SafetyOnline IP Verification

Discussion in 'Prevx Betas' started by vtol, Apr 13, 2010.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    How long does it take for SO to carry out the IP verification? It seems it take quite a while but not instantly. Most of the times it is stating only: 'IP will be verified shortly'

    What does that mean in view of protection?
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello :)
    SafeOnline verifies IP addresses for websites to ensure the user is browsing to the correct website. Depending on the popularity, it may take longer to verify some websites. It could also say that the IP will be verified shortly if the user is in a different country than the website is in, but generally it takes a minute or so to crossreference a new domain to ensure that it is not compromised.

    Let me know if you have any other questions!
     
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    actually it takes ages to get the verification, like several hours or even not at all, having the website open that long. e.g. even this forum having it open now for while, say at least one hour the IP verification did not happen yet, which gets me back to: how is this affecting the efficiency of the protection supposed to be provided by SO?
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi vtol,

    Can you tell us all Browsers you are using and versions and is the problem on all browsers or just a certain one? Also which OS and if your are using 32bit or 64bit?

    TIA,

    TH ;)
     
  5. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    certainly, my bad.

    host OS is WIN 7 Ultimate 64bit, IE8, Opera 10.52 b 3353. Cannot test on FF Minefiled 3.7 as SO not yet compatible, same seems to be the case with Safari 4.0.5

    virtual guest OS WIN XP mode 32bit, IE8 and Chrome beta 5.0.342.9

    all browser are affected the same, though with Chrome it seems a bit better, which makes me wonder whether you use any google service for IP verification or whether such is hosted in the cloud.

    Then again, was is the impact on the protection supposed to be provided by SO?
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Great Thanks! Can you now please do a system scan by clicking "Scan Now" on the front screen of Prevx 3.0 and then save the scan log by clicking on Tools - Save Scan Results. Then, please send the scan log by e-mail to report@prevxresearch.com with a link to this thread then Joe (PrevxHelp) can help you better with your scan log in hand!

    TIA,

    TH
     
    Last edited: Apr 14, 2010
  7. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    uhm, TH, do not get me wrong, but he did not ask for it for one and on the other hand I do not see the causality between a system scan, which is performed anyway every night, and SafeOnline IP verification, but would be happy if you elaborate latter.

    A word on the protection supposed to be provided by SO would also be appreciated, preferably though by someone from Prevx
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I know but I'm asking you to, to help You and Joe find the problems! If he has your scan log he has all the info of your system and possibly be able to fix any issues he might see on his end!

    It's OK for me to give you instructions to do so as I have in the past to help others! And Joe supports me on these occasions! And he will reply here also to let you know what is going on with your system and possibly have more questions to ask of you! I get the email info from this post https://www.wilderssecurity.com/showthread.php?t=245129

    HTH,

    TH
     
  9. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    quoting from the thread you pointing to:


    this is not strictly to malware detection, I would reckon, still appreciate your effort and support though
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    It does need to be changed and Joe will as that is the means he uses to get members here to send logs to him trust me ;) it is all in your best interest to do so but it is up to you! ;)

    Regards,

    TH
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    TH is correct and I've removed that line from the original post :) In the event that something is preventing SafeOnline from verifying IP addresses quickly, it would likely show up in the scan log so TH's advice is sound :)
     
  12. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    then let me know please which information your are particularly interested in and will see what can be released, sorry but there is a policy that prevents logs going anywhere. assume that you point that out easily.

    still, I raised 2 questions:

    Was is the impact on the protection supposed to be provided by SO?

    whether you use any google service for IP verification or whether such is hosted in the cloud, as Chrome seems to be have slight advantages, though it would be not logic for SO using different services for IP verification based on different browsers?
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The logs contain no personally identifying information - we're primarily interested in the files that start with in the log, followed by their file hashes to see if we can correct any incompatibility.

    The protection of SafeOnline is extremely light and takes place asynchronously to browsing so there is virtually no impact on the user's session.

    We use our own internally written services for verifying IP addresses :)
     
  14. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    thanks for the reply and clarification, though there might be a misunderstand of sort:

    Do not mean the impact on the browser session, but as IP verification seems to be part of the protection advertised by SO (assume that is not just an eye candy feature), I am wondering what the impact on the (presumably weakened) security is if the IP is not validated




    If I do understand right, SafeOnline is not a standalone process, but hooks several APIs via kernel driver and thereby communicating via the browser with your self-written services, whilst utilizing DNS cross-reference and triangulation. If that true SO would be communicating on tcp port 80, as the browser does and since the browsers are fine with the internet connection I do not see the implication of other processes interfering with SO. As SO IP verification does work sometime ok it does not most of the time I would rather see the issue in the network, connection of SO to your IP verification service.
    Could it be the DNS server used by the machine Prevx is installed on, I never use the one of the receptive ISP but instead 208.67.222.222, 208.67.220.220, 4.2.2.5, 4.2.2.6, 156.154.71.1, 156.154.70.1
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I did misunderstand your response - sorry about that! The overall protection of SafeOnline is not lessened if the IP is not validated (antikeylogging, screengrabber protection, stored credential protection, etc. are all still active) - IP not verified would generally just mean that some aspect of the verification process has not completed yet. It can sometimes take longer to verify an IP for certain websites, especially if the user is on an unpopular ISP. Could you let me know what websites in particular you are seeing this for and if you are seeing it for www.prevx.com as well?



    Yes, that is correct - although it is possible that a firewall or other application could be blocking SafeOnline outbound. All of the communication does go through port 80 but takes place from prevx.exe in memory, rather than the browser itself.

    All of those DNS servers are known as Trusted within our database so there shouldn't be a problem there. It's definitely worth investigating further, however!
     
  16. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    Happens also on the aforementioned url, this forum as well as all other urls whether popular or not. Since I am permanently travelling I am constantly roaming foreign networks, meaning different ISP and network devices, such as firewall and switches/hubs, I have no control over all the time.
    Although there are no outbound restrictions on the machine's firewall just poked a hole in WIN 7 firewall for Prevx, for any port/protocol, however no avail.

    Please do not get me wrong, but from the above it sounds that IP Verification is not important for SO and more of an eye candy. Moreover you mentioned in another thread that more and more services are provided in the cloud and thus making it difficult for Prevx to keep track of all the different server IPs for the same webpage showing in the browser. Hence wondering it is worth, considering resources and network traffic?

    If it would be an important feature of SO and failing I would have also suggested a visible warning to the user, something like turning the colour of the P/SO tab, say orange or so. Like the tab is turning green on prevx.com, although IP validation is not happening. Does SO has such warning in case a more important component is failing?
     
    Last edited: Apr 16, 2010
  17. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    Interesting, on the host OS WIN 7 64bit IP verification with IE8 and Opera 10.52 is not happening for prevx.com, however on the guest OS WIN XP Mode 32bit it does happen with IE8 and Chrome 5.x within about 5 minutes
     
    Last edited: Apr 16, 2010
  18. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    cool, now ip verification is constantly reporting 'verified by prevx', even before the oddest url is loaded on the host with Opera 10.52, not though with IE8. has it been put now as static text, to make it look working?

    sounds like a bug to me, hope it is not the intended solution to the issue?

    what about:

     
    Last edited: Apr 18, 2010
  19. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi Joe I'm having this problem again also on Opera 10.51 it wasn't there with .124 but now with .125? FF 3.6.3 and IE8 are fine!

    TH
     

    Attached Files:

    Last edited: Apr 18, 2010
  20. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Update on the Opera 10.51 and IP Verification! I did a reinstall of Prevx after and all is fine now! Must have something to do with the Auto update process that breaks SafeOnline because a clean install fixed it for me! ;)

    TH
     

    Attached Files:

    Last edited: Apr 18, 2010
  21. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    did I step on someone's toe that this subject has been fallen silent?
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I also had this problem with Opera 10.51 since .124 official release. Reinstalled Prevx and it is gone. One other question: according to the SafeOnline help page on prevx.com there can be 3 states of IP verification:IP verified, waiting to be verified and MitM attack. But I also have IP not verified sometimes, no warning at all, and it doens't verify later, one of the sites I have this with is community.immunet.com
     
  23. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It is most likely that there is an issue in your particular installation - if you could please try downloading the newest beta version from the links in this thread: https://www.wilderssecurity.com/showthread.php?t=270917 it should allow you to verify the IP properly (at least in all of the Opera installations we have over here).

    Let me know your results!
     
  24. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    I am on the latest build, usually are, still the same problem. And as I mentioned it affects not only Opera, but also IE8 and Chrome, both on the host as well as on the guest.

    What I meant particularly with silent are those questions remaining unanswered:

     
  25. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    so, this must be some sort of unpleasant topic to deal with? or, why would the moderator respond to any other thread but this one?

    on the other hand, none of the users seems to be concerned that the product contains a rather useless feature embedded in a rather important module of the product... ... which is even less understandable considering how some many claiming to care for security, yet falling for some eye candy
     
    Last edited: Apr 26, 2010
Thread Status:
Not open for further replies.