Home Forums SharewareOnSale Deals Discussion COVERT Pro / Feb 11 2017 Reply To: COVERT Pro / Feb 11 2017

#7133339 Reply | Quote

Clairvaux

Once again, a program making dubious claims, unable to explain exactly what it purports to do, making you wonder whether it’s snake oil in the best of cases, and possibly even a piece of spyware by itself.

First of all, it pretends to be both an anti-spyware product, and an encrypted messaging product. Who’s ever heard of such a combination ? What’s the logic of sticking both together ? The developer does not say. He doesn’t even attempt to explain.

Let’s have a look at the product’s site. The developer uses some fear-inducing language which obviously means he does not know anything about security :

“Do you know how many people want to know other people’s secrets : a list of sites visited, what is written in the confidential correspondence and dating sites, email passwords, account credentials in social networks, games, online banking and other sensitive data ? How many people are interested in keylogger ?”

This is baby-talk. Security experts don’t write like that. They don’t lump together “a list of sites visited” (which Google, Microsoft and plenty of others routinely and openly collect, and which is a privacy issue), and “people interested in keylogger” (which is malware, and a security issue at a completely different level).

What does the product pretend to do ?

“An innovative solution to ensure total privacy while working at the computer. It protects against spyware and has instant messenger with encryption. When working in secure platform, all user’s actions in all applications (browsers, email clients, office software, messengers, etc.) are safely hidden. Using special features of COVERT Pro allows you to detect and remove all hidden applications.”

This does not mean a thing. Protecting against spyware is only remotely related to privacy. It is primarily a security concern.

All applications are hidden from what ? Are they sandboxed, which is the technical term the author seems to ignore ? But a sandbox does not hide applications from malware ; on the contrary ; it executes software in a separate, isolated space which, if malware has been downloaded with the application, the user can entirely delete afterwards, ensuring that malware will not have leaked to the permanent computer space.

Then in the very next sentence, the developer uses this same word, hidden, to refer to an entirely different thing : “detect and remove all hidden applications”, meaning, presumably, malware. So we’ve suddenly gone from “hiding” legitimate applications, presumably from malware, to un-hiding “hidden” software, that is, malware. Colour me highly skeptical. Real security researchers know what they are talking about, and they are able to explain it clearly.

So this is supposed to be a two-in-one product. Let’s start with the anti-spyware side of things. The developer makes the extraordinary claim that all “classical” anti-spyware are worthless — except his own. No known publisher makes such preposterous claims. At most, they say they work better than the competition. How does Mr. Covert Pro “prove” his extraordinary claim ?

With his own testing. Make that “testing”. In a parody of a technical paper, he pretends to have tested TWO anti-spyware programs, against ONE piece of malware. They failed, he says. Then he proceeds to test that same SINGLE piece of malware against 40 other applications, only now we’ve switched to anti-virus programs, and he doesn’t say why.

In the real, adult world of computer security, anti-malware publishers submit their products to independant testing by third-party, specialised outfits, which test them against tens of thousands of types of malware, publish their methodology, repeat their benchmarks regularly, compete with each other, and are, themselves, regularly challenged by the security community, because anti-malware testing is a very serious and difficult business.

Claims about the product vary according to which part of the site you visit. On the home and main pages, it is presented as an anti-spyware product. Bizzarely, when you dig deeper, it now claims to detect rootkits as well, which are a different type of beast, and much more difficult to hunt. So this should be advertised upfront, shouldn’t it ? It’s not. First it’s an anti-spyware, then it’s an anti-rootkit also, but it’s still not a full-fledged anti-virus / anti-malware. The developer does not seem to know, or to care. He’s just throwing buzzwords at your face.

On to the most valuable function of the product (potentially). It claims to offer “instant messenger with encryption”. This is a major endeavour. Very few applications in the world manage to do that. We are speaking about WhatsApp, Signal, Telegram… All of them compete at the forefront of encryption and privacy technology, against formidable adversaries, the likes of NSA and GCHQ.

So the developer should make that a major selling point, and shout his achievements from the rooftops, right ? Wrong. There’s almost nothing on that part of the product on his site. No encryption technology whitepaper, no explanation about what it does better than competitors or how it does it. It does not even say what that “instant messenger with encryption” does, apart from the fact that it’s there.

However, we do learn, on SoS site (not on the developer’s site), that “immediately after reading, your message will be deleted from the server”. What ?!? What server ? Do you mean that my confidential messages will go to a server you control, about which you say nothing, through an application you explain about zilch ? Now wait a minute, isn’t that the very definition of spyware ?

This program apparently comes from Eastern Europe. A prime location for hackers and scammers. If I were you, I wouldn’t install this program anywhere else than a virtual machine, or inside Sandboxie (which is a well-known, respected and legitimate sandboxing program).