Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘security’
May 26th, 2014

Your child on Facebook: learn about the privacy settings

Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that you take time and help your child with privacy settings on Facebook. Don’t worry, if you have no clue where to start, we will guide you through the labyrinth of sophisticated security and privacy settings settings. Follow our tips to secure yourself and your child on the most popular social network.

Privacy settings

Like other Internet giants, Facebook has been especially vulnerable to criticisms about privacy. In particular, critics have complained that even if you deactivate your account, the information can still remain on the network and be subject to web searches.~ comments Mashable in the article on recent Facebook privacy update

Following users’ complaints regarding privacy issues, Facebook decided to change the default settings of your status updates to be the visible for Friends only instead of Public. This however applies to Facebook newbies only! So if you and your children are already users, you still have a job to do! :)
Security shortcut

Facebook regularly updates its settings and as a result your profile settings can be restored to the default. In terms of  privacy it means: Everything is PUBLIC. Therefore it’s extremely important to review your profile regularly . You will not be able to influence everything, however there are an advanced number of settings that can be fully controlled by you. The three basic areas that you should focus on are:

  1. 1. Who can see your posts and images?
  2. 2. Who can contact you?
  3. 3. How you can help your child block harassing Facebook friends.

You will find this setting in the right top corner on the blue bar, in the Privacy Shortcuts section. Click on the See More Settings to open the window below and follow our suggestions.

Advacne privacz settings Read more…

May 21st, 2014

Heartbleed: Almost Everyone Plans to Protect Themselves, but Less than Half of People Actually Have

Have you heard about Heartbleed? Yes? Then you belong to a minority. Following the Heartbleed threat, the bug that took advantage of a vulnerability in OpenSSL, AVAST conducted an online survey with 268,000 respondents worldwide and found that three out of four people were not aware of the the Heartbleed threat, which affected millions of sites and mobile apps.

AVAST then explained Heartbleed to these respondents. When asked if they would change their passwords after checking which sites were affected, nine out of ten said they would take action. This high number is interesting from a psychological standpoint as it shows how people think when initially confronted with a threat. People immediately plan on taking the appropriate measures to protect themselves against future threats, but how many actually follow through with their plans? In reality, less than half of people follow through with their security plans: Only 40% of the respondents who were aware of Heartbleed said they had actually changed their passwords. This number closely matches Pew’s Heartbleed report which found that 39% of Internet users have changed their passwords or canceled accounts.

Heartbleed, free antivirus, password, security

“This kind of thing never affects me”

Many respondents, both those aware and unaware of the threat, said they don’t want to change their passwords because they don’t believe their accounts have been compromised. This makes one wonder if the 41% of respondents who were aware of the threat, but don’t believe they have been affected, either think the media has exaggerated the issue – or if they have a “this kind of thing never affects me” attitude. One in ten respondents believes that the next security breach will happen soon and they therefore don’t see the point in changing their passwords. This laissez-faire attitude could be caused by the fact that many have not seen concrete repercussions of the threat or have not yet been directly notified of the threat by the platforms they use. One of the most concerning facts revealed by the survey is that many people lack the know-how to protect themselves. One in ten respondents hasn’t changed their passwords because they don’t know how to change them. 

Furthermore, almost half of both respondents, aware and unaware of the threat, said they would change their passwords once the affected platforms have implemented patches and informed them of the changes.

Passwords are like keys that protect our sensitive data online, just as locks protect the precious objects in our homes. It is recommendable to stay away from affected sites that have not yet issued patches. Once sites have implemented the necessary fixes, passwords should be changed and strengthened with the same manner of urgency as you would change the locks on your home if you were to lose your keys or if your key were to get stolen.

Use a password manager to protect all of your accounts with ironclad passwords 

Changing and memorizing new passwords over and over again isn’t easy, especially since passwords should consist of at least eight characters – or according to latest recommendations even sixteen or more. They should include a mix of letters, numbers and symbols.

A password manager like our avast! EasyPass helps encrypt and protect personal information online. avast! EasyPass creates strong, random passwords of up to 512 characters and secures your information via military-grade encryption, making password management simple and secure. avast! EasyPass is currently available at a discounted price of  $9.99 a year.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

May 5th, 2014

The 10 Commandments of Mobile Privacy

From governments to thieves to your wife – it seems that everyone has access to your private data.

avast! Mobile Security anti-theft helps track your lost phone

If you have a smartphone or tablet, people around you can discover your most deeply held secrets. You put all your private data and personal information there and… it’s at risk. The possibility of losing your phone or getting robbed is a major concern.

Is there anything that we can do to protect our private data? Some skeptics say no. I’m an optimist; I think there is always a way. Working for a security company makes us think that there is always a way to protect ourselves, to avoid danger, and to care about other users.

Lock your apps for privacy with avast! Mobile SecurityI’ve being collecting info for what I call the 10 Commandments for mobile privacy. Here are simple steps to help protect your privacy:

  1. 1. Use a PIN, password or pattern in your device. I’m lucky to have a phone where the numbers change their position on the screen and make the lockscreen even more secure. There are some apps that make your password “random” (obeying rules you’ve previously set).
  2. 2. Lock your most private apps. Lock your log in data but also your own messages, emails, personal notes, contacts, everything is in your pocket. offers the feature to secure even more sensitive parts of your device with the avast! Mobile Security App Locker that automatically asks for a PIN when you start the app.
  3. 3. Do not save banking or credit card credentials in your phone or, at least, not in the mobile browsers. Some banks, at least here in Brazil, have their own mobile app that never saves the passwords or PINs. Now, for Android, there are free password managers that adds a new security layer while browsing.
  4. 4. Do not be a happy clicker. People who expose themselves to scams or spam links, who download each single app they see from any kind of source put themselves at risk. OK, you’ll say this is not you. But, do you think twice on clicking in social media links or shares?
  5. 5. Do not take, send, save or share nude photos. No, this is not a moral commandment. It’s a privacy one. Read more…
Comments off
April 10th, 2014

Behind the CARO conference’s curtains: Meet AVAST speakers!

For seven years, the CARO Workshop has been hosted in Europe. It is an outstanding technical meeting, attended by some of the best malware researchers in the world. In 2014, the CARO workshop comes to America. ~CARO’s conference official website

We are proud and happy to introduce you to our AVAST speakers and Security Experts from the Virus Lab. Peter Kálnai and Filip Chytrý are going to CARO’s (Computer Antivirus Research Organization) workshop to“Declare war against Android Malware.” We sat together and talked about their presentation, mobile malware, and general trends in the security industry.

Meet our security experts: Peter and Filip.

 

The theme for this year’s CARO conference is Mobile Space: Malware in a mobile world. As security experts, what changes and specific trends in malware development have you observed?

FILIP Well, this may sound cliché,  but the amount of mobile threats are rising and more sophisticated attacks appear every day. A few years ago, we would observe mostly primitive malware with only one or two capabilities such as to send paid SMS or track your movements. Now, however we have malware that can root your phone and became a device administrator, or command and control Apps which take control of your device by attackers. That’s why I believe we can stay tuned for more conferences concentrated on Android malware.  CARO is first, but hopefully not the last, conference focused on Android and mobile threats.

PETER I can’t recollect a different example, but this year’s CARO Workshop seems to be the first IT security conference completely devoted to mobile malware. The topic of our talk reflects trends in the Android threat landscape. Security experts nowadays observe an increased ratio of total malicious Android packages to unique malware families. Two particular cases appear most: The expansion of usage of Android packers and repackaging benign application with malicious code, so called piggybacking. Read more…

April 10th, 2014

Do you hate updating your passwords whenever there’s a new hack?

Advice about changing passwords from AVAST.

Change your passwords as a precaution against the Heartbleed bug.

We reported yesterday about the serious Heartbleed  bug which allows hackers to steal encryption keys from nearly two-thirds of all websites.

“This is probably the worst bug discovered this year. We believed in the security of SSL/TLS, and now discover that it comes with a hole that allows anyone to read our personal information such as passwords, cookies or even server’s private keys,” said Jiri Sejtko, Director of the AVAST Virus Lab. “We, as end users, simply can’t do anything, but make sure we are as secure as possible.”

That means changing your passwords. Again.

If just thinking about changing all your passwords makes you want to jump out the window, then here are a few tricks to help make it a little less painful. At the end of this post, we’ll share a tip on how to make password creation, as well as remembering them all, as easy-as-pie. So go all the way to the end. ;)

Why do cybercrooks want your password?

It takes serious effort to hijack accounts, so there must be some payoff at the end for cybercrooks.  Obviously, it’s not to get your vacation photos. Money is the most common motivation. Your money.

There are many ways of turning stolen data into money, but one of them is worth highlighting. Research shows that 55% of us reuse passwords on different sites. It is likely that you use the same password for Facebook  that you use for your bank account.  This means that cybercrooks can steal your money much easier. Never use the same passwords on different sites, especially for really important services.

Password basics

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Tricks and tips

Maximum password security requires at least seven characters, a mix of upper and lower case, a few symbols, and a sense of humor.

Create an acronym using a meaningful, easy-to-remember piece of information. Use a sentence like My wedding anniversary is 28 December, 2001. That phrase turns into this password, Mwai28/Dec.01.

Many sites require a special symbol like ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /. Use some of those to replace letters. Your password can be this, M<>ai28/Dec.0!.

Read more…

Categories: General, How to Tags: , ,
March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 6th, 2014

Who owns the Cyber-World?

Who owns the (cyber) world: GIRLS!

female expert

Well, maybe not exactly (YET), but the female presence and expertise should not be underestimated! :)

I bet you heard of  The Girl with the Dragon Tattoo. When the movie came out, we published a fun blog post about the main character, Lisbeth Salander, who was a problematic, but brilliant female hacker. In fact, in the cyberworld among gray and white hackers, those good ones who help to disclose security gaps, are filled with women, for example: Raven Adler, Gigabyte or  Joanna Rutkowska.

So let’s take a look on the cyberworld from the security perspective. Inspired by the following article, I figured out how many women are actually knowledgeable cyber security experts. Breaking stereotypes, like Adeanna Cooke, former Playboy model and hacker, women have broken into the geeky world that seems to be male dominated. Women are not only exploring different IT specializations, but exceeding as world class experts as white hackers, journalists, bloggers, speakers, consultants, virus analytic, developers,  all fighting cyber-crime. Strong, intelligent, all of them are great experts (and since we also love social media), we would like to recommend you to

Follow female security experts on Twitter

  • Erin Jacobs @SecBarbie
  • Charlie Osborne @ZDNetCharlie
  • Natalie Sambhi @SecurityScholar
  • Katie Moussouris @k8em0
  • Beth Pariseau @PariseauTT
  • Helena Edelson @helenaedelson
  • Aliya Sternstein @Aliya_NextGov
  • Kim Komando@kimkomando
  • Jennifer J. Minella @jjx
  • stacythayer @stacythayer
  • Mary Landesman @marylande
  • Patricia Rykiel @ComputerTweety

AVAST Software is also proud of its Ladies. You will find women across different departments of the company starting from the accounting , HR, support, sales, marketing.  But among us there are real security experts: Jana and Barbora, Analysts from the avast! Virus Lab; Alena, a developer focused on providing new technologies in the Virus Lab Systems;  and Jenefer from the Quality Assurance department, testing avast! solutions. All of them work as professionals in a very male environment delivering security solutions to the AVAST users.

We’ll be interviewing them in the next few days in celebration of International Women’s Day. Come back to the AVAST blog, and read about them. Meanwhile, say hello on Twitter to some of our great ladies!

AVAST ladies:

  • Alena V. @alenkacz (virus lab)
  • Deborah Salmi @deborahsalmi (social media)
  • Julia Szymanska @Dzulaya (social media)
  • Anna Shirokova @AnnaBandicoot (social media)
  • Marina Ziegler @Marina_Z (PR)
  • Caroline James @cazjames (PR)
  • Dominika Kalasova @DKalasova (PR)

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

February 11th, 2014

How to have a Safer Internet Day everyday

Safer Internet DayLet’s create a better internet together”.

Today, over 100 countries celebrate Safer Internet Day by focusing on how people, including teens and kids, use connected technology and what we can all do to make things better.

Since AVAST is trusted by over 200 million people worldwide to protect their devices, we asked some of them to share #OneGoodThing about how we can keep safe so we can use technology freely at home, school, and work.

#OneGoodThing

Kids can be adventurous, and not think about the consequences – online as well as offline. Khizer’s advice: Good protection and involved parents.

The Internet is a treasure of fun and knowledge for kids, but nowadays it’s full of unethical stuff and it is necessary to keep them safe.  Children should be friends with their Parents. If you find something that should be in the knowledge of your parents. Just tell them. Remember they will always support you.  ~Khizer J. from Pakistan

But Steve knows that the internet can’t be a babysitter, and has some strong advice for parents:

No matter if you have the strongest antivirus or parental controls, if you let your children play online unsupervised, they are at a high risk of being preyed upon. The real advice is to be next to them and teach them good secure online habits. You wouldn’t let your kids play around in Detroit without you, would you? As close to it as it may be, the internet is a bit worse than Detroit. ~Steve N. from the USA

Kevin’s dad has a good idea. This is what we call a “teachable moment.”

I’m a kid myself but a thing my father does when he gets a email from someone who is trying to trick him, to give them money, he shows that to me to make me see how such emails look like, and what I should look out for. ~Kevin G. from Denmark

Kids, and some adults too, can be careless about their privacy. These two AVAST mom’s share some basic tips that everyone should follow:

Listen up, kids. NEVER give your password away, even to your “best friend”. And if you want to choose a good password, remember that a long password is more important than a “difficult” password. The longer your password is, the harder it will be for bad guys (or gals!) to crack. ~Sheila E. from Canada

My main advice for my children’s safety when they are on the Internet is certainly not trust just anti-virus, even if it is as good as Avast. Most importantly, my first advice,  is think well before you click! ~Virginie M. from France

Not everyone is who they claim to be on the internet, so Eric warns kids to be careful about talking to strangers.

Be careful when chatting to others on the internet, the person might actually be a grown up pretending to be a child.  So never give personal information (like your address or phone number) and if they ask you to do something you think is wrong – you don’t have to do it (especially if they say they’ll hurt you or your family) & tell your parents, or a grown up. ~Eric E. from Ireland

This piece of advice sounds like it comes from personal experience. We’d like to hear the rest of the story, Brooks! ;)

Don’t go to any websites that you wouldn’t want dad to know you were on! ~Brooks S. from the USA

If you have something to add about being safer on the internet, please share your tips using the hashtag #onegoodthing.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
February 6th, 2014

avast! bug bounty program update

bug-bounty (1)

A year has passed since we launched the Avast Bug Bounty Program. Let’s see some results:

  • Almost one hundred submissions
  • 25 submissions rewarded about $10,000 total
  • One critical bug was rewarded $3,000

As you can see, this is a useful program – it helps AVAST keep our users secure and make our programs as strong as possible! After evaluating the past year, we have decided to change the rules a bit.

Bug Bounty updated rules

To encourage further research, we will double the bug bounty rewards. The base payment will be $400 and the maximum reward could go up to $10,000 per one submission.

We will remove Sandbox or DeepScreen escapes from the list of bugs that are eligible for a reward. The reason for this is that we are focusing on a new technology that should eradicate Sandbox escapes entirely.

You can find the complete rules here. Happy hunting!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: ,
Comments off
January 31st, 2014

How to use avast! Mobile Security: Privacy Advisor

howto2_enAt AVAST we work hard to improve your security and privacy. Mobile malware is increasing. If you aren’t yet convinced that this is an issue, please read the latest blog from the avast! Virus Lab, How are you doing Mr. Android?

Nowadays, besides the traditional way to get money – sending premium SMS – the collection of personal info and browsing habits are also trending. How do cybercrooks monetize this data? Managing the ads that are shown in your smartphone or tablet, suggesting apps, sending offers by email or displaying them in-apps.

If you use avast! Mobile Security, then you can run a Privacy Advisor scan to categorize all the apps in your device:

  • Collect location information: Because of their nature, some apps need to capture your location. These would be GPS navigation tools, outdoor sports tracking and weather apps, for example. Some of them do it for statistical reasons. However, the majority of them do it just to customize local (targeted) ads.
  • Collect device or mobile network information: Some apps use the device info for developer and statistical reasons. Your mobile network info is also captured.
  • Collect user behavior data inside the app: This data are mostly useful for the developers as they adjust and customize their own apps according to their customers’ use, and to separate free from paid features.
  • Show in-app banner advertisements: This is an annoyance. Impatient users could drop the use of the app due to this kind of ad.
  • Show in-app full-screen advertisements: This is a huge annoyance and if it occurs, it is an invitation to uninstall the app. This is why the developers only show them a few times while the app is running Read more…
Comments off