Click on the following links for the driver package readme info:
The setup package generally installs about 56 files and is usually about 942.77 KB (965,399 bytes). Relative to the overall usage of users who have this installed on their PCs, most are running Windows 10 and Windows 7 (SP1). While about 51% of users of Protector Suite 2012 come from the United States, it is also popular in Germany and Italy. Protector Suite QL is used by 58 users of Software Informer. The most popular versions of this product among our users are: 5.3, 5.4, 5.6 and 5.8. The names of program executable files are startmui.exe, launchte.exe, ctlcntr.exe, enrollbtn.exe and welcome.exe.
Windows Defender Security Center delivers a robust suite of security features that keep you safe for the supported lifetime of your Windows 10 device. When your PC is protected by Windows Defender Antivirus you are receiving comprehensive protection for your system, files and online activities from.
Fingerprint on Windows 10 with UPEC Protector Suite WBF I've been using Windows 7 Ultimate for a few years now with AuthenTec Protector Suite 2012 installed and a TrueMe fingerprint reading device. The Protector Suite software allowed me to login to windows using a fingerprint and to use fingerprints to open password protected files as well as.
I have Protector Suite 2009 on a VAIO laptop running Windows 7 Pro 64 bit. Will there be an update for Windows 10?
At the 'Protector Suite QL' screen, click 'Next'. At the 'License Agreement' dialog, read the agreement, then, if you agree, click 'I Agree' to continue the installation. At the 'Finish' screen, click 'Finish'. The installation of the UPEK Protector Suite QL Software is complete.
.../Protector Suite QL 5.6 Software X86/Readme.txt
This package supports the following driver models:
TouchChip Fingerprint Reader
TouchChip Fingerprint Coprocessor
TouchStrip Fingerprint Sensor
What do you need to know about free software?
From Acer: Click on the following links for the driver package readme info: .../Protector Suite QL 5.6 Software X86/Readme.txt This package supports the following driver models:
TouchChip Fingerprint Reader
TouchChip Fingerprint Coprocessor
TouchStrip Fingerprint Sensor
[That was one *awesome* passphrase! :-)]
Elcomsoft has announced that certain versions of fingerprint software named Protector Suite made by UPEK (now part of Authentec) stores your Windows password in a ‘scrambled’ format in registry. This allows an attacker through different entry points to get easy access to a users Windows password. I have no reason not to believe Elcomsoft in their claims, but UPEK/Autentec seriously disagrees. In the middle of this I happen to have some questions, and an opinion regarding biometric software today.
Protector Suite Ql Windows 10
Background
I have lost count of all the times colleagues have approached me with a big smile, challenging me to break into their work laptops now that they have enabled fingerprint authentication. Pressing Esc to get the normal logon prompt and then entering my AD username & password logged me in. Having local admin rights made things even easier to conduct pass-the-hash of their locally cached credentials, and smile turned to sadness. Hey, I have even been accused of cheating when I did that.
I purchased my first fingerprint reader back somewhere in 1999. It was complete crap. Many years later I purchased a Microsoft keyboard with integrated fingerprint reader:
I still remember a very clear warning in their documentation: the fingerprint reader should not be trusted for security. It should be considered as a toy. Oh well.
Today the integrated fingerprint readers in many laptops is the most common place we interact with biometric solutions. IF we choose to use it of course – there is no requirement to do so from the vendor. Enter Elcomsoft.
Security vs Convenience
Lots of people – including infosec professionals, doesn’t see the difference between using biometric authentication as a security feature, and as a convenience feature. Simply explained for the home user:
If you use biometric authentication to logon to your laptop, but can bypass it by pressing Esc and enter your username & password, you are using biometrics as a convenience feature.
If you have removed any and all possibilities to logon except by using/including biometrics, you are using biometrics as a security feature.
The differences here are … well… BIG, at least in theory. But wait; that was for the home user. I don’t care much about your private pictures, christmas wish list and facebook account anyway, so lets look at it from a corporate perspective:
There is no integrated support for replacing passwords with biometric authentication within Microsoft Windows.
This means that any kind of authentication addition or replacement you set up on laptops, tablets or desktop computers in a corporate enviroment with Active Directory, a password still has to be configured for a user in a domain, and that password is what authenticates the user throughout the domain. Using highly advanced visualization tools, hours and hours of hard work and a colorful palette, I made this infographic to explain what happens:
Using biometric logon, we add another step in the authentication process in a corporate environment. Please note; we added one more step, we didn’t necessarily add one more layer of security.
I blogged about upcoming password security features in Windows 8 Password Security. Please observe that using picture password and/or a PIN is an addition to having a password. They are quite simply convenience features. Having said that, I would like to give kudos to Microsoft for doing quite a bit of research into picture passwords and presenting it in such a detailed form that we can make up an opinion about the security it provides.
What did Elcomsoft discover?
Well, they claim that certain versions of the software in question stores your Windows password using weak protection locally (see step 2 in the biometric chain above). Using a simple PoC, they have successfully extracted the stored Windows password from registry by the biometric software and “decrypted” it.
Since the biometric software is local only, it needs to know your Windows password to properly give you both local and domain access. To repeat; your username and password gives you access, not your fingerprint or any other biometric ID. If your password is changed, either locally or in the domain, you will have to provide your new password to the biometric software.
Is this such a big deal? Yes.
Why?
Good practice is to store passwords using hash irreversible algorithms, preferably strong types such as PBKDF2, Bcrypt or Scrypt. The draft cheat sheet from OWASP on password storage gives more information about such algorithms, and more. Even though Microsoft doesn’t use salting or key stretching in their LM/NTLM algorithms, they are still hash algorithms. You cannot “reverse” the process to get the plaintext password, you have to
My Authentec (Thinkpad) fingerprint software, which is NOT affected by Elcomsofts findings, knows my password (or passphrase in my case), and there is an option in the software to display it on screen, as the video on top shows you.
But I can do pass-the-hash/ticket and more, why is this a big deal?
Sure you can. But you cannot do those attacks against a Outlook Web Access configuration from the Internet using SSL. You don’t know the users actual password when you do pass-the-hash attacks, so you cannot check if the user uses the same password on other services, at work or on a personal basis.
If my fingerprint – my biometric template – was the secret key to unlock the password using reversible encryption like AES, things could perhaps be considered a bit better, but it would still not be good practice to store any users password using reversible encryption. Which is exactly what is evidenced by my video above.
Now if claims by Elcomsoft are true, malware could easily exploit the weakness found to extract users Windows plaintext passwords in yet another way, adding to the already existing ways of doing so.
Pc Suite For Windows 10
I haven’t twisted my mind long enough on this to figure out ways of improving this, but I am open for suggestions. ?