Netkeys™ InternetSecuritySystem
Owner's Manual 

(c) Software Appliance Company
Version 6.5, July 16, 2003

Disclaimer
This information is subject to change without notice. The information contained herein is believed to be accurate and reliable, but may contain errors or omissions, and is not covered by any guarantee or warranty. Information is intended for Software Appliance Company customers only. Please report any problems to:support@softappco.com.

Table of Contents

1. Introduction & what to expect
2. Installing & uninstalling
3. Multiple users, Settings, Passwords and serial #'s
4. Quick Start - using Netkeys
5. Email menu, SPAM controls
6. URL,IP, PORT and Security Overrides menu
7. Word Blocking menu
8. Historian menu
9. Personal Privacy menu
10. Admin menu & PersonalFirewall™
11. Virus menu & Internet Bomb Diffusion Technology
12. Customer support - problems & questions

1. Introduction & what to expect.
This manual provides extensive tutorial help and background information about Internet security to enable you to understand how to apply the power of Netkeys™ to increase Internet security. 

Each chapter provides screen shots and background information about each product feature, including tips on how to use the features, and how not to use the features. 

Automated problem diagnosis is provided 24/7 on-line by Software Appliance Company. The "ReportBug.exe" tool is provided with each Softappco product to expedite problem resolution. See Customer support - problems & questions for more info.

Since the Internet is a global, unregulated forum, all types of information are available, spanning every national, cultural, political, and moral persuasion. Netkeys™ provides the tools required to monitor and control Internet access, including a variety of Internet privacy, virus, security, and obscenity controls.

Netkeys™ was designed for two types of people:

Basic User
This person wants software to monitor Internet activity, keep a history of everything that happens, and wants security, privacy, and obscenity controls.

Advanced User
This person is comfortable with computers. They will appreciate and explore the advanced capabilities of Netkeys.

All users will appreciate the Netkeys Historian menuwhich records everything that's been happening on their Internet connection. The Historian is like a phone bill - it is made to be looked at.

Quiet operation
Netkeys can operate quietly, or provide a warning screen (see Figure 1a) whenever it blocks any information. This is controllable using the Quiet button in the Personal Privacy menu. 

Figure 1a - Internet Security warning screen.

Tolerance to obscenity
Netkeys offers many types of obscenity protection.  Depending upon the tolerance level of the user, individual features can be turned on or off. 
 

2. Installing, registering, & uninstalling

Installation
Netkeys installation is easy. Step by step instructions are provided on screen through the entire process. Installing the product automatically provides you with a 10-day software serial number until you get a permanent one by purchasing and registering the product. 

Microsoft file sharing & NETBIOS install options
If your PC is running Microsoft Windows XP (tm), the installation process will prompt you to use the Internet Connection Firewall. Figure B1 provides information about using the Internet Connection Firewall.

If you are connected to a local area or private network, you may not need the Internet Connection Firewall. See your System administrator if in doubt.

In the Network settings, turn off NETBEUI, Microsoft File and Printer Sharing, and Client for Microsoft Networks unless you are an expert in Microsoft Network Configuration.

The only network settings required for the Internet are TCP/IP and specific dial-up adapter connections to your ISP. Remove the others.

This chapter will provide further information for you to change your Windows settings for maximum security. See the screen shots below, and read the information.

Figure B1 - Internet Connection Firewall information for Windows XP

Microsoft file sharing & NETBIOS install options
When you install the product, you can disable Microsoft filesharing and NETBIOS ports 137-139. NETBIOS is a well know security problem with Windows systems, and it leaves your PC wide open to attacks from hackers.

See figure A1 below.

If you choose option 1, then you are expected to actually go into the control panel, Network settings, and remove "Client for Microsoft Networks" from the network settings. You can always add this feature later, if you like.

If you choose option 2, the product installer will disconnect NETBIOS from your network. To reverse this, you must uninstall the product.

If you choose option 3, then you are expected to have the expertise and actual need to use the Microsoft Network for your LAN of PC's and peripherals. For further information about configuring Microsoft File sharing yourself, see:
http://grc.com/su-fixit.htm
http://grc.com/su-bondage.htm

Figure A1 - install options for disabling Microsoft file sharing.

Registration
Software serial numbers, such as 17a7b3d9, are used to activate and register Netkeys. Software serial numbers are provided to all customers when they purchase the product.

To register the software, a program is provided called Register, as shown in Figure 1.Just run the Register program, and enter the valid software serial number in the edit box to complete registration. Make sure to enter the serial number exactly as it is shown, using upper & lower case letters.
 

Figure 1 - Register program screen menu.

Uninstalling
For any Windows software program, uninstallation should be done properly. To uninstall Windows software, go into the Control Panel and select Add/Remove Programs. Select "InternetSecuritySystem" (this is Netkeys) from the list of programs to uninstall. See the Windows Help system for more info on Add/Remove Programs.

Always reboot your computer immediately after uninstalling.

When uninstalling Netkeys, the menu shown in Figure 2 appears. The secret password must be entered for uninstallation to be allowed.  This prevents a child or co-worker from uninstalling the software without your permission. Passwords are discussed in the chapter: Your secret password.
 

Figure 2 - password protection screen for uninstalling Netkeys.

3. Multiple users, Settings, Passwords and serial #'s

Multiple users
This product can work with multiple Windows login users. Each user can have their own custom settings, or use global default settings.

By default, all Windows users share the same settings for this product. If you change the settings, all Windows login users will be affected.

If you prefer, any Windows login user can have independent custom settings for this product, instead of the global settings.

Set custom settings for a specific Windows login user as follows:

1. Login to Windows as the user.
2. Open the product settings using your password.
3. Press the "User profiles" button on the Admin tab..
4. Uncheck the checkbox "Load global settings for this user at login"
*Now this Windows login user will use custom instead of global settings.

Save and restore settings to & from files
Settings and lists can be saved to files, and loaded from files. The files are of type .txt, so you can read them with any program. The files have a special arrangement and format, which should not be disturbed.

You may save and restore selected items. For example, you may save only the URL list, or save everything. Also, you can load only the URL list, or load everything. Checkboxes are provided to allow selective save and load of settings and lists.

Serial #
Serial #'s are provided when you purchase Netkeys. Register your serial # using the program "Register.exe", which comes installed with Netkeys. It is important to register right away to be eligible for customer support and free upgrades.

To find your serial number, run the program "Register.exe" which comes installed with the product. If you have already registered, then your serial number will appear when you run "Register.exe".

Passwords
The secret password is needed to:
- View Internet activity history.
- Change Netkeys settings.
- Uninstall Netkeys.

The initial secret password is yahoo. Note that the password is lower-case yahoo, not YAHOO or Yahoo. The password should be changed immediately after Netkeys is installed & the computer is restarted. The password can be changed in the Privacy menu of Netkeys. Try using a password that you are not likely to forget,  such as your ATM pin number.

Every time you use Netkeys, you need to enter the secret password. If you type the password incorrectly, you will need to try again. Each attempt to use Netkeys is recorded, so you can see if anyone is trying to break in to Netkeys using guessed passwords. See the Historian menu chapter for more information. 

4. Quick Start - using Netkeys

After installing Netkeys, the computer must be shut down and restarted. When the computer starts, the Netkeys icon will appear in the icon tray, as shown in Figure 3.

The tray icon display
The tray icon will change to indicate what Netkeys has detected or blocked, as shown in Figure 3a. A detailed description of the event will also be listed in the Historian display, as described in the Historian menu. Also, sound effects will play to alert you to the detected events. The sound can be turned off in the Admin Menu .

Figure 3a - Tray icon indicating InternetBombDiffusion has occurred.

Security note:  You may remove the Netkeys icon from the Windows startup folder if you do not want the Netkeys icon to appear in the icon tray when your computer starts. Netkeys will operate even when the icon is not being displayed. See the Windows help information on your computer to learn more about the startup folder.

Figure 3 - Netkeys icon in icon tray.
 
 

Figure 4 - Netkeys in start menu.
 

Netkeys will appear in the Program menu, as shown in Figure 4.

When you start Netkeys from the Program menu (Figure 4), the Netkeys icon appears in the icon tray, as shown in Figure 3. To access the capabilities of Netkeys, click the right mouse key over the Netkeys icon in the icon tray, as shown in Figure 5.

Figure 5 - click right mouse key over Netkeys tray icon.

The password is required to run Netkeys. The initial password of yahoo will work unless it has been changed subsequent to installation. The password menu is shown in Figure 6. Make sure to enter the password correctly, using upper and lower case as required.

Figure 6 - password screen

5. Email Menu

The Email menu provides tools to:

1. Block sending email via POP3 email accounts or via free Web-email accounts.
2. Block receiving email via POP3 email accounts.
3. Block sending email attachments via POP3 email and Web-email.
4. Block receiving email attachments via POP3 email (erases them).
5. Records email attachments sent (POP3 & Web-email) & received (POP3).
6. Email obscenity (send/receive) can be erased using the Word Blocking menu. 
7. All email activity is recorded in the Historian menu.
8. Wildcard matching to block email from a range of email addresses.

Block email SPAM button
SPAM is unwanted email. Often SPAM contains advertisements, pornography, or viruses. If the SPAM comes into your POP3 email account, such as Outlook Express, Eudora, etc. then Netkeys SPAM blocking can stop the incoming email. If the SPAM goes into your HOTMAIL(tm) or YAHOO(tm) account then Netkeys can only mask the watchwords and obscenity, but not stop the email. There is no way for Netkeys to intercept email from a spammer en route to HOTMAIL(tm) or YAHOO(tm).

Use this button if you want to block SPAM based upon WatchWords or obscenity content.

You must also turn on the ElectronicMasking(tm) or ElectronicWhiteout(tm) buttons on the Word Blocking controls tab when blocking spam.

SpamTorpedo(tm) feature
The SpamTorpedo(tm) is an automated email response to spammers, triggered whenever SPAM is blocked. The SpamTorpedo(tm) is sent directly to the spamming email server and also to the email sender, if possible, informing them that the email was undeliverable. If the spammer is using software to manage their mailing list, the SpamTorpedo(tm) email may cause your email address to be removed from the spammer's email list. However, this feature is not 100% guaranteed, since spamming software sometimes does not check for undeliverable email return messages.

Here is how Netkeys can be used to block SPAM.

1) Content triggered SPAM blocking. The WatchWords(tm) list can be used to define words and phrases that will trigger email blocking. Any content can be blocked this way. WatchWords(tm) are an extension of the built-in obscenity detection vocabulary, so obscenity is also blocked. See the Word Blocking menu to specifiy WatchWords.

2) Email address triggered SPAM blocking. Netkeys allows you to block email addresses for incoming and outgoing email. There is a separate button to block each direction (send/receive). To block specific email addresses, enter them in the email list. You can block ranges of email addresses containing substrings, such as blocking everyone from a specific country, etc.

Examples:
?yahoo (block all email address from yahoo)i
?.de (block all email from Germany)
?webmaster (block all email from webmasters)

When outgoing email is blocked, the outgoing address is scrambled so that the email will "bounce back" to you as undeliverable. When incoming email is blocked, the sender's name & address, as well as the entire email contents are erased. Optionally, a warning popup screen can be displayed when anything is blocked as allowed in the Admin Menu .

Why block email incoming attachments? Because many porno sites will send obscene pictures via email on request - new pictures every day. However, blocking incoming email attachments is an extreme measure, since it completely erases the contents of the email attachment, and it is not recoverable. A good rule is: "don't open email attachments from a stranger!" Also, there are known "virus" exploits involving various types of files such as .CIL files etc. that cause malicious code to execute on your PC if you open the file. Email attachments are a potential security risk. 

Why block email outgoing attachments? If you have valuable data files on your computer, obviously you want to protect these from unrestricted Internet access. Please note that it is very possible for a file to be read from your PC simply by visiting a website! For example, free Web-email sites can read files from your PC, and then attach them to email sent from their server. If the free Web-email site can do it, other malicious websites can as well. Such activity would likely require some Javascript, ActiveX, or VBScript to run on your PC, and that happens all the time! 

AOL (America Online) users please note: AOL's browser provides some email blocking capabilities which AOL customers may prefer, so Netkeys email blocking is disabled when using the AOL browser. Possibly use a different browser like Netscape for email if you prefer the Netkeys email blocking features.

Email Attachment Controls
Block Incoming Button
Blocks POP3 email attachments as they enter your PC by erasing their entire contents, and storing the filename in the Historian.
Block Outgoing Button
Blocks outgoing POP3 and free Web-email attachment files from leaving your PC. The DataWall™ feature of the Personal Firewall™ also blocks email attachment files from going to free Web-email sites, as well as any other website. 

EmailCloaking™ button
This feature allows you to send anonymous email using POP3 email servers. It does this by setting your return email address to a@non.net. However, it is always possible for Internet Service providers, website administrators, etc. to track you down if this feature is used for malicious purposes. This feature is similar to call-#-blocking on your telephone, and is intended for legitimate purposes only. 

Figure 7 - Email screen. 

Email blocking is designed to operate with any POP3 compatible email programs you may have, such as Netscape email, Microsoft IE email, Pegasus email, etc.

Blocking free Web-email sites
Outgoing email blocking works for nearly all free Web-email sites, such as Microsoft's Hotmail, etc. Incoming email to Web-email servers cannot be blocked by Netkeys. However, these email sites can be completely blocked using theEd Website blocking capability discussed in the Websites menu chapter. Just enter the free email site as a blocked site, and all access to that site is disallowed.

Editing the Email blocking list
Just click the left mouse key on the name to be edited, and edit using the keyboard. Scroll bars are provided to access any part of the list. Any email addresses listed in the Email blocking list can be blocked.

The following rules apply when entering email addresses:
1. Enter the entire email address (name@domain.com, etc.).
2. Lower case only - uppercase is translated into lower case anyway.
3. Wildcard matching - use ? at the beginning of the string (see examples).

Examples:

john@yahoo.com (OK)
john @ yahoo.com (NOT OK - spaces not allowed)
?yahoo (WILDCARD - block everybody from yahoo.com)
?sex (WILDCARD - block any email address containing the string 'sex'

Note: the Historian Menu has a button to add email addresses from the History list directly into the Email blocking list.

Blocking outgoing email
If desired, outgoing email to listed email addresses can be blocked. If an email address is in the Email blocking list, the email will bounce back from the Internet, showing an undeliverable email address.

Blocking incoming email
Incoming email blocking is provided for POP3 email programs. If desired, the email address of the sender can be blocked from appearing in the email, and the incoming email erased. However, the email address will be shown in the Historian Menu. This feature may only be useful in extreme cases where the incoming email sender's address and email content should be blocked.

Also note that all email is filtered using the obscenity protection features found in the Word Blocking Menu, as shown in figure 7a.
 

Figure 7a - email filtered for obscenity.
 

6. URL, IP, PORT Menu

The URL, IP, PORT menu provides the capability to blocked any specific web site URL or IP:PORT address from being accessed. Blocking is bidirectional, so you can block both outbound and incoming connections. An edit list is provided, and control buttons as shown in Figure 8. This includes chat sites, obscene websites, search engines, free email sites, etc. 

Overrides for specific websites
The global settings can be changed for a specific website using Overrides. Overrides allows you to set website specific security features, which override the global settings.

For example, if the global settings are configured to block private information from going to the Internet (such as your credit card #), you may want to override the global settings and allow your credit card to be used on Ebay.com or Yahoo shopping, etc.

Override settings appear as a 10-digit numerical string following the website name. They can be erased manually by editing the website in the list. Example: "www.softappco.com:1000040023".

To use overrides, select a website from the list by clicking once on it, and then press the "Set selected URL/IP" button. This allows you to set overrides for the selected website.

Figure 5.1 - Overrides menu

Microsoft NETBIOS file sharing
Microsoft NETBIOS file sharing can be disabled when you install Netkeys. If you have a LAN, and you are currently using Microsoft NETBIOS file sharing, you should not use this feature.

Why would you want to disable Microsoft NETBIOS file sharing? Because it makes your PC wide open to anybody on the Internet who wants to break in. If you are a Networking professional, or a very advanced user, you can configure Microsoft NETBIOS file sharing so that you have some protection. But, it requires considerable expertise.

However, for the majority of PC users, Microsoft NETBIOS file sharing ports should be disabled when you install Netkeys, since they are completely un-needed and dangerous temptations for Internet hackers.

You may uninstall Netkeys at any time to restore your NETBIOS settings to what they were. Or, you may uninstall Netkeys, and reinstall to disable NETBIOS ports if you desire.

Website blocking list
Items can be added to the website blocking list in the following ways:

 Manually, by directly editing the list.
 Selectively, using a special button in the Historian Menu.
 Automatically, using the AutoBlock feature described here.

Blocking chat sites
To block chat sites, just enter the name of the chat site in the Websites list.

Editing the URL, IP, PORT list
Just click the left mouse key on the name to be edited, and edit using the keyboard. Scroll bars are provided to access any part of the list. Any web sites addresses listed in the Websites list can be blocked.

If you only want to block a specific website, enter the full URL as "www.something.com." To also allow for subsites within the website such "sub.something.com", then enter the name as "something.com". But for blocking all subsites within a site, only use the name "something".

The following rules apply when entering websites and IP:PORT addresses:

Port information

PORT	Protocol	Purpose
NETBIOS ports	NETBIOS	Microsoft file sharing
134-139, 445	NETBIOS	These are not TCP/IP ports.
Well-known ports, 0-1023	TCP/IP	TCP/IP protocol port assignments
20	FTP	FTP data connect
21	FTP	FTP control connect
23	TELNET	TELNET session
25	SMTP	Simple Mail Transfer Protocol (email)
53	DNS	Domain Name Service
70	Gopher	Gopherprotocol
79	Finger	Finger protocol
80	HTTP	Hypertext Transfer Protocol
88	Kerberos	Kerberos authentification protocol
110	POP3	Post office protocol (email)
113	IDENT	Remote identity service
119	NNTP	Network news transfer protocol
143	IMAP	Email access
161	SNMP	Simple Network Management Protocol
162	SNMP	SNMP traps
194	IRC	Internet Relay Chat
280	HTTP mgmt	HTTP management
389	LDAP	Light-weight Directory Access Protocol
427	SVRLOC	Server Location Protocol
443	HTTPS	Secure HTTP (SSL)
465	SMTPS	Secure emil (SSL)
535	IIOP	Internet Inter-ORB Protocol
551	CyberCash	Secure money transactions
563	SNEWS	Secure news (SSL)
614	SSL Shell	SSL Shell
636	LDAPS	Secure LDAP (SSL)
989	FTPS	Secure FTP data connect (SSL)
990	FTPS	Secure FTP control connect (SSL)
992	TELNETS	Secure TELNET (SSL)
993	IMAPS	Secure IMAP (SSL)
994	IRCS	Secure IRC (SSL)
995	POP3S	Secure POP3 (SSL)
1080	SOCKS	SOCKS Protocol (circuit-level proxy)
Registered ports, 1024-49151	TCP/IP	IANA listed ports
1024-49151	TCP-IP	Listed and registered with IANA.
Dynamic/private ports, 49152-65535	TCP/IP	Available for general use.
49152-65535	TCP/IP	Available to any TCP/IP SOCKETS program.

Buttons

Set selected URL/IP (Overrides)
This is used to set the security setting overrides for the selected website. See the section on Overrides for specific websites earlier in this chapter.

Allow all URL + [IP : PORT] button
This button is used to allow access to any website. When it is on, the website block list is disabled.

Block URL + [IP : PORT] button
When this button is on, access to the websites shown in the list is disabled. Browser cache files are all cleaned out when a site is blocked to ensure that no text or images are left on the system from suspect sites.

AutoBlock™ button
This button is used to automatically add obscene websites to the website blocking list. How does this work? When Netkeys has detected that the current website contains obscene material, the website address is automatically added to the website blocking list. The AutoBlock™ feature uses the Sensitivity threshold on the Word Blocking Menu to determine when a website is obscene, so you have some control.

The AutoBlock feature is designed so you can only go there once. After that, access is blocked. This feature is fairly sensitive, and will block obscene advertisements that appear in search engines & other websites. If an obscene advertisement is detected, AutoBlock would block any future non-obscene ads from the blocked ad server as well, obscene or not, which is not always what you want! This may be acceptable for some users. Effective use of this feature may require a sensitivity threshold setting in the medium-high range, rather than the low range, to overlook small amounts of obscenity. See the Word Blocking Menu for more on the Sensitivity control.
 

Figure 8 - Website screen

7. Word Blocking Menu

The advanced word filtering capabilities of Netkeys can be used in a variety of ways. 

1. The Electronic Whiteout ™ feature automatically erases obscene words and phrases from all internet traffic, such as WEB sites, search engines, email, etc. 
2. The WatchWord™ list allows the user to selectively add words and phrases to the word filtering list.
3. Only available from Softappco, CleanSearch™ filters search engine results for obscenity or WatchWord™ related text and links, and erases them from the search results, as shown in Figures 8a and 8b.
4. Any websites containing obscene material or WatchWords™ can be automatically blocked with the CleanBlock™ capabilities.

NOTES: 
1. Netkeys™ cannot detect or eliminate subtle innuendoes and suggestive speech, nor can Netkeys™ provide complete protection from web sites containing such material. Netkeys™ attempts to detect obvious obscenity, but may miss some things.

2. Apparently non-obscene WEB pages may contain obscene words embedded into invisible portions of the WEB page, such as comments by the WEB page author, etc.  This obscenity will never show up on the browser screen, but will be detected by Netkeys, and reported in the Historian menu.

 Figure 9 - Word Blocking screen

Netkeys™ provides CleanSearch™ to remove obscene results from over 43 leading search engines, leaving only non obscene results.  This is effective for obviously obscene search results, but subtle, suggestive language is not detected.

Obscene Website content blocking threshold slider
A sensitivity slider feature is provided to allow some adjustment of the threshold of what is considered obscene speech. A more tolerant setting will suit more tolerant folks, while a more sensitive setting is recommended for others, such as children. Sensitivity is adjustable using the slider bar on the Word Blocking menu.

Exactly what is obscene speech?
Well, Netkeys has developed proprietary artificial intelligence software to determine just that. Suffice it to say that if you don't want your kids talking about it, or your co-workers saying it to respectable clients, Netkeys probably takes care of it.

Of course, this feature can be disabled using the buttons provided on screen.

WatchWord™ list
The WatchWord™ list allows you to create a customized list of words and phrases that you wish to block. Each word and phrase in the WatchWord™ list triggers all the word blocking and web site blocking features provided for obscenity. For example, adding "explosives" to the WatchWord™ list allows you to 
1. Erase all occurrences of the word in email.
2. Stop the word from going into search engines.
3. Triggers CleanSearch™ search engine results filtering.
4. Records all occurrences of the word in the Historian Menu.
5. Triggers CleanBlock™ to block any websites containing "explosives".

CleanBlock™ button
This button is used to detect and disconnect from web sites that contain obscene material or WatchWords™. Note that the sensitivity slider control can be adjusted between Sensitive and Tolerant to determine how much obscenity is needed to trigger a disconnect from obscene web sites. This feature can also be used to disconnect from search engine results that are obviously obscene, if the CleanSearch™ results are not clean enough. Browser cache files are all cleaned out when a site is blocked to ensure that no text or images are left on the system from suspect sites.

The key to effective use of CleanBlock™ dynamic obscenity detection and blocking is to set the sensitivity threshold to an appropriate level for the user, ranging from sensitive to tolerant, as explained below.

Note: when a website is disconnected by CleanBlock™, a line will appear in the Historian showing the "disconnected" site name, and your browser may then complain about a network error, as shown in Figures 9b & 9c.

Figure 9b - Netscape network error display for CleanBlock disconnects.

Figure 9c - IE network error display for CleanBlock disconnects.

Allow obscene words button
This button is used to allow any obscene words and WatchWords? to be sent between your computer to the Internet. It disables obscenity filtering.

ElectronicWhiteout™ button
This button is used to cause obscene words and WatchWords™ to be erased from all data sent between your computer and the Internet. Erased words do not appear - they are removed from the data. See Figure 8a for an example of ElectronicWhiteout™.

ElectronicMasking™ button
This button is used to cause obscene words and WatchWords™ to be masked (or covered) with the '-' character from all data sent between your computer and the Internet. Masked words appear as dashes (-----) in the data. See Figure 8b for an example of ElectronicMasking™.

Filter results - CleanSearch™ button
This button is used to perform filtering of search engine results, as shown in Figures 8a & 8b,  eliminating both text and URL links triggered by obscenity or WatchWords™.

If more protection is desired than is provided by CleanSearch™, the CleanBlock™ feature can be used to completely disconnect any pages with obscene content, which may be the preferred option for sensitive users. Family Filters are not provided by all search engines, and they can be easily subverted.

 *Note: search engine display formats may change over time, and Netkeys™ will be updated to keep up with the changes. Contact support@softappco.com if you suspect a search engine format has changed adversely affecting Netkeys CleanBlock™.

The following search engines are filtered at the time of this writing.

- lycos 
- altavista 
- yahoo 
- directhit 
- infoseek 
- looksmart 
- netscape 
- msn 
- about.com 
- northernlight 
- snap 
- webcrawler 
- multicrawl 
- whatuseek 
- search4info 
- yeehaa 
- yupi 
- alltheweb 
- fast (dell) 
- infind 
- aol 
- yep 
- askjeeves 
- go 
- dmoz 
- goto 
- hotbot 
- search.com 
- botspot 
- search.internet.com 
- beaucoup 
- metacrawler 
- go2net 
- cyber411.com 
- c4.com
- google
- euroseek
- magellan
* Note: most other search engines not listed above are also filtered, but not as well. Some filtering is also provided for: stpt.com , excite, ioport, highway61.com, kanoodle, bizrocket.net)

Figure 8a - search engine result filtering with ElectronicWhiteout™.

Figure 8b - search engine result filtering with ElectronicMasking™.
 
 

8. Historian Menu

Internet history logs from your browser are not secure - anybody can delete the information in the logs to cover their tracks, or just to clean out the old history log files to make more disk space. Netkeys keeps a secure log of Internet activity, which is usually big enough for several weeks activity. The log automatically keeps itself from growing very large.

Figure 8a - Historian display icons and meanings

The Historian Menu shows all Internet activity at a glance, including web site visits, incoming email, outgoing email, blocked email, obscene words blocked, personal information blocked, web sites blocked, websites disconnected by CleanBlock™, files that were downloaded from the Internet (such as games, etc.), as well as all Netkeys administrative use. A different icon appears in front of each item type in the history list, as shown in Figures 10 & 11. This is useful for quickly scanning the list for certain types of items. A time stamp is shown for each item in the list, showing when the item occurred.

Note on Historian Display item sequence:
Due to the nature of the Internet, a typical web page may also access many other web sites multiple times to get images, news, stock prices, advertisements, etc. The Historian attempts to filter such duplicate entries. which could be misinterpreted in the Historian display. For example, if you go back and forth between websites, it will be filtered as a recent duplicate entry.

Note: Double-click on a website address in the historian display to go there.

Sometimes, obscene words will be blocked before the web site is displayed. When this happens, the Historian will show that the words were blocked, followed by the web site name. In other cases, the Historian may display the web site name first, followed by indication that words were blocked.

Hopefully, the History List will be used often to observe Internet activity on the computer, allowing appropriate management of the Internet.

Note: the obscene words detected are listed at the end of each line ( !) reported in the Historian, so just scroll the window to view the words.

Note on Internet Obscenity
Some apparently non-obscene WEB pages may contain obscene words embedded into invisible portions of the WEB page, such as comments by the WEB page author, etc.  This obscenity will never show up on the browser screen, but will be detected by Netkeys, and reported in the Historian menu.

The following buttons are provided on the Historian menu, described as follows.

Filter Options button
This button calls a popup which provides choices to filter the Historian display for keywords, or specific Internet activity like email only. You may use this menu to find and display anything in the Historian display.

Save to file button
This button causes the Historian activity log to be appended to a file called:

   /Program Files/Software Appliance Company/InternetSecuritySystem/histbak.txt

Since this is an append operation, any data already in the file will be preserved, and the current Historian data will be added (appended) to the end of the file, which can be viewed using any text editor or Microsoft WORD, etc.

Add website to list button
This button is used to add websites automatically to the Websites Menu list. To use, select a website item from the Historian list by clicking the mouse on it. Then press the button to add it to the Website Menu list.

Add email name to list button
This button is used to add email addresses automatically to the Email Menu list. To use, select a website item from the Historian list by clicking the mouse on it. Then press the button to add it to the Email menu blocking list.

Refresh List button
This button can be pressed to cause the history list to be updated. Use this to catch anything that might have occurred after the History List was displayed in the menu.
 

Figure 10 - Historian list display #1
 

Figure 11 - Historian list display #2

9. Privacy Menu

The Privacy features allow specific personal information to be blocked, such as credit card numbers, phone numbers, addresses, etc. Using these features, personal information is protected from leaving the computer.

However, for users who routinely purchase items direct from the Internet, this feature should be used carefully, since it may interfere with on-line purchasing where personal information is required. Of course, privacy features can be disabled before making a purchase, and then enabled when finished.

You may also block popup Ad windows using the Block Ads button.

Program Password
The Program password is used to allow Internet programs to run when InternetPasswordProtection™ is enabled as described in the Admin Menu. You might want to give this password to someone *If* you want them to use the Internet on your PC. The Historian Menu records all attempts to use the password, both correct and incorrect.

Admin Password
The Admin password has two purposes: 1. for accessing and changing settings and 2. for running Internet programs when InternetPasswordProtection™ is enabled as described in the Admin Menu. ***Write the secret password down somewhere - you probably will be glad you did.*** Try using something meaningful to you, that you already know, like your ATM pin number, etc.

It is a good idea to change the password if you think someone else knows it. However, anytime the password is used, it is recorded in the Historian Menu list as an Admin Login, so it is possible to see if anyone else knows the password, which means it's time to change it.

Three buttons are provided:

InternetCloaking™ - Hide my Internet trail button
InternetCloaking™ cloaks nonessential parts of the protocol stream which may contain personal or confidential information regarding your computer (Windows software & browser info), your surfing history (previous or referring site), and prevents your email address and other confidential information from being sent to websites by the browser without your knowledge. Note: some web sites don't like this feature, and will complain with a wide variety of error messages!

Personal information can be revealed by your browser under certain circumstances. If you have provided any information to a website, such as credit card numbers, phone numbers, your email address, etc., this information may be inserted by the browser and the website server into the invisible protocol stream between your computer and the website. Why? The information is used to identify you to the website. Why is this a problem? Because anyone eavesdropping on the Internet connection will see the information, and also some of the identifying information may be sent along to the next website you visit (although the next website probably will not even look at or care about the information). 

Some websites can get even more information about you by correlating your name, address, phone number, etc. with other on-line information databases containing consumer information, public records, etc. Unless the transaction between your PC and the website is encrypted, and you are certain you are dealing with a trustworthy website, it is safe to assume that the information is not secure. Sometimes "cookies" are also used to contain this information. 

Cookie scrambler button
Use this button to disable malicous code hidden in cookies. Note: some web sites don't like this feature, and will complain with a wide variety of error messages! Your browser can be set up to completely disable cookies if you desire, but then some websites will not work for you if they require cookies.

Private Information - Privacy on button
Use this button to make sure that no information in the Private Information items edit list is sent from your computer to the Internet.

Editing the Private Information items list
Just click the left mouse key on the item to be edited, and edit using the keyboard. Scroll bars are provided to access any part of the list. Private information is case insensitive. Upper case & lower case mean the same thing.

The following rules apply when entering Private Information:
1. Enter numeric personal information in any format you may expect to find it.
2. Phone number & credit card numbers particularly can be entered multiple ways. 
3. All information is translated to lower-case for comparison purposes. 
4. Private information only checks for characters [a to z] and [0 to 9].
5. Spaces are significant in phone numbers, credit card numbers, etc.

Examples of entering possible VISA & phone number combinations:
4893 3994 5995 9599 (VISA #)
498399459959599 (SAME VISA #)
1 509 291 2344 (phone number)
15092912344 (same phone number again)
5092912344 (phone number again)
291 2344 (phone number again)
2912344 (phone number again)
 

Figure 12 - Personal Privacy screen
 

10. Admin Menu & PersonalFirewall™

The Admin Menu as shown in Figure 14 contains the following features:

Master on/off buttons
Netkeys can be turned off (i.e. it does not look at or alter any Internet information). When it is off, the tray icon will be red lined, as shown in Figure 13.

Figure 13 - "master off" indication drawn on tray icon

Popup button
A popup menu can optionally be displayed with specific details whenever Netkeys blocks something, as shown in Figure 14. Press the Popup button if you want Netkeys to operate with no pop-up warning screen.

Sound on
Netkeys can operate quietly, or play sound effects whenever items are detected or blocked. 

Empty Browser Files at startup (cache & cookies) buttons
- Empty AOL Browser Files button
- Empty Netscape Browser Files button
- Empty Microsoft IE Browser Files button

When your browser runs, it saves up recently used web pages in a set of "cache" files. If you go back later to the website, the files in the "cache" will probably be used instead of going out to the Internet. Also, when websites send "cookie" information to your computer, the information is stored in files. This feature automatically deletes these files when your computer starts. 

PersonalFirewall™ features
A PC is like a house built of software. It is possible to "break-in" or "break-out" of the house if you know how, regardless of whether or not a security system is installed. Conversely, it is impossible for any firewall product to guarantee that your PC is safe from all break-in and break-out attempts.

However, it is possible to secure a normal PC from blatant attacks if you have a firewall installed and configured properly. "Break-out" attacks may come from trojan horse programs running on your PC that came from a malicious web page, email attachment, or some other file on a disk. "Break-in" attacks may come from any computer on the Internet.

The personal firewall has four components:

1) InternetSecurityScan™ - provides information about low-level Internet activity.
2) DataWall™ file security - stops Internet file transfers to/from your PC.
3) Incoming firewall section - stops remote computers from connecting to your PC.
4) Outgoing firewall section - stops your PC from talking to remote computers.

Each part of the firewall is controlled by a separate button.

 Figure 14 - Admin menu display 

InternetSecurityScan™ button
This feature provides warnings, information alerts and controls related to Internet security issues such as trojan horse programs (i.e. computer viruses). Trojan horse programs can be installed on your PC without your knowledge from a variety of sources, including a CDROM, floppy disk, email, or a web site. Once installed, you may never realize that they are there! Also, this feature will block use of the non-standard "virtmach" script language. 

InternetSecurityScan™ looks for threats including TELNET, FTP (File Transfer Protocol) activities, hidden file transfers to or from your computer, and low level TCP/IP port connections. These information alerts appear in the Historian Menu as shown below. 

DataWall™ File Security button
Only available from Softappco, this features stops files from leaving your computer via POP3 email attachments, as Web-email attachments, or as FTP files. It also stops files from being downloaded to your computer, such as games and FTP files. It also stop files from leaving via invisible programs such as Javascript, etc.

Block unsolicited connections button
This controls the incoming side of the firewall, and stops an unsolicited remote computer from connecting to your computer (i.e. "break-in");

User Profiles Button
By default, all Windows login users share the global defaults. To set the global defaults, use this button, and then press the "Save current settings as global settings" button on the User Profiles popup. See also Multiple users, Passwords and serial #'s.

Approved Internet Programs Button (Overrides)
InternetPasswordProtection causes Internet programs to block until the user enters the Internet password or the Administrator password. You can override InternetPasswordProtection by adding specific programs to the "approved" list by pressing this button, and adding or subtracting programs from the list. You can also override global settings for particular websites using the Overrides feature found in the URL, IP, PORT and Security Overrides menu.

InternetPasswordProtection™ button
This controls the outgoing side of the firewall, and stops programs on your PC from connecting to remote computers without a password. Either the Program Password or the Admin Password must be used to override, as described in the Personal Privacy Menu. 

You can override InternetPasswordProtection using the Approved Internet Programs list on the Admin tab.

InternetPasswordProtection™ is the ultimate protection against "Spyware" and Trojan Horse Programs, since it displays the full pathname to the program on your disk, allowing you to approve or disapprove (with extreme prejudice) the Internet access. 

The Historian Menu records all attempts to run Internet programs using a password, both correct and incorrect. The password screen is shown below.

 Figure 14 - Internet program password protection screen

What do trojan horse viruses do? They allow remote-control access to your PC, or just cause malicious damage to files on your PC. This could be happening to your PC today, and you might never know it. The Historian Menu should be checked often to look for clues if you suspect your PC is infected. 

For example, following is a list of the common activities of trojan horse programs. Since the trojan horse programs exploit very similar PC capabilities, the PersonalFirewall can detect and stop obscure and future trojan horse programs that rely on similar tactics. Note that particular trojan horse programs may only implement a few of the items listed below. 

Common features of Trojan horse programs.
- Read your password files 
- Log all keystrokes on your PC & send the info to another PC 
- Periodically email or FTP a file from your PC to another PC 
- Listen through the microphone on your PC and send the audio to another PC 
- Delete any file on your PC under remote control 
- Run any program on your PC under remote control 

The PersonalFirewall™ currently provides effective detection and control of the following known trojan horse programs (as well as any others that exploit similar capabilities): 

Aandromeda 
Acid Shivers 
Antigen 
Attack FTP 
Back Orifice 1.20 
Back Contruction 
BigGlick 1.0 
Bla 2.0 
Canason 1 
Deep Back Orifice 0.6.3136 alpha 
DeepThroat 1.0 
DeepThroat 2.0 
Delta Source 0.5 
Devil 1.3 
Doly Trojan 1.1 
E-MAIL Password Sender 1.03 
E-MAIL Password Sender 1.04 
E-MAIL Password Sender 1.06 
E-MAIL Password Sender 1.07 
Evil FTP 
Executer 1 
Executer 2 
Firehotcker BackDoorz 1.03 
Fore 1.0 beta 1 
Fore 1.0 beta 2 
FTP99cmp 
Gate Crasher 1.0 
Gate Crasher 1.1 
Gate Crasher 1.2 
GirlFriend 1.0 beta 
GirlFriend 1.3 
GirlFriend 1.35 
Hack '99 Keylogger 
Hack office Armageddon 
Hack City Ripper Pro 
HAEbU COCEDA 2.12 
HAEbU COCEDA 2.14 
HAEbU COCEDA 2.15 
HAEbU COCEDA 2.18 
HAEbU COCEDA 2.19 
HAEbU COCEDA 2.21 
HVL RAT 5.3.0 
icKiLLeR 0.9 
ICQ Trogen A.5 
Invisible FTP 
iNi-Killer 1.2 
iNi-Killer 3.0 pro 
iNi-Killer 3.2 pro 
iNi-Killer 4.0 pro 
JammerKillah 
Kuang2 veryLite 0.17a 
Kuang2 pSender 0.20 
Kuang2 pSender Full 0.30 
Masters' Paradise 8 beta 
Masters' Paradise 9.2 beta 
Masters' Paradise 9.5 beta 
Masters' Paradise 9.7 beta 
Masters' Paradise 9.8 beta 
Masters' Paradise 9.8 
Masters' Paradise 9.9c beta 
Masters' Paradise 9.9d beta 
Millenium 1.0 
NetBus 1.20 
NetBus 1.53 
NetBus 1.60 
NetBus 1.70 
NetBus 2.0 beta 
NetBus Pro 2.0 
NetMonitor 1.0 
Netsphere 
NetSpy 6.98 
NetSpy 1.01 
NetSpy 1.06 
NetSpy 1.10 
NetSpy 1.12 
phAse zero 1.0 beta 
Phineas Phucker 
Portal Of Doom 3 
Priority Beta 
Progenic 1.0 beta 
Progenic 1.0 beta 2 
Progenic 
Prosiak 0.47 
Psyber Stream Server 
Remote Grab 1.0d 
Robo-HacK 1.2 
Remote Windows Shutdown 0.02
Satanz BackDoor 1.0 
Schwindler 
Senna spy 
Sesam V.102 
Sivka-Burka 0.2b 
Sockets de Troie 2.3 
ShockRave 
Shtirlitz 
Silencer 1.0.0 
SpySender 0.65 beta 
Stealth 2 
Stealth 2.9 
Stealth Spy 3 beta 
Striker 1.0 
SubSeven 1.0 
SubSeven 1.1 
SubSeven 1.2
SubSeven 1.3 
SubSeven 1.4 
SubSeven 1.5 
Tapiras 
TeleCommando 1.5.4 
Terminator 
The Invasort 1.0 
The Spy 
TN 
The Trojan Cow 1 
The Unexplained 1.0 
Tiny Telnet Server 
Ugly FTP 
Ultor's Trojan 
Voice 
VooDoo Doll 
Web EX 1.2 
Web EX 1.3 
Web EX 1.4 
WinCrash 
WinCrash 1.03 
WinPC 
Winpy 4.1 

Note: Internet security issues are constantly being identified, similar to computer viruses. Netkeys™ will be enhanced in the future as new security issues are identified.
 

11. Virus menu - InternetBombDiffusion™ and EmailBombDiffusion™

Bombs and Exploits
InternetBombDiffusion™ and EmailBombDiffusion™ technology are only available from Software Appliance Company. These new technologies are designed to enhance your security and control of internet activity. 

Firewalls	like a water faucet
Virus scanning	like a bug killer
Bomb diffusion	like a water filter

Here's what bomb diffusion can do for you:

1. Diffuse email attachments based upon file type or MIME type.
-- Diffusion eliminates potentially dangerous scripted code in email.
-- Diffusion can disable links in email that could lead to danger.
-- Diffusion stops the email program from executing specified files.
-- Diffused attachments can be saved, and then opened if you like.

2. Diffuse web page files based upon file type or MIME type.
-- Diffusion eliminates potentially dangerous scripted code on web pages.
-- Diffusion can disable receipt of any file or MIME type from web pages.
-- Diffusion stops the browser from executing specified files and MIMES.

File and MIME type lists
There are two (2) separate lists for file and MIME data types, one list for email and one for web pages. You can customize the lists. Place MIME data types first in the list, before file names, as shown in the lists that install with the product.

Use lower case when creating the list. Wildcards are only allowed for the name of the file (not the extension), and for the MIME type extension. For example:

application/*
message/external-body
*.gif
*.cil

EmailBombDiffusion(tm)
Email can contain viruses in both the email body, and in the attachment files. If the email body contains a virus, the virus will be activated when you read the email. If the email attachment file contains a virus, the virus will be executed when you open the attachment file. Never open email attachment files unless you are positive they are OK.

BombDiffusion provides separate controls for both the email body and the email attachment files. It should be 100% effective in stopping viruses, unless you promiscuously open untrusted email attachments.

Bomb diffusion works by disabling invisible code in email which could contain a virus. Email programs blindly execute the code in the email body when you read the email. BombDiffusion disables the code, so you are safe. BombDiffusion will also disable advertisements in the email body which otherwise pull in images and text from the Internet which can be used to track when you opened the email. 

Opening email attachment files is not safe because viruses can be attached to the attachment file, and the virus will execute when the attachment is opened. BombDiffusion allows you to disable any or all email attachments, so the email program will not execute the virus. The diffused attachment files are renamed to .txt files, which you can save and rename later if you want to open them.

Email Bomb diffusion is provided for three levels:

Normal: (*recommended)
This diffuses all executable code (scripts) in the email to non executable code. No scripting is allowed in the email, and no MIME application files can be automatically loaded and executed. Email body is safe to read. Also, all links in the email are disabled, so this means that email web bugs are disabled, and email tracking features that rely on the links are also defeated.

High 
This diffusion is identical to Normal, except that all listed email attachment files and MIMES are diffused according to the types of attachments you specify in the list. The specified email attachment files are renamed to .txt files, so the email program will not attempt to execute them.

Extreme
This diffusion is identical to Normal, except that ALL email attachment files are diffused.

InternetBombDiffusion(tm)
Web pages can contain viruses. Just by visiting the website, your PC can be subverted. Either malicious scripted code can be contained in the web page, or the web page may have a file embedded into it which contains a virus. By vising the web page, the file will be sent to your browser without your knowledge, and the browser will automatically try to open it. Files like Microsoft Word documents can be embedded into web pages, and these can contains macro viruses. 

Internet BombDiffusion provides three levels of protection for web pages:

Normal: (*recommended)
This diffuses little used and highly dangerous web page code (scripts) such as Virtmach code, Activex, VBscript, and Microsoft Shell Scripting languages. Normal scripting

High 
This diffusion is identical to Normal, except that any files or MIME data types will be blocked from coming into your PC. With this feature, you can also block any download files such as games (*.exe, *.zip)

Extreme
This diffusion is identical to High, except that ALL script languages are also blocked. This is an extreme measure, since it also disables harmless scripted advertisements and other web page features.

Bombs defined
An Internet bomb is a deliberately designed and programmed element which performs activity on your PC without your knowledge or consent, triggered by simply visiting a web page, by clicking the mouse on a certain element of the web page, by reading an email, or opening an email attachment. Bombs rely on the email program or browser to "automatically do something" when the bomb is incoming - and it's all based upon file type and MIME type. Some types are known dangerous, others are on the way. 

Firewalls vs. bomb diffusion
Common PC firewalls deal at the lowest TCP and IP protocol layers. These firewalls are primarily targeted at the following threats:

1. Monitoring and guarding TCP/IP port access.
2. Blocking hostile port access from outside the PC.
3. Stealth technology (hiding TCP/IP ports from outsiders)
4. Blocking trojan horse programs from outbound TCP/IP access. 

Basically, firewalls are like the "on/off" valve, which control access and data flow, like a water faucet. BombDiffusion technology is like a "water purification system" which can filter out potentially harmful particles from the data stream. 

See the Admin menu for further information about the Netkeys™ PersonalFirewall.

Virus scanning vs. bomb diffusion
Virus scanning falls into two categories:

1. STATIC - look for matches with a static virus signature file of known viruses.
2. DYNAMIC - look for potential viruses on the fly by analysis. 

Given these definitions, then BombDiffusion™ technology is similar to DYNAMIC virus scanning, except that it allows the user to have more control over the filtering process, and looks for different threats. Also, BombDiffusion™ technology "preserves" the diffused code so you can look at it yourself. Virus scanning programs are basically fully automatic, and just fix things for you. 

The weakness in virus scanning programs is that they may undershoot and miss detecting new viruses. The weakness with bomb diffusion is that it may overshoot and diffuse perfectly harmless code and files. However, the choice is yours. Both approaches can work together, and neither approach is perfect. 

Internet bombs in web pages and email
Internet and Email bombs are like land mines - they are well designed, difficult to detect with certainty, and can have devastating results. The bombs can have security, privacy, and PC control consequences. Bombs can be designed like explosives, or like poisons, or like spies. 

For the purpose of this discussion, there are two key types of exploits:

Security exploits - security exploits use obvious documented features of a protocol in deliberate ways to gain a predicable result. The attacker simply knows how the protocols work, and can gain access to your PC, without your knowledge or permission. A good example of a security exploit is unauthorized use of the Microsoft File Sharing ports (NETBIOS ports 135-139), which are left wide open to the Internet by design, and allow anyone who knows your IP address to gain complete remote control of your PC from anywhere in the world. 

Flaw exploits - where the attacker exploits a flaw or unintended side effect present in the design of the software to gain access to your PC. For example, the TCP protocol stack can be exploited in some cases by sending appropriate command sequences to it. Another general example is the stack overflow exploit, where a specific data field in a file can be loaded with executable machine code which is made to overflow onto the program stack, which the CPU then executes like any other program - totally unknown to the PC user. Cookies can also be loaded with executable code, and the executed on your PC. 

BombDiffusion controls
Figure 15 shows the available controls for BombDiffusion technology. 

Figure 15 - BombDiffusion technology for email and web pages.

MIME types Why are MIME types an issue? Because MIME data files can trigger programs to be executed on your PC, and contain malicious programs themselves.

The basic MIME types are:

application - data is to be fed into a specified program
audio - data is to be fed into specified audio program
image - data is to be interpreted as a formatted image
message - information message in specified format
model - data model in specified format (graphics, etc.)
multipart - message divisions and formatting
text - text data in specified format
video - video data in specified format

Note that when you click on a data file in Windows, the data file is often fed into the correct program for you. This is handled via a built in Microsoft Windows file type manager, which also works directly with email attachments and MIME files on web pages as if they were on your PC. 

Most people ignore the little gray warning boxes that pop up when potentially harmful Internet files come into your PC. For example, Microsoft WORD (.doc), Powerpoint (.ppt), GIF images (.gif),and CIL files (.cil) can contain malicious code. You can receive files as email attachments OR transparently from a web page. The list of possible exploits from MIME data is endless and growing, if that is possible!

One of the most common types of virus attack is via email attachments. If the email attachment is an .exe file (executable program file) or .zip file (compressed file), it could contain a virus, and should not be opened unless it is from a trusted source. Other types of email attachment files can also contain viruses - the list is endless. 

Another attack comes by following innocent looking links in an email or on a web page. By following these links (clicking on them), this can trigger "malicious" cross-scripting, causing a program or script on an unknown or untrusted website to be executed on your computer without your knowledge. 

In general, the risk of malicious cross-scripting activity can be drastically reduced by disabling scripting in your browser. However, this has the undesirable side effect of disabling the vast majority of useful and cool features normally provided by scripting. 

The "Security Zones" provided by some browsers can be easily subverted by a malicious technique known as "cross scripting", where scripts or programs are executed from an untrusted website outside of the security zone of the current website! InternetBombDiffusion™ provides warnings for this activity. 

Note: if you have downloaded and installed any browser plug-ins, they may trigger security alerts in the Historian Menu when they run. However, browser plug-ins, if trustworthy, are not a security concern. 

You may not need InternetBombDiffusion™ at all if you visit trusted websites.

Limitations and expectations
Netkeys™ BombDiffusion™ technology allows you to recognize and diffuse potential bombs. The word to note is potential. Since new bombs are being found all the time, and the creators of these bombs are always one step ahead of everybody else, BombDiffusion™ technology allows you to get ahead of them in some respects. 

While virus scanning programs may undershoot and miss detecting bombs, BombDiffusion™ may overshoot and diffuse perfectly harmless code and files. 

However, the choice is yours. Both approaches can work together, and neither approach is perfect. Virus scanning is like matching mug shots against people, and BombDiffusion™ is similar to passing through a customs inspection. 

How BombDiffusion™ works
Think of a bomb squad in the military or police - they locate possible bombs, and then attempt to disable or diffuse the bomb. That is exactly how Netkeys™ BombDiffusion technology works. 

For files, the MIME type is altered so that the incoming MIME data is treated as a pure text only file. This allows you to look at the data using your browser's "view page source" capability. If you are OK with the data, you can disable diffusion, and let it fly. 

For other suspicious code, like scripted links, heavily scripted web pages, the scripting and external linking is disabled, so the code does not execute. 

Figure 16 - BombDiffusion messages in the Historian display.

How to use BombDiffusion™ controls
The Netkeys™ Bombs configuration tab allows you to enter specific types of MIME data types and files into separate lists for email and web pages, and select whether or not you want warnings or diffusion to take place when potential bombs are detected. 

One way to use BombDiffusion is to visit a web page with diffusion enabled, and then see what happens. If diffusion disables legitimate code, you will notice some error message when you try to click something, or visit a page. Then it's up to you to "view page source" and if you accept, turn off BombDiffusion and reload he web page and keep going. 

MIME Diffusion simply stops automatic launching of applications by the browser or email program. The filename.ext remains the same.
File *.ext diffusion changes the file name to .Zxx, where xx is what the file extension was. The file must be renamed appropriately to view as the intended file type. 

Table 12 - Major MIME types (others are invented all the time...)

MIME type	subtype (Commonly exploited subtypes marked with * )
text/*
	plain
	richtext
	enriched
	tab-separated-values
	html
	sgml
	vnd.latex-z
	vnd.fmi.flexstor
	uri-list
	vnd.abc
	rfc822-headers
	vnd.in3d.3dml
	prs.lines.tag
	vnd.in3d.spot
	css
	xml
	rtf
	directory
	calendar
	vnd.wap.wml
	vnd.wap.wmlscript
	vnd.motorola.reflex
	vnd.fly
	vnd.wap.sl
	vnd.wap.si
	t140
	vnd.ms-mediapackage
	vnd.IPTC.NewsML
	vnd.IPTC.NITF
	vnd.curl
	vnd.DMClientScript
	parityfec
multipart/*
	mixed
	alternative
	digest
	parallel
	appledouble
	header-set
	form-data
	related
	report
	voice-message
	signed
	encrypted
	byteranges
message/*
	rfc822
	partial
	external-body*
	news
	http
	delivery-status
	disposition-notification
	s-http
application/*
	octet-stream*
	postscript
	oda
	atomicmail
	andrew-inset
	slate
	wita
	dec-dx
	dca-rft
	activemessage
	rtf
	applefile
	mac-binhex40
	news-message-id
	news-transmission
	wordperfect5.1
	pdf
	zip
	macwriteii
	msword*
	remote-printing
	mathematica
	cybercash
	commonground
	iges
	riscos
	eshop
	x400-bp
	sgml
	cals-1840
	pgp-encrypted
	pgp-signature
	pgp-keys
	vnd.framemaker
	vnd.mif
	vnd.ms-excel
	vnd.ms-powerpoint*
	vnd.ms-project*
	vnd.ms-works*
	vnd.ms-tnef*
	vnd.svd
	vnd.music-niff
	vnd.ms-artgalry
	vnd.truedoc
	vnd.koan
	vnd.street-stream
	vnd.fdf
	set-payment-initiation
	set-payment
	set-registration-initiation
	set-registration
	vnd.seemail
	vnd.businessobjects
	vnd.meridian-slingshot
	vnd.xara
	sgml-open-catalog
	vnd.rapid
	vnd.enliven
	vnd.japannet-registration-wakeup
	vnd.japannet-verification-wakeup
	vnd.japannet-payment-wakeup
	vnd.japannet-directory-service
	vnd.intertrust.digibox
	vnd.intertrust.nncp
	prs.alvestrand.titrax-sheet
	vnd.noblenet-web
	vnd.noblenet-sealer
	vnd.noblenet-directory
	prs.nprend
	vnd.webturbo
	hyperstudio
	vnd.shana.informed.formtemplate
	vnd.shana.informed.formdata
	vnd.shana.informed.package
	vnd.shana.informed.interchange
	vnd.commerce_battelle
	vnd.osa.netdeploy
	vnd.ibm.MiniPay
	vnd.japannet-jpnstore-wakeup
	vnd.japannet-setstore-wakeup
	vnd.japannet-verification
	vnd.japannet-registration
	vnd.hp-HPGL
	vnd.hp-PCL
	vnd.hp-PCLXL
	vnd.musician
	vnd.FloGraphIt
	vnd.intercon.formnet
	vemmi
	vnd.ms-asf
	vnd.ecdis-update
	vnd.powerbuilder6
	vnd.powerbuilder6-s
	vnd.lotus-wordpro
	vnd.lotus-approach
	vnd.lotus-1-2-3
	vnd.lotus-organizer
	vnd.lotus-screencam
	vnd.lotus-freelance
	vnd.fujitsu.oasys
	vnd.fujitsu.oasys2
	vnd.swiftview-ics
	vnd.dna
	prs.cww
	vnd.wt.stf
	vnd.dxr
	vnd.mitsubishi.misty-guard.trustweb
	vnd.ibm.modcap
	vnd.acucobol
	vnd.fujitsu.oasys3
	marc
	vnd.fujitsu.oasysprs
	vnd.fujitsu.oasysgp
	vnd.visio
	vnd.netfpx
	vnd.audiograph
	vnd.epson.salt
	vnd.3M.Post-it-Notes
	vnd.novadigm.EDX
	vnd.novadigm.EXT
	vnd.novadigm.EDM
	vnd.claymore
	vnd.comsocaller
	pkcs7-mime
	pkcs7-signature
	pkcs10
	vnd.yellowriver-custom-menu
	vnd.ecowin.chart
	vnd.ecowin.series
	vnd.ecowin.filerequest
	vnd.ecowin.fileupdate
	vnd.ecowin.seriesrequest
	vnd.ecowin.seriesupdate
	EDIFACT
	EDI-X12
	EDI-Consent
	vnd.wrq-hp3000-labelled
	vnd.minisoft-hp3000-save
	vnd.ffsns
	vnd.hp-hps
	vnd.fujixerox.docuworks
	xml
	vnd.anser-web-funds-transfer-initiation
	vnd.anser-web-certificate-issue-initiation
	vnd.is-xpr
	vnd.intu.qbo
	vnd.publishare-delta-tree
	vnd.cybank
	batch-SMTP
	vnd.uplanet.alert
	vnd.uplanet.cacheop
	vnd.uplanet.list
	vnd.uplanet.listcmd
	vnd.uplanet.channel
	vnd.uplanet.bearer-choice
	vnd.uplanet.signal
	vnd.uplanet.alert-wbxml
	vnd.uplanet.cacheop-wbxml
	vnd.uplanet.list-wbxml
	vnd.uplanet.listcmd-wbxml
	vnd.uplanet.channel-wbxml
	vnd.uplanet.bearer-choice-wbxml
	vnd.epson.quickanime
	vnd.commonspace
	vnd.fut-misnet
	vnd.xfdl
	vnd.intu.qfx
	vnd.epson.ssf
	vnd.epson.msf
	vnd.powerbuilder7
	vnd.powerbuilder7-s
	vnd.lotus-notes
	pkixcmp
	vnd.wap.wmlc
	vnd.wap.wmlscriptc
	vnd.motorola.flexsuite
	vnd.wap.wbxml
	vnd.motorola.flexsuite.wem
	vnd.motorola.flexsuite.kmr
	vnd.motorola.flexsuite.adsi
	vnd.motorola.flexsuite.fis
	vnd.motorola.flexsuite.gotap
	vnd.motorola.flexsuite.ttc
	vnd.ufdl
	vnd.accpac.simply.imp
	vnd.accpac.simply.aso
	vnd.vcx
	ipp
	ocsp-request
	ocsp-response
	vnd.previewsystems.box
	vnd.mediastation.cdkey
	vnd.pg.format
	vnd.pg.osasli
	vnd.hp-hpid
	pkix-cert
	pkix-crl
	vnd.Mobius.TXF
	vnd.Mobius.PLC
	vnd.Mobius.DIS
	vnd.Mobius.DAF
	vnd.Mobius.MSL
	vnd.cups-raster
	vnd.cups-postscript
	vnd.cups-raw
	index
	index.cmd
	index.response
	index.obj
	index.vnd
	vnd.triscape.mxs
	vnd.powerbuilder75
	vnd.powerbuilder75-s
	vnd.dpgraph
	http
	sdp
	vnd.eudora.data
	vnd.fujixerox.docuworks.binder
	vnd.vectorworks
	vnd.grafeq
	vnd.bmi
	vnd.ericsson.quickcall
	vnd.hzn-3d-crossword
	vnd.wap.slc
	vnd.wap.sic
	vnd.groove-injector
	vnd.fujixerox.ddd
	vnd.groove-account
	vnd.groove-identity-message
	vnd.groove-tool-message
	vnd.groove-tool-template
	vnd.groove-vcard
	vnd.ctc-posml
	vnd.canon-lips
	vnd.canon-cpdl
	vnd.trueapp
	vnd.s3sms
	iotp
	vnd.mcd
	vnd.httphone
	vnd.informix-visionary
	vnd.msign
	vnd.ms-lrm
	vnd.contact.cmsg
	vnd.epson.esf
	whoispp-query
	whoispp-response
	vnd.mozilla.xul+xml
	parityfec
	vnd.palm
	vnd.fsc.weblaunch
	vnd.tve-trigger
	dvcs
	sieve
	vnd.vividence.scriptfile
	vnd.hhe.lesson-player
	beep+xml
	font-tdpfr
	vnd.mseq
	vnd.aether.imp
	vnd.Mobius.MQY
	vnd.Mobius.MBK
	vnd.vidsoft.vidconference
	vnd.ibm.afplinedata
image/*
	jpeg
	gif*
	ief
	g3fax
	tiff
	cgm
	naplps
	vnd.dwg
	vnd.svf
	vnd.dxf
	png
	vnd.fpx
	vnd.net-fpx
	vnd.xiff
	prs.btif
	vnd.fastbidsheet
	vnd.wap.wbmp
	prs.pti
	vnd.cns.inf2
	vnd.mix
	vnd.fujixerox.edmics-rlc
	vnd.fujixerox.edmics-mmr
	vnd.fst
audio/*
	basic
	32kadpcm
	vnd.qcelp
	vnd.digital-winds
	vnd.lucent.voice
	vnd.octel.sbc
	vnd.rhetorex.32kadpcm
	vnd.vmx.cvsd
	vnd.nortel.vbk
	vnd.cns.anp1
	vnd.cns.inf1
	L16
	vnd.everad.plj
	telephone-event
	tone
	prs.sid
	vnd.nuera.ecelp4800
	vnd.nuera.ecelp7470
	mpeg
	parityfec
	MP4A-LATM
	vnd.nuera.ecelp9600
	G.722.1
video/*
	mpeg
	quicktime
	vnd.vivo
	vnd.motorola.video
	vnd.motorola.videop
	vnd.fvt
	pointer
	parityfec
	vnd.mpegurl
	MP4V-ES
	vnd.nokia.interleaved-multimedia
model/*
	iges
	vrml
	mesh
	vnd.dwf
	vnd.gtw
	vnd.flatland.3dml
	vnd.vtu
	vnd.mts
	vnd.gdl
	vnd.gs-gdl
	vnd.parasolid.transmit.text
	vnd.parasolid.transmit.binary

 

12. Customer support - problems & questions

Software Appliance Company would like to hear from you. If you have any problems, questions, comments, or product ideas, you may send them to: support@softappco.com.

You may also contact us by fax at (360)299-4660. 

Most of the time, if you just send a simple email question to support@softappco.com, you will receive a simple answer to your question or problem. But if things are just not working right, and you need more serious attention, then read on. 

Automated Problem Diagnostics
We provide fully automated problem diagnosis 24-hours per day, 7 days a week, 365 days per year! Since it's fully automated, it saves you time - no waiting on hold for a customer service representative! We contact you by email as soon as we have a solution to the problem - usually within two business days. 

To provided automated customer support, Software Appliance has created the ReportBug diagnostic tool which automatically collects all the nitty-gritty details we need about your computer to determine possible sources of any problems you may encounter. All you need to do is run the program, which is included with all softappco Products. 

Automated Problem Diagnostics is very simple! Here's how it works!
1. Find the program called ReportBug, which will be in the directory where the product is installed, such as C:\Program Files\Netkeys\ReportBug.exe.
2. Run ReportBug on your computer to create a detailed problem report file.
3. Email the problem report file back to support@softappco.com for diagnosis. 
4. We will email you back with a solution to your problem. 

Overall, it takes less than 5 minutes of your time. 

Typical problems include (see if your problem is already listed below):

1. Password does not work - Try using upper case or lower case letters as appropriate. Is the Caps Lock key on? If you really have forgotten the password, send email to support@softappco.com. We can provide special passwords to get you going again. 

2. Web sites are being blocked that should not be - maybe there is an advertisement on an otherwise benign website, such as a news website, and the advertisement is causing the whole page to be blocked. Maybe try closing and restarting the browser again (see also #4 below). 

3. I can't tell if Netkeys is working - Don't worry, Netkeys works until it is uninstalled. It cannot be shut off even if the Netkeys icon is closed. Netkeys operates all the time, separately from the user interface. 

4. Netkeys doesn't change behavior when I change settings - Sometimes this happens when you have multiple Internet connections going at the same time - try closing the browsers that are running, and start them up again. 

5. The colors of the buttons don't look right - Is the computer capable of displaying more than 256 colors? Change the settings for the display in the Control Panel to make sure the computer can display more than 256 colors. 

6. AOL email cannot be blocked using Netkeys - Yes, that is true. AOL's browser provides some email blocking capabilities which AOL customers may prefer, so Netkeys email blocking is disabled when using the AOL browser. Possibly use a different browser like Netscape for email if you prefer the Netkeys email blocking features. 

7. Uninstall does not work - I seem to have the wrong password - Try using the password that you used to install Netkeys. If you continue having problems, please send email to support@softappco.com. 

8. What is the network error message I keep getting? - Netkeys will cause network error messages to occur if the CleanBlock™ feature is enabled, because CleanBlock™ disconnects obscene Internet sites. See the CleanBlock™ feature for more information. 

9. I think Netkeys is goofing up on a certain website - Try disabling Netkeys using the "Master Off" button in the Admin Menu, then try it again. Sometimes, computers, browsers, and any software just goof up due to non-repeatable hardware errors. Possibly shutdown and restart your computer, then try it again. If you continue having problems, pleasesend email to: support@softappco.com. 

13. Contacting softappco

Please send email to: support@softappco.com if you have any questions or comments about this manual.