AMTSO Publishes First-Ever Guidelines for VPN Testing
SAN FRANCISCO, CALIFORNIA / ACCESS Newswire / February 19, 2025 / AMTSO, the cybersecurity industry's testing standard community, today announced the release of the first in a series of VPN Testing Guidelines, focusing on performance assessment. This publication marks a major step forward in providing standardized methodologies for evaluating VPN services. The new guidelines, developed by AMTSO's VPN working group which includes VPN vendors and testers, offer comprehensive testing recommendations to ensure fair and effective assessments of VPN performance, security, and reliability.
As VPNs have long become an essential tool for online privacy and security, evaluating their effectiveness has become increasingly important. AMTSO's VPN Performance Testing Guidelines cover key aspects such as:
Launch on-boot and auto-connection testing - ensuring VPNs activate automatically to protect users from the moment their device starts.
Internet kill switch tests - verifying that no data leaks occur if a VPN connection drops unexpectedly.
Leak prevention controls - assessing whether VPNs effectively block DNS, IP, and WebRTC leaks.
Split tunnel testing - checking whether users can exclude specific applications from VPN encryption without unintentional leaks.
Speed and latency tests - evaluating the impact of VPN services on internet performance under different network conditions.
Website accessibility and resource consumption - measuring how well VPNs maintain access to websites and optimize device resources.
'This first release is an important milestone in our mission to provide testing guidance in the world of privacy and security,' said John Hawes, COO of AMTSO. 'By setting clear benchmarks, we enable fair comparisons and help users make informed choices when selecting a VPN provider.'
AMTSO invites independent testers and VPN vendors to adopt these guidelines in their assessments and join the ongoing efforts to refine VPN testing methodologies. Moving forward, the AMTSO VPN Working Group will expand its focus to include malware testing within VPN environments and additional security feature evaluations.
The guidelines were created by AMTSO's VPN Working Group, with contributors including AV-Test, SE Labs and Nord Security.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
10 hours ago
- Forbes
New VPN Attack Warning — What You Need To Know
Virtual Private Networks have been the subject of myriad news headlines recently after the U.K. government's Online Safety Act put in place age-verification requirements for sites with adult content. The humble VPN, often associated with advertising persuading users that it's something necessary to protect against hackers on trains, at airports and in coffee shops, but most commonly used to bypass geographic content streaming restrictions, is not just a consumer app. VPN appliances are used for grown-up, serious security purposes within enterprises around the globe. So, when researchers issue a warning of a potential VPN attack, it's not something that can be dismissed. Here's what you need to know. VPN Security Has A History Of Compromise Let's get the virtual elephant out of the private networking room before moving on to the latest VPN warning. A VPN app, far from being a security silver bullet, can actually just be an extension of your threat surface. How many examples would you like me to provide as evidence of this? I'll throw Google's warning about a backdoor bundled with a free VPN app into the ring for starters, or how about the FBI warning concerning Medusa ransomware compromising VPN credentials? One more? OK, the recent Katz Stealer warning as this threat also targeted VPN credentials. The latest VPN security warning comes from Julian Tuin, a senior threat intelligence researcher at Arctic Wolf Labs, who has confirmed that 'an increase in ransomware activity targeting SonicWall firewall devices for initial access,' has been observed late in July. More specifically, Tuin said, 'multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs.' While there can, and should, be questions asked as to whether these attacks could have occurred thanks to brute force or credential stuffing methods in at least some cases, Tuin warned that the 'available evidence points to the existence of a zero-day vulnerability.' Not least as some of the SonicWall devices were fully security patched and had also had credential rotation applied before the attacks took place. 'Despite TOTP MFA being enabled,' Tuin said, 'accounts were still compromised in some instances.' I have reached out to SonicWall for a statement and will update this article in due course. Mitigating The Potential For VPN Attack Given that the Artic Wolf report revolves around a spike in attacks involving the Akira Ransomware group, known to have compromised more than 300 organizations and with some very high-profile names published to the hacker's data leak site listings, the threat should not be taken lightly. Throw in the fact that SonicWall only recently issued a warning regarding the CVE-2025-40599 vulnerability in SMA 100 appliances, which could see remote code execution if successful, and you would be foolish not to at least mitigate against the potential of attacks. 'Given the high likelihood of a zero-day vulnerability,' Tuin said, 'organizations should consider disabling the SonicWall SSL VPN service until a patch is made available and deployed.' Meanwhile, SonicWall has previously said that organizations should harden defenses, including security services such as botnet protection that can help detect those targeting SSL VPN endpoints, as well as enforcing multi-factor authentication.
Yahoo
11 hours ago
- Yahoo
Trustless VPN signups surge as UK Online Safety Act sparks privacy rush
Signups for virtual private networks, or VPNs, are surging after new provisions from the UK's Online Safety Act that enforce age and identity checks and require sites to block certain content for UK users came into effect last week. So-called trustless or decentralised VPNs that tap into blockchain technology are benefitting too, despite stiff competition from more mainstream products. 'Traffic does seem to be increasing, and users from the UK are increasing,' Harry Halpin, CEO of Nym Technologies, the firm behind NymVPN, told DL News. Spokespeople from two other trustless VPNs told DL News they've also seen an uptick in signups and traffic since the UK's new rules came into effect on July 25. What are VPN? VPNs are software that encrypt users' internet traffic, making their browsing history and location harder to trace. They allow users to access websites blocked in the UK and dodge identity checks. Their increased use comes as UK residents push back against the Online Safety Act. The act is meant to protect children by blocking access to websites that contain material harmful to them, such as porn sites. Web users can remove the blocks by providing sites documents such as bank statements or passports to verifying their age and identity. But critics say the rules are being applied too broadly and that even adults are struggling to access legal content. Others argue that the blocks do little to protect children as they are easily circumvented using VPNs, and the mandatory age and identity checks threaten users' privacy. No control Trustless or decentralised VPNs advertise themselves as a more private and secure alternative to commercial VPNs. 'Most commercial VPN providers are centralised,' Halpin said. 'Centralised VPN providers can actually directly see all of your internet traffic, even if they claim to use encryption.' Several commercial VPN companies that say they don't log user activity have been caught doing so. This is a problem, Halpin said, because it means those VPNs can easily hand over their users' data to authorities should they request it, or lose the data in a hack. Decentralised VPNs, on the other hand, operate similarly to blockchains in that they are made up of a network of distributed nodes. Proponents claim this means they cannot collect or log users' data, even if they wanted to. 'There is no central point of control,' Freqnik, a pseudonymous core developer at Meile dVPN, told DL News. 'Decentralised VPNs reduce the trust barrier.' Many decentralised or trustless VPNs leverage blockchain technology. Meile dVPN uses Sentinel, a decentralised blockchain marketplace where anyone can buy and sell internet bandwidth. Others, like NymVPN, let users pay for their services with privacy-preserving crypto like Monero and Zcash. Downsides Yet there are downsides to the enhanced privacy. 'With great freedom comes great responsibility,' Freqnik said. 'Any decentralised network, whether it be blockchain or peer-to-peer connections, is prone to bad actors.' Meile says it solves this issue by assigning nodes on its network a score based on the quality of service they provide. Some users also worry that decentralised VPNs won't be as performant as their centralised counterparts. According to Halpin, the extra level of anonymity NymVPN provides does slow it down. He said the speed is enough for instant messages and cryptocurrency transactions, and that Nym also offers a faster, less anonymous version of its VPN. For privacy diehards, these downsides likely aren't an issue. But for more casual users it might be a hard sell. After all, commercial VPNs do just as good a job of helping users bypass website blocks, the main reason users are flocking to the software. 'From what we can tell, centralised VPNs seem to be benefiting the most,' Freqnik said. 'Decentralised VPNs are still under the radar.' Tim Craig is DL News' Edinburgh-based DeFi Correspondent. Reach out with tips at tim@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
CNET
a day ago
- CNET
To Bundle or Not to Bundle: Your Guide to VPNs and Other Cybersecurity Service Packages
Even though VPN bundle subscriptions have been around for a few years now, the trend is showing no signs of slowing down. A handful of the companies we've traditionally thought of as 'VPN companies' are becoming much more than just VPN companies. They're essentially rebranding as comprehensive cybersecurity solutions -- a one-stop shop to cover all of your online privacy and security needs. But there's an abundance of bundles, and it can sometimes be challenging to tell which ones offer the services you need at a good value for comprehensive cybersecurity protection. Ultimately, it comes down to your specific use and needs, as well as your budget. I've spent a decade reviewing VPNs, specifically, and have dabbled in reviews of other cybersecurity services like password managers. Based on that cumulative experience, I've laid out the most notable VPN bundles available, along with recommendations for both bundles and a la carte options, with the help of some reviews from other CNET colleagues, particularly for antivirus services. Breaking down the bundles Each VPN provider that offers bundled services delivers a slightly different suite of tools. The providers of note here are Proton, Nord Security, Surfshark and ExpressVPN. Here is what each offers and what each one charges for its basic VPN plan as well as bundled subscription options. (Note that ExpressVPN currently doesn't offer a tiered pricing structure.) Proton Proton is for the privacy purist who wants comprehensive privacy and security protections from a trailblazer in privacy tool bundling. VPN Plus: $10 per month, $48 for the first year (then $80 per year) or $72 for the first two years combined (then $80 per year) VPN Proton Unlimited: $13 per month, $120 per year or $192 for the first two years combined (then $120 per year) VPN Password manager Encrypted cloud storage Secure email Encrypted calendar Nord Security (NordVPN) NordVPN is excellent for power users and anyone who wants a premium bundle that ticks many boxes. While its Threat Protection Pro anti-malware protection isn't a full-fledged antivirus solution, it comes close and has been approved by AV Comparatives as a reliable anti-phishing tool. Basic: $13 per month, $60 for the first year (then $139 per year) or $81 for the first two years combined (then $140 per year) VPN Plus: $14 per month, $72 for the first year (then $180 per year) or $105 for the first two years combined (then $180 per year) VPN Anti-malware protection Password manager Complete: $15 per month, $84 for the first year (then $219 per year) or $129 for the first two years combined (then $219 per year) VPN Anti-malware protection Password manager Encrypted cloud storage Prime: $18 per month, $108 for the first year (then $372 per year) or $177 for the first two years combined (then $372 per year) VPN Anti-malware protection Password manager Encrypted cloud storage ID protection Surfshark Surfshark is great for budget-conscious users looking for unique bundling options that include antivirus, private search and a personal detail generator. However, Surfshark is the only VPN company listed here that doesn't include a password manager. Starter: $15.45 per month, $48 for the first 15 months (then $79 per year) or $54 for the first 27 months (then $79 per year) VPN Personal detail generator One: $18 per month, $51 for the first 15 months (then $99 per year) or $67 for the first 27 months (then $99 per year) VPN Personal detail generator Antivirus Data leak alerts Private search One-plus: $20.65 per month, $91 for the first 15 months (then $119 per year) or $108 for the first 27 months (then $119 per year) VPN Personal detail generator Antivirus Data leak alerts Private search Data removal ExpressVPN ExpressVPN is somewhat of an outlier because it doesn't have a tiered pricing model and only offers a VPN, password manager and ID protection tools. It's also expensive, but if you're looking for one of the best VPNs on the planet and a capable password manager, then ExpressVPN is a solid bet. Monthly: $13 per month VPN Password manager Yearly: $100 per year (initial term lasts 15 months) VPN Password manager Dark web scanner ID theft insurance Credit scanner Two-year: $140 for the first 28 months (then $117 per year) VPN Password manager Dark web scanner ID theft insurance Credit scanner Monthly credit report Data removal VPN bundles at a glance Here's a look at what each VPN provider offers. Proton Nord Security (NordVPN) Surfshark ExpressVPN VPN ✔️ ✔️ ✔️ ✔️ Password manager ✔️ ✔️ X ✔️ Antivirus X ✔️ ✔️ X Encrypted cloud storage ✔️ ✔️ X X Secure email ✔️ X X X ID protection X ✔️ X ✔️ Personal detail generator X X ✔️ X Recommended á la carte options The possibilities are virtually endless, but if you're set against bundling with a single provider, I've put together three potential á la carte packages for you to consider based on CNET's recommended VPN, password manager and antivirus services to help you get started in your search for the optimal combination for your needs. (Pricing is calculated based on each service's annual price, with renewal prices noted immediately after.) Package 1: The budget-friendly package This is the package for you if you're looking for a quality package that won't break the bank. VPN: Surfshark Password manager: Bitwarden Antivirus: Malwarebytes Total: $93 for the first year, then $134 per year Package 2: The power-user package This package is great if you're looking for services that offer a variety of features and work on lots of devices. VPN: NordVPN Password manager: Keeper -- $40 Antivirus: McAfee Total: $130 for the first year, then $270 per year Package 3: The premium package This package is for you if you want a first-class experience with well-rounded services that work perfectly out of the box and require a minimal learning curve. VPN: ExpressVPN Password manager: 1Password -- $36 Antivirus: Norton 360 with Lifelock Total: $166 for the first year, then $213 per year What to look for in a VPN bundle Trustworthiness and transparency You have to put an enormous amount of trust in your VPN provider that it's doing what it says it's doing to protect your privacy and that it's not logging your online activity when you use its VPN service. You need to similarly trust the VPN company to properly maintain and secure its bundled service offerings. Before choosing a provider, do some research -- read unbiased reviews, get to know the company behind the service and look for regular third-party audits of its services. A trustworthy company should be transparent about what it does to keep you safe online, how it does it and why it does it. If the company doesn't seem trustworthy or transparent about its purpose or processes, choose a different provider. Services offered Of course, you'll want a company that offers the specific services you need. Not all VPN companies offer the same bundled services, so choose one that best fits your needs. Even if it doesn't check all of the boxes, you can always get additional services separately. And VPN companies continue to expand their bundled service offerings, so if your VPN doesn't yet offer the service you need now, it may in the future. Clear privacy policies Before committing to a provider, make sure to take a look through its privacy policies. Each individual service may have its own separate privacy policy, so I recommend looking through each one to ensure its privacy practices are sound across the board. Even if you don't read through the entire thing, search the page for terms like 'data sharing' and 'data collection' to get information related to how the company handles your data when using each of its services. In general, the less sharing, the better. Ownership Do a little digging into the company or ownership group behind the services you're considering. Has the company ever suffered a data breach, data leak or been involved in any unscrupulous data collection or sharing activities? Has company ownership been involved in any legal cases? If so, what were the circumstances and how did the company handle the situation? If you uncover any red flags, proceed with caution. Final thoughts After reviewing VPNs for more than a decade, ExpressVPN, NordVPN, Proton VPN and Surfshark are among the providers I trust the most for privacy. I'm inclined to trust each one in the development of any additional privacy or security tool they offer now or in the future -- which is why I can enthusiastically recommend the bundled packages offered by each one. Each VPN I spoke with told me in one way or another that they're still planning on expanding their services to evolve with users' needs, which tells me that bundled services are here to stay and that we can look forward to even greater parity between providers in the future. Ultimately, to bundle or not to bundle will be a choice only you can make for yourself. I hope this was a useful starting point in your online privacy and security journey, but whichever route you choose to take, make sure to take the time to research the provider(s) you go with to ensure they're doing their part to deliver the protections you need.
