Do I really need security on my computer anymore?
Over the years, web standards have improved and the security of operating systems and browsers have become better. Because of these advances, some people question whether they need security protection at all. But you need to remember that in parallel to positive advances in protection, cybercrooks have improved their skills and become more stealthy and targeted.
Hackers are no longer mischievous kids breaking into government agencies because they can. “These days, cybercrooks have to make business driven-decisions like the rest of us because their resources are limited,” said Ondrek Vlcek, COO of Avast.
Current malware is often disguised as legitimate applications, malicious Android apps sneak by protocols of the huge download sites, and home and business networks are being attacked via weakly protected routers.
“Threats are no longer just targeting devices, but accounts and routers. A recent example is the iCloud hack where cybercrooks stole personal photos of more than 100 celebrities, including Jennifer Lawrence and Kate Upton,” said Vlcek. “This attack happened via their account and can as well be the result of a router hack. No matter which device you use, all Internet traffic flows through your router so you have to make sure it is secure. You don’t have to be Jennifer Lawrence to be attacked.
Not your father’s antivirus protection
Antivirus protection has come a long way since it scanned individual files. Avast has taken modern virus protection to a high art with real-time updates and heuristic scans that detect new threats it’s never even seen before.
Avast performs so well in protecting against “real-world” threats such as Trojans, worms and viruses as well as web and email threats, that it just received the AV-TEST certification for our home user products.
Avast scored perfectly in the detection of widespread and prevalent malware discovered in the last 4 weeks, and had very little incidence of disruptions caused by false positives. Our consumer products have basically no measurable impact on the performance of the computer while doing things that the average user does on a daily basis: Visiting websites, downloading software, installing and running programs and copying data.
Where you physically place your router makes a difference – not only to the signal, but to your security.
Think of your router like you would a cordless phone’s base. If you wander too far away from the base station, your call may drop or have static interference. If your wireless devices, like your laptop, are out of your router’s range, then your connection speed can slow down to an annoying crawl or your connection may drop.
Generally, a Wi-Fi router should work well for about 100 ft (30m) in every direction. If your walls are thin or your router is placed in the wrong location, you could be helping a thief steal your bandwidth.
Here are 5 things you can do to optimize your reception and reduce the chance of your neighbor piggy backing on your signal:
- 1. Place your router in a central location. For the optimal coverage, place the router in the middle of the desired coverage area. Think about all the devices you are using along with their location, and place the router at a mid-point and as high as possible so the signal gets dispersed throughout the area.
- 2. Avoid walls, ceilings or shelves. If the signal has to go around corners, or through walls, ceilings or shelves, then it will have a hard time getting to your device. Insulated walls, or ones made of brick or concrete can impede the signal. Even fish tanks (it’s the water that’s the problem) and mirrors can have an effect.
- 3. Place appliances far away from the router. Appliances operate on the same frequency as routers, so avoid placing the router close to cordless phones, microwaves, or TVs.
- 4. Name your Wi-Fi something alarming. Follow the trend to rename your Wi-Fi network to something that will potentially scare would-be thieves from mooching off your Wi-Fi connection. The name “FBI Surveillance Van” was popular a few years ago, or use my favorite c:\virus.exe.
- Better yet – set up a password for your network with WPA2 encryption. Read more about securing your router from 12 ways to boost your router’s security.
- 5. Put up Wi-Fi blocking wallpaper. Decorate your room and block your Wi-Fi signal at the same time. MetaPaper is wallpaper that helps businesses and home users improve the security of their data and protect their Wi-Fi networks from intruders. Re-setting your password is definitely cheaper, but this is a clever innovation especially for business owners concerned about their data security.
Avast Home Network Security scans a user’s home network and routers for potential security issues that could allow a hacker attack. The scan looks for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so you can make sure only your known devices are connected.
To run a scan on your home network, open the Avast user interface and click on Scan>Scan for network threats. If Avast finds a vulnerability it will guide you on how to fix it.
The Avast Virus Chest is a safe place to store potentially harmful files. These files are completely isolated from the rest of the operating system, meaning that they are not accessible for any outside process or software application. Files cannot be run while stored in the Virus Chest.
How to open the Avast Virus Chest
To open the Virus Chest, right click on Avast’s little orange ball icon in the system tray in the bottom right hand corner of your computer. Select Open Avast user interface from the menu. Another way to open the user interface is to double click the desktop icon.
From the main menu, select Scan, then Scan for viruses, and then click the Quarantine (Virus Chest) button at the bottom of the screen to open the Virus Chest window.
If Avast 2015 detects an infected or suspicious file, it will try to repair it at first. Unfortunately, some files cannot be repaired so Avast will try to move the file to the Virus Chest. If the infected file refuses to move to the Virus Chest, it will be automatically deleted from your computer.
How to set up quick access to the Virus Chest
For quick access to the Virus Chest, you can assign it to one of the four shortcut squares in the Avast user interface. To change which function you see, click on the drop-down menu icon in the top right hand corner of the square. There you will find a choice to place the Virus Chest right on the Overview of your Avast product.
Once you have the shortcut on the user interface, then simply click it to open the Virus Chest.
You can perform different actions while in the Virus Chest
You can perform different actions on the file inside the Virus Chest by right clicking. For example, you can
- Restore a file
- Exclude it from scanning
- Report it to the virus lab
- Delete the file
Once you have made the decision on which action to take, you will be asked to confirm your choice. When you have finished, close the Virus Chest to exit.
NOTE: Exercise extreme caution when restoring a file from the Virus Chest as it may still be infected. This is a high security risk action that requires advanced skills and experience handling infected files to avoid further potential infection of your computer.
How to manually move a file to the Virus Chest
If you need to move a file manually into the Virus Chest, right click anywhere on the contents table on the Virus Chest screen and select Add from the menu. A navigation dialog will open so all you need to do is locate the desired file that you want to move. Then click the Open button. The desired file will then appear in the contents table on the Virus Chest screen.
How to restore files from the Avast Virus Chest
When you open the Virus Chest, you will see a list of files contained within it. Right click on the file that you want to restore and the drop-down menu will appear. Select the Extract option, then select the location to save the file and click OK to close your window.
Dreaded ransomware, the malware that locks your files and demands payment for the key to unlock them, is now targeting gamers.
In the first report of gamers being targeted by ransomware, more than 2o different games, including World of Warcraft, League of Legends, Call of Duty and Star Craft 2, various EA Sports and Valve games, and Steam gaming software are are on the list. This variant of ransomware looks similar to CryptoLocker according to a report from a researcher at Bromium Labs.
What is CryptoLocker?
CryptoLocker is “ransomware” malware that encrypts files on a victim’s Windows-based PC. This includes pictures, movie and music files, documents, and certain files, like the gamer’s data files, on local or networked storage media.
A ransom, usually paid via Bitcoin or MoneyPak, is demanded as payment to receive a key that unlocks the encrypted files. In previous cases, the victim has 72 hours to pay about a relatively small amount of money, usually in the low hundreds of dollars, but after that the ransom rises to over thousands of dollars. We have seen reports that says the gamers are demanded a ransom of about $1,000 via PayPal My Cash Cards or 1.5 bitcoins worth about $430.
“There’s mostly no way to get the data back without paying the ransom and that’s the reason why bad guys focus on this scheme as it generates huge profit, “ said Jiri Sejtko, Director of Avast Software’s Virus Lab Operations last year when ransomware was making the news. “We can expect some rise in ransomware occurrences,” predicted Sejtko. “Malware authors will probably focus on screen-lockers, file-lockers and even on browser-lockers to gain money from victims.”
That prediction came true, and now ransomware authors are targeting narrower audiences.
How do I get infected with CryptoLocker?
Infection could reach you in various ways. The most common is a phishing attack, but it also comes in email attachments and PDF files. In the new case targeting gamers, the Bromium researcher wrote, “This crypto-ransomware variant has been getting distributed from a compromised web site that was redirecting the visitors to the Angler exploit kit by using a Flash clip.” There is a detailed analysis in the report.
Part of the Avast team was reunited again at the Mobile World Congress, in Barcelona, to show our new apps: Avast Battery Saver, Avast GrimeFighter and Avast SecureMe, and also other popular apps like Avast Mobile Security and Avast SecureLine.
Jude McColgan, president of Mobile, and Filip Chitry, malware analyst, came from our office in Prague with Petra, Jindra, Zdeněk, Jakub, Petr, Juraj and Farid. Daniel Cheng, Head of Worldwide Mobile Sales and Marketing, came from our offices in Hong Kong and Sung Lyong, came from South Korea. I didn’t travel as I’m working at the host city, the beautiful city of Barcelona. Have you ever been in Barcelona? You should try the famous tapas, walk around Las Ramblas and visit La Sagrada Familia. Feel free to ask us for some recommendations on Twitter!
The Avast team arrived the weekend before the Mobile World Congress in order to build up our beautiful and colorful booth, located at the Hall 5, booth 5K29. After one day of exhausting work, the booth was ready to receive all the visitors and the journalists. The booth was really cool, right?
Everything started on monday. Tens of thousands of people came to the Mobile World Congress, located in Hospitalet de Llobregat (“What are you talking about? The MWC is in Barcelona!” Well, not really, the MWC is located in the second largest city of Catalonia, Hospitalet, next to Barcelona) where besides learning some security tips from the Avast team and learning about our new apps, the visitors were able to see what’s new on the mobile industry, like new smartphones, new wearables, new tablets, etc…
The following days were really successful. A lot of people came to our booth to meet the team and, of course, our new apps.
Not only visitors, a lot of journalists from all around the world and from different media, from TV channels to tech blogs, came to our booth. Nobody wanted to miss our new apps and our impressive hacking experiment! Everyone was impressed after knowing how, with Avast Battery Saver, you can save up to 7 hours of battery and, of course, after watching our live hacking experiment, where everyone was able to see how important a good security solution is while using a public Wi-Fi.
The whole team was really satisfied with the results achieved at the Mobile World Congress. The feedback received from the visitors was really positive and of course it will help us to improve our top rated security solutions.
Do you want to know what Filip Chitrý, malware analyst at Avast, and Jindra Pistkova, mobile marketing specialist, said about the Mobile World Congress? Watch the following video:
And last but not least, here you have a picture of the team
See you next year at Mobile World Congress 2016!
Malvertising, sounds like bad advertising right? It is bad advertising, but it doesn’t necessarily include a corny jingle or mascot. Malvertising is short for malicious advertising and is a tactic cybercriminals use to spread malware by placing malicious ads on legitimate websites. Major sites like Reuters, Yahoo, and Youtube have all fallen victim to malvertising in the past.
How can consumers and SMBs protect themselves from malvertising?
Malvertising puts both website visitors and businesses at great risk. Site visitors can get infected with malware via malvertising that either abuses their system or steals personal data, while businesses’ reputations can be tarnished if they host malvertisments. Even businesses that pay for their ads to be displayed on sites can suffer financial loss through some forms of malvertising because it can displace your own ads for the malicious ones.
To protect themselves, small and medium sized businesses should make sure they use the latest, updated version of their advertisement system, use strong passwords to avoid a dictionary attack and use free Avast for Business to discover and delete malicious scripts on their servers. Consumers should also keep their software updated and make sure they use an antivirus solution that will protect them from malicious files that could turn their PC into a robot, resulting in a slowed down system and potential privacy issues. Avast users can run Software Updater to help them identify outdated software.
How does malvertising work?
Businesses use ad systems to place and manage ads on their websites, which help them monetize. Ad systems can, however, contain vulnerabilities. Vulnerabilities in general are a dream come true for cybercriminals because vulnerabilities make their “jobs” much easier and vulnerabilities in ad systems are no exception. Cybercriminals can take advantage of ad system vulnerabilities to distribute malicious ads via otherwise harmless and difficult to hack websites.
Why cybercriminals like malvertising
Cybercriminals fancy malvertising because it is a fairly simple way for them to trick website visitors into clicking on their malicious ads. Cybercriminals have high success rates with malvertising, because most people don’t expect normal looking ads that are displayed on websites they trust to be malicious. Targeting well-visited websites, not only raises the odds of ad clicks, but this also allows cybercriminals to target specific regions and audiences they normally wouldn’t be able to reach very easily. Another reason why malvertising is attractive to cybercriminals is because it can often go unnoticed, as the malicious code is not hosted in the website where the ad is being displayed.
Examples of malvertising
An example of an ad system platform with a rich history of vulnerabilities is the Revive Adserver platform, formerly known as OpenX. In the past attackers could obtain administrator credentials to the platform via an SQL injection. The attackers would then upload a backdoor Trojan and tools for server control. As a result, they were able to modify advertising banners, which redirected site visitors to a website with an exploit pack. If the victim ran outdated software, the software would download and execute malicious code.
Another malware family Avast has seen in the wild and reported on that spread via malvertising was Win32/64:Blackbeard. Blackbeard was an ad fraud / click fraud family that mainly targeted the United States. According to our telemetry, Blackbeard infected hundreds of new victims daily. Blackbeard used the victim’s computer as a robot, displaying online advertisements and clicking on them without the victim’s knowledge. This resulted in income for botnet operators and a loss for businesses paying to have their ads displayed and clicked.
New mobile apps, a live Wi-Fi hack, results of a global Wi-Fi experiment, a demonstration of mobile malware, and Avast mobile experts can all be found at Avast’s booth (hall 5 stand 5K29) at this year’s Mobile World Congress in Barcelona.
Open Wi-Fi Risks and Live Demonstration
Connecting to public Wi-Fi networks at airports, hotels, or cafes has become common practice for people around the world. Many users are, however, unaware that their sensitive data is visible to hackers if they don’t use protection. This data includes emails, messages, passwords and browsing history – information you don’t necessarily want the guy sipping the latte next to you at the cafe to see. Avast experts traveled to different cities across the U.S., as well as Europe and Asia, to find out how much information is openly shared via public Wi-Fi. They found that one-third of browsing traffic in New York City, San Francisco and Chicago is openly visible for hackers.
At the Congress, Avast will conduct a Wi-Fi hack demonstration. The demonstration will allow visitors to see, first hand, what a hacker can access if they don’t use protection. Participants can connect to Avast’s (password protected) Wi-Fi network to browse and send messages as they normally would when connected to open Wi-Fi. To demonstrate how this information would look through the eyes of a hacker, their activities will be displayed on a screen at the Avast stand.
Mobile Malware and Simplocker Demonstration
Mobile malware is often perceived as a myth, yet Avast currently has more than one million samples of mobile malware in its database. Avast recently discovered a new variant of the mobile ransomware, Simplocker, which will also be demonstrated during the Congress. Visitors can see how the malware disguises itself, behaves, and will learn how they can protect themselves.
Introducing Avast’s New Suite of Apps
Avast will be introducing a suite of new apps at this year’s Mobile World Congress, including productivity and security apps for Android and iOS. Avast GrimeFighter and Avast Battery Saver address two of the most common complaints for Android users: storage concerns and battery life. Avast GrimeFighter helps users free extra storage on their devices by identifying unimportant data for one-tap removal, while Avast Battery Saver extends battery life up to 24 hours by learning the user’s behavior and optimizing features to preserve battery power.
Avast SecureMe is a dual solution app that helps iOS users identify secure Wi-Fi connections and protect personal data while using public Wi-Fi connections.
Wi-Fi Security, a feature available in Avast SecureMe, and coming soon to Avast Mobile Security for Android, prevents users from falling victim to Domain Name Server (DNS) hijacking by exposing vulnerabilities in routers they want to connect to.
We look forward to meeting you!
If you are attending this year’s Mobile World Congress, feel free to stop by the Avast booth to speak with Avast experts, learn more results from Avast’s global Wi-Fi experiment, see Avast’s new mobile apps and participate in the Wi-Fi demonstration. If you aren’t attending, make sure to check our blog, follow us on Twitter and Instagram, and like us on Facebook for updates during the Congress!
Note to media: If you would like to set up a meeting with Avast, please email PR@avast.com.
Avast is the leader in the cyber security arms race.
There are others fighting the fight, but a 21.4% share makes Avast the leader in the antivirus vendor market as reported in OPSWAT’s quarterly market share report.
That’s good news for individuals and business owners concerned about protecting themselves from vulnerable networks, swiped passwords, pilfered finanical data, erased online identities, and stolen Social Security or national ID numbers. Opinions about the future of cyber-attacks range from doom and gloom to optimism about the steady progress in security, but the fact remains that in today’s world, we have to work around the Internet’s vulnerable design and motivated hackers challenging businesses and home users.
“Installing an antivirus product is the first, not last, step to having a safe and secure computer,” said OPSWAT’s Gears product manager, Adam Winn. “Avast’s popular antivirus and security products are helping to improve security for all. Creating accessible antivirus products for home users contributes to an overall improved security status for everyone, even businesses.”
The OPSWAT report contains the latest figures on antivirus market share and usage, as well as analysis of compromised devices. A disturbing finding from the report stated,
More than 90% of Windows PCs have not run an antivirus full system scan in the last 7 days. Of these, 15% hadn’t even had their antivirus definitions updated within the previous three days which might explain why over3% were found to be seriously infected.
“It’s reasonable to assume in an organization with 400 PCs, a full dozen are compromised,” said Winn as an illustration of the seriousness. “The interconnected state of computing has blurred the lines between home and business, especially with BYOD, remote working, and SaaS. For this reason, it’s in everyone’s best interest that traditional antivirus protection continues to be in place to deter casual and commodity attacks.”
A lack of regular updates and full system scanning is especially problematic. Organizations without robust endpoint management and solutions in place to identify and remediate these risks are giving insecure devices access to their networks and could find themselves in violation of data security regulations.
The data for the report was collected by OPSWAT GEARS, a free device security and management tool. You can add your computer to the sample if you don’t mind them collecting information regarding the applications installed on your computer. Check it out here, https://www.opswatgears.com/
It’s European #DataProtection day! Every day we visit websites and willingly hand over our name, address, and credit card number. Have you ever thought about what happens to that data or what your rights are?
Members of the European Union (EU) enjoy a high standard of protection of their personal data. The Digital Agenda for Europe lays it all out for you on their website. Here’s a summary:
The burden to protect you is on organizations
The EU Data Protection Directive ensures that personal data can only be gathered under strict conditions and for legitimate purposes. Organizations that collect and manage your personal information must also protect it from misuse and respect certain rights. One of the objectives is that organizations notify their customers, in plain language, what information is collected and how it is used as well as get permission before using any personal information.
One of the stumbling blocks has been the so-called one-stop-shop for businesses and citizens in each member state in which authorities will handle citizens’ complaints about any breach of the rules. There are just as many ideas on how to run it as there are EU member states.
You must be notified of cookies and data breaches
The Directive on Privacy and Electronic communications (ePrivacy Directive) ensures that all communications over public networks maintain a high level of privacy. For example, this directive requires website owners marketing online to EU citizens to obtain consent from users, via some kind of opt-in, before implementing cookies or other technologies to capture online visitor information. (See below for information on managing your cookies.)
If your data is stolen, the ePrivacy Directive states that you should be notified. That’s good because data theft can result in identity theft or fraud, damage to your reputation, loss of control over your personal data or a loss of confidentiality.
However, this fall, the rules changed slightly and now businesses don’t have to notify consumers that their personal data has been lost or stolen if the data has been encrypted. The ministers figure that the business has “appropriate technological protection measures” to protect the data that has been lost or stolen from being accessed by people not authorized to see it.
Viewing and managing your cookies
For those of you not familiar with the term, cookies are small files stored in your browser that contain information about your visit to a web page. They help tailor your online shopping experiences by doing things such as recording items in your shopping cart, they also recommend products based on your interests, allow auto-log in and compile browsing histories.
In most modern browsers, you can control cookie settings. The options include viewing stored cookies, controlling which sites you accept cookies from, and setting how long they may be stored and used.
- 1. Open the drop-down menu in the top right corner of the Chrome browser, select Settings.
- 2. At the bottom of the page, click Show advanced settings.
- 3. In the Privacy section, open the button that says Content settings.
- 4. Under Cookies, you check or uncheck the options to manage the settings.
- 5. To see individual cookies, click All cookies and site data.
- 6. To remove cookies, hover the mouse over the entry. Click the X to delete.
- 7. To delete all cookies, click Remove all.
For instructions to clear cookies in Firefox, please visit Mozilla’s support page.
For instructions on clearing and managing cookies in Internet Explorer, please search Microsoft help for your version of IE. Here’s general information.
Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.
Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.
Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.
To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
- Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
- Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
- Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.