Shortly thereafter one of our readers reported that the official Secure Folders site linked to in the article was offline with the message, “This Hosting Account Has Been Suspended”. I confirmed that was indeed the case and promised to keep an eye on the situation and let you know when there were any changes. Well, I’m happy to report that the site is now back online, complete with direct download link: http://securefoldersfree.com/index.html
Dave,
First you advise the constant use of https:// and then you present a link that starts with http://. That’s not very consistent. So I ran it through the link to Symantec’s security checker and it declared that it did not support SSL and Qualsys had this to say about it:
SSL Report: securefoldersfree.com (162.249.125.170)
Assessed on: Sat, 11 Jul 2015 22:54:43 UTC | Clear cache Scan Another »
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):
atlas.theservercompany.com
What does this mean?
We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It’s possible that:
The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
SSL Report v1.18.1
Dave – these two articles are in the same week’s set of Computer Tips.
Of course Chrome and HTTPS Everywhere reported the site as being unsafe as well.
I’ll put this off to you’re having bad week, but try not to do this for the sake of the less competent users.
Gerry
Gerry,
I don’t believe anyone here at DCT has explicitly stated everyone should use https exclusively. In fact, it is not possible as not every site has the required certificate or chooses to implement the protocol. If https necessary? Not if there is no exchange of information. Is https preferred? Absolutely, which is why Daves Computer Tips is in the process of transitioning to strictly SSL communications with our visitors.
Why are other domains returning from the SSL report? I would suspect the site in questions is hosted on a shared server that utilizes SNI (https://en.wikipedia.org/wiki/Server_Name_Indication) and is reporting certificates on the server for those sites.
That said, we run any software and/or URL we mention through Virus Total and all sites are also checked through at least Web Of Trust, so there is nothing wrong with the software or the site.
Hi again Dave,
This is an addendum to my email of a few minutes ago. After I sent the last email to you I tried the Atlas address mentioned in Qualsys and the following information came back.
———————————————————————
SSL Labs logo Home Projects Qualys.com Contact
You are here: Home > Projects > SSL Server Test > atlas.theservercompany.com
SSL Report: atlas.theservercompany.com (162.249.125.7)
Assessed on: Sat, 11 Jul 2015 23:00:41 UTC | Clear cache Scan Another »
Assessment failed: No secure protocols supported
Known Problems
There are some errors that we cannot fix properly in the current version. They will be addressed in the next generation version, which is currently being developed.
No secure protocols supported – if you get this message, but you know that the site supports SSL, wait until the cache expires on its own, then try again, making sure the hostname you enter uses the “www” prefix (e.g., “www.ssllabs.com”, not just “ssllabs.com”).
no more data allowed for version 1 certificate – the certificate is invalid; it is declared as version 1, but uses extensions, which were introduced in version 3. Browsers might ignore this problem, but our parser is strict and refuses to proceed. We’ll try to find a different parser to avoid this problem.
Failed to obtain certificate and Internal Error – errors of this type will often be reported for servers that use connection rate limits or block connections in response to unusual traffic. Problems of this type are very difficult to diagnose. If you have access to the server being tested, before reporting a problem to us, please check that there is no rate limiting or IDS in place.
NetScaler issues – some NetScaler versions appear to reject SSL handshakes that do not include certain suites or handshakes that use a few suites. If the test is failing and there is a NetScaler load balancer in place, that’s most likely the reason.
Unexpected failure – our tests are designed to fail when unusual results are observed. This usually happens when there are multiple TLS servers behind the same IP address. In such cases we can’t provide accurate results, which is why we fail.
————————————————————–
Needless to say I won’t be heading either of those sites in this lifetime.
Gerry
See above.
I just downloaded this Secure Folder program and when I clicked on the file to install it, my Norton AV advised me not to install it as it has “potential damaging” malware. So I stopped and then scanned it with Norton and it found nothing. Just to be sure, I then scanned with Malwarebytes and it found this… Pup.Optional.InstallCore.A and said the same as Norton… Potentially unwanted Program. I do have screenshot, but cant seem to post it here. Is there another explanation for this find by Malwarebytes?
Mike, the name of this software is Secure Folders (plural), not Secure Folder (singular) which is a completely different software.
Secure Folders scans 100% clean through Virus Total’s 56 AV engines, including both Symantec (Norton) and Malwarebytes: https://www.virustotal.com/en/file/355f9c7ae0ccb2885d1cb6affb4ba89102a78be43eb2604a90084bcb34ca1dd4/analysis/
The downloaded executable also scans 100% clean through Malwarebytes and Avira locally. I also installed the software as a portable app and there was no sign of bundling, PUPs or otherwise. I don’t know what you’ve downloaded from where, but I’m pretty sure it isn’t Secure Folders from the link we provided.
You are correct Jim. The file on my computer is… Secure-Folders with a hyphen and is only 695 kb instead of the correct SecureFolders which is over 3mb. Beats me how I got the wrong file from the link above. You can see my screenshot here in my dropbox if you like…
https://dl.dropboxusercontent.com/u/48517835/SecureFolderThreat.JPG
I have now downloaded it again and scanned with both MB and NIS and all is good.
Sorry for the false alarm.
Update…
Checked my browser history to confirm where I downloaded it from, and it was not this site. it was another at…
http://secure-folders.findmysoft.com/
… which is the wrong site. Maybe I was looking for a review of it or something before I downloaded it. Sheesh, been to so many sites lately I forget whether I am Auther or martha lol. Never mind… alls well the ends well. Will trial the Real McCoy now and see how it goes.
Thanks again mate… mike
No problem Mike. As you say, all’s well that ends well. 🙂