Home Forums cryptolocker

There is a new virus out there called cryptolocker that encrypts all the files it finds on the local machine and on the network. If you get it, it is already to late to fix it, by the time you know it is on there. They say that if you pay them 300.00 then they will unlock your files, but there is a debate if anyones has actually been unlocked. Most anti-virus do not currently catch it, so it will walk right in.
Currently it is being sent out as a USPS.com notice that you have mail. But I am sure there are may variants of it.
Your only recourse is to remove the computer that was infected and reload it from scratch. Then restore all files that were encrypted from backup. It makes your backups really important!
Also backups that are update backups similar to carbonite, mozy, google cloud, skydrive, it will encrypt those files to because your backup software will see that the files were changed locally and will mirror them offsite.
External drives that use there included software do the same thing. Not Safe.
Full image backup similar to Macrium Reflect are not effected, so far.
They are saying that even the NSA could not de-crypt your files. This is currently only windows.

Cryptolocker is the latest in the ransom viruses, but is the nastiest and most effective. I have done everything to safeguard my computers.

As Tom said, the best thing to do is have good backups. I have heard that they will send you key which can be up to $2,000 depending on how long you take to pay it. It doesn't make sense for them to not give you the key as if that got around no one would pay it.

The only anti-virus I know of is MBAM, which can work side by side with your AV. It detects in a variety of different ways, one of which is blocking websites which are known to send it.

You have to have backups of all your computers everyday. No admin accounts on your staff's computers and user User Account Settings. Update the MBAM definitions every hour and keep your Windows updates current.

It is also best to use the SBE/Corporate edition, which needs licenses for MBAM. I run a scan once weekly for both A/V Malware detection.

Could this get from an infected workstation thru a browser into a cloud ehr?

This kind of warfare might be the biggest reason I would switch from client server to the cloud.

Unless you don't use your computer for anything else, then I don't see how that would make you any safer.

Is this site bogus or legit? Claims a virus removal tool?
http://pctuneup.org/cryptolocker-virus-removal/?gclid=CN6y4pys3roCFQ3hQgodBAwAQg

Here is a good summary of the malware including a link to a free removal tool.

http://nakedsecurity.sophos.com/201...n-about-prevention-cleanup-and-recovery/

I've already run into this virus twice in my travels, both times the infection came though emails claiming the attached file was a returned check from the bank. One of the infected systems was shut off as soon as they saw the popup, it seems the virus started encrypting the recycling bin first, so they didn't lost anything important. The other had an offline backup I just restored the system from.

By the way, both systems had up to date AV, one had MSE, the other was running Avast.

I have a few offices that have to use older versions of IE (8), so I run HitmanPro.Alert on those systems to help prevent the browser from being exploited. Noticed the other day they released a version that is suppose to block cryptolocker and the like. It's free and literally takes 2 seconds to install. I tested it on a test system I intentionally infected with cryptolocker, and even though the virus was able to run(no AV on test system), HitmanPro.Alert popped up an alert and the virus wasn't able to encrypt any of the test files on the system.

Here's a link if anyone is interested -http://www.surfright.nl/en/cryptoguard

I also second Bert about MBAM (Malwarebytes Anti-Malware), detection rate is hard to beat...

Has anyone seen a case where the malware infected a machine running with standard user (Non-Administrator) permissions?

Yes, this page here claims "infection isn't dependent on being a local admin or UAC state"

This page below suggest a group policy change that will block the virus from running (at least all currently know variants)

http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/?p=3155444

Yesterday, before leaving the office I was surfing for info on cryptolocker while thinking if any of the sites could infected. I was paranoid okay?

This morning I get to the office to find my desktop had restarted, and Microsoft said there had been a blue screen of death forcing shutdown. Lord, what did I do?

Nothing starts your day off like a MBAM full scan. My nerves didn't settle until after an hour to find out I was clean. What a coincidence.

Anyway, I think the big take away is to have a detached backup. I don't see how this can be automated.

I have 2 hidden NASs in opposite corners of the building, cloud backup, and 4 external hard drives that I cycle through with one attached for a week making backups every night, with the other three at home. All are protected from water damage from my sprinkler system. But, all four systems are connected to the network and might be corrupted. I would have good data from last weeks backups on the disk at home.

I am going to add another external hard drive at my manager's desk that is normally disconnected and off. Every morning when she verifies that all systems are up and data good, she will make a slow back up of the critical data, and then disconnect/turn off the external hard drive.

Any thoughts? Anyone know of the best back up software to not put a big drag on the network or manager's machine for this kind of manual back up?

Does anyone know if the AC back-up is a full back up with old copies, or more likely the incremental back up that we would find encrypted by cryptolocker?

Indy, do you have a cloud back up that would have a recent unencrypted full back up for all your wild and crazy friends? It would be worth extra.

There are several out there, one that has throttling options is Acronis.


It is a full backup, but as I have learned recently the [very] hard way, they retain ~ 6 copies, so if you are doing something with the database install and backup during the process, they might only have backups covering 2-3 days.



For my wild and crazy friends, DA!, I can always haz backup space.

Running any type of scanner will not help as by the time it finds the malware, it has already infected your computer and encrypted your files. Also, not only is the free version of MBAM not legal, it is not as good as the SBE version to run along side your AV. I would recommend running scans with your AV just as before and then run MBAM. You can run them both in real time and scan only in Sophos, ESET, Avast, etc. You want to prevent it getting on your computer to begin with. It uses previous malware on your system as one way of obtaining access, so keep your computers virus-free as always.

Keep as many files read-only as possible. Most of the time your files don't need to be written on. Try not to give anyone, including yourself, admin privileges.

It is not a virus so it cannot travel from computer to computer but it can access any file that you can. If you have the cloud, do NOT make a drive letter. Is it a good idea to keep a backup that is not connected to the computer.

But, the morning scan will not help anything as by then your wallpaper will already be the demand for ransom.



I guess if you didn't like someone you could make this his/her wallpaper.

I'm still thinking about this new threat to our data, and would appreciate any answers and further advice.

Obviously, prevention is the best policy, firewalls, anti-viral, anti-malware, and good practices of data protection in the office. But, that only minimizes the risk. We and the defensive software aren't perfect all the time. Our data can still be illegally copied or it can be lost- stolen, corrupted, encrypted, destroyed in a hardware problem or fire.

Strong encryption of the data is the best way to minimize risk to the patient and business if it is copied or stolen by criminals. What is the impact on the network performance with strong encryption of the data? Is there any reason not to encrypt the critical data? What program would you use for server encryption? 256 or more for medical data?

Back up is to prevent permanent loss of the data, and frequent backup is to minimize the work of recovery.

Online backup is great for physical damage and theft, but is a lot more expensive if you save a full copy every day to deal with corruption or encryption. I have four 300 GB drives in raid 10. I have no idea how long it would take to make a full back up of the 135 gigs of just critical files I have, much less making a clone of the whole server every day. Does anyone do full back ups online with hundred plus gigs. How many days should you have? I am only doing differential backups online.

I have NASs for full image back ups of my server array every week and a differential backup every night. But, I don't see how it could prevent encryption of the data, if cryptlocker can encrypt the whole NAS. Any way to prevent that? The defense of cryptolocker seems to be having detached back up drives.

So, it seems to me that I should improve on my external drive back up. Instead of 4 drives, each connected for a week while doing a differential back up every night, I would increase to 5 drives, M-F, and a daily differential back up during the day when I know the data is stable, with disconnect from the lan when done.

I am thinking of having another desktop at my desk to receive the server's clone differential every day over the lan that would be turned off as much as possible. I would start and hook it up to the lan at lunch time, use remote desktop to start the server's backup to the desktop,and hopefully it would be done before the afternoon shift got started so I can unhook it from the lan. I would connect the external drive to the detached desktop, and do a copy of the clone over the afternoon. Just cause I'm lazy enough to want to do everything from my workstation, instead of the server closet, while I eat lunch. Welcome to any advice.

I've heard of an old habit from before online back up where you have 3 drives. One for copying the computer at night, one for your bag, one for staying at home, and cycling through them every day. Probably the cheapest back up for anal people.

Unfortunately for this, but thankfully for almost every other part of my life, I am not an anal person. So what are the bottlenecks or other problems I'm not seeing?

Dan,

I think you may be over thinking this a bit. And, a bit too worried. With Cryptolocker you sometimes get your data back. With other malware, you can't even run your computer.

Encryption is only in effect when the computer is off. Not many viruses get in those. It's not encrypted when it is running and most servers run 24/7. The key is to back up to an encrypted drive. Or disconnect as you say.

It is not feasible to do a full backup online each day. A GB of data just takes too long. What you are doing is fine. Diff, incremental or dedupe is the only way to go. That is why some of these online services provide sending a hard drive of your data overnight. And, in much the same way, "seeding" your backup.

I am way over the top as I do two full backups each night. I have five drives to back up to, so I end up thirty or so backups, 25 or so are likely useless for restoring -- just good for finding a file.

What software are you using for a backups? Take drives home is a great way to go expect we all end up forgetting. You are better off having a company put a safe into the floor and putting the backup there.

You are right to be worried. But, they key is backups, backups, backups. With Cryptolocker you will only be 24 hours behind. The backup just done could be infected. The one prior won't.

Remember the mantra: Once infected, always suspected.

Oh and the answer to your question for the best encryption software:

Free: TrueCrypt

Pro: jetico.com

But, you souind like you are at the point where you may want to go with a professional backup system such as Zetta and Barracuda. But, they are pricey.

If you take home the drive, you best be sure it is encrypted. A non encrypted drive with PHI that gets stolen is a serious HIPAA offense. And, if it is encrypted, why take it home? If someone steals it from your office you don't look that bad, but if they grab it from your car, you do.

I figured I would take a few paragraphs from TrueCrypt (again free) web site. Also check out Jetico. I use BackupAssist, and once again, I have to say it is the best backup software available in small business price range. With the backups I use, it automatically encryps the date. Just remember one thing: The password!

TrueCrypt is software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type ? typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Note that TrueCrypt never saves any decrypted data to a disk ? it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Thanks Bert,

As usual, I learned a lot. I have Acronis server, but would probably buy Novastor now since Acronis is so expensive.

So the previously done back ups would not have been encrypted by cryptolocker is good news and the NASs would have a viable backup is what I understand from your post.

So encryption of the data is not helpful in the way I thought it was. Mainly useful for physical theft of the server or a NAS which would turn them off. It wouldn't help if one of the clients became a zombie and started sending data from the server somewhere.

I could write a book on Acronis. If it is working correctly, then it is awesome. You are a much smarter man than I, if you set it up.

I have two Buffalo NASs and one automatically backs up to the other. But, yes, I could possibly see having the CryptoLocker on your server and not knowing after hours (for some reason you do something on the server) and the nightly backup backs it up. That backup is no good even though the removal of the CL is simple. But, the backup from the day before would only be encrypted if you didn't notice a problem the entire next day.

I have to admit, I went out and paid over $200 to get MBAM pro which can run real time next to your A/V. Don't worry so much about scans, but having real time scanning and just detection.

We have the best and the worst. We have info that is sacred, but we also have info that no hacker wants. They want bank statements, credit card date, etc.

I love little sayings that have a ton of meeting. I was on EE once and asked a question about hackers. And, the expert said:

Can a hacker get into your server? Definitely, no matter how secure.
Does a hacker want to get into YOUR server. Probably not.

Wow. Encryption, RAID10, 5 drives, Acronis, Buffalo NSA's and MBAM Pro. Plus all of the time and energy figuring them out.
Maybe I will stick with my cheap back up plan, and be careful not to open attachments from strangers... and if lightning strikes, maybe just pay the $300.

I just paid for it. Everything I know about computers is the result of hundreds of mistakes.

Jon, you're right that I'm over-reacting, but not all of us have Russian friends who will take care of the problem for $300.

I too would gladly pay the $300. Would you pay $30,000+ for your data? I'm not worried about cryptlocker right now. They are treating every attack like it has the value of a home network. $300 is peanuts for our data. It is son of cryptolocker in the future I am worried about.

Soon, the data kidnappers are going to start going where the money is, and we are the sweet spot. It could get as bad as being rich in Central or South America. We don't have professional protection from an IT department and we just aren't going to get the justice system all excited about twisting arms in central Europe, but out data is worth 10-20% of our yearly income. As soon as they start targeting attacks, the pain will escalate.

I don't know if my business insurance covers seeing half as many patients a day for 6 months to rebuild patient data. I don't want to use savings to float the practice for 6 months. I do know I don't want the stress. I don't want to lose my nights and weekends.

We are living with bitcoin, the dark web, and criminal enterprises going where only geeks used to go. I think it is going to get worse. A disgruntled employee, a patient with a bad outcome or frustrated with your office. They might have revenge on their mind instead of venting to the State Board.

I know 2 physicians with data catastrophes. One a fire and one a theft. It left a mark on them.

Here we go again. Instead of P2P vs Domain, it is don't take security seriously vs taking it seriously. I know a lot of it is tongue in cheek, but it's not funny to Dan. And, I think he's pretty much right on target. So, let's break down your post.

Encryption. Your cleaning person takes your server. Encrypted, buy a new Dell. Not encrypted, find a new job.

RAID 10 How does one argue against redundancy?

One hard drive It crashes maybe $3,000 will get your data back. RAID 10 What are the odds that multiple drives crash at once?

Five drives You can purchase one large drive or five smaller ones. Not much price difference. But, with five, you get better performance and you can do a RAID 5, 6 or 10.

Acronis One of the best backup solutions on the market vs, I guess, not backing up?

Network Attached Storage: Let's see. Adding tons of backup space, likely in a RAID, so all users can save and backup data. I just happen to be able to put mine 500 feet away from the server in a basement. Fire or flood, kinda covered either way. Difficulty: Pick up NAS. Put down next to RJ-45 jack. Connect with Ethernet cable. Plug into electrical outlet. Turn on.

MBAM Pro: Basically known as MalwareBytes and considered one of the best malware detection software AFTER the fact. The pro version is just because it is specifically geared toward CryptoLocker and so you are licensed properly.

Cheap backup plans are the single biggest reason for data loss. Some people make one backup. Some have more than one but on one backup drive. Not a good idea. Many only back up certain files instead of the whole computer. I would probably give the $300.00 a shot, but I wouldn't wait around for the key.

I think the time and energy for configuring them is a hobby for some of us. Personally give me setting up backups with encryption any day over going to a Pri-Med convention.

And, opening an attachment is not the only way to get a virus. First, you aren't the only one in the office. Plus, most employees aren't going to be as savvy. Opening the wrong website is one way to get the CL. Just go to Google Images, which is known for viral-laden websites. Wait until your receptionist uses her USB drive to load his/her latest pictures to upload to Facebook.

Dan, I am totally with you.

and a thank you to Bert
after reading your posts on crypto decided to look at malwarebytes and after looking went ahead to pay for pro version
was sitting at my computer Friday in the office when malwarebytes pops up with a message re: blocked intrusion attempt at port 3389; huh someone trying to get in via the 'standard' RDC port, imagine it was some robot programmed to scan ip addresses to see who has port 3389 'open for business'
Wasn't blocked by Norton 360.
Maybe it was nothing but glad I had malwarebytes on; makes me wonder also should I change port for RDC?

That's a good idea. It's one of the most commonly scanned ports. Once it's found, then the hackers begin their dictionary attacks and/or brute force.

Nice job, koby.

Sandeep will tell you never use a word for a password. A four character non word is better than a 20 character word, because it will be in the dictionary. Having said that, a four character password isn't very good either, lol. Want to use minimum of eight character, lower case and upper case with a number. Putting the number inside the password will increase its strength dramatically.

Definitely change the port 3389 to a different port. You can check your event viewer logs to see how many times a scanner tried to get into port 3389. As Sandeep and I were talking about earlier, the new OSs have a gateway so you don't need to open a port that is open all the time. Makes RDP much easier as well.

To be fair to Jon, knowing him, he was probably pointing fun at himself more than the other way around.

Well, as usual I have learned something from reading the board. I didn't know about Malwarebytes, but decided I should add it. While out shopping today, I discovered that Sam's club is selling a retail box, Pro version, 3 one year licenses for $24.98. (The online price is $24.95 for 1 license.) Needless to say, I bought it, and am installing it now.

Thanks to all who contributed to this thread.

Jon is great and always brings wisdom to the conversation, while I'm trying to get free advice.

Bert, let me ask you a practical question about budgeting for the anti-softwares. I am getting ready to renew subscriptions for anti-virus on my clients, and since I'm getting malwarebytes pro, I think this year I'm going to get a free anti-virus, like AVG, which seems to rate better than Microsoft Security Essentials.

Since I won't have to worry about malware, is there a reason to go with a paid anti-viral? If so, which one, and if not, which one.

There's karma points in it for you.

In my opinion, AVG has taken a few steps back over the years. If I were able to use a corporate license for MBAM (something I am still looking in to), I would have. One key I look at in anything I purchase is whether it has central control.

ESET is incredible control app with great support and allows you to do anything with the settings. And, the latest version has a server version which allows automatic exclusions of certain software and system files, which I dread so much, I didn't even run an A/V on the server. And, I found out first hand why you need exclusions if you run Exchange, etc.

So, my advice would be to pay for your base A/V with my bias of ESET Nod32, complement it with Malwarebytes Pro, run a weekly scan of each at different times and run real-time scanning all other times.

hi Bert or Sandeep ,
as I am not as tech saavy as you, could you please clarify on the port change- according to microsoft we need to change the listening port for RD in the registry. So if we change that to a different number , do we use the same number to re set the router for port forwarding ?
sorry I have only used 3389 - when I forwarded 443 which MS says the RD gateway uses I was unable to connect but it did work with 3389 hence the question.
thanks
Bala

Hi Bala,

Do you have SBS Essentials/Standard that have the RD Gateway? I'm not sure if you're running SBS/Server or Windows 7/Desktop. The RD Gateway only comes with the former.

Usually in the router you have an option for a public port and private port. You can set the public port to whatever number you between 10,000-65,000. Then when you connect from outside the office you need to specify that port number. Usually you can just add a colon and the port number after the IP.

Example with IP 70.0.0.1 and port number 38512
e.g. Computer name: 70.0.0.1 :38512

However when using SSL/RD Gateway, 443 should be the public and private. Then you login via the gateway.

Sandeep can help you with this better than I, at least quicker, but if you use 3389, you may want to change the port.

Unfortunately, if you use multiple computers, you have to keep forwarding the port number to the next highest number and use that after the colon. But, once set up, it is rather easy.

On your "server" go to Administrative Tools, up to Terminal Services and see if you have TS Gateway Services. If you don't have these, you probably don't have a Remote Gateway. Part of the difficulty is that Microsoft continues to changes names from RDP to RDC to Terminal Services to Remote Gateway, etc.

hi Bert and Sandeep,
I use a win 7 desktop as my main computer.
on my Router settings for port forwarding I have the following options-
1. enter the LAN port and IP info- starting port , ending port and LAN address
2. enter remote port ( is this the same as public port?) and IP info ( OPTIONAL) - starting and ending port and remote IP address- I AM ABLE TO USE RD WITHOUT PUTTING ANYTHING HERE and leaving it blank i.e if I put in my public IP adress : 3389 I am able to connect,
I DO NOT HAVE THE OPTION OF PUBLIC OR PRIVATE ON MY SETTINGS
so my question is do I have to go to the registry and change the listening port or can change my ports just with changing these settings ?
thanks for your help
Bala

If you take a router, your settings will be:

Public IP: IP address given to you by your ISP or Dynamic IP. The private side of the router's IP will be the IP address of the router and is the LAN's default gateway, usually something like 182.168.16.1. By default ALL traffic inside to outside is allowed. By default ALL traffic outside to inside is blocked. Using Access Lists, you allow traffic from the WAN to the LAN such as 80, 443, 987 (SharePoint), 3389 for RDP. These can then be forwarded to the IP address of your server if you are using DNS and your clients are pointing to that server.

Given that by default, all traffic from inside to outside is allowed, you can choose to deny traffic which you don't want used. But, you can never deny four things:

1. HTTP service from the LAN to the router is always allowed.
2. DHCP service from the LAN is always allowed.
3. DNS service from the LAN is always allowed.
4. Ping service from the LAN to the router is always allowed.

Do you have static IP addresses? What brand and model router do you have? Have you downloaded the complete guide of the router and gone through it step by step?

If you do not have a static IP, it would be much easier to set up a domain name and work with the router. You can use DynDNS, but static is still better in my opinion. While you can get by with one IP address, many ISPs provide seven the first and last which are not useable. I have to use three as I use one for my public IP, one for setting up wireless access for my patients and one for VoIP. Yes, I could have used the guest account and I could have used a VLAN, but I prefer it this way. And, if I want to run a web server...

If this is really extortion, why is the FBI not involved? If people are sending ransom money, it must be trackable. Are they hiding in unfriendly countries?

The FBI is involved, but it is easier to find someone running from a bank, than sitting behind a computer in the Deep Web using 20 proxy servers that are likely taken down daily. They take only Money-Paks from Walgreen's etc. get the number from the CL victim, get the cash instantly, and on to the next victim.

Hackers understand the Internet better than almost anyone. Even Al Gore.

Yea they are using BitCoin as currency as opposed to traditional money. That makes it very difficult to trace. There's no account numbers, tracking/routing numbers, etc. that are typically associated with a monetary transfer.

Bert's right. They have a domain generator that allows them to stay hidden and makes them difficult to catch. They also exchange keys with these randomly generated domains.

If you can use Remote Desktop without opening the port in the firewall, that suggests that you have UPnP (Universal Plug and Play) enabled. UPnP will automatically open certain ports if the local computer makes a request. While it's convenient,it's obvious that it's also a security risk. That means if you had a virus or something, the virus would be free to use whatever port it wanted.

• LAN Port Start = 3389
• LAN Port End=3389
• LAN Address = 192.168.x.x (The local IP of the computer you want to remote into)
• Remote Port = e.g. 24656 random number between 10,000 and 60,000 (yes, this is the same as the public port. It has lots of names: remote, external, public,etc.)
• Protocol = TCP

I usually advice against this. For instance if you had SBS or Remote Gateway, the web access wouldn't work if you changed the port via the registry. If you have the option for a public/remote/external port on your router, that's always best. It's also more convenient if you need to remote into a computer in the office. It makes it easy to forget which computer has which port.

Used to be fun setting up all these port forwardings and access lists using the Cisco PIX and the CLI. I would always hold my breath when I would enter the command, hoping I wouldn't see the four lines of error message. At least the error was obvious from the message. But much more fun and faster than a GUI. Or at least more rewarding. It certainly taught you networking better. All of the inside:outside and outside:inside or whatever the format was taught you public and private, etc.

thank you so much Sandeep and Bert for clarifying this .
I will use your suggestions .
One final question- is RD just as secure as LogMeIn if I use the settings as above ?
thanks again
bala