View PC Secure Product
This page is a copy of part of the help file for Special Agent PC Secure'

Security Browser Agent Overview

This browser is designed to detect Phishing sites. It should be used when you access sites that require personal information. When you do your normal surfing you turn off the Security feature, located in the Setting Button. The security feature will be slower surfing due to the research it must do to verify the true URL you are at. Do not try and navigate while the Please Wait message is display; else you will get erroneous results from the browser.

There are 3 IP Address windows that the browser monitors. The requested URL IP Address (target) is located in the Status Bar at the bottom. The IP Address listed in the upper center list window contains the IP Addresses the DNS (Domain Name Service) returned for the URL. The right hand list window will contain all IP Addresses that have been activated while navigating to the URL. If all three match you are where you want to be. If only the two list windows match you should find the requested IP address in the left list windows list. One of the IP addresses in this window must match the IP address in the right list window. If not A Red X will appear in the Status Bar on the right hand side.

In the bottom of this window you will see a status bar. It contains 5 boxes. The first box to the right will report to the Status of navigation. The second box will report the IP address you requested, or if you are viewing a page from cache. The third box will report the number of characters in the URL in the window. Long URLs are normal, but you should be suspicious. This is important to know, Phishing sites may use a lot of % signs between the URL visible in the window and the actual URL you are being sent to. The fifth box will display the level of encryption the URL has, the Tool tip will interpret it for you. The sixth box will appear with a RED X if the URL you are visiting does not match the browser criteria for being a safe site.

If a RED X is displayed in the Status Bar at the bottom, you can click on it to find out more about the URL. The Browser displays Tool Tips on all Icons and Status Bar boxes.

For your security, do not navigate by IP addresses (123.12.123.123). Your DNS server can only return the matching IP Address. If a Web site refers you to an IP address, use the Whois IP Lookup button ( ?) at the top to determine where you are.

What you are most interested in before entering any personal information is that the IP addresses match, if not then the IP addresses should be within the range designated by the Whois IP Lookup. Also please note, a Host name is www.microsoft.com and the Domain name would be microsoft.com. In this example navigating to microsoft.com would return a different IP Address than navigating to www.microsoft.com.

There are some exceptions to all rules, and this is where the extra tools in the ? button come in. We have arranged for you to test your new browser with a couple of sites. Click on the Help button so you can view this page while you perform the following tests. Turn the Security feature on, it is the one labeled Use Security on the Setting button of the tool bar, the folder with tools on it. Once enabled the tool bar will become smaller and two list windows will appear in its place.

1) Your first test will be a legitimate redirect of a URL. Go to http://test.petersen.net/ this will redirect you to http://www3.whc.net/whc/ . You will notice that all 3 IP Addresses match. But since this is not where you planned on going click on the ? button and select "Is test.petersen.net an Alias". Clicking on the RED X will product the same Context Menu. A new window will appear telling you that test.petersen.net is an Alias for www.whc.net and that the IP addresses displayed are the correct ones. This means you are where you are suppose to be. In the lower Window you will see the path your browser took, you see you have been redirected. You will notice that this Host name has 2 IP's ( the center list window). Click on the Refresh button and you will be at the the second IP Address, all IP windows match. You are where you want to be. Now try the "Who owns (IP Address)" in the ? button. Use "whois.arin.net" and click on the "Use This Whois" button. You will notice the "NetRange" matches the IP Address you are at.

A Secondary Domain Alias (a.k.a. A Domain Name Pointer or Domain Alias)  is another domain name you can use to access the services at your main domain. In other words, you can use one domain name to point to the services of another domain.

For example, if you had the domain name "www.domain.com" and also had the domain "mysite.domain.com", you could set up a website on the primary domain, then use both www.domain.com and www.secondary-domain.com,and mysite.domain.com to get to the same single website.

2) Now go to the www.google.com, if all three IP windows match go to the next test and try this one again in a few minutes. The reason for this is that google.com rotates servers, called load balancing, and the Target IP Address is current. If not you will have a different IP Address in the right list window and the RED X will appear. Performing the previous tests you will learn that you are at www.google.com. If you do a Whois lookup for the domain you must lookup really name- www.google.akadns.net,you will find that google.com is an Alias.

3) Now lets test a bank, enter http://www.bankofamerica.com/. Once you have navigated there, all IP's will match. Every bank and credit card company we tested had matching IP address at there sign in site. They may redirect you once inside for security reasons. Let's perform the previous tests once you get to bank of america's web site so you know how to do this at your bank.. You will notice that the real name is www.global.bankofamerica.com with the IP Address (at the time of this writing) is 171.159.193.173, you will also notice that their NetRange is 171.128.0.0-171.206.255.255. Close both Whois windows and look for the link to "Gift Cards", click it. You are still at the same IP address. Now look for "Bulk Orders" and click on that, the IP Address changed, yet now Red X in the Status bar appears because the URL in the Address window now has "bulkorder.bankofamericagiftcard.com" as the Host name IP's match. This means that you are truly at "bulkorder.bankofamericagiftcard.com" , but not at "www.bankofamerica.com".So lets see where you really are. Perform the previous tests, are first and second tests prove that we are truly at "bulkorder.bankofamericagiftcard.com", but not at "www.bankofamerica.com". Close the Whois Agent window and using the ? mark button select "Whois bulkorder.bankofamericagiftcard.com" and Click on the Whois is button this time. You are now using the default Whois server set up in the setting window. Normally this is rs.internic.net, if yours is different use rs.internic.net in the "Use This Whois", clicking on Use This Whois instead of the "Whois" button. You'll get a not found, now click on Shorten the Host name and try again. You will now see that bankofamerica.com is the DNS server, this still does not mean that you are at "www.bankofamerica.com". Now in the window click on the words "Whois Server" and "whois.openers.net" will be inserted into the "Use this Whois" window, click on "Use this Whois". You now see that Bank Of America owns the site you are at.

4) For your last test, go to www.easydesksoftware.com, here you will find that everything thing is fine, except if you use the Whois Agent and ask for Get IP for easydesksoftware.com. It will return (as of this writing) adsl-068-153-214-26.sip.bct.bellsouth.net. This is an ISP provider who owns our IP Address, we own the Domain name and lease the IP Address. This is quite normal for many companies. So determining if this site is safe, you would have found that we own the domain you are visiting, and that the IP Address points to easydesksoftware.com. Using whois.godaddy.com, all IP's match and point to easydesksoftware.com which is where you want to go.

In may cases the IP address is owned by an ISP such is the case, currently with easydesksoftware.com. To look up Whois by IP Address, the following is a guide for what registrar to use :

APNIC (Asia Pacific Network Information Centre) - Asia/Pacific Region

ARIN (American Registry for Internet Numbers) - North America and Sub-Sahara Africa

LACNIC (Regional Latin-American and Caribbean IP Address Registry) – Latin America and some Caribbean Islands

RIPE NCC (Réseaux IP Européens) - Europe, the Middle East, Central Asia, and African countries located north of the equator

A full list of all registrars can be found at http://www.icann.org/registrars/accredited-list.html,you can add the ones you need to the Whois is list through the settings window of Special Agent