Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘General’ Category
May 25th, 2015

Explaining Avast’s HTTPS scanning feature

Avast scans HTTPS

Avast Web Shield scans HTTPS sites for malware and threats.

Internet users with basic security knowledge are aware that they should look for the padlock icon in the address bar or the HTTPS in a web address to indicate that a website is secure. We have gotten used to seeing it on bank sites or shopping carts where we input our credit card information. More and more, regular websites are making the switch from unencrypted HTTP to encrypted HTTPS. Last year, search giant Google sweetened the pot by adding HTTPS to their ranking algorithm. That action encouraged webmasters everywhere to make the switch to HTTPS.

But is HTTPS really more secure than HTTP?

The simple answer is not always. As more and more online services are moving to HTTPS, attacks are increasing. An encrypted connection ensures that the connection cannot be modified by anyone else, but it does not guarantee that the actual content being downloaded is safe. Just as with plain HTTP, if a legitimate website is hacked, malware scripts and binaries can be placed into the HTTPS page that appears to be safe.

That’s why it is imperative for security software to check this attack vector. To address this, Avast’s trusted Web Shield technology scans HTTPS sites for malware and threats.

How Avast’s HTTPS scanning feature works (the short version)

Avast is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. To detect malware and threats on HTTPS sites, Avast must remove the SSL certificate and add its self-generated certificate. Our certificates are digitally signed by Avast’s trusted root authority and added into the root certificate store in Windows and in major browsers to protect against threats coming over HTTPS; traffic that otherwise could not be detected.

Avast whitelists websites if we learn that they don’t accept our certificate. Users can also whitelist sites manually, so that the HTTPS scanning does not slow access to the site.

This video gives you an overview, but if any of this didn‘t make much sense to you, read below for a more detailed explanation. You can also explore the FAQ about HTTPS scanning in Web Shield.

What is HTTP and why is it being changed?

HyperText Transfer Protocol or HTTP is the network protocol used to deliver virtually all files and other data on the World Wide Web. When you visit a website you may see the HTTP:// prefix in the address. This means your browser is now connected to the server using HTTP. The problem with HTTP is that it is not a secure way to establish a connection, opening a door to cybercrooks who want to eavesdrop on your activities.

Read more…

May 19th, 2015

Wise up and get smarter with your data

Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.

Ever had someone approach you online saying they are a foreign prince and asking for your personal information? Watch…

Posted by Facebook Security on Monday, May 18, 2015

In order to keep your personal data secure, make sure to practice the following:

  • Shred all personal documents before throwing them away. This is especially important when dealing with bank statements and bills.
  • Be mindful of what you post on social media and other online forums.
  • Choose your passwords carefully. Keep them diverse and don’t use the same password for each of your accounts.
  • Use security software on all of your devices and make sure that it’s up to date.

How to spot a hacker before it’s too late? As the video’s narrator warns, “Beware of anyone requesting your personal data or money, whether over the phone, via email or online. They may pretend to be a romantic interest, a family member in trouble, or even a foreign prince – odds are, they’re not.”

 

May 14th, 2015

Technology mistakes to stop making today

We love our fans and followers on Twitter because they frequently alert us to great resources. It happened today when we received a tweet from @LoveNerds4Ever letting us know that Avast Antivirus was mentioned on a Sacramento (California) News10 video segment. Thanks, Shawna!

The guest on this video segment is Ryan Eldridge, co-founder of Nerds on Call, a computer repair Business in Sacramento. He spoke to reporter Keba Arnold about technology mistakes that people typically make. These simple, but oh, so important points, are ones that we continually try to make, and Ryan puts it all together in one good video.

Watch Tech mistakes to stop making now.

The security recommendations that Ryan makes:

  • Run updates on your computer and mobile phone. Program updates and security patches are very important to keep your device up to date and running optimally.
  • Download apps and programs from places you know and trust. On your mobile phone this would be the Google Play Store or Amazon App Store. For your computer, he says it’s a little bit harder, but suggest that you visit download.com, CNET’s well-known download site where you can read user reviews and see the reputation of the app before you download.
  • Ryan reminds computer users that when they get a new device antivirus software may be pre-installed, but it is a trial for a limited time.  After it expires, you need to get protected with a quality antivirus product. Ryan recommends Avast Free Antivirus for your computer, your Mac, and your mobile phone.
  • Ms. Arnold confesses that she has one email address that acts as a catch-all for everything. Ryan says this is a no-no because if a hacker breaks into that email address, then he has access to everything. Ryan suggests that you have separate email addresses for friends and family, work, one for shopping, and one for banking.
  • Passwords, admittedly are a pain in the you-know-what. Ryan suggests using an algorithm, or a kind of personal code, to construct your own passwords. For example, you can use a line from your favorite song, say Somewhere Over the Rainbow. Use the first letter of each word, use letters from the website name, and end with a series of numbers. Each password will be unique and known only to you.

And Ryan, we have a tip for you! Small businesses like yours need security protection too, and consumer antivirus like Avast Free Antivirus, doesn’t do the trick when you need to manage multiple devices, platforms, and people in remote locations. Adding to our collection of free products is the new Avast for Business. Avast for Business is free to use for as long as you want and for an unlimited number of admins and devices.

May 12th, 2015

5 questions with: Tomáš Heřmanský (Product Manager)

Tomáš Heřmanský

Tomáš joined Avast in March 2014 as a Product Manager for Avast Mobile Security. Born in Čáslav, a small town in central Bohemia, he moved to Prague during high school with plans to study at the Police Academy of the Czech Republic. After a while, Tom decided he wanted to study and work in IT instead. After gaining experience while working at a successful Czech startup, taking on jobs as a freelancer and starting his own company focused on cloud document management, Tom joined Avast’s mobile team. In his free time, Tom enjoys climbing, cycling, writing and restoring his classic Škoda 1000 MB car.


 

1. What is Avast’s mobile team out to accomplish?

We’d like to become the most trusted mobile tools developer, allowing users to live their lives with their mobile devices safely and more easily.

2. Who or what helps you in coming up with new, creative ideas?

My colleagues are a huge inspiration to me. That’s one thing that I really enjoy about working at Avast – anyone and everyone can come up with new ideas to brainstorm. We are one big think tank. :)

3. What’s one thing that every user should know about his/her mobile device?

Users should be aware of the risks that mobile malware poses to their personal information and data. Although malware on mobile devices is less likely to break a user’s device than that of a PC, malicious apps can harvest and steal a lot of personal data. Even apps that aren’t malicious (often free apps) can access a lot of personal information. The more personal info that is shared, the more likely it is that a user’s privacy could become compromised.

4. What’s your favorite security tip?

Make sure to be careful when connecting to public Wi-Fi networks. Packet sniffing, or the monitoring of data traveling over a network, can be used to steal information and is very easy for hackers to carry out. It’s in your best interest to use a virtual private network (VPN) when connecting to unsecured networks.

5. Name one goal you’ve set for yourself at Avast.

I’d like to see Avast Mobile Security (AMS) become the most popular app that provides users with a straightforward, user-friendly overview of app permissions. AMS is an extremely versatile app with lots of potential, and I envision it serving as a true “guarding angel” for users, protecting them against mobile malware and allowing them to become familiar with the apps they use on a daily basis.


 

Avast’s mobile team recently held the second Avast Mobile Internal Conference (AMIC) in Prague, where the entire team came together to keep one another in the loop about the company’s apps and products, team activities, and goals for the department’s future. A series of lectures and interactive activities encouraged synergy and collaboration between product teams. In addition to everything that was accomplished at AMIC, the mobile team still managed to have quite a bit of fun at the conference. We’d like to congratulate the mobile department on this successful and productive event!

 

 

May 6th, 2015

Support for older Avast versions will end

At the end of this month, Avast will end product enhancement support for older consumer versions of Avast Antivirus – we will not be ending security support for these products. Customers will continue to receive threat updates and will continue to be fully protected. The versions are 8.0.1497 and lower of the following products: Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, and Avast Premier.

People using older versions will continue to receive virus definition updates and be protected. However, we recommend everyone to upgrade to the new version to benefit from better detection rates and new features.

Avast boxshots

Update to Avast 2015 for maximum protection.

A good antivirus program is a necessity to protect your Windows PC from malware attacks, to keep your computer running smoothly, and to protect your online identity and personal data. Over the past 3 years, Avast engineers have improved our database of known virus definitions, the mechanism in which  zero- day and widespread malware are detected, and the frequency of streaming updates sent to our customers. Avast 2015, with its unique Home Network Security feature which scans your home network for potential risks, is our best performing security product yet.

After May 31st, 2015, Avast will no longer provide patches or technical support for versions 8.0.1497 and lower. Please update to the latest version so you can benefit from the enhanced features and higher detection rates that protect your computer from malicious attacks. This update is also recommended because the latest version is compatible with Windows 10.

If you are running an older version of Avast, you can easily move to the latest version of Avast 2015.

How to check for the latest version and do a program update

If you need to update later, here’s a quick way to do it.

  • Right click on the orange Avast ball icon in the system tray.
  • Select Update from the menu and then click Program.

The update screen in the Avast user interface shows you the overall progress of the program update. When it’s done you will be asked to restart your computer. Click Yes to reboot immediately. Once the computer is restarted, information about the update may appear. If you are using a paid subscription, then your protection will be valid for the remaining period of your subscription.

 

Why to upgrade

  • Better detection rates
  • Easier technical support
  • We fixed bugs and problems that still might exist on your current version
  • Receive further program updates to ensure best protection
Av-Comparatives data

Avast 2015 has better detection rates than older versions. Update as soon as possible for maximum antivirus protection.

If you prefer an older version of Avast and require technical support, you will still receive virus definition updates and be protected, but our support team will ask you to update the product first before we can assist you.

 

May 1st, 2015

TGIF: Avast news wrap up for April 18 – May 1

The Avast bi weekly wrap-up is a quick summary of what was on the Avast blog for the last two weeks.

Woman using smartphoneMost everyone knows their PC needs antivirus protection, but they don’t think about their smartphone. These days smartphones are just about as powerful and have as much or more personal information as our desktop PC at home. We answer the question do Android devices really need protection?

Avast finds porn clicker app named Dubsmash 2 on Google PlayThe answer is a resounding YES. The Avast Virus Lab gives us an example from a trusted download source, Google Play: A porn clicker app slipped into Google Play imitating the popular Dubsmash app. If we cannot completely rely on trusted app stores to weed out nasty apps, then it’s time to add an extra layer of security.

AV-Comparatives internet study 2015Once you decide that you do want to protect your Android device, you can be confident in Avast Mobile Security, Avast’s free security app available on Google Play. A survey by AV -Comparatives said that Avast was the #1 choice for mobile security in the entire world. No need to wait any longer to protect your smartphone or tablet.

newABSOne of the challenges with using a smartphone for so many activities, is that the battery gives out before we do. Our new free app Avast Battery Saver raises the bar with new Wi-Fi based smart profiles that can increase battery life by an average of 7 hours.

battery-saver-infographics-EN one sectionAvast Battery Saver has only been available for a month or so but already 200,000 customers have downloaded it from the Google Play Store. For Earth Day we highlighted battery saver users for their positive impact on the environment. Who knew that Avast Battery Saver would be so green? A cool infographic shows just how much they saved -  not only from their own battery -  but in energy costs too. Now Earth Day can be everyday!

office-workersSmall and medium-sized businesses (SMBs) run the risk of data breaches just like there Enterprise cousins. Luke Walling, the General Manager of Avast for Business, explains that the biggest threat to SMBs is not actually hackers sitting somewhere far away. The biggest threat to your SMB could be sitting in your office!

blog3-enSpeaking of Avast for Business, our new disruptive free security offering for SMBs has 75,000 new customers in just 2 months. If you have a start-up, a small business, if you work in a school or non-profit organization, then it’s time to stop paying for security protection.

Cybercrooks use lots of tricksOur researchers are constantly surprised by the creativity of malware authors. Recently, they found a new way cybercrooks trick people in giving up their banking information. It’s a crafty combination of spam email, social engineering, and a macro code embedded in an innocent looking Word document.

usb_hub_robotMost people have security protection on their computers. That’s great when there are things like the banking malware we wrote about. With all that great protection why is it that they don’t trust the warnings? The Avast Virus Lab explored why some people would rather be right than believe a malware warning.

April 27th, 2015

Malware authors go a step further to access bank accounts

Malware authors like to play hide-and-seek. Hiding executable files inside PDFs and Microsoft Office documents then emailing them as attachments are nothing new, but sometimes one layer isn’t enough. This Avast Virus Lab analysis peels back the layers of a new threat.

layers-banking-malware

Malware authors continually surprise us with their creativity. In an effort to trick banking customers into revealing the login credentials for their online account, cycbercrooks are using the trust people have in Microsoft Office to make them execute banking malware on their own computers. Here’s how it works:

Typically, spam emails contain executable files that can harm a victim’s computer and steal private information. In the layered version, they have PDFs or Microsoft Office documents attached that contain a malicious executable file. We recently found an email that had an added layer and decided to analyze the email.

The email, disguised as a financially-related message from a legitimate company,  informed the recipient that an invoice was due and had a PDF file attached. Embedded inside the malicious PDF was a Microsoft Office document and simple java script that dropped and executed the DOC file.

pdf_jsInside the DOC file we found malicious macro code, which users must activate, as the code is disabled by Microsoft Office by default. The code obfuscates DOC files by creating new documents with unique methods names, variable names, and URLs, making it difficult to detect the malicious files.

 Macro_modules

When we analyzed the malicious macro code, we found some hints that helped us with our analysis. In this sample it was a function called MICHEL.

Functions

We already knew this function would open the URL with the malicious file, and when we found this function in one of the modules, we were able to find the download path.

Macro_downloader

The address is stored as a GUADALUPE variable. The URL is unique for each sample and leads to the download of a malicious PE file.

Macro_downloader_watch

The PE file would act as an information stealer, stealing login credentials from banking sites like

  • Santander, whose principal market is in the Northeastern United States
  • Ulster bank, based in Ireland
  • From Google accounts
  • Microsoft

How to protect yourself from banking malware

Our number 1 recommendation is keep your security software updated. Avast streams hundreds of updates every day to your devices, so you will stay protected. For example, the executable file downloaded by the malicious Microsoft Office document belongs to a banker family evolved from infamous Zeus. This variant is also known as a Dridex Botnet. At the time of writing this post, the botnet is still active, but the malware itself is inactive. Avast detects it as Win32: Pierre-A.

Clever cybercrooks use social engineering to manipulate their victims. Use extreme caution when opening emails related to your finances until you can verify the legitimacy.

Samples related to this analysis:

PDF virustotal

DOC virustotal

PE virustotal

April 23rd, 2015

Avast Battery Saver raises the bar with new Wi-Fi-based smart profiles

Avast Battery Saver increases battery life by an average of 7 hours.

Avast Battery Saver increases battery life by an average of 7 hours.

We’ve recently told you about Avast Battery Saver, an application which saves your Android’s power without hassle. It optimizes phone settings such as Internet connectivity, screen brightness, and timeout according to your needs. We’d now like to announce an exciting new feature of the app: Wi-Fi-based smart power profiles. These profiles are activated automatically based on designated local Wi-Fi networks that are detected.  Users can now assign specific wireless networks to be used within their home or work smart profiles. Not only are Wi-Fi-based profiles more precise than GPS-based profiles, but they are also more efficient and require less energy to detect.

In contrast to other battery-saving applications, Avast Battery Saver learns about your daily routine and thus suggests the best smart profiles for your phone. It doesn’t require you to change your behavior or usage, nor does it affect voice calls, text messages, or the ring volume of your phone.

“Everyone needs more battery life for their mobile devices, but most battery savers shut down the wrong apps,” said Jude McColgan, Avast’s President of Mobile. “Avast Battery Saver learns which apps are most important to the user, and shuts down only those that are less used.”

Avast Battery Saver significantly improves battery life, saving up to 20% on one charge — and it’s free from the Google Play Store.

New Wi-Fi-based profiles have been added to make the app’s convenient features significantly more efficient

 

  • Smart profiles activate automatically based on time, location, user-designated Wi-Fi networks and battery level.
  • App consumption detects and permanently stops apps that drain too much battery life.
  • Precise estimate of remaining battery life based on actual phone usage and historical data. Battery level is displayed in a percentage and time remaining in status bar notification.
  • The application can turn off Wi-Fi when there are no known hotspots nearby.
  • Your phone limits connections to the Internet to every 5, 10, 15 or 30 minutes, based on your current profile configuration, when its screen is turned off.
  • Emergency mode is activated when your battery level is very low, and it turns off all functions that require significant energy, saving power for when you really need it (e.g. Wi-Fi, data connection, Bluetooth or GPS).

 

The app currently works with the following four profiles: Home, Work, Night, and Super-Saving Emergency Mode. You can easily access the list of profiles by clicking the Smart Profiles button on the app’s home screen. Avast Battery Saver is available for download in the Google Play Store.

Comments off
April 22nd, 2015

Avast highlights Battery Saver users for their positive impact on the environment

Today is Earth Day. It’s a day that people, organizations, corporations, and governments around the world demonstrate their commitment to protect the Earth and help advance a sustainable future. Every action, no matter how small, counts -  from eating less meat to recycling or composting to reducing your energy footprint; it all contributes to a cleaner, greener world now and in the future.

Avast users do their part to save the Earth

Since our minds are on all things green this Earth Day, we want to highlight a particular bunch of Avast customers. These Android users simply came to Avast to find a way to save some of their smartphone’s battery power. Little did they realize when they installed Avast Battery Saver on their Android device that together they were making a difference that even we were surprised about.

In the first month that Avast Battery Saver was available, 200,000 customers downloaded and actively used it on their Android phone or tablet. This infographic shows how that cumulative use added up to real energy savings.

Do your part for Earth Day, and save up to 20% battery power everyday! Install Avast Battery Saver for free from Google Play.

battery-saver-infographics-ENsm

Install Avast Battery Saver for free from Google Play.

Comments off
April 17th, 2015

TGIF: Avast news wrap-up for April 3 – 17

The Avast bi-weekly wrap-up is a quick summary of what was on the Avast blog for the last two weeks.

house cleaning serviceSpring has sprung and it’s time to clean the dust and grime away after a long winter. In a departure from our regular security-oriented blog posts, we share 10 spring cleaning tips to combat grime. Don’t forget you can also clean your mobile devices! But you barely have to lift a finger because Avast GrimeFighter Safe Clean will remove the grime from your Android mobile devices with the touch of a button. If only window washing were so easy!

Screenshot_shieldsIndependent testing lab AV-TEST gave their coveted certification to our popular mobile security application, Avast Mobile Security. If you are still on the fence regarding protecting your Android smartphone then read How to find the best protection for your Android phone? Independent tests.

Don't forgetMany smartphone owners are more worried about losing their device then they are about becoming infected with malware. That’s why we created Avast Anti-Theft. Make sure you have the latest version of our free app so if your phone gets lost, you can track it via your My Avast account or using SMS notifications from your friend’s phone. Turned Android auto-updates off? Manually update Anti-Theft to stay protected. explains how you can use Avast Anti -Theft to recover your lost Android device.

Battery-Saver--1920x1200The mobile development team released a handy little app called Avast Battery Saver. This free app from Google Play helps you save some battery power. But not just any app can do it. The blog post Fear and loathing on Google Play: An in-depth look at today’s battery saving and cleaning apps gives us the scoop on apps that promise to save battery life with task cleaning.

How to use Avast productsHow to extend the life of your phone’s battery is a question that we all have when the juice starts running out. The Avast Battery Saver app can help save about 20% but there are other ways to save battery life. We give you the tips and also share the future of smartphone batteries.

laptop using Wi-FiThe unsecured Wi-Fi hotspot at the local cafe can be bad news if thieves capture your login credentials. Android users with Avast Mobile Security have a built-in feature called Wi-Fi Security that warns them if any issues are detected. We are now seeking iOS beta testers for an app called Avast SecureMe that will include the same type of feature for iPhone users. Check our blog Wi-Fi Security feature foolproofs your network connections both in public and at home and scroll down to the bottom for the beta test sign up link.

Mousetrap with cheeseCybercrooks use a variety of attack vectors to reach their victims. Targeted spearphishing attacks use email messages to trick people into providing sensitive information while malicious apps for Android disguise themselves as innocent games. The scary ransomware locks up all your files and demands ransom for the key to unlock it – on both PCs and and mobile devices! Avast keeps you aware of cybercrooks latest tricks in Don’t take the bait: Beware of web attack techniques.

Comments off