I saw this program, or service rather, tested by MRG in their online financial security test. Anybody have any experience with it? I've been trying it out and so far it's pretty solid. I don't pretend to be a professional tester but so far it seems pretty simple and effective.

hxxp://www.quaresso.com/index.php?/myprotect/

what kind of program is it?antivirus?

From the Quaresso site:

-{ Quote: "
MyProtect works by downloading a small, temporary agent onto your PC when you log in to the MyProtect site. This agent then launches a secure "Armored Browser" session, identified by an orange border and toolbar. Information entered by you into the Armored Browser, or delivered to it by a web site, is protected from malware - even if you're using a machine which is already infected with malware, the Armored Browser session is secure from threats such as key loggers, cache miners, and frame grabbers. All sensitive data such as browser cache, cookies, passwords, and history information are completely erased when your MyProtect session ends.
" }-

On their site there is a leaktest tool that can be used to test your existing apps. I never give too much credibility to these programs but I am having a hard time testing it. So far it has protected against it's own leaktest utility and two of Zemanas. It does fail Zemanas keyboard logging utility though. I kind of like the concept they are using. I would post screenshots but it does a pretty good job at blocking those.

thanks for the info

-{ Quote: "On their site there is a leaktest tool that can be used to test your existing apps. I never give too much credibility to these programs but I am having a hard time testing it. So far it has protected against it's own leaktest utility and two of Zemanas. It does fail Zemanas keyboard logging utility though. I kind of like the concept they are using. I would post screenshots but it does a pretty good job at blocking those." }-
Can you post a link to this leak test? Thanks

You will have to have an account to access the second link. If you don't want to do that then you can use the first link.


http://drop.io/leakdetector

https://www.quaresso.com/myprotect/LeakDetector.action

***Update***

I just ran the new SpyShelter test utility and My Protect fails the screen capture portion of it. It did well against the key and clipboard logging though.

Mod edit:Merged the thread into original

1000db posted the QLD in here - http://www.wilderssecurity.com/showthread.php?t=280749

Didn't want to hijack that thread with other products.

@ 1000db

Thanks for the Quaresso LeakDetector link :) Nice tool :thumb:

ProcessGuard blocked the .EXE and the Global Keyboard Hook, so i allowed them. Zemana then blocked, Clip/Key/Screen capture :thumb: so i allowed them too.

TEST on XP/SP2 - IE6


Keystroke Monitor = FAIL

Screen Monitor = FAIL

IE Cache Monitor = PASS

Clipboard Monitor = FAIL

IE Cookie Monitor = FAIL

IE Com Monitor = FAIL

IE Password Store Monitor = ? Don't have any PW's

Prevx didn't block Anything :o

The two failures that I mentioned in my posts above were already documented and apparently being fixed soon (no timetable given). They responded promptly to my feedback and gave reasonable explanations too. :thumb: to their support.

-{ Quote: "You will have to have an account to access the second link. If you don't want to do that then you can use the first link.


http://drop.io/leakdetector

https://www.quaresso.com/myprotect/LeakDetector.action" }-
Thanks

Apparently Quaresso's free product "My Protect" has been updated and now passes all the tests it failed before. It is also 64-bit compatible now but I can't get it to work with IE9 beta. If some one that doesn't use IE9 beta could test it's 64-bit compatibility; it would be cool if you also posted the results here.

-{ Quote: "You will have to have an account to access the second link. If you don't want to do that then you can use the first link.


http://drop.io/leakdetector

https://www.quaresso.com/myprotect/LeakDetector.action" }-

Just tried the first link and got this ... :-\ , so I just clicked on reject.

Not sure what to make of this, if anything. :doubt:

P.S. I haven't installed "My Protect", and don't intend to...just trying the link. ;)

-{ Quote: "Q: Will Protect on Q support non-Windows platforms?
We plan on supporting other platforms, specifically Mac OS X and potentially other platforms (i.e., Linux, Android) in the future. Quaresso's Enforcer technology can be adapted to run on Linux and Mac OS X. Quaresso's initial focus is protecting against today's primary source of web compromise: Microsoft Windows." }-

not unix/linux at this time.

perhaps a misconception my end, but seem that the traffic is being routed through the Q myProtect box. the company seems to be located in TX/US and I am thinking twice to route traffic through there (I know, I know it eventually passes through a US controlled router at some point anyway)

-{ Quote: "Just tried the first link and got this ... :-\ , so I just clicked on reject.

Not sure what to make of this, if anything. :doubt:

P.S. I haven't installed "My Protect", and don't intend to...just trying the link. ;)" }-

I didn't catch that earlier. Drop.io has been sold to Facebook and all the free "drops" are apparently no longer working. My protect can be found at quaresso.com.

-{ Quote: "I didn't catch that earlier. Drop.io has been sold to Facebook ." }-the domain, the service, the technology or all of it? makes it all more the suspicious.

from Q privacy Policy / Data Security (http://www.quaresso.com/index.php?/site/privacy/)

-{ Quote: "While we strive to protect your personal information, Quaresso does not ensure or warrant the security of any information you transmit to us, and you do so at your own risk." }-
would not touch it with a barge pole. and particularly not on a corporate/enterprise level. also curious that it is being advertised through an online financial security test

Drop.io was a service for file hosting and not in any way affiliated with Quaresso. I had put a test tool on drop.io at the request of other users, which is no longer available, and that first link is now useless.

thanks for the clarification and pardon my ignorance as not using this sort of public cloud storage

Vtol,

A bit of clarification on MyProtect (disclosure: I am employed by Quaresso):

Quaresso hosts the MyProtect service, but once we deliver the armored browser to you, you are free to go wherever. We do NOT proxy your web surfing, we do not track where you go, etc. And 1000db is correct, we have no affiliation with drop.io.

The service is intended to provide a free, superior - at least we think - version of private browsing modes. Superior as it includes key logger and screen capture defenses, some strong anti-injection defense and we encrypt all the session content committed to disk (i.e., cache, history, cookies, password store) and securely delete them at the end of the session.

HTH

appreciate the feedback/input/insight.

when I get time will check about your proxy statement with a packet sniffer or something.

the remainder cannot be checked, assuming that the MyProtect agent is similar like a thin client, proprietory code communicating with your servers via encrypted link.

do not get me wrong, just the country your are based in hasn't been lately a role model in various aspects of data use, internet and the like and thus it probably does not matter for any of your countrymen/women to utilize your service. one residing outside though might think about it.

your privacy and data security policies as cited are not encouraging either.

and there is no mentioning about the people behind Q, except this vague statement -{ Quote: "veterans of respected Internet security companies including Blue Coat, Check Point, NetContinuum, Symantec and WholeSecurity" }-

-{ Quote: "Vtol,

A bit of clarification on MyProtect (disclosure: I am employed by Quaresso):

Quaresso hosts the MyProtect service, but once we deliver the armored browser to you, you are free to go wherever. We do NOT proxy your web surfing, we do not track where you go, etc. And 1000db is correct, we have no affiliation with drop.io.

The service is intended to provide a free, superior - at least we think - version of private browsing modes. Superior as it includes key logger and screen capture defenses, some strong anti-injection defense and we encrypt all the session content committed to disk (i.e., cache, history, cookies, password store) and securely delete them at the end of the session.

HTH" }-
Welcome to Wilders. I'm glad you can provide us some insight to your product. :thumb:

What is the idea behind logging in to an account to launch the armored browser as opposed to having a locally installed application? Thanks.

-{ Quote: "What is the idea behind logging in to an account to launch the armored browser as opposed to having a locally installed application? Thanks." }-

You may be on a machine that you may not trust (e.g., internet cafe, your work PC, your teenage child's PC :) , etc.), but you want to have a private web surfing session. Our armored browser can be delivered to any Windoze machine you are on. The only requirements we have is JS enabled and either ActiveX or Java (for non-IE browsers) is enabled.