Security is an evolutionary business rather than a revolutionary one.
“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.
The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.”
I’m glad to announce that we have acquired Remotium, a leader in virtual enterprise mobility, headquartered in Silicon Valley. Remotium’s award-winning and patent-pending technology, the Remotium Virtual Mobile Platform (VMP), provides enterprises with secure access to business-critical applications from anywhere and from any mobile or desktop device. With this product, corporate mobile users have all their personal data and apps resident on their mobile (iOS or Android) while all their corporate data and apps reside and execute on a server and are only displayed on the mobile. This is the perfect fit for bring-your-own-device (BYOD) environments.
Remotium‘s mobile solutions address the needs of modern enterprises. As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. As people bring their own devices to work, the lines between business and private data become blurry. In a study, IBM found that millions of people use dating apps on company smartphones, which could expose themselves and their employers to hacking, spying and theft. Out of the 41 dating apps analyzed by the researchers, 26 had medium or high severity vulnerabilities.
With Remotium’s technology, companies have the visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. Remotium was named “Most Innovative Company” at RSA® Conference 2013 and won the Best of Show award at Interop Tokyo in June 2015.
With this acquisition we are expanding our mobile offerings into the enterprise space. Although our near-term approach with Remotium is to make the products successful in the enterprise market, we also see a tremendous opportunity to leverage this innovative technology within our traditional consumer and SMB markets.
We are pleased to add the Remotium staff to our team of more than 600 Avast employees – together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms.
For all of the Apple Watch fans, I’m excited to announce that Avast SecureMe will be available for the device soon. We will launch Avast SecureMe for iOS this summer and will then also expand its functionality for Apple Watch. We designed the app specifically for unsecured Wi-Fi networks, which are a low-hanging fruit for hackers looking to spy on people’s browsing activities and to re-route users to fake sites that collect logins, PINs and other personal information. A ubiquitous presence in cafes, hotels and airports, an alarming number of public Wi-Fi routers are poorly configured. In a study conducted in New York, Chicago and San Francisco, our researchers found out that more than half of routers aren’t set up in a secure way.
Did you know that Californians are obsessed with Selfie Sticks from Amazon.com? Or that people in Maine buy lots of coconut oil?
Thanks to Jumpshot, a marketing analytics company, you can find this information – as well as more useful information – by using the tools available at Jumpshot.com.
What may be most interesting to you is that Jumpshot is using Avast data to drive these unique insights. We provide Jumpshot with anonymized and aggregated data that we collect from scanning the 150 billion URLs our users visit each month. Using Jumpshot’s patent-pending algorithm, all of the personally identifiable information is removed from the data before it leaves Avast servers. Nothing can be used to identify or target individuals. Avast COO Ondřej Vlček explains the data stripping algorithm in an Avast forum topic.
Data security, of course, is very important to us. We go to great lengths to keep our users safe, and have never shared any data that can be used to identify them. We never have and never will.
The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.
This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.
We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.
We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.
CEO AVAST Software
Starting this week, we have made most of our Avast antivirus products and solutions free for use by schools and libraries in the US. This is just the first step and if it is successful, we will extend it worldwide. We are doing this for a couple of reasons. First, even though schools need security products, in these tough budget times, they need the ability to focus their spending on teaching. A couple of us here at Avast used to run the government and education sales at Symantec some years ago. We know that schools spend a lot on security—money that could be better spent on teaching.
In a survey of 100,000 Avast users this past weekend, Avast users have shown just how close the upcoming Presidential Election is. The survey shows a narrow preference for Romney in the popular vote resulting in a large advantage for Romney in the Electoral College Vote. At the same time though, a clear majority believe that Obama will actually win:
- 48.9% of users who are registered voters said they will definitely vote for Romney, compared to 46.1% who will vote for Obama. Interpreted by electoral votes, this is 290 votes for Romney and 230 for Obama.
- As to who they think will actually win the election, however, 47.6% think Obama compared to 39.6% in Romney’s favor. Interpreted electorally, this gives 349 to Obama and only 189 to Romney.
- New Mexico and Virginia are dead heats—46.9% for each candidate in New Mexico and 47.6% in Virginia.
- The other tightly contested states in the survey are Florida with 49.2% for Romney and 47.5% for Obama; Ohio with 48.8% for Romney and 46.3% for Obama; and New Hampshire with 48.2% for Obama and 45.3% for Romney.
Of course, this has nothing to do with security, we don’t mix politics with business, and we have not taken any position on the election. Furthermore, we are based in the Czech Republic so any position we took would be meaningless anyways. But still, we have a large base of users in the USA—about 11 million—and we thought it could be insightful if their collective opinion could predict the election results as well as the professional polling firms. Read more…
For nearly the past two years Avast has used iYogi to provide free phone support to our users, primarily our free users. With over 150 million users around the world, we naturally have some users that desire phone support. Delivering free phone support to the users of free products is obviously a challenge. As such, the freemium support model used by iYogi and others was very useful. With this support, Avast users received free phone support for any issue to do with Avast. Then, after helping the user, the user would be offered an opportunity to upgrade to an annual iYogi remote support package for any issue with their computer.
In general this model worked very well and provided free phone support to 20,000 – 30,000 Avast users a month. Customer satisfaction levels were also very high with just sporadic complaints. However, as Krebsonsecurity.com, a well-known blog on cybercrime and security issues, highlighted yesterday, at times this model did not work correctly. Instead, iYogi service representatives appear to have attempted to increase sales of iYogi’s premium support packages by representing that user computers had issues that they did not have.
Avast is a very non-traditional company in that positive referrals and recommendations from our user base drive our product usage. We do not distribute our products in retail, via computer manufacturers, or other similar channels. This model has served us well and has made us the most popular antivirus product in the world. Last year we added over 30M new users on top of almost 30M new users in the previous year. As such, any behavior that erodes the confidence our users have with Avast is unacceptable. In particular, we find the behavior that Mr. Krebs describes as unacceptable.
We had initial reports of this behavior a few weeks ago and met with iYogi’s senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs’ experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products. We believe that this type of service, when performed in a correct manner, provides immense value to users. As such, over the next weeks, we will work with iYogi to determine whether the service can be re-launched.
In the meantime, users can receive support via the other support options provided on our website. We will also work to ensure that any users that feel they have been misled into purchasing a premium support receive a full refund. We ask that users send any complaints or concerns to email@example.com or even to myself, the CEO, if desired, firstname.lastname@example.org.
Having over 100 million users has its downside—it means that users searching for Avast are also a prime target of scammers as well as legitimate companies trying to piggy-back on our name recognition. Every day we receive complaints from people that have been scammed. Some have been scammed into paying to download a free copy of Avast. Others have been tricked into buying a product they thought was Avast but was not. This happens in many different ways but at the core is the greatest scourge of the internet—socially engineered scams and deceptions. Thieves and even legitimate companies are masters at taking advantage of people’s natural penchant to trust others. Some scams are quite blatant and most of us would consider them theft or cheating. Others are much less obvious and may even be considered zealous marketing and selling. One finds such deceptions in search results, on download sites, and even in internet domain names. Read more…