Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Author Archive
July 27th, 2015

Free software and services your start-up can use

Get your small business up and running with free software.

Getting a new business off the ground is not an easy task and can be quite costly, but there are a lot of free software and services available online that your new or small business can use as an alternative to paid-for products.

Here is a list (in alphabetical order, so no favorites ;-) ) of some you will find useful:

Avast for BusinessAvast for Business – cloud-managed security

Avast not only provides consumers with free security, but we also provide small and medium sized businesses with free cloud-managed protection. Avast for Business is easy to install and can be managed from anywhere and at anytime.

Facebook Page – alternative to building your own website   
If you’re a restaurant owner or a small boutique you could also, either in addition to or instead of hosting your own website, create a Facebook page for your business. You won’t be able to sell items online, but you can add your business’ address and directions, opening hours, a description of your business and post images and status updates to inform your customers of new items on your menu or of new items available for sale in your store.

Fundera_LogoFundera – loans for your business
Fundera is a free service that offers you loan options and lets you choose the one best suited for your small business. All you need to do is fill out a short questionnaire and then you are presented with loan products, lenders and rates and can apply to the lenders that fit you best with only one application.

Read more…

July 23rd, 2015

Mr. Robot Review: 3xpl0its.wmv

The major theme of this week’s Mr. Robot episode revolved around vulnerabilities. As much as we sometimes try to deny it, we all have weaknesses. Cybercriminals, being the intelligent people they are, unfortunately often use their smarts for evil. They know that it is human nature to have weaknesses since no one is perfect, and they exploit these weaknesses using a tactic called social engineering.

“People make the best exploits”

Whether directly or indirectly, humans and the software they create can be exploited via their weaknesses and vulnerabilities.

FSociety penetrates Steel Mountain, E Corp’s data security center, by exploiting human weaknesses. We first see this happen when Elliot exploits Bill Harper, a sales associate at Steel Mountain, by dismantling his self-worth and telling him that no one in his life really cares about him. Elliot then requests to speak to someone who matters and Bill, disheartened and humiliated, calls his supervisor.

To FSociety’s surprise, Trudy comes instead of Wendy, the supervisor they were expecting and were prepared to utilize to get into the next level of Steel Mountain. This slightly throws off FSociety for a few seconds, but they make a quick comeback by doing a bit of online research. They learn that Trudy’s weakness is her husband and use a Linux distribution called Kali to send her a text message appearing to be sent from her husband saying that he is in the hospital. I researched more about this tool and found out that when using it, it is possible for anyone to spoof SMS and make messages appear as if they are from a number the recipient knows — a trick that is also employed in fraud emails.

The interesting thing about this, though, is they say they do not have Trudy’s number, just her husband’s number. Yet, they type her number into the program to send the message.

via USA Network - Mr. Robot airs on USA Network Wednesdays at 10/9 central

via USA Network – Mr. Robot airs on USA Network Wednesdays at 10/9 central

Read more…

July 22nd, 2015

Windows 10 security features consumers can look forward to

Windows 10 will be launching in T-minus seven days and will be offered for free within its first year of availability to Windows 7 and 8 users. Not only will the beloved Start button be back in Windows 10, but Windows 10 will also include a personal assistant, Cortana. What’s more, the new operating system will introduce many promising security features and a new browser.

Image: TechRadar

Image: TechRadar

Hello there, Windows Hello and Passport!

Windows Hello is biometric authentication that either scans your face, iris or fingerprint to access your Windows 10 device – very secret agent-like security! By doing so, Windows Hello eliminates the chance of hackers stealing your password to access your device, simply because you will no longer have a password to begin with!

Windows Passport also eliminates the use of passwords to access your online accounts. For now, Microsoft will work with the Azure Active Directory and has joined the FIDO alliance to subsequently support password replacement for other consumer, financial and security services. Windows will verify that you are truly the one using your device through a PIN or via Windows Hello, and then it will authenticate Windows Passport so you can log in to websites and services without ever using a password. Combined use of Windows Hello and Windows Passport would mean that a hacker would not only have to physically steal your device, but also kidnap you to access your accounts.

You will, of course, need hardware that is capable of infrared scanning your face or iris, or that has a built-in fingerprint reader to use Windows Hello. Microsoft has already confirmed that all OEM systems with Intel® RealSense™ 3D Camera (F200) will support Windows Hello’s facial unlock features.

Read more…

July 17th, 2015

Mr. Robot Review: da3m0ns.mp4

This week’s episode was a little confusing for me – and I’m not only referring to the trippy dream Elliot has while going through his drug withdrawals.

Operation Meltdown

It seems I wasn’t the only one who had questions about the hacks in this week’s episode; Forbes published an interview they did with Michael Bazzell, Mr. Robot’s technical consultant and cyber crime expert explaining the hack attack on E Corp that Elliot comes up with at the beginning of the show.

In the article, Michael Bazzell explains how Elliot plans on destroying E Corp’s data storage facility, using Raspberry Pi. Sounds like a very yummy method – too bad there’s an “e” missing at the end of “pi”! Michael explains that Raspberry Pi is a very small computer that can be accessed via the Internet through its built-in cellular chip. Using this, Elliot wants to control the facility’s climate control system to overheat it, thus melting E Corp’s tape-based back up.

While Forbes focused on the more complex hacks that targeted large corporations like E Corp and Allsafe, I was intrigued by the two physical hacks in the show.

@whoisMrRobot

via USA Networks

Beep Beep

The first “IRL” hack is when two members of FSociety hack a minivan – keep in mind that FSociety does everything in their power to not leave a trail, so they need a stolen car to get to E Corp’s data facility center in order to prevent being caught.

The FSociety guys casually sit on a sidewalk and wait for someone to park and lock their car. Using what looked like an old radio to me but is more likely a transmitter, they were able to send a command to unlock the car – politely thanking “mom” for giving them the opportunity to steal her car. Once inside the car, they connect the car to their laptop using a cable and ran the code to get the car started.

I asked my colleague, senior malware analyst Jaromir Horejsi, what he thought of the hack:

All they needed was the cable and specialized control software for cars. This software can access data from sensors in the car and it can control the car’s behavior. With that, they just had to connect everything together and select their desired actions. – Jaromir Horejsi

Read more…

Categories: General Tags: , ,
July 9th, 2015

Mr. Robot Review: d3bug.mkv

Elliot, Mr. Robot’s anti-hero cyber-security engineer by day and vigilante hacker by night, has been having a life-style crisis. In episode 3, Elliot longs to live what he calls a bug-free life, otherwise known as a regular person.

“Was he drinking Starbucks?”

“Was he drinking Starbucks?”

However, he is quickly pulled back into F Society’s hold when emails exposed during the threatened data dump revealed that E Corp executives had knowledge about the circumstances which led to his father’s death. We will leave the intrigues and plot theories, especially if Mr. Robot is real or a figment of Elliot’s imagination, to the internet. Right now, let’s look at the hacks highlighted in this episode.

At minute 7:40, you see Elliot in the hospital after Mr. Robot had pushed him off the high wall they were sitting on in the previous episode. His psychiatrist, Krista, is in the hospital and explains that the police wanted to do a drug panel, but Elliot refused. Elliot admits he has been taking morphine. Krista says the only way she can approve his release from the hospital would be if he commits to a bi-monthly drug test. Elliot starts thinking about how he will get around this problem by hacking the hospital’s IT. The IT department is lead by one single person, William Highsmith, with a budget of just $7,000 a year. According to Elliot, he uses useless virus scans, dated servers and security software that runs on Windows 98. It’s one of the reasons why Elliot made that particular hospital his primary care facility, since he can easily modify his records to look average and innocent.

Stefanie: Wow, wouldn’t it be an unusual that a hospital would actually use old infrastructure and have little budget for their IT? I also found it a bit odd that they have just one IT guy, I mean healthcare data is REALLY sensitive and definitely one of the last things I would want to have accessed by hackers!

Read more…

July 8th, 2015

AP students go nuts for Avast SecureLine VPN?

This morning, our colleagues who work on our Avast SecureLine VPN product informed us that there was a significant increase in downloads in the U.S. This made us curious, as we didn’t have any specific campaigns running that would explain this dramatic spike in downloads. In the App Store, we jumped tothe 6th spot in the utilities category (and as we were coming from the 200th spot, this says a lot)!

We decided to turn to Twitter to see what was going on and discovered that teenagers were the cause of the trend. This shouldn’t have really surprised us, as teens are trendsetters and experts at dispersing viral content via social media channels.

SecureLine VPN Read more…

Categories: General Tags:
July 7th, 2015

Mr. Robot Review: Ones and Zer0s

Another week, another Mr. Robot episode! Last Wednesday the second episode of Mr. Robot aired (Ones and Zer0s). This episode did not disappoint! It was dark, gloomy, but also included lots of technical things that made us once again question: How can this affect me?

via: USA Network

via: USA Network

This week I sat down with freelance security and privacy journalist, Seth Rosenblatt, to discuss the episode.

At the beginning of the show, Elliot has a bit of an involuntary meeting with E-Corp now interim CTO, Tyrell Wellick. After this meeting, Elliot goes home and hacks Tyrell. What he notices is that E-Corp mail servers haven’t been patched since “Shellshock” and that Tyrell does not use two-factor authentication nor does he have a complex password. Elliot realizes that this was all too easy and that Tyrell must have wanted Elliot to hack him. He then goes nuts and burns his chips and SIM cards in the microwave, tears apart his hard drive, destroys his mother board.

Stefanie: Lots of interesting stuff happened in this scene! Can someone hack me like Elliot hacked Tyrell? What is the Shellshock vulnerability and can it still affect me as a personal user?

Seth: If Tyrell wanted Elliot to hack him, he made it pretty easy for an experienced hacker like Elliot. I bet many people, who do not put a lot of thought and effort into their online security, can be easily hacked. The fact that E-Corp hadn’t patched their servers since Shellshock seemed a bit odd, but again this was maybe intentional to make it easy for Elliot to hack, in the hopes of blackmailing him later on. In terms of the average user, Shellshock is a vulnerability that affects systems using BASH (a Unix based command processor used by Unix- based systems such as Linux and Mac). Patches for Shellshock have long been issued, so if you update your operating system regularly you have nothing to worry about.

Read more…

Categories: General Tags:
June 25th, 2015

Are the hacks on Mr. Robot real?

Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.

The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.

I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.

In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.

Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?

Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.

Stefanie: Wow! That’s a bit frightening… How can I protect myself then?

Read more…

June 19th, 2015

Hola, Hola VPN users, you may have been part of a botnet!

VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:

  • allows Hola users to use each others’ bandwidth
  • sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
  • and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.

If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.

Read more…

March 31st, 2015

Why people don’t back up their mobilephones and other facts

Devastation. The feeling you get when you realize your mobile phone is missing. All those photos, contacts, and other data- gone forever. Why? Because it wasn’t backed up.

mobile backup survey

Just in time for World Backup Day, Avast conducted a global survey to find out whether or not people back up data on their mobile devices. We received responses from 288,000 users in countries including the United States, Germany, India, Mexico, and Russia.

In order to get an idea of which kinds of data users store on their devices, we began the survey by asking respondents for what purposes they use their mobile devices aside from making calls and sending text messages. In response, we found that

  • Two out of ten people use their mobile device to take photos
  • 18% browse the Internet
  • 17% listen to music/watch videos
  • 16% use social networking apps like Facebook and LinkedIn

Why do people not back up their data?

Put simply, most people don’t think it is necessary to back up their data. Globally 36% and nearly half of Russians do not think it is necessary (48%).

Almost a quarter of the world attributes not backing up their data to laziness (24%). Thirty-two percent of Indian people admit that they are too lazy to do a back up.

Thirty-six percent of British respondents claimed not to back up their data because they believe their data is not valuable, compared to only 22% of global respondents citing this as their reason for not backing up their mobile data.

What is more valuable to mobile users: hardware or data?

Now that we established that lots of people don’t care about their data, are too lazy to prevent its loss, or don’t think its worth the trouble, we then asked users what they would be more upset about losing: their data (that has not been backed up) or their device (the hardware).

Globally, 64% of people would be more upset about losing their data that has not been backed up rather than the device itself. Respondents in Mexico backed up this claim most significantly, with 78% of Mexican users claiming they would be more upset about losing their data than losing their hardware.

Which data are people worried about losing?

Across the board, users were most heavily concerned about losing the contacts stored on their mobile device (25%) and photos (21%). Despite these concerns, 37% of respondents said they do not back up their data. Brazilians are the least likely to back up their data (45%), yet 64% of Brazilians would be upset about losing it.

Why you should back up your mobile data

We use our mobile devices to make important calls, capture valuable moments, browse the web, to use our favorite apps and so much more. Anything can happen to your mobile device in a split second; it could fall into the toilet, go missing (either through loss or theft) or even get run over by a car! Yet, as we discovered, many do not back up the data they consider indispensable.

How to back up your data

You can back up your data in many ways: by connecting your mobile device to a PC (like nearly one-third of global users do. See below.), connect to a Cloud service (like Dropbox, iCloud, or Google Drive) or use a mobile back up app like Avast Mobile Backup.

When people actually do back up their data, how do they go about it?

The majority of those who do back up their data back it up on a monthly basis (41%), while another 8% back it up on a daily basis.

Most people back up their data by connecting to a PC (32%) — only 17% back up their data to the Cloud. When we inquired about this difference in numbers, 46% of users expressed their reluctance to back up to the Cloud due to privacy concerns. Germans were the most concerned about their privacy when it came to Cloud back up (61%), with Spanish (58%) and American (57%) respondents close behind them.

Comments off