The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.
The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.
Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.
The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.
- Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
- Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
- Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.
This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.
Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.
We like to think that the avast! voice telling us that our virus database has been updated is almost like a pleasant song, something to cheer us all up, reminding us that nobody needs to sing the PC blues.
So it’s great to know we’re not alone, and that our users also think this way. Here’s an example by “Ferrett Steinmetz,” an Ohio-based writer, who recently tweeted:
A quick read down Mr. Steinmetz’s twitter wall shows similar cleverisms about a large number of subjects. You can follow him on twitter @ferretthimself.
On the heels of the Zappos cyber robbery last Sunday that left 24M customers fretting over stolen passwords and email addresses, articles are being published about how people can protect themselves online. The number one point is always about passwords. Clean up your passwords. Never Share Your Password. Create different passwords for different accounts.
Sage advice, which we at AVAST support. We even have a dedicated password manager called avast! EasyPass to help you juggle it all. The theft at Zappos and the struggle for greater online privacy made it even more startling when I read about the growing trend among teenagers to share their passwords as an act of trust with their current BFFs. Read more…
The second week of January 2012 started with amazing growth in terms of numbers for AVAST Software. Numbers and stats might not sound that “hot” and maybe you are wondering why I would write a blog post about it, but these numbers are REALLY HUGE and it is YOU – our avast! Community – who greatly helped us to achieve such results. Look at this:
1. Over 500,000 – fans of the avast! antivirus official page on Facebook.
Turns out that the popular online shoe and clothing retailer was attacked by cybercriminals who gained access to parts of the internal network through one of the servers in Kentucky. One Sunday, Tony Hsieh, CEO of Amazon-owned Zappos wrote on the company blog that 24+ million customers were affected, but critical credit card and other payment data was not affected or accessed. The hackers failed to get payment card numbers, because that data is encrypted, as required by the Payment Card Industry Data Security Standard.
The company sent an email to every one of their customers explaining the situation including what information was stolen: Customer name, email address, billing and shipping addresses, phone number, the last four digits of customers’ credit card number, and/or cryptographically scrambled passwords.
Zappos took swift action by expiring and resetting passwords, and they set up a password change webpage for customers to create new ones. “We also recommend that you change your password on any other web site where you use the same or a similar password,” the email sent to affected customers states.
As a result of stolen credentials, phishing attacks that try to steal sensitive information like social security numbers or lead you to a website that attempts to install a virus, are more likely. “As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail,” the blog statement says. “Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.”
avast! EasyPass is a fast, easy way to manage all your passwords. avast! EasyPass generates strong, unique passwords for every site you visit – with just one click. The best part is that you access your passwords using one Master Password, so you don’t have to remember lots of passwords. Learn more about avast! EasyPass.
Last night I spent an inordinate amount of time on reddit looking at pictures of baby hedgehogs, reading a Q&A with a theoretical physicist, and catching up on the intended blackouts protesting the Stop Online Piracy Act (SOPA) and its sister bill, Protect IP Act (PIPA).
Haven’t heard about SOPA? It’s no wonder, since the mainstream media has been curiously silent on the issue. Maybe it’s because most of the big news outlets are owned by companies supporting SOPA. Nonetheless, reddit and others, such as Tucows, Cheezburger, game developer Red 5 Studios, and hacktivist group Anonymous, hope to make the issue broadly known with a coordinated internet blackout scheduled for January 18th. Things will really get interesting if the “nuclear option” is implemented where the likes of Wikipedia, Google, Facebook, Ebay, Yahoo!, LinkedIn, Tumblr, Mozilla, Twitter, and PayPal “go simultaneously dark” to join them in protest of the bill. Read more…
My daughter should be credited (or blamed) with the Cute, Pink, and Infected release.
She was playing games on my computer and suddenly screamed: “The internet has stopped!”
Yes indeed, the browser had shut down on her. All I knew at the time was that this involved some online games and a google search using the word “games” or “hry” (games in Czech).
Back at the office, I started sifting through the list of infected sites for those with “game” or “arcade” in the URL and found quite a few. Even better, there were even two sites, cutearcade.com and hiddenninjagames.com, that looked something like the game sites she had been visiting. Read more…
avast! Free Mobile Security – the new anti-theft and anti-malware app from AVAST Software – has been installed by over one million smartphone users in just 16 days.
This threshold was crossed on January 6, only 16 days after avast! Free Mobile Security was placed in the official Android Market.
“This has been a really fast-paced launch, surpassing the results from competing products,” said Ondrej Vlcek, CTO for AVAST Software. “It required Lookout a full six months to reach the one-million level for their mobile security product.”
avast! Free Mobile Security is a full-featured anti-theft and anti-malware app for Android smartphones. Read more…
It used to be that beta had a specific meaning. And I am not talking about Archimedes.
Beta once meant an early, test version of a program. Run it, play with it, and yes – you’ll find some bugs in there. Now thanks to Google, and its introduction of near-perpetual beta, the meaning has changed. And, this may be close to reality as one journalist told me last week, “Remember, people are beta, too.”
Hmmm, but as the journalist also pointed out, if a Google beta is essentially complete, then what is our new Android app – avast! Free Mobile Security? It’s out in beta form and it’s on the Google Market. As a dedicated punster, my first idea was to call it alpha-beta. But on a more serious note, I decided to talk to Ondrej Vlcek, our CTO, about what an AVAST Software beta is all about. So here it is: Read more…
Yes, most of us complain about all the seemingly unnecessary changes that Facebook initiates far more often than we’d like (just about the time we figure out how to navigate everything)… but it’s good to remember that Facebook is a free service. Of course some will argue that nothing is really ‘free’, but at least +140 million active avast! Community members know differently.
Some of you will remember the days of Rolodex. Mine was typically overfilled with business cards and scraps of paper – taped, glued, or even stapled in place. Sometimes a few ‘creative’ oversized business cards or paper scraps would clog up the ‘machine’, and maintaining changes to phone numbers, addresses, and job titles was always a major problem.
So Facebook, for me, was a welcome change. All my contacts keep their own info updated, and I can find them at any time via the search box. And my Facebook account serves 4 key purposes: