Is anyone familiar with http://www.mysecureisp.com ? I just came across it for the first time. It seems that for $10 USD/year, you get a login ID and password, then install plugins for your various internet applications, and use them as a secure proxy.

McAfee SiteAdvisor raises a spyware flag (http://www.siteadvisor.com/sites/mysecureisp.com) on the site.

Just wondering...

Their main application contains adware (KAV scan) and all the rest is "coming soon". There are no technical details of this supposedly works.

This is a scam site, avoid like the plague.

If that's true, the irony is that I found this site because it was linked to from a site (http://blackboxsearch.com/) recommended by Bruce Schneier.

Any pointers at where Schneier recommends blackboxsearch?

EDIT: never mind, I found it.

EDIT2: I tried this blackboxsearch and frankly, I find it pretty much worthless. It sits as a proxy between you and the search engine... so what? The connection isn't encrypted; the search terms are sent through a post instead of a get but they can be sniffed by anybody on the route path; your ISP can do it; the only difference is that you're not trusting Google here, you're trusting Blackboxsearch. Use tor if you want something a little more serious than this stuff.

Going back to the original subject, either this is a false positive by KAV or this software does indeed include adware.

Even if the former is true, the lack of actual technical documentation of how this supposedly works, what are encryption details, etc, would make me very suspicious about the reliability of this service.

182920

How the hell can McAfee not detect anything... McAfee SiteAdvisor obviously uses McAfee's engine...

Rhetorical, since I don't care anymore. (Read: I don't trust the site.) Thanks for the replies. I've been up for 20 hours at this point and I'm fading fast, so I appreciate the input. ;)

sjfdajfllfwsejjjjjjjjjjjjjjjjjjjjj

I'm currently trialing this site right now (mostly because I'm a tightwad and wanted to see if there were cheaper alternatives to www.cotse.net and www.findnot.com) and posting from their proxy. Seems legit, with a few caveats:

I chose to use the Firefox extension. Ironically, the link pointing to the firefox extension was broken, but luckily their site doesn't mind snooping in index pages (http://www.mysecureisp.com/download/). After installing the extension, I first went into the proxy section of the browser to see what happened. They just set the settings to "localhost" and port 3128 for HTTP (their extension didn't extend it to HTTPS and FTP though, which was probably a coding typo, I put in the localhost and port number for those too as going through HTTPS or FTP would give me a Bad Proxy notification otherwise).

Zonealarm also caught a new program starting up when I installed the extension, "plink.exe" (the command prompt version of Putty). I thought that was a little funny, so I emailed tech support about it and got this:

-{ Quote: "
The plink.exe executable establishes the SSH tunnel to the MySecureISP
proxy servers. Any network traffic proxied through MySecureISP is
encrypted.

Thank-you for using MySecureISP.

---Dan Fleming
support@mysecureisp.com" }-

So they use opensource stuff to establish the SSH link to their proxy server. Alright. Next I went to www.whois.ws to see what they see. Apparently they buy bandwidth for their proxy from Electric Lightwave Inc based in Washington State. If you take a look at the HTML source on http://www.mysecureisp.com/test.shtml you'll see that it checks your current IP against 208.187.165.xxx.

They DO seem to hide the address to their proxy, but it was pretty easy to find: p01.mysecureisp.com. I emailed tech support a second time about this and they gave me this (presumably to connect other programs to tunnel into their proxy that isn't Firefox or IE) without any trouble:

-{ Quote: "ssh -p 80 -l -L 3128:localhost:3128 -N
p01.mysecureisp.com <http://p01.mysecureisp.com>
" }-

Also note that the whois information physical address for www.mysecureISP.com AND the address they give on their website are both located in Sacramento, CA. Their site has also been active since 06-29-2005 according to www.whois.ws.

DNS is handled through TUXFARM.COM when the MySecureISP connection is on, regardless of what you have in your network settings.

[u]Pluses: Email responses were returned within a hour or two. Even one at 8:00 P.M. PST! Probably means this is a startup business with guys monitoring customer support from home, but hey, cotse.net started out like that too.

My connection actually feels faster too (this is the first time I've used a proxy that fed off my entire throughput, unlike TOR and the like who usually only give you around 40KBps).

Minuses: Several broken links on their site. Esspecially puzzling was the broken link to the firefox extension (that apparently was written a bit incorrectly as it only filled in proxy info for HTTP and not HTTPS and FTP). I'm sure someone will tell them eventually, but kinda unprofessional, especially for a site that only has 15 or so pages.

When I paid for a one month trial of their service ($2!!) they only had 7 confirmed good transactions (which probably says they just started offering PayPal as a payment processor, but who knows).

My opinion: Looks legit to me (especially seeing how they use PayPal, which would give nasty traces to any site owner who starts duping people with a fake proxy site).

To anyone who thinks I'm a shill for this site because this is my first post: I've been frequenting this security forum for about a year and never posted because I've always found what I need via the forum search. Seeing this post piqued my interest so I thought I would contribute :)

Thanks for such an extensive reply.

The Firefox link on their site isn't broken (nor was it earlier--at least around the time I started this thread). It opens a pop-up window that initiates the XPI installation.

If it is legit, then why all the spyware, adware, trojan alerts?
Are they all false positives?

-{ Quote: "Thanks for such an extensive reply.

The Firefox link on their site isn't broken (nor was it earlier--at least around the time I started this thread). It opens a pop-up window that initiates the XPI installation." }-

Dammit! I totally did not see that my Firefox blocked the pop-up. Thanks for that :-X

There still are a few broken links (like in the FAQ when asked about how to use with a P2P program and the 'Download now' link on their plugins page for Internet Settings for ALL other IM & File Sharing Apps). I guess I can take that part off my minus side.

-{ Quote: "If it is legit, then why all the spyware, adware, trojan alerts?
Are they all false positives?" }-

I just checked with Norton and Ad-Aware SE and I'm not seeing anything of the sort. The only way I could see this as not legit (and subsequently very dangerous) is if the installations (I haven't tried the IE plugin) tried to sneak a keylogger in.

Did you look at the results from VirusTotal that TNT showed for mysecureisp-1.05.exe?

If that is from the company itself, I would have serious reservations about anything that the company offers.
Maybe it is a false positive, but until proved otherwise, it appears very suspicious.

I scanned that file with Norton and got a adware warning and a link to here:

http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=4294906155

My guess? It is a generic toolbar function that is two years old. MysecureISP used this so they can do what they did with the Firefox extension: make a MySecureISP tab in IE that allows you to connect and disconnect with the proxy server (essentially a tool for people who arn't fluent in cypto). The .exe also probably installed the plink.exe, a reg file with security hashes for the SSH, and a loadserver.

I'm not too worried about it, but I will email MySecureISP's tech support and see what they have to say.

-{ Quote: "Did you look at the results from VirusTotal that TNT showed for mysecureisp-1.05.exe?

If that is from the company itself, I would have serious reservations about anything that the company offers.
Maybe it is a false positive, but until proved otherwise, it appears very suspicious." }-Well, I agree. Anyway, yes, I downloaded it from the site. You can test this yourself if you don't trust that image. ;D

-{ Quote: "Well, I agree. Anyway, yes, I downloaded it from the site. You can test this yourself if you don't trust that image. ;D" }-

Emailed tech support last night and got this:

-{ Quote: "Did you download this from our site? There are many older versions of our
toolbar out there on hundreds of download sites. If so please refresh the
plugins page on our site and you will see a new version 1.10.

We did have problems with this in earlier versions, however the toolbar
vendor fixed the problem and we have tested it and so far it seems ok.

Unfortunately, the AV makers do occasionally flag toolbars merely because
someone else made the same toolbar component into spyware under a
different name.

Ours is anything but. Please try uninstalling the toolbar in the control
panel and installng the latest version 1.10 from our site.

Let me know if the problem persists we will contact the toolbar vendor
again and request a fix. We dont make the toolbar just the secure
service.

Also, if it doesnt work and you want to keep using it, you can tell the AV
to ignore the toolbar in future scans.
" }-

Ironically, they did just update their software to 1.10 from 1.05, they just didn't update their link yet (hxxp://www.mysecureisp.com/download/ie/mysecureisp-1.1.exe). I just tested this one and Norton or Ad-Aware didn't have a problem. Looks like I was right :D

I don't know if it happened to anyone else though, but the program did not update proxy settings in IE for me. I had to add the "localhost" (I suppose 127.0.0.1 would work too) @ port 3128 for it to work.

-{ Quote: "hxxp://www.mysecureisp.com/download/ie/mysecureisp-1.1.exe I just tested this one and Norton or Ad-Aware didn't have a problem." }-
Well, NOD32 still detects this file as Win32/Adware.Softomate. Half-assed excuses aside, I sure as hell won't be installing it.

-{ Quote: "Well, NOD32 still detects this file as Win32/Adware.Softomate." }-So does KAV. Also BOClean detects it as malware, and detection was just added today for this new file (I checked it) with name "MYSECUREISP2"...
-{ Quote: "Half-assed excuses aside, I sure as hell won't be installing it." }-Definitely not.

Something else that occurs to me is... How can they possibly offer this service for $2/month or $10/year? Bandwidth and other overhead being what it is, I don't see how such pricing is viable.

Unless, that is, the service is just an angle on [COUGH] the real business motive, and the pricing is designed to be alluring.

Worse yet, it wouldn't be the first time a privacy provider offered cheap access because the whole thing was a honeypot! I'm not saying that's what's going on here, but with the other concerns, you have to consider all the possibilities. The cheap pricing makes me wonder. :shifty:

Hrm, you guys make valid points. I am now trialing www.http-tunnel.com. They've been in business for over 5 years so trust shouldn't be a issue there.

The more I read, the less I want to use any of them. Five years, five minutes, what's the difference? The claims of having been taken over by the government or running as a honey pot may not be too far-fetched.

I'd resort to simply using Tor for what it's worth, but it's so slow it's literally unusable.

-{ Quote: "I'd resort to simply using Tor for what it's worth, but it's so slow it's literally unusable." }-What makes you think "they" could not set up whole networks of TOR servers scattered all over?
It's easy when they are using our money to fund it.

Even an honest, legit, trustworthy provider could one day receive a nice NSL (National Security Letter) and suddenly be tongue tied and legally forced to do whatever is requested or go to jail.

So then some providers have servers in countries outside US jurisdiction.
Well, if they still have a presence within the US, then they are within US jurisdiction.
And even if they are outside the reach, who is to say that the government holding the server doesn't have their own NSL setup. So who do you trust more, our government, or some other government?

Let them listen and be bored to death. ;D

-{ Quote: "What makes you think "they" could not set up whole networks of TOR servers scattered all over?" }-
I think it would really be something if the government owned every server at every hop in your Tor path. Really something indeed.

-{ Quote: "So who do you trust more, our government, or some other government?" }-
Some other government. :)

But anyway, I'm unsubscribing from my own thread, because it is devolving into a discussion over how Tor works.

-{ Quote: "I think it would really be something if the government owned every server at every hop in your Tor path. Really something indeed." }-I spoke incorrectly.
I meant to say servers at key points within the TOR network, not the whole network.

-{ Quote: "But anyway, I'm unsubscribing from my own thread, because it is devolving into a discussion over how Tor works." }-
You're right, this is going off topic. There is more than enough devolution as it is in the world.

Anyway, I won't be considering MySecureIsp.com any time soon. :thumbd:

Hello,

Im glad you guys are interested in My Secure ISP. I want to explain what we do and why we are here, and dispell some notions.

First, we have some toolbar issues. Largely this is due to the fact that AV software blacklists entire ranges of GUIDS that are used to identify ActiveX controls and firefox extensions.

Being inherently lazy we did not write our own IE or Firefox extension we used one from a company in russia. We know it is not malware, however the core component as purchased by others probably has been turned into malware at some point by other companies and a huge rangeof GUIDs was declared MAL by AV vendors.

We (when we get off our butts) will write our own extensions however anyone who is worried about malware I will provide the complete source code to the firefox toolbar (I dont have the source to the IE toolbar) and to our C code to prove that its not malicious. For those heavy users of AV we apologize for the inconvenience.

Interestingly enough we have Mac and Linux users who dont even care about the toolbar and just write a script to talk to our proxy.

Yes, our site has broken links, why? Because before AOL screwed up noone visited our site and we didnt even really market it. It was an idea is all. And I am very lazy. But its not a BAD site it just need some updating.

As for the number of customers referenced by looking at our Paypal stats well we used to do credit cards and we had a small user base for a while and the CC thing was a hassle and we ditched it.

And no we arent making money based on our current price and subscribers. But neither is youtube so who cares? We arent losing 1.5 million a month.
We arent even losing 150 bucks a month.

So as far as why we exist well we are simply providing a proxy. We are not enticing nor courting people to break the law, nor would we protect criminals.
We do not keep logs more than a day, and the logs do not contain any IPs.

We do not subscribe to any ISP bandwidth in Washington as was suggested by looking at our test page which is a simple stupid shtml page. But if we were it wouldnt matter.

We are simply trying to provide a layer of protection from casual intrusion and casual tracking/snooping that ISPs, employers and web sites do.

The idea is what if the whole web were HTTPS? And why isnt it?

If you want an anonymizer to protect you from yourself, then Id say we are not for you. but if you want to merely read your email without your employer reading it too, then we provide that.

see reply on page 2 from my secure isp

-{ Quote: "I spoke incorrectly. I meant to say servers at key points within the TOR network, not the whole network." }-
Having a few Tor servers here and there wouldn't do them any good, unless there is a serious flaw in Tor.

-{ Quote: "Being inherently lazy ... I am very lazy." }-
Quite a selling point. :) Seriously, though, thanks for the reply.

-{ Quote: "see reply on page 2 from my secure isp" }-
I have no idea what this means.