Quaresso--My Protect

I saw this program, or service rather, tested by MRG in their online financial security test. Anybody have any experience with it? I've been trying it out and so far it's pretty solid. I don't pretend to be a professional tester but so far it seems pretty simple and effective.

hxxp://www.quaresso.com/index.php?/myprotect/

 

what kind of program is it?antivirus?

 

From the Quaresso site:

 

On their site there is a leaktest tool that can be used to test your existing apps. I never give too much credibility to these programs but I am having a hard time testing it. So far it has protected against it's own leaktest utility and two of Zemanas. It does fail Zemanas keyboard logging utility though. I kind of like the concept they are using. I would post screenshots but it does a pretty good job at blocking those.

 

thanks for the info

 

Can you post a link to this leak test? Thanks

 

You will have to have an account to access the second link. If you don't want to do that then you can use the first link.


http://drop.io/leakdetector

https://www.quaresso.com/myprotect/LeakDetector.action

 

***Update***

I just ran the new SpyShelter test utility and My Protect fails the screen capture portion of it. It did well against the key and clipboard logging though.

 

Quaresso LeakDetector Test

Mod edit:Merged the thread into original

1000db posted the QLD in here - https://www.wilderssecurity.com/showthread.php?t=280749

Didn't want to hijack that thread with other products.

@ 1000db

Thanks for the Quaresso LeakDetector link Nice tool

ProcessGuard blocked the .EXE and the Global Keyboard Hook, so i allowed them. Zemana then blocked, Clip/Key/Screen capture so i allowed them too.

TEST on XP/SP2 - IE6


Keystroke Monitor = FAIL

Screen Monitor = FAIL

IE Cache Monitor = PASS

Clipboard Monitor = FAIL

IE Cookie Monitor = FAIL

IE Com Monitor = FAIL

IE Password Store Monitor = ? Don't have any PW's

Prevx didn't block Anything

 

The two failures that I mentioned in my posts above were already documented and apparently being fixed soon (no timetable given). They responded promptly to my feedback and gave reasonable explanations too. to their support.

 

Thanks

 

Apparently Quaresso's free product "My Protect" has been updated and now passes all the tests it failed before. It is also 64-bit compatible now but I can't get it to work with IE9 beta. If some one that doesn't use IE9 beta could test it's 64-bit compatibility; it would be cool if you also posted the results here.

 

Just tried the first link and got this ... , so I just clicked on reject.

Not sure what to make of this, if anything.

P.S. I haven't installed "My Protect", and don't intend to...just trying the link.

 

not unix/linux at this time.

perhaps a misconception my end, but seem that the traffic is being routed through the Q myProtect box. the company seems to be located in TX/US and I am thinking twice to route traffic through there (I know, I know it eventually passes through a US controlled router at some point anyway)

 

I didn't catch that earlier. Drop.io has been sold to Facebook and all the free "drops" are apparently no longer working. My protect can be found at quaresso.com.

 

the domain, the service, the technology or all of it? makes it all more the suspicious.

from Q privacy Policy / Data Security

would not touch it with a barge pole. and particularly not on a corporate/enterprise level. also curious that it is being advertised through an online financial security test

 

Drop.io was a service for file hosting and not in any way affiliated with Quaresso. I had put a test tool on drop.io at the request of other users, which is no longer available, and that first link is now useless.

 

thanks for the clarification and pardon my ignorance as not using this sort of public cloud storage

 

Vtol,

A bit of clarification on MyProtect (disclosure: I am employed by Quaresso):

Quaresso hosts the MyProtect service, but once we deliver the armored browser to you, you are free to go wherever. We do NOT proxy your web surfing, we do not track where you go, etc. And 1000db is correct, we have no affiliation with drop.io.

The service is intended to provide a free, superior - at least we think - version of private browsing modes. Superior as it includes key logger and screen capture defenses, some strong anti-injection defense and we encrypt all the session content committed to disk (i.e., cache, history, cookies, password store) and securely delete them at the end of the session.

HTH

 

appreciate the feedback/input/insight.

when I get time will check about your proxy statement with a packet sniffer or something.

the remainder cannot be checked, assuming that the MyProtect agent is similar like a thin client, proprietory code communicating with your servers via encrypted link.

do not get me wrong, just the country your are based in hasn't been lately a role model in various aspects of data use, internet and the like and thus it probably does not matter for any of your countrymen/women to utilize your service. one residing outside though might think about it.

your privacy and data security policies as cited are not encouraging either.

and there is no mentioning about the people behind Q, except this vague statement

 

Welcome to Wilders. I'm glad you can provide us some insight to your product.

 

What is the idea behind logging in to an account to launch the armored browser as opposed to having a locally installed application? Thanks.

 

You may be on a machine that you may not trust (e.g., internet cafe, your work PC, your teenage child's PC , etc.), but you want to have a private web surfing session. Our armored browser can be delivered to any Windoze machine you are on. The only requirements we have is JS enabled and either ActiveX or Java (for non-IE browsers) is enabled.