemetry is the most exposed part of the whole telemetry engine. Applying the rules of this service Recommended is completely uninstalled. You are in: Privacy by pressing Show more rules >> - Communications Rangefinders Asimov service: Explanation: surely one of the most important rules and fundamentals of the entire suite. The Telemetry Asimov officially introduced during the development of Insider versions of Windows 10 and never removed even in the OEM, and Enterprise RTM of the Windows platform It is in itself the goal of the entire suite. Its inhibition keeps a data stream output comparable to the level 0 (Security) fitted as standard in versions Enterprise, further stiffening the default level on Windows platforms Enterprise level. Recommended settings in the rule is set to NO and almost all of its external communications are inhibited. The totality can never be achieved because of mutations and continuous updates to the platform itself. In fact, update after update, telemetry can change, improve, reactivate and change IP to its supporting server. You are in: Privacy from the main panel of the Suite. - Communications Service Steps Recorder: Explanation: Disables the monitoring and the possibility to make screenshots by the PSR Program (Problem Step Recorder) which is activated in case of crashes or problems. Recommended settings in this rule is set to NO and the creation of screenshots and additional information can be sent to the outside is inhibited. You are in: Privacy from the main panel of the Suite. - Communications DmWapPushService service: Explanation: Windows 10 default service responsible for the partial keylogging of typed text and partly included in the telemetry records located in: C: \ ProgramData \ Microsoft \ Diagnosis \ ETLLogs \ AutoLogger \ AutoLogger-Diagtrack-Listener.etl This file, hidden and protected with special permissions can be read from the Event Viewer. (Eventvwr.exe) It is located at: Security -> Show more rules >> - Exploitation of backdoor Accessibility: 29 / 50 Mostonet Privacy Suite Explanation: for precautionary reasons will not be disclosed in this guide details the mentioned type of vulnerability. However his presence standard is recommended to users and system enabling to remedy the stated rule. It is located at: Security in the main panel of the Suite. These rules also include the inhibition forced upgrade to Windows 10 in previous versions of Windows. Instead all other remaining rules are fully configurable without warning obtaining custom configurations in complete freedom. The icon of the access can be activated in all operating systems from Windows 10 to Windows 2000/2003 as in the figure below: As soon as you click on its icon with the right mouse button you can access the following shortcut menu: Main controls: - Show Privacy Suite: rapidly start the main panel Mostonet Privacy Suite - Monitoring privacy: enable / disable warnings related to the rules that if disabled can endanger user privacy - Anti-Ransomware: enable / disable rules that can inhibit the start of extortion malware - Elevate signed Apps: enable / disable the rule that allows you to grant administrative rights only to App signed and validated by the respective certification authority - Help: Allows you to quickly view this page for explanations. 30 / 50 Mostonet Privacy Suite - Hide Menu: closes this menu but leaves activates the shortcut icon. - Disable-out completely from Mostonet Shield. N.B: Anti-Ransomware rules remain active even if you disable Mostonet Shield. Instead the monitoring related to the privacy settings is interrupted. If you double-click the icon of Mostonet Shield with the left mouse button boots directly on the main panel of the Suite. In practice is equivalent to the command: Show Privacy Suite MANAGEMENT RECOMMENDATIONS REGARDING MODULE MOSTONET SHIELD When the monitoring is suspended privacy option displays the message below. The alert is shown once and the suspension of the privacy module remains permanent even after the computer is turned off. Instead when the privacy monitoring is reactivated the message is: When instead the privacy module detects the reactivation or the presence of a ' setting that could seriously undermine user privacy, the message that appears is similar to the one below. The latter is shown cyclically. 31 / 50 Mostonet Privacy Suite Solving problems related to warnings of the Monitoring module Privacy To resolve this problem by restoring the user privacy at optimal levels follow these steps: 1) Click the right mouse button on the Mostonet Shield 2) On the menu that appears (partially covered in the notice), click again on: Show Privacy Suite 3) Answer YES to the request of elevating privileges. 4) Look for the Security menu or Privacy Rule indicated in the message. In the example the rule is in the Privacy panel and is called: Registration typed text. Whereas a malware, a program or user tries to delete rules inhibition of ransomware by the system, the module emits Anti-Ransomware a cyclical view. The warning message is similar to the following: Solving problems related to warnings of the Monitoring module Privacy To resolve this problem by restoring the user privacy at optimal levels Follow these steps: 1) Click the right mouse button on the Mostonet Shield 2) On the menu That Appears (partially covered in the notice), click again on: Show Privacy Suite 3) Answer YES to the request of elevating privileges. 4) Look for the Security menu or Privacy Rule indicato in the message. In the example the rule is in the Privacy panel and is called: Registration typed text. Whereas in malware, a program or user tries to delete rules inhibition of ransomware by the system, the module emits Anti-Ransomware a cyclical view. 32 / 50 Mostonet Privacy Suite Temporary Files The Temporary Files panel allows the user to perform a specific cleaning suitable for the removal of unnecessary temporary files that only take up disk space. The programs involved in cleaning, as in the Privacy pane are organized by category. The main categories are: - Misc: contains the most common utilities and deletes its temporary files. - System: it encompasses the areas of the operating system always subject to temporary files and manage Quarantine Suite - Sharing object: contains the file-sharing programs and downloading of large P2P and Torrent size - Utilities: enclosing the compressors ZIP, ARJ, RAR etc .. free trade and more common and it clears the cache As the panel Privacy Programs located in the relevant categories not present on your system are automatically Off and its cleaning is not performed. Here's an example: MAIN CONTROLS: - Clean quickly the areas of the most common system: eliminates most of the temporary files generated by the system and the programs detected - Exit: Go back to the main screen N.B: For advanced users and the most demanding system builders can be individually detected and cleaned each active program. Just move the mouse over it by clicking on the program name. The cleaning will be well targeted to the individual program. CLEANING THE QUARANTINE MALWARE 33 / 50 Mostonet Privacy Suite Starting from this version the quarantine was introduced. In practice, the infected files/suspects detected by the integrated ClamAV engine is automatically moved to the quarantine folder: \bin\quarantine and no longer directly deleted. This way of doing allows the user to easily restore a legitimate files as infected exchanged. For more information on the quarantine see the section AntiVirus always in Advanced features. Clicking on the words: Quarantine/host you can empty the quarantine freeing disk space after user confirmation. However harmless files will be more difficult restorable once also deleted from the quarantine. CLEANING UP YOUR FILES HOST Every time the user changes the security level relating to Web filters located in the panel: Network Suite automatically creates a backup of the last valid Host file used. The backup file nomenclature is similar to the following: Bck_host__.txt These files are located in the same folder of the Hosts file, usually: C:\Windows\system32\drivers\etc In doing so the user may have a history of all changes made to the host file possibly by copying from the backup file most suitable for proprietary customizations standard not integrated in the filters the Suite. Clicking on the words: Quarantine/host you can delete all these backups after user confirmation. However any previous backups stored in customizations may be lost. Updates Updates The module allows you to maintain the efficiency of the Suite noting corrections always directly on the manufacturer's site on the user's request. This module has been developed to be installed on user request the latest fixes concerning the integrated modules of the Suite and to update the definitions used by the AntiVirus engine and this version also integrated Anti-Ransomware. Also entering the AntiVirus panel from the main screen, the module automatically alerts If the definitions of ClamAV, the integrated open-source engine, are older than 7 days prior to scanning by offering an immediate update, always if allowed by the user. Answering "YES" will automatically start updating the anti-virus definitions, No answer will enter the AntiVirus panel, you can scan it the detection rate will be much lower and not recommended. It creates a false sense of security. Starting from this version also entering the Privacy panel you are alerted if the IP addresses telemetry server are older than 30 days by offering an immediate update. Here's what the Updates screen: 34 / 50 Mostonet Privacy Suite MAIN CONTROLS: - Update integrated antivirus definitions: Allows you to update the definitions of the ClamAV engine - Refresh IP telemetry list and Anti-Ransomware: Update the rules used by Anti-Ransomware engine and Anti-Telemetry - Check the presence of Mostonet updates: lets you download and install updates on demand related to Suite N.B: once you download an update if any of the Suite you can decide whether to install it immediately or at a later time. - Exit: Go back to the main screen Sharing files MANAGEMENT OF FILE SHARING ON WINDOWS The File sharing is one of the most complex options and criticisms to handle as it is very difficult to offer a good balance between functionality and security. By default the Microsoft Windows client workstations registered in Active Directory allow the client of another remote file system access to all Users, of course, through its authentication. In the Security panel, you can set a rule on Workstation which allows only administrators to access your file system by denying access to all other users. For those who want a high security can be disabled all access to the file sharing capabilities. Warning: Disabling the Network Shares in the field business is sometimes the choice best suited as may preclude the sharing of your folders feature. 35 / 50 Mostonet Privacy Suite Disabling sharing to TCP / IP level 1) On the Windows icon tray press awake button on the Network icon and press: Open center network shares (example pictures it's all in Italian language) 2) In the window that appears press Ethernet 3) And then press Properties 4) In this last remove the check on: File and Printer Sharing For Microsoft Networks and press: Ok 36 / 50 Mostonet Privacy Suite Wi-Fi Sense MANAGEMENT OF WI-FI SENSE The Wi-Fi Sensor is a mechanism present in Windows 10 (only in versions prior to Anniversary Update of July 2016) and Windows Phone 8.1 (and later) that allows automatic access to public hotspots in the world, but at the same time also it allows you to easily give access to Wi-Fi networks stored in your device to your groups of friends and contacts in the content in social networks If this function is on the credentials of access to wireless networks, ie their network password, is shared - through a secure channel - with a centralized repository in Microsoft house, that can be used in a transparent manner by the devices their friends during the negotiation phase of the connection. By many seen as a vulnerability subject to Man in the middle attacks, and a real invasion of privacy, you can disable this feature using the following steps as automatic Script They do not always guarantee the full deactivation. How to disable WiFi Sense features 1) On the tool tray at the bottom right of the monitor press the icon Notification Center. (Example pictures are all in italian language) 37 / 50 Mostonet Privacy Suite 2) In the Notifications Center menu, press the "All Settings" 3) In the window that appears, click Network and Internet 4) Now press Manage Wi-Fi settings 38 / 50 Mostonet Privacy Suite 5) And off both options. As in the figure below. From this moment the WiFi Sense will be disabled. 39 / 50 Mostonet Privacy Suite Web filtering WEB FILTERING AND CHILD SAFE In this version we are introduced for the first time of the filters that allow you to greatly increase both the overall security while browsing is the protection of minors by inhibiting access to many sites prohibited to minors. It's can then switch between Minimum security level to a High level for maximizing protection. The low-level, medium and high are accessible and usable by all operating systems and affect all system users alike. This is because depending on the selected filter is modified the HOSTS file. N.B: some anti-virus software active defense HIPS can block attempts of the Suite in updating the system host file. That is, it is absolutely normal being a very sensitive files to traffic hijacking and unauthorized changes. If you can create an exception that allows the suite to change / replace the default Hosts file. Here's what the screen relative to the filters: Set the level of the most suitable security. - Minimum level: active only in Windows 10 and later only helps to regulate network access to the system default App. It does not affect modify the Hosts file. - Low level: in addition to configure the best possible network access of the standard system app (but only in Windows 10 and later), you can set Host file in a filter to only inhibit Server telemetry. This is the level that is compatible and suitable for a correct navigation even when exposed to threats. - Medium level: in addition to including the Low level filter includes a filter, always in the Hosts file to prevent access to compromised sites, propagating malware or malicious banner (malvertising). It can virtually create an effective barrier against potential sites compromised by 0-day exploit planned to inoculate the user or dangerous ransomware CryptoWorms system. - High level: in addition to including an effective protection against compromised sites at this level include an extensive list of Web sites not suitable for minors, both Italian and foreign. Great if the desk is used in household areas where minors reside who can access the location. 40 / 50 Mostonet Privacy Suite N.B: Suite while constantly updating the filters can not and must not replace the physical presence of a parent during their stay on the Internet for their children. If anything in the High-level filter can provide effective general protection against unexpected hijackings to sites and Web pages not suitable for minors. To quickly configure the various security levels for example, from one level to another, simply press: Minimum (only on Windows 10 and later), Low, Medium, High. The changes are immediate and are reflected in near real-time setup and surfing the net. For added security, you should close the browser and then reopen it after each change of level. But you do not need to restart the computer after each change. If you are not sure of what you are doing you can always resort to: - Quick Setup - Option: Libra privacy and browsing by setting a low level (most compatible choice) INTERCEPTION AND BLOCK OF A SITE FILTERED When you are redirected to a compromised site, unsuitable or regulated by the filters of the Suite within their browser you receive a message similar to the following: In simple words, the site is not considered by the DNS and the page and above all its content becomes unreachable beforehand. ADVANCED CUSTOM APP This feature is available only in Windows 10 and later and sets Firewall rules that allow you to restrict outgoing connections by the App featured as standard in the OS. For example you can block communications from OneDrive or Skype if you do not use the related services further limiting the inappropriately outgoing traffic. Pocket modality AUTOMATIC ACTIVATION OF POCKET MODALITY Mostonet Privacy Suite is equipped with another important feature called Pocket mode. This mode is activated when the display driver stops working or when the system switches to a resolution of the monitor less than the size of the Suite panel of 1024 x 491. In previous versions when a Windows operating system was started in Safe Mode with resolution less than 1024 x 600, such as 800 x 600 or 640 x 480 in previous operating systems to XP 41 / 50 Mostonet Privacy Suite or with integrated video cards or outdated drivers, part of the main panel of Suite It was literally cut off and became unusable. Now in the presence of lower resolutions to their own, the Suite automatically changes its interface in restricted minimal mode of 600 x 300 pixels. This way you can use all other features the Suite as the best native resolution with the exception of secondary rules (See rules) in Privacy, Security and Firewall which can not be set individually. In this mode only the primary rules may be set by hand while it is always possible reset the rules to their state Default or Recommended as needed. The Pocket mode is the emergency safe mode of the Suite. Here's what the Pocket mode: FAQ FAQ - FREQUENTLY ASKED QUESTIONS COMMON 42 / 50 Mostonet Privacy Suite INSTALLATION - Installing or uninstalling previous versions of Privacy Suite Mostonet the Mostonet Shield module remains active in memory and do not remove ... True. This issue was resolved starting with 6.x generation suite. Now Mostonet Shield owns the Disable command from its menu that enables the actual closing from the module memory in question. For a successful upgrade from previous versions of the suite or to remove completely the previous versions of the Suite follow these steps: Simple procedure. Module deactivation after system reboot 1) Start Mostonet Privacy Suite 2) Click on: Proactive Defense and press - Disable 3) Restart your computer. On restart the module will not be present in memory and you can upgrade or completely uninstall the suite. Immediate process through Task Manager 1) Launch Windows Task Manager by: CTRL-ALT-DEL -> Task Manager or with CTRL-SHIFT-ESC 2) Started Task Manager go to the Processes panel and look for: moshield.exe 3) Press End Task 4) The process will be closed and you can upgrade or completely uninstall the suite. ANTIVIRUS - The open-source integrated anti-malware ClamAV may conflict with other scanners? Following numerous independent tests not. This is because the built-in anti-malware suite It is not resident in memory. If anything, the virus already resides in the system is urged to check the same files scanned by ClamAV. In doing so dormant infected files identified by the first can be detected and removed their dall'antivirus resident. - Every time I try to update the definitions of ClamAV updates from the ClamAV module menu (freshclam.exe) crashes ... It can happen. It happens rarely, but it does happen. In this case, generally you can groped to reinstall Mostonet Privacy Suite directly from the installation package. The settings will not be lost. Or uninstall completely Mostonet Privacy Suite reinstalling and removing all the files in the default folder: C: \ Mostonet this to see if the problem persists or is resolved. 43 / 50 Mostonet Privacy Suite Note: Commercial versions of the suite are not subject to the rare problem because without the ClamAV anti-malware module - I've done a test to assess the rate of open-source ClamAV engine detection integrated in the suite but the detection rate is low .. ClamAV is run by a community of developers who are trying their utmost to update as much as possible the anti-malware database and to make improvements to the actual scanning engine and its version after version. The Suite uses the engine with a good compromise between speed and detection rate. Sometimes it is precisely this compromise Suite which can lower the average detection. Starting with the 6.x version of the Suite, the average detection rate increased from 32% to 81% through a tightening of scanning parameters. These parameters, however, are activated so optional by the user and they are not active by default. However, even the rate of false positives (ie exchanged for malware harmless files) increased. For this reason, always on the 6.x release the infected files / suspects will always be moved to quarantine in the folder: \ bin \ quarantine for an eventual recovery. - By running several times a scan of memory the infected file returns continuously. What can I do? The answer is not very simple. In principle, you can try to start Windows in Safe Mode and then scan again evaluating the results or effectiveness in removing. If the problem persists you can avoid installing a specific antivirus product retrying the scan. For the more experienced you can physically remove the hard drive by plugging it into a clean PC, or use a CD / USB emergency. MOSTONET SHIELD - The Mostonet Shield module being resident in memory can adversely affect the system? Absolutely not. The Mostonet Shield module periodically checks the voluntary or involuntary activation of only 6 critical rules for privacy. The control is not assiduous it stressful for the CPU and this is like everything, verifiable. Consumption in memory is about 2 MB of RAM. - Mostonet Shield may be incompatible with other proactive defense module of other products? At the moment there are no reports that occurred regarding known incompatibilities. This is because the Mostonet Shield module deals essentially to monitor privacy settings and nothing else. Usually other proactive defense module implement anti-malware inhibitions so in an area not affected by the Shield Suite module that deals essentially Privacy. ANTI-CRYPTOWORMS - The anti-ransomware rules can block legitimate programs installed on paths also used by ransomware? Unfortunately. The anti-ransomware rules block the execution of most of the independently executable programs that they are legitimate or not, installed in particular paths. Without going into detail not to benefit malware writers, there is a possibility especially during the phases of installation / uninstall / startup software these do not work properly if the rules are active in the system. In this situation you have to deactivate by: Proactive Defense -> Remove rules - I was struck by ransomware and only after I activated the anti-ransomware rules. The Suite can decrypt files encrypted by cryptomalware? No. Unfortunately the Suite can be used preventatively. Once the files are encrypted the Suite can do nothing about. We recommend periodic backups of your data on an external drive is not permanently connected to the computer hit since holding it always connected (and accessible) the relevant data would be encrypted too. 44 / 50 Mostonet Privacy Suite In Internet many manufacturers such as Kaspersky Anti-Virus Emsisoft and they are at the forefront of trying to undermine the encryption keys of these malware blackmailers. But in the case of TeslaCrypt the authors themselves of the malware have amazingly released for all the master key decryption. - Although he has activated the anti-ransomware rules, I was struck however by a crypto-malware. What can I do? Currently, at least in Italy crypto-malware able to bypass the strict custom rules of the Suites are very rare. However, if the source of infection is a 0-day exploit well thought out or USB device is not excluded that the malware may still be executable by encrypting user data. It is also not ruled out the arrival of crypto-malware evolved in such a way as to bypass always these restrictive rules. For an even greater level of protection you can search the Internet for proactive Antispecific modules such as those produced by Ransomware with Malwarebytes Anti-Exploit and AntiRansomware products. - I touched something in Suite and then whenever I run any program I get the message: The server returned a reference. How can I fix it? The problem is caused by the Suite set group policy to inhibit the execution of unsigned programs that require high administrative rights. This is useful to prevent potentially destructive infections, such as the installation of bootkits to extremely advanced blackmail, but it is annoying qual'ora use a number of programs in the system are not digitally signed by their authors, craccati software, auto products etc. ... To solve the problem easily with the help of the Suite in any version: 1) Start the main panel of the Suite, 2) Click on: Security -> anti-malware options and other rules 3) Click No in the rule: Inhibit any bootkits raising only signed executables The removal of the rule is instantaneous. The programs will come back to ask for elevating privileges as in the past. Resolution of the problem without the aid of the Suite, for example in case of lack of connection to the Internet: 1) Press CTRL-ALT-ESC to start Task Manager. 2) Press File -> New Task (Run) 3) Type regedit and press Enter 4) Enter the path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System edit the key: ValidateAdminCodeSignatures with right click -> Edit. 5) In edit enter: 0 (zero) and press OK. The effect on the system is instantaneous. PRIVACY AND TELEMETRY - I customized Random options related to privacy and security but would like to return the system to the factory options. How to do? In each panel, Security, Privacy and Network -> Customize Firewall, simply press: Restore Defaults. To see a tangible result, restart Windows. - How can I prove that indeed the telemetry data outbound traffic is actually blocked by the use of the Suite? To check the correct functioning of the Suite, engines and indeed the amount and the quality of outbound packets blocked / allowed for careful assessment of the output data can be used roughly the following products. For rapid analysis Wireshark installed on Windows itself or by pressing the Suite Network -> View Network Connections in search of intruders. The connections must all be in LISTENING or TIME_WAIT when Windows is not doing anything special. 45 / 50 Mostonet Privacy Suite Or for the more experienced and for a much more accurate and precise control: An installation such as Ubuntu Linux with Windows inside a virtual machine created with VirtualBox or VMWare Player with Suite installed on Windows virtualized and set the Recommended options. Finally in monitoring Wireshark installed on the Linux workstation for analysis of incoming / outgoing packets. - I installed Mostonet Privacy Suite, activated Mostonet Resident Shield, set everything on the Recommended options. Now I can feel safe and use the Windows platform with peace of mind? Unfortunately not. In terms of privacy peace of mind there will never be. Even with Enterprise versions which have a telemetry level set on Security (even lower than that of Base) but never completely disabled. This is because Windows is essentially a "service" in continuous evolution, update after update. It should be noted that these "forced" updates can not be easily disabled. The Suite always prefers the user and therefore not currently disables automatic updates. However, the whole community and users must be aware that each update as well as providing security, can bring their own recovery (as happened in the past with the November 2015 Update Windows 10) telemetry engines, or worse introduce potentially new or simply can change the nomenclature to make them more digestible (such as switching from the service name: Diagtrack in user Experience and telemetry, in the Italian version). This is because in some cases the updates are real versions of the operating system, as the cumulative update Anniversary Update (July 2016). In addition, the Server IP telemetry and the App versions may change from release to release, and then you have to constantly monitor its development. It is not a simple situation but the Suite allows automatically adapt to many of these changes by requiring the updating of IP every 30 days. GENERAL MANAGEMENT OF THE SUITE - The Suite has limitations of time, reduced deadlines or features being freeware? No. At this time all features are fully operational. No limitations or expiration. The commercial version does not possess the Anti Virus module only for technical choice in order to ensure in that area uncompromising reliability. - For a problem with the USB stick some files Mostonet Privacy Suite are corrupt and have no access to the Internet. How can I set at least the "recommended" options of each panel? Mostonet Privacy Suite is also designed to work in critical situations. It needs no fixed directory in order to function, it is also capable of self repair in order to guarantee at least the setting of privacy options in the Windows system. Just copy it to any location the following files: moprisuite.exe and msvbvm60.dll You will not have active antivirus nor the sensitive help context, however, it will be possible to set the recommended options independently and even disable most malware loaded leveraging critical system areas via the option in Proactive Defense: "Disable software critical system areas and unusual restrictions" - The Suite can be used in Windows Safe Mode? Absolutely yes. Sometimes it is even the recommended option to remove active malware in memory. - In safe mode or due to a faulty video driver to my monitor's resolution is extremely low. Risk of not seeing the whole of the panel Suite? No. The Suite includes the pocket mode. An emergency mode that automatically switches the Suite to a lower resolution but entirely visible and running in most of the functions. - I noticed that the Clean panel and temporary files is not as efficient as it sounds. With other cleaning the disk gain is much higher. Why? 46 / 50 Mostonet Privacy Suite The Cleaning and Temporary Files panel let the "visual" timeline for removal of the user's most recently opened files in many common use programs installed on your system. For a thorough cleaning with the aim to optimize the disk space is recommended the installation of other utilities. For privacy instead of the suite, many times, more than enough. - Why is the portable version of the Suite can be updated only with regard to the anti-malware definitions and anti-ransomware and IP rules? For a practical matter it was decided to inhibit the downloading of updates to the Suite true in the portable version. To obtain the latest portable version you can always download from the site the ZIP file containing the latest release available overwriting the present. - The current version of the Suite is equipped with digital signature. Why the Windows UAC panel informs me that the executable is unsigned? The digital signature of the executable file: moprisuite.exe and moshield.exe is SHA-256. If the file has not been tampered with, corrupted or the signature is not simply expired (must be renewed each time and has a considerable cost than the current product gratuity) to verify the integrity of the signature making her recognize Windows press: Right on moprisuite.exe in C: \ Mostonet \ Privacy Suite -> Properties -> Digital Signatures -> Select the digital signature and press -> Details. - Despite the author's assurances, how can I be sure that Mostonet Privacy Suite (moprisuite.exe) is not a malware? For a quick test you can verify the digital signature of moprisuite.exe and use the VirusTotal.com portal. Currently no scanner detects (incorrectly) as a malware executable Mostonet Privacy Suite. - The Suite icon is usually made up of four blue square. Why, many times, is not displayed correctly, especially in Windows 7? This is a bug inherited from the development environment so no easy fix. No way inhibits the proper functioning of the Suite but can be bothersome in terms of aesthetics. It happens rarely, but it happens on some computers and some operating systems. A higher percentage of Windows 7 SP-0 and SP-1 without the latest fixes. In practice, Windows tends to display an icon of a generic program icon instead of the official Mostonet Privacy Suite. - I've noticed that if my monitor I use scaled fonts at 125% (medium characters or above) the interface of the Suite is displayed abnormally. True. This is a visual bug of Suite no easy resolution. It is recommended to run Windows with ordinary characters to 100% and not enlarged. In any case, although visually it is not the best, at the functional level, there are no contraindications or other malfunctions. And 'only unsightly aesthetically interface with pictures positioned correctly. License LICENSE AGREEMENT - EULA (EN) 47 / 50 Mostonet Privacy Suite The Mostonet Privacy Suite program is supplied 'as is'. The user runs Mostonet Privacy Suite and external tools like: - ClamAV Scanner - Sysinternals PSKill at his or her own risk without warranty or guarantee on the part of the authors. The authors is under no obligation to correct bugs or other insuffiencies in the programme. The authors is not responsable for any damages suffered by the user resulting from the use or distribution of the programme. In the same way, the authors is not responsable for any loss of revenue or profit , or of any loss of (records or) information, or for direct or indirect damage which which may occur from the use of the programme nor for the reason that the programme may be inoperable, and this nonobstant the fact that the author may have been advised of the possibility of such damage. This special version of Mostonet Privacy Suite is supplied free of charge for: - private (not for-profit) - educative (schools and university) It is absolutely forbidden to use in business/goverment places. The use of the Mostonet Privacy Suite programme implies the acceptance by the user of the terms of this license agreement. 48 / 50 Mostonet Privacy Suite Furthermore, the user is required to: - DO NOT change - DO NOT alter - DO NOT clone - DO NOT disassemble - DO NOT sell This software and their tools third-party installed the bundled suite. This software is: - Free - Digitally Signed - Free of advertising - Free of Spyware - Free of Telemetry - Free of Ad-ware - Free of Worm / Trojan / Virus - Free of malicious code - Free of intentional bug / backdoor. N.B: if you do not agree with this license of use, uninstall or remove completely Mostonet Privacy Suite. Donations DONATIONS TO THE PROJECT: MOSTONET PRIVACY SUITE Why make a donation? Essentially to try to cover the costs by avoiding the use of banner ads that track user activity. Philosophy aside, unfortunately, even the free project that exists must cover smaller costs to ensure its existence. These costs can be provided in our constant commitment with a developer community or in my case through 49 / 50 Mostonet Privacy Suite the use of very personal resources. But what are these costs? The main costs are the hosting domain: mostonet.it and the digital certificate for the signature of the Suite. You have alleged other costs than those stated? No. The costs related to the time spent in the development, testing and technical support are an integral part of my commitment, weather permitting, to make the information more transparent. As it once was. I do not deny that because of the enormous amount of time devoted to suite any quarrels in the family They can be mitigated by a donation! and I say this with a smile asking: which developer program in his spare time has never heard of because too much time glued to that clunker binary? Still continue despite the donations could prove to be a flop? As far as I can it. There are essentially two large enemies including the most expensive it is certainly taking the time over fixed annual investment. To the best of my ability I will do everything not to close this actually born and remained still nonprofit. And here I want to reiterate this. Now let's talk in a practical sense. How much can you donate? Anyone can donate whatever he wants. There is no constraint, no obligation. Nothing at all. The intermediary body to ensure the security of the transaction is PayPal, which also provides donations via prepaid cards, credit, bank transfers and personal accounts already opened its PayPal. Where to donate? Directly on the official website: mostonet.it -> Press Select version -> and finally Donation And if I wanted to help by recommending your website to friends and acquaintances? From my point of view it is like a donation, an honor and a pleasure. It anticipates a "thank you" a priori. Good. I would say that everything is clear. Good day to you all and good privacy. 50 / 50