I know many web hosts use it and many don't I understand the different sides of the argument. But when it comes down to it I guess I am still wondering what if any certification program is worth going with. Is Hacker Safe the best for the money or are the others out there just as effective for less money? And do they really attract hackers looking to prove a point?
I guess I am looking for more then just opinions here. Does anyone have any real experiences they can share here?

Greetings:

From the technical end, we have had customers use a variety of services like hacker safe including hacker safe.

Almost every time the security scan is done, they have wrong information -- wrong server version, reported vulnerability that either does not exist in the version installed, does not exist period, or is already handled via one way or another.

So then you spend x amount of time correcting their faulty scans.

So from a handling perspective, they are a pain.

Thank you.

We've found HackerSafe to be effective in finding vulnerabilities in our network and providing solutions for this also. We signed up as a reseller and it was a great choice as we get 3 sites covered as well as recurring commissions from new sign-ups. We are also able to offer free PCI scans for our current clients. All in all its a program which has boosted our hosting sales and due to the reseller setup actually made us money too.

I would never count on an automated scanner such as HackerSafe to test the security of our systems. New threats crop up all the time and the only real sure fire protection against hackers is a knowledgeable and motivated security admin on staff.

Furthermore, I'd never stick something like "Hacker Safe" on the front of a website. That would be just asking to get hacked.

I would never count on an automated scanner such as HackerSafe to test the security of our systems. New threats crop up all the time and the only real sure fire protection against hackers is a knowledgeable and motivated security admin on staff.

Furthermore, I'd never stick something like "Hacker Safe" on the front of a website. That would be just asking to get hacked.

Ditto. Also, as dynamicnet stated - we've had customers using it on their servers and the ONLY time we've ever heard from them are when false positives are reported. Its a huge waste of our customers' and our time.

On the flip side, I'm sure the average internet user (you know, the ones who like to forward virus warning emails and believe that the government is trying to pass an email tax) - probably gets all warm and fuzzy seeing the HackerSafe logo and might be convinced to part with their money easier.


--Tina

Ditto. Also, as dynamicnet stated - we've had customers using it on their servers and the ONLY time we've ever heard from them are when false positives are reported. Its a huge waste of our customers' and our time.

On the flip side, I'm sure the average internet user (you know, the ones who like to forward virus warning emails and believe that the government is trying to pass an email tax) - probably gets all warm and fuzzy seeing the HackerSafe logo and might be convinced to part with their money easier.


--Tina

theoretically, couldn't you just put up a image that says "protected from hackers, secure" or something similar for free?

and didn't geeks.com, which was hacker safe, get a ton of data stolen?

Worth the money - no. They increased the prices over the past few years with no additional changes to reflect it, the only reason they increased is because they got more popular essentially.

These and similar companies offer marketing logos essentially, they are not really good for anything more. Relying on them for "security" would be a bad idea.

If you have to choose any for the marketing logo basically then I would choose ControlScan.

Hi!
Absolutely not.

Bryon

Not at all, its a glorified marketing tactic is all.

No software/company however good can say a Server is "hacker safe"
I am sure as Tina said the "average" user it may make a difference too, but thats no reason to spend the $2,000 or however much it is now.

Ok, general consensus is that it is not worth it because it does not work up to standards. But what about the marketing value for it. We it attract more business and will that new business be of questionable quality?

And again, if Not Hacker Safe then what is the best replacement technology and why?

Who has had an increase in sales for using any other programs with relation to Hosting sector?

Well... I'd say it depends on your target customer base.

It sounds clear to me, that anyone who would choose one host over another solely based on seeing a "HackerSafe" logo... is stupid. Is that the type of customer you're marketing towards?

I ask that somewhat seriously, as it seems most of WHT hosts indeed do go after that market.

Ok, general consensus is that it is not worth it because it does not work up to standards. But what about the marketing value for it. We it attract more business and will that new business be of questionable quality?

And again, if Not Hacker Safe then what is the best replacement technology and why?

Who has had an increase in sales for using any other programs with relation to Hosting sector?

The thing with this is, the vast majority of people who opt for it (mostly e-commerce) most likely dont even get any benefits from it, because most are actively doing other things along side these logos to promote more.

Why pay to promote someone's brand?

Hacker Safe is not PCI yet too many sites make out it is which is a total lie.

That should make my first question be: why pay to promote someone's brand when it's not even understood by those who see it?

Well... I'd say it depends on your target customer base.

It sounds clear to me, that anyone who would choose one host over another solely based on seeing a "HackerSafe" logo... is stupid. Is that the type of customer you're marketing towards?

I ask that somewhat seriously, as it seems most of WHT hosts indeed do go after that market.

This is my feeling on these logos too.

From the point of view of me being a potential client, I see these logos and think "I'd rather not rely on a team that uses Hacker Safe Logos".. You know what I mean? Not being able to read though security bulletins and check them off against your servers installed versions is pretty bad. Once I see one of these I almost always browse away.

From the point of view of running my business. I'm sure the client's that I'm pally with would start making fun of me if I had one of these on any of my sites. Those that I'm not I expect are intelligent enough, to have this make them think I'm being lazy and wasting their money.

I think its safe to say the general consensus is no here. I wouldn't do it for the mere fact that Hacker's target those sites to make a point.

Atleast no for the web hosting industry.

Basically 75% of the consumers in the web hosting industry know what the logo is about and how stupid it can get.

Suppose your site was like that of eBay, where people come to buy jewelry, crockery and what-not; there you get an advantage. Customers just assume that your site is perfect for them and their confidential stuff and give you business.

It's all about the warm fuzzies. Just like SSL seals. And HS works for that.

Ok I have not used this application personally but from the sounds of it, this will provide one layer of security for your networks. In a perfect internet world you wouldnt need anything but in reality you will need at least these things to atleast give you a little more protection.

Have the following:

1.A router, which should be your first layer

2.have a firewall set up, now that could be a physical firewall (a workstation specifically installed and configured to monitor and direct traffic throughout your network) or a software based firwall (installing and configuring an piece of software that basically does the same thing)

3.Next install a proxy running through your network, which should provide the first 'exo layer' of encryption for your network, you then may follow on by installing SSH tunneling or watever you think works for your particualr business setup.

4.Install Anti-viral systems, its better to have atleast two running (make sure you frequently update the virus definitions to keep you secured from new and dangerous threats)

5.Install another form of firewall that specifically protect your ports from exploitation. It will do this by monitoring your main internet protocols like SMTP FTP TCP etc

6.One of the most if not the most important thing to do is have a specially made 'action' plan if and when your network happens to go down, this may include staff training, text and video presentation to basically outline what is your 'Plan B' if you will if your network goes down and how to respond to it.

This is by no means be a fool-proof plan but it will seriouslyincrease your security and give you a real advantage of other providers when it comes to the reliability of your networks.

Hope this helps both you and other users.

We have a couple of clients using hackersafe specifically.

They are all online retailers and all feel it has helped their business. However, the amount of time required to futz around and "fix" the false positives reported (I think it was something like 48 on the first scan of our latest client using it) and then to deal with the clients who think that we are not keeping our servers up to date, even though we have a weekly checklist we do on every server...

From my perspective as a webhost, it's a pain in my backside, but if it helps my clients earn more money, then perhaps it's worth it.

And no, we haven't seen more hacking attempts on these sites/servers since the logo was added.

Greetings xxen:

Since most attacks over the past several years have been blended with many of them being in the form of web-based injection attacks (which make firewalls, a necessary, but close to zero value evil -- in terms of attack prevention), how will your suggestions help?

Thank you.

I am glad you asked :)

While the list i have created is far from fool proof it does however serve as a genral purpose protection brace for your business. The list i have previously specified will protect your business from outside attacks i.e connecting to your netowrk remotely and gaining access to your servers and valued data containing your business and trade secrets. By installing other systems such as AV, proxies etc it will detect any for e.g. trojan horse entering your system. The port scanner will also proove invaluable to your networks security because one of the first things an attacker will do is 'case' your network and gather as much information as possible via port scanning as the preffered method, once they have found information they will then scan for open ports. I can reccomend some good software to help combat this..(ProxyFirewall) which will detect any and all connection being made to your system and will give you the option to either disallow the connection or let the connection through or connect via a proxy.

Now you mentioned SQL attacks being popular among web based attacks and that is most certainly true :)ONE OF THE BEST WAYS to combat this threat is to do the following.
1.Get involved with security forums and learn about mew methods that could proove harmful.
2.Get a vulnerability scanner that will scan your webserver for security holes. You can specify depending on the software to look specifically for SQL vulnerabilities.
3.Go back and search for new threats that have been found on the net(new lop holes are found every day)

Now those are three good places to START but i reccomend that you may want to take even further actions. If any one wants more information/help please <<ask here in the forum>>, i may even write a tutorial when i have some free time. Hope this helps

I just wanted to add that we were one of the companies that chose to purchase the HackerSafe seal when we first began. I believe we had the seal on our website from 2005-2006 if I'm not mistaken. I had placed the seal above the fold in the top right portion of our website.

Did it make a single bit of difference? ABSOLUTELY NOT!

We noticed absolutely no increase in sales and our tech was also very unimpressed with the reports the scans generated.

I think we may have acted on the first scan, but the 2nd and so on were all ignored. The Seal was just for piece of mind for the customer and even that didn't matter to our customers based on signup numbers.

Anyways, we cancelled with them when it came time to renew and we have yet to add anymore seals to our website.

If I was ever going to do this again, I'd go with an alternative company that offers the same service for 1/20 the cost.

Instead of spending the money of a useless seal - spend the money on a phone number and answer it - put the phone number at the top of your pages. If anything a customer not sure about making a purchase will call the number and you can ease them into your service.

If I was a potential customer - would a copy and pasted image replace my security concerns? Of course not. But at least talking to someone on the phone would make me feel like I'm dealing with a real business and not some fly by night operation out of your basement.

Is Hacker Safe the best for the money or are the others out there just as effective for less money?

Hacker Guardian is about %10 of the cost and is virutally identical.

Don't expect it to secure your server, but it can give you PCI compliance which your bank/Moneris may want if you are accepting card transactions. It may also lower your insurance costs.

As for marketing it doesn't hurt.

If I was ever going to do this again, I'd go with an alternative company that offers the same service for 1/20 the cost.

that's exactly what i found here:

scanverify.com

pretty affordable...

I think in some markets just having it would prove to ease the minds of the unknowing. The niche I am looking into mostly deals with customers that would not know, but would feel all fuzzy inside seeing a logo like that. This market by the way does not deal with hosting actual websites as its main focus, but rather hosting files and users.

So, I guess you would have to evaluate it from the stand point of your market and customers. If I was going to start a regular host, then I would not worry about it for the most part.