Problem with Privacy protection

Discussion in 'other software & services' started by Sharalike, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Sharalike

    Sharalike Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    2
    You asked for it; I'm as green as they get. I'm having a problem when I compose emails and try to attach .pdf files. As the file begins to upload, I consistently get a message from my PC-cillin IS 2006 saying that it's blocking data from being transfered, specifically "my credit card number." I'm also using SpySweeper, and my email is SmarterMail Pro 2.6 via Netscape (although I've tried using IE, an get the same results). Any thoughts on what's going on? Here's the message:

    Notification
    Privacy Protection (Web)
    Privacy Protection has prevented confidential information from being sent over the Web. To allow the protected item to be sent to the address below, click Add Exception.
    .
    Action taken: Blocked.
    Address: http://mail.[mydomainname].com/Main/frmComposeInner.aspx
    Item: My credit card number
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Welcome to Wilders Sharalike!

    Does the email you are composing contain any number that looks like a credit card number (15-16 digits)?
    What about the .pdf files, do they contain any numbers that look like a credit card?

    Does this only happen when you are composing an email? What about browsing, and other times?

    Maybe PC-cillin IS 2006 is falsely triggering an alert?
     
    Last edited: Aug 2, 2006
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Re: Questions for beginners,.. Ask away

    Welcome to the forums Sharalike,

    Your question is not related to this thread so expect it to be moved to a separate one once a moderator sees it.

    The simple answer is that PC-cillin "privacy protection" consists of looking at the data leaving your computer and alerting if it matches anything you have specified. The problem is that this can result in false positives (for instance if you have specified a "credit card number" of 47421111 and then try to access a file named 47421111.txt, this will match and cause an alert) and such positives are increasingly likely if you only included part of your number (4742 is more likely to occur than 47421111).

    The real problem however with this feature is that it is worse than useless. Any malware that tried to obtain your credit card details would encrypt the data before sending it meaning that it would not be detected - and you might end up believing that you were "safe" enough not to have to bother about standard security measures. Indeed, the fact that you can enter your credit card details on encrypted webpages (starting https://) without receiving any warning from PC-cillin should show how ineffectual this feature is.

    In reality, the main danger to your credit card details would come from "phishing" emails purpoting to come from your bank or an etailer asking you to visit a fake site and provide your details there.
     
  4. Sharalike

    Sharalike Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    2
    Thanks for the response! I assumed my message would be moved to an appropriate thread.

    The only numbers in my file are a 10-digit phone number, a ZIP code and some monetary amounts 4 digits or less. None have any similar sequences to my actual account numbers.

    It only happens when I'm trying to attach the file to an email, not when browsing. It does seem like a false alert, then. I just made the switch from Symantec/Norton to PC-cillin hoping for better results. We'll see. Thanks much, Paranoid2000 and Devinco.
     
  5. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I have trouble with the thinking here. If you are on a secure site say your bank you want them to process your account number so no false positive. They also use encryption so that's all good. I have Spysweeper, Bitdefender and McAfee firewall plus a hardware firewall. None of those preevent 100% the chance of having your personal id infor scammed. Why not have a privacy tool that watches what's being sent out? Are the designers of these tools so dumb they can't deal with encripted account numbers.

    What am I missing here?

    Escalader



     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    What happens is the malware creates a separate encrypted connection to the hacker's computer to transmit the data. The privacy tool cannot break the encryption code so it just looks like a random connection and the account numbers it is searching for only show up as random letters and numbers.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Whoa... so it seems noone should waste $ on these privacy tools as they would only protect against non encripted hackers! Is that right?

    Therefore I conclude that keeping the hackers out and finding them if they get in is very NB?

    I have a hardware firewall and a software firewall so that is good...

    Comments welcome
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Correct, sort of.

    What is NB?
     
Loading...
Thread Status:
Not open for further replies.