Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘security’
April 10th, 2014

Behind the CARO conference’s curtains: Meet AVAST speakers!

For seven years, the CARO Workshop has been hosted in Europe. It is an outstanding technical meeting, attended by some of the best malware researchers in the world. In 2014, the CARO workshop comes to America. ~CARO’s conference official website

We are proud and happy to introduce you to our AVAST speakers and Security Experts from the Virus Lab. Peter Kálnai and Filip Chytrý are going to CARO’s (Computer Antivirus Research Organization) workshop to“Declare war against Android Malware.” We sat together and talked about their presentation, mobile malware, and general trends in the security industry.

Meet our security experts: Peter and Filip.

 

The theme for this year’s CARO conference is Mobile Space: Malware in a mobile world. As security experts, what changes and specific trends in malware development have you observed?

FILIP Well, this may sound cliché,  but the amount of mobile threats are rising and more sophisticated attacks appear every day. A few years ago, we would observe mostly primitive malware with only one or two capabilities such as to send paid SMS or track your movements. Now, however we have malware that can root your phone and became a device administrator, or command and control Apps which take control of your device by attackers. That’s why I believe we can stay tuned for more conferences concentrated on Android malware.  CARO is first, but hopefully not the last, conference focused on Android and mobile threats.

PETER I can’t recollect a different example, but this year’s CARO Workshop seems to be the first IT security conference completely devoted to mobile malware. The topic of our talk reflects trends in the Android threat landscape. Security experts nowadays observe an increased ratio of total malicious Android packages to unique malware families. Two particular cases appear most: The expansion of usage of Android packers and repackaging benign application with malicious code, so called piggybacking. Read more…

April 10th, 2014

Do you hate updating your passwords whenever there’s a new hack?

Advice about changing passwords from AVAST.

Change your passwords as a precaution against the Heartbleed bug.

We reported yesterday about the serious Heartbleed  bug which allows hackers to steal encryption keys from nearly two-thirds of all websites.

“This is probably the worst bug discovered this year. We believed in the security of SSL/TLS, and now discover that it comes with a hole that allows anyone to read our personal information such as passwords, cookies or even server’s private keys,” said Jiri Sejtko, Director of the AVAST Virus Lab. “We, as end users, simply can’t do anything, but make sure we are as secure as possible.”

That means changing your passwords. Again.

If just thinking about changing all your passwords makes you want to jump out the window, then here are a few tricks to help make it a little less painful. At the end of this post, we’ll share a tip on how to make password creation, as well as remembering them all, as easy-as-pie. So go all the way to the end. ;)

Why do cybercrooks want your password?

It takes serious effort to hijack accounts, so there must be some payoff at the end for cybercrooks.  Obviously, it’s not to get your vacation photos. Money is the most common motivation. Your money.

There are many ways of turning stolen data into money, but one of them is worth highlighting. Research shows that 55% of us reuse passwords on different sites. It is likely that you use the same password for Facebook  that you use for your bank account.  This means that cybercrooks can steal your money much easier. Never use the same passwords on different sites, especially for really important services.

Password basics

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Tricks and tips

Maximum password security requires at least seven characters, a mix of upper and lower case, a few symbols, and a sense of humor.

Create an acronym using a meaningful, easy-to-remember piece of information. Use a sentence like My wedding anniversary is 28 December, 2001. That phrase turns into this password, Mwai28/Dec.01.

Many sites require a special symbol like ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /. Use some of those to replace letters. Your password can be this, M<>ai28/Dec.0!.

Read more…

Categories: General, How to Tags: , ,
March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 6th, 2014

Who owns the Cyber-World?

Who owns the (cyber) world: GIRLS!

female expert

Well, maybe not exactly (YET), but the female presence and expertise should not be underestimated! :)

I bet you heard of  The Girl with the Dragon Tattoo. When the movie came out, we published a fun blog post about the main character, Lisbeth Salander, who was a problematic, but brilliant female hacker. In fact, in the cyberworld among gray and white hackers, those good ones who help to disclose security gaps, are filled with women, for example: Raven Adler, Gigabyte or  Joanna Rutkowska.

So let’s take a look on the cyberworld from the security perspective. Inspired by the following article, I figured out how many women are actually knowledgeable cyber security experts. Breaking stereotypes, like Adeanna Cooke, former Playboy model and hacker, women have broken into the geeky world that seems to be male dominated. Women are not only exploring different IT specializations, but exceeding as world class experts as white hackers, journalists, bloggers, speakers, consultants, virus analytic, developers,  all fighting cyber-crime. Strong, intelligent, all of them are great experts (and since we also love social media), we would like to recommend you to

Follow female security experts on Twitter

  • Erin Jacobs @SecBarbie
  • Charlie Osborne @ZDNetCharlie
  • Natalie Sambhi @SecurityScholar
  • Katie Moussouris @k8em0
  • Beth Pariseau @PariseauTT
  • Helena Edelson @helenaedelson
  • Aliya Sternstein @Aliya_NextGov
  • Kim Komando@kimkomando
  • Jennifer J. Minella @jjx
  • stacythayer @stacythayer
  • Mary Landesman @marylande
  • Patricia Rykiel @ComputerTweety

AVAST Software is also proud of its Ladies. You will find women across different departments of the company starting from the accounting , HR, support, sales, marketing.  But among us there are real security experts: Jana and Barbora, Analysts from the avast! Virus Lab; Alena, a developer focused on providing new technologies in the Virus Lab Systems;  and Jenefer from the Quality Assurance department, testing avast! solutions. All of them work as professionals in a very male environment delivering security solutions to the AVAST users.

We’ll be interviewing them in the next few days in celebration of International Women’s Day. Come back to the AVAST blog, and read about them. Meanwhile, say hello on Twitter to some of our great ladies!

AVAST ladies:

  • Alena V. @alenkacz (virus lab)
  • Deborah Salmi @deborahsalmi (social media)
  • Julia Szymanska @Dzulaya (social media)
  • Anna Shirokova @AnnaBandicoot (social media)
  • Marina Ziegler @Marina_Z (PR)
  • Caroline James @cazjames (PR)
  • Dominika Kalasova @DKalasova (PR)

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

February 11th, 2014

How to have a Safer Internet Day everyday

Safer Internet DayLet’s create a better internet together”.

Today, over 100 countries celebrate Safer Internet Day by focusing on how people, including teens and kids, use connected technology and what we can all do to make things better.

Since AVAST is trusted by over 200 million people worldwide to protect their devices, we asked some of them to share #OneGoodThing about how we can keep safe so we can use technology freely at home, school, and work.

#OneGoodThing

Kids can be adventurous, and not think about the consequences – online as well as offline. Khizer’s advice: Good protection and involved parents.

The Internet is a treasure of fun and knowledge for kids, but nowadays it’s full of unethical stuff and it is necessary to keep them safe.  Children should be friends with their Parents. If you find something that should be in the knowledge of your parents. Just tell them. Remember they will always support you.  ~Khizer J. from Pakistan

But Steve knows that the internet can’t be a babysitter, and has some strong advice for parents:

No matter if you have the strongest antivirus or parental controls, if you let your children play online unsupervised, they are at a high risk of being preyed upon. The real advice is to be next to them and teach them good secure online habits. You wouldn’t let your kids play around in Detroit without you, would you? As close to it as it may be, the internet is a bit worse than Detroit. ~Steve N. from the USA

Kevin’s dad has a good idea. This is what we call a “teachable moment.”

I’m a kid myself but a thing my father does when he gets a email from someone who is trying to trick him, to give them money, he shows that to me to make me see how such emails look like, and what I should look out for. ~Kevin G. from Denmark

Kids, and some adults too, can be careless about their privacy. These two AVAST mom’s share some basic tips that everyone should follow:

Listen up, kids. NEVER give your password away, even to your “best friend”. And if you want to choose a good password, remember that a long password is more important than a “difficult” password. The longer your password is, the harder it will be for bad guys (or gals!) to crack. ~Sheila E. from Canada

My main advice for my children’s safety when they are on the Internet is certainly not trust just anti-virus, even if it is as good as Avast. Most importantly, my first advice,  is think well before you click! ~Virginie M. from France

Not everyone is who they claim to be on the internet, so Eric warns kids to be careful about talking to strangers.

Be careful when chatting to others on the internet, the person might actually be a grown up pretending to be a child.  So never give personal information (like your address or phone number) and if they ask you to do something you think is wrong – you don’t have to do it (especially if they say they’ll hurt you or your family) & tell your parents, or a grown up. ~Eric E. from Ireland

This piece of advice sounds like it comes from personal experience. We’d like to hear the rest of the story, Brooks! ;)

Don’t go to any websites that you wouldn’t want dad to know you were on! ~Brooks S. from the USA

If you have something to add about being safer on the internet, please share your tips using the hashtag #onegoodthing.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
February 6th, 2014

avast! bug bounty program update

bug-bounty (1)

A year has passed since we launched the Avast Bug Bounty Program. Let’s see some results:

  • Almost one hundred submissions
  • 25 submissions rewarded about $10,000 total
  • One critical bug was rewarded $3,000

As you can see, this is a useful program – it helps AVAST keep our users secure and make our programs as strong as possible! After evaluating the past year, we have decided to change the rules a bit.

Bug Bounty updated rules

To encourage further research, we will double the bug bounty rewards. The base payment will be $400 and the maximum reward could go up to $10,000 per one submission.

We will remove Sandbox or DeepScreen escapes from the list of bugs that are eligible for a reward. The reason for this is that we are focusing on a new technology that should eradicate Sandbox escapes entirely.

You can find the complete rules here. Happy hunting!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: ,
Comments off
January 31st, 2014

How to use avast! Mobile Security: Privacy Advisor

howto2_enAt AVAST we work hard to improve your security and privacy. Mobile malware is increasing. If you aren’t yet convinced that this is an issue, please read the latest blog from the avast! Virus Lab, How are you doing Mr. Android?

Nowadays, besides the traditional way to get money – sending premium SMS – the collection of personal info and browsing habits are also trending. How do cybercrooks monetize this data? Managing the ads that are shown in your smartphone or tablet, suggesting apps, sending offers by email or displaying them in-apps.

If you use avast! Mobile Security, then you can run a Privacy Advisor scan to categorize all the apps in your device:

  • Collect location information: Because of their nature, some apps need to capture your location. These would be GPS navigation tools, outdoor sports tracking and weather apps, for example. Some of them do it for statistical reasons. However, the majority of them do it just to customize local (targeted) ads.
  • Collect device or mobile network information: Some apps use the device info for developer and statistical reasons. Your mobile network info is also captured.
  • Collect user behavior data inside the app: This data are mostly useful for the developers as they adjust and customize their own apps according to their customers’ use, and to separate free from paid features.
  • Show in-app banner advertisements: This is an annoyance. Impatient users could drop the use of the app due to this kind of ad.
  • Show in-app full-screen advertisements: This is a huge annoyance and if it occurs, it is an invitation to uninstall the app. This is why the developers only show them a few times while the app is running Read more…
Comments off
January 28th, 2014

Data Privacy Day at AVAST

Tuesday, January 28 is Data Privacy Day, an international effort to empower and educate people to protect their privacy and control their digital footprint. Here at AVAST, we will take the whole week to talk about privacy, and how we can make the protection of privacy and data a greater priority in our lives.

POST

Make sure you take the My Privacy IQ quiz to test your knowledge (and maybe win a free license and avast! teddy.)

What is the difference between privacy and security?

While privacy and security overlap in certain ways, they are distinct concepts. Security is defined as “freedom from danger or risk” and “precautions to guard against crime, attack, etc.” You use antivirus software to help protect against a security breach or having your personal data stolen by cybercrooks.

Privacy is “the state of being free from intrusion or disturbance in one’s private life.” This summer, we saw how closely connected these two concepts are when Edward Snowden revealed, through a security breach, how big data companies were complicit with the NSA snooping into normal people’s private lives.

Read more…

January 27th, 2014

Essentials packing list for FETC attendees

The AVAST Free for Education team is excited to be attending FETC 2014 in Orlando, Florida for the first time! As part of our preparations we’ve been making an essentials packing list, which we thought we’d share with you…

boothPersonal essentials

  • Comfy spring clothes We checked the weather report and were excited to see that it’s going to be warmer than the snow we have in Europe at the moment. No winter coats for us.
  • Suitable shoes We know that there will be plenty of walking and standing, possibly some skipping too (depends on our mood), super comfy shoes are one of our “must-have” items!
  • DEODORANT The days at the conference will be long, so we want to smell our best at all times!
  • Toothbrush and toothpaste We don’t want to scare any of our booth visitors off and plan on showing off our pearly whites as much as possible.
  • Passport/Identification We won’t name names, but we’ve seen first-hand how an out of date passport can pretty much render you useless for an international business trip :)
  • Currency Maybe you don’t have to worry about converting your money, but we sure are looking forward to carrying around some green “Benjamins” (okay, maybe more like some “Andrews”, and “Alexanders”)
  • Itinerary We’ve downloaded the FETC app, which we think is especially useful for planning your exhibition schedule (don’t forget to put booth #356 on your schedule!)

Conference essentials Read more…

January 27th, 2014

What is your Privacy IQ? Take our quiz and find out!

AVAST Software is proud to be a champion of Data Privacy Day, celebrated every year on January 28th. We encourage you to make protecting privacy and data a greater priority. Read on to find out if you are a Privacy Pro!

Find out if you are a Privacy Pro or if you need to learn more to protect your personal information online by taking the My Privacy IQ Quiz. Take the quiz here, by submitting your answers, as a comment to this blog post. The first 5 participants who will answer all questions correctly win avast! SecureLine VPN for Android or iOS or an avast! teddy bear. Alternatively you can enter a quiz at our Facebook here. Quiz ends on Monday, February 3rd 

blog

 

My Privacy IQ quiz

 

1) Do privacy policies guarantee that your information will be kept private?

A. Yes

B. No

Read more…