Special Agent P.C. Secure
View PC Secure Product
This page is a copy of part of the help file for Special Agent PC Secure
by Easy Desk Software
Hide and Encrypt Files & Passwords
IP Host and Research Center
Security Browser Agent
Spy Remover Agent
Starting with Phishing Agent
The first time you start the Phishing Agent (the Eye Icon in the System Tray) it will begin to build a database that is customized to your surfing. You will see a balloon message that appears every time you visit a new site. It will inform you that you are visiting a new site and display the IP Address and the country it is assigned to. The Phishing Agent will also attempt to resolve the real host name of the new IP Address. The balloon will disappear in approximately 5 seconds and you will not see a balloon reappear the next time you visit this same site. In the beginning, you will see many balloons when you first start using the Phishing Agent. The amount of balloons appearing will decrease each day as you surf and build up your database, especially if you frequent the same sites.
This database is a valuable tool. For example: you visit your bank's web site for the first time on Monday, a balloon will appear. The next time you visit this site, no balloon will be displayed. If you get Phished however, a balloon will appear telling you that you are accessing a new site. You will then know that this is not the same site that you visited on Monday. If the site is a known Phishing Site a balloon will appear for 10 seconds stating that you are on a known Phishing site.
When you connect to a site that is known for downloading Malware, a balloon will appear, informing you that you are connected to a Malware site (if it is a known Phishing site a Phishing balloon will appear) This does not always mean however that you are on a Malware site or that Malware is being installed. It may simply mean that the site you are on may have advertising that is linked to an IP address of a known Malware or Phising site.
More about the Phishing Agent
Special Agent Overview
Special Agent P. C. Secure is your complete Total Internet Secure System software package. It is designed for home use and small business use. It can be used on a network or single stand alone computer. A single registration license support an entire multi boot computer. This software will automatically check for updated components each day, so long as you are connected to the Internet.
Special Agent P. C. Secure contains four independent monitoring tools, a personal Firewall, a Phishing detector, a Connections monitor, and a Spy monitor. It also has a Phishing detecting web browser and several other tools for your security, a file Shredder, a Hide and Encryption files tool, a Message Encryption tool and reader, a Password Hide and Encryption, a Whois lookup and IP address finder, and a Spy Remover.
P. C. Secure also has a Spy remover tool. It is programmed to run once a day automatically and if the computer was shut down incorrectly it will scan for spies before other programs are loaded. It will also automatically download updates of the Spyware database. If you use a dial up connection, use the Scan for spies button located on the setting Window while you are on line. This way it can check for updates.
The main interface is accessible by clicking on the Special Agent Icon in the System Tray. The main interface has nine images that access the different tools of Special Agent P. C. Secure. Each Image has a Tool Tip that displays when you hover the mouse over the image, if they are currently functional.
Special Agent P. C. Secure does a lot more then what is outlined in this help file. You will discover all the hidden tools and monitors that Special Agent has to offer over time and just looking around and trying different things with all the Agents.
It it most important that you review the Phishing Monitor section of this help file.
Displays a list of active TCP connections. On this screen you will find five buttons and four images, and the monitoring window. From this screen you can add an active connection to be blocked by the firewall permanently, using the Block this IP button. The selected IP address will be placed in the lower window and added to the firewall blocking list on the Firewall setting windows. You can unblock this IP using the setting window/ firewall rules button. To block an IP momentarily use the Close Connection, or Block All Traffic option on the popup menu of Tray Icon.
The DNS button will search the Internet for the Domain Name of the IP Address that you click on in the Window. The Whois button will access the Registrar you have selected in the above window for the owner of the Domain in the Whois window. You can add additional Whois servers using the Add button. You will find that a more advance Whois is available in the Eye Icon when you click on Whois... Check IP. Whois servers that are added in the Connection Monitor windows will be added to the IP and Host Research Center the when the Phishing Monitor is restart.
The Connection Monitor is used to monitor if some software is accessing the Internet without your knowledge. Special Agent will need to contact your DNS server, you may see it in the windows as the remote port 53. And Special Agent checks its home site for updated components each day.
The Connection Monitor also has the ability to stay on top of all other windows. If you click on the second image, the one with 3 program windows displaying, the monitor will stay on top for viewing. To deactivate the function the the image a second time.
When you clicking on this image you access a tool that will allow you to read or write encrypted messages. This tool does not use the standard Windows encryption, so other Windows users will not be able to decrypt your messages. You will find the free Reader.exe file in the PC Secure folder. You may give this file to anyone you want to be able to read your messages.
To read a message the reader must enter the exact Key you used to create the message, the Key is case sensitive. You may also wish to use a password along with the encryption Key. You can also encrypt files, but they must be text files. The decryption process does not recognize special formats.
Hide and Encrypt Files & Passwords
Hide and Encrypt Files:
This tool will allow you to hide and encrypt any file(s) on your computer so no one can find or view them, if you use this tool on the trial version, make a backup copy of the files or be sure to unhide the files before the trial period expires.
This tool will ensure that Spies cannot file them, or read them. Other users of your computer will not be able to find or read them without your password.
Before you are able to use this tool you will need to set a password. The password is case sensitive. You will use the same password to access the Encrypt Password tool.
Stores your passwords used on the Internet. PC Secure does not store your passwords in the Registry where Spies can find them and send them home. Passwords are encrypted using a not standard Windows encryption, and stored in a hidden file.
This tool also offers you a copy and paste option. When you need to enter your password and username on a site use the copy button ( > ) next to the password box. This way if you have a key logger spy on your machine it cannot read your password or username.
Settings Window/Control Panel
This window is the main control for Special Agent. It is recommended that you have Special Agent automatically start on bootup, Delete Cookies when scanning for your privacy, and delete Temp file to ensure that spy's are not in the temp folder.
To reset your password (which is case sensitive)
used to access your Encrypted Password screen and Encrypt and
Hide Files screen.; follow the steps below without clicking on
anything else other than would the instructions state.
Set the drop down window for Delete Phish History to 60 days
Click ONCE on the label View and Edit:
Place a check mark in the check box All Sites
Set the drop down window for Delete Phish History to 90 days
Set the drop down window under View and Edit to ZAMBIA
Click ONCE on the label View and Edit:
Your password has been cleared, now reset your settings and Click OK.
Clicking on this image will bring up a windows asking you what file you want to shred. The selected file will be shredder, it will no longer exist on your computer. You will not be able to undelete it, nor can any other software, such as data recovery, recover and read the file. Once the file is shredded it is gone forever.
IP and Host Research Center
This tool is accessed by clicking on the Eye Icon in the System Tray and selecting Whois... Check IP. It is also available directly through the Security Browser when it is set to "Use Security" by clicking on the Question mark and select Whois xxxx or Who owns xxxx. You must be connected to the Internet to use this tool, and this tool is designed to tell you where you are and who owns the Domain and IP address while you are surfing the Internet.
The IP and Host Research Center is an advanced Whois tool. The easiest way to learn how to use this is to this tool is to walk through this example. Open the tool and if "upload.easydesksoftware.com" ( without the quotes) is not in the upper right window under the words "Use This Domain Name", then click on the button "Get IP for Upload.easyd...". You see that you get a message that this is not a valid domain name. Shorten the Domain Name to "easydesksoftware.com" and try again. The IP Address will appear, along with who the IP address it owned by, and the Country the IP address is in. The Country is displayed directly below the Domain Name window. Currently (as or this writing) the IP address is leased and belongs to our ISP. IFY: upload.easydesksoftware.com is a host name and easydesksoftware.com is a domain name.
Now change the domain name to bankofamerica.com and click on Get IP for bankofameric... At least to IP addresses will appear, both belonging to bankofamerica.com. Now click on Host Names for IP Range. You will notice that several of the IP addresses where unable to be resolved. If you visited bankofamerica.com and one of these IP addresses where displayed by the Phishing Monitor you would not know for sure what site you are really on. Enter one of the unresolved IP address in the "Use This IP Address" window, highlight it with your mouse and right click and copy. Now click on Whois bankofamerica.com and in the new window replace bankofamerica.com with the unresolved IP address. Click on "Select Country". Read the message displayed carefully, you want whois.arin.net as this domain is in the United States/North America. Click OK and click on whois.arin.net in the popup menu. whois.arin.net is now in the Use this Whois window. Click on Use this Whois button. You will now see who owns the IP address you entered, Net Range.
Now lets find out how owns Bank of America, click on Check IPs, then click on Whois bankofamerica.com. You are bank at the Whois Agent window. Whois.arin.net is still in the window, select rs.internic.net.
As a side note: The "Whois" button uses the whois server set in the Connections Monitor as the default Whois server. The "Use the Whois" uses the Whois displayed in the window next to the Use this Whois button
You will now see the some basic information about bankofamerica.com. click on the Whois Server words in the large window. whois.opensrs.net will now appear in the "Use this Whois" window, click the Use this Whois button. You now have all the information you need. You learned that bankofamerica.com is owned by Bank of America Corp, and that the unresolved IP is also owned by Bank of America.
A little playing around with this tool and you will be able to track any IP or host name.
Security Browser Agent
The Security Browser Agent is located in the Phishing Monitor, the Eye Icon in the System Tray. It contains it's own help file. The browser can be use as a normal Browser or as a Security Browser to detect Phishing Sites.
You can set new rules for the firewall by clicking on the Firewall Setting button through the Setting Icon on the main interface. To block any computer within you network you must add it to the Block IP list.
The firewall rules are processed as follows:
1) Block any single computer IP address in the Blocked Rules list
2) Allow all computers in the Trusted Network
3) Allow single computer or group of computers in the Allowed Rules list
4) Block any group of computers in the Blocked Rules list
5) Allow any port in the Allowed Rules list
6) Block all ports under 1029
7) Block all ports that are listening
The following are the predetermined setting, all of which can be modified in the Firewall Setting. You can use the Connection Monitor to determine what rule to add for any program that accesses the internet on none standard ports. You should add allowed IPs over allowing ports. You can have up to 200 blocked Ports or blocked IPs, and 200 allowed Ports or allowed IPs, in the list.
As an example, if you have a program that accesses the IP address of 22.214.171.124 and you allow this IP, but you do not want this program to use port 1200; the firewall will not stop port 1200 for this IP. The allowed IP was processed before the blocked port.
As another example, if you want to allow only one or two computers on your local network to access your computer you block block all the IPs in your network except the ones you want to allow. The Blocked IPs are processed before the trusted network.
The firewall will allow only remote standard ports: 20, 21, 25, 37, 42, 43, 53, 80, 81, 110, 113, 123, 443. All other connections will be denied unless you add ports to the Firewall Rules list. To determine what ports you may need to add if a program has a problem accessing the Internet, start your program and then view the firewall log.
All Local ports below 1025 with the exception of: 53, 67, 143 will be blocked, you can add Local ports to the Firewall Rules list
The following are also block, they are normally used by Trojans, 27374, 31337, 31338, 65000. You can enable them in the Firewall Rules list.
If you use NetMeeting or ICQ over the internet you may need to open ports 1025 to 1029, and you will need to enable listening. Free World Dialup needs port 13840. If you find that a program is unable to access the Internet view the current firewall log. This log can be viewed in the Control Panel - View Logs - Current Firewall Log - Display. See what port it is trying to use, and add either the Port or the IP address to the Allowed list.
A complete listing of what Ports are for can be found at http://www.iana.org/assignments/port-numbers
Phishing is identity thief. A site that falsely claims to be a legitimate enterprise in an attempt to scam the user into surrendering personal information. Maybe via email or a link from another site.
The Phishing (fishing) Monitor is called Phishing Agent located in your System Tray with the Eye Icon. It will be started automatically when an internet connection is open. Or you may start it manually by right clicking the Spy Icon and select Start Phish Monitor. Click on the Eye Icon to bring up the Context Menu for the Phishing Agent, this Menu will constantly change, depending on what Site you are at. In order to protect yourself from phishing you should read this entire section. You will also find the Security Browser Agent here, when you start this Agent you will view its help file.
No matter what browser you use the Phishing Agent will tell you when you are accessing a known Phishing Site, or a potential Phishing site. It will also tell you when you are accessing a unknown Malware site. A Malware site is one that is known for downloading spies, Trojans, and other Malware onto your computer.
The Phishing Agent will notify you each time you connect to a new IP address, this information is stored in a database. You will not be notified again about this site. It will do a reverse lookup of the IP for the real Domain name and add this information to a database that it builds just for you. Once the site has been entered into the database, the monitor will not notify you again about this site. You have the option of having the monitor list the site as a Trusted Site or a Non-Trusted Site. The Monitor will automatically ask you when you are at a SSL (Secure Site) if you want it to be a Trusted Site.
You will notice that when you visit some sites you get a message indicating the Domain name, other times you get the message No reverse DNS available. This is normal, the Phishing monitor is watching the IP addresses, not the text in the browser address window. So when it sees an address like 126.96.36.199 the DNS returns the ISP not the Domain you are at. This is because the IP address is owned by Bellsouth.net and leased to a domain. Phishing sites cannot alter an IP Address but they can alter the URL in a browser's address window
To verify a Domain to be the real site use the Verify Any IP or Domain on the Popup menu of the Phishing Monitor. By entering the Domain name the Phishing Monitor will do a forward lookup. Using an IP address it will do a reverse lookup. The Security Browser Agent's help file teach you how to use all the tools.
Each time you visit a site that has been listed into the database it will re-stamp the date visited. On the Setting window is a setting for how long before the site is deleted from the database. If you visit google once a week, and the clean up setting is set for 30 days, Google.com will not be delete. If you visited google once and it was more than 30 days google.com will be delete it UNLESS you have mark the site as a Trusted or Non-trusted site. This can be done on the context menu or using the Setting window.
To protect yourself from been Phished, follow these directions carefully:
The monitor may pop up a new site notice at your Trusted Site if they change advertising drawn from a different IP address. You should verify your connection with the IP and Host Research Center
The Phishing Agent will automatically check for a new database of new Phishing sites each day.
More about the Phishing Agent at Easy Desk Software Web Site
The Spy Monitor is always running in the background, as a real time Spy scanner, while Special Agent is running ( the Spy Icon ). It will notify you if a file(s) is add to your system, and new startup program is added, etc. It will offer to remove it and deleted the file and Registry Keys associated to the files. If you are installing new software and want to bypass this right click on the Spy Icon and select "I am installing new Software". The Agent will stop monitor for 90 seconds.
If you email or mail your order in, you will need to include your 7 digit product ID #. It can be found in the upper right hand corner of the main interface (the first screen you see when you open Special Agent P. C. Secure)
This is a shareware release. Please register it within 15 days.
The cost of registering is $49.95, $9.50 additional for CD. $12.50 for outside the USA
All software is at our web site http://www.easydesksoftware.com
You may order by credit card, money order or check directly at our site
Or to order by mail this or any other software from
EASY DESK SOFTWARE
SOFTWARE TITLE(S)__Special Agent P.C. Secure
PRODUCT ID ______________________
Make checks and money orders payable to Easy Desk Software
Easy Desk Software, Inc.
2264 6th Ave SE
Vero Beach, FL
You may visit our web to learn how to send us a check via e-mail
at our Order page
Or: EMAIL: EASYDESK@EASYDESKSOFTWARE.COM
Visit our web for other free demos:
Users of Easy Desk software must accept this disclaimer of warranty. Easy Desk software is supplied as is. The author disclaims all warranties expressed or implied, including, without limitation, the warranties of merchantability and of fitness for any purpose. The author assumes no liability for damages, direct or consequential, which may result from the use of any Easy Desk software.
P.C. Secure is a "shareware program" and is provided at no charge to the user for evaluation. Feel free to share it with your friends, but you may not give it away altered or as part of another system without written permission from the Easy Desk Software. The essence of "user-supported" software is to provide
personal computer users with quality software without high prices, yet to provide incentive for programmers to continue to develop new products. If you find this program useful and find that you are using Easy Desk software and continue to use Easy Desk software, you must register the software. You must also make payment of $49.95 to the Easy Desk Software. The registration fee will license one copy for use on any one computer. Commercial users of any Easy Desk software must register and make payment for their copies of P.C. Secure within the trial period. License arrangements may be made by contacting the Easy Desk Software.
Anyone distributing P.C. Secure for any kind of remuneration must first contact the Easy Desk Software at the address below for authorization.