Not too many years ago we had phones that only made calls. Smartphones are the newest generation of phones that bring a lot of possibilities right to our fingers through the apps specifically designed for them. We all got used to the Windows (or Mac) world, but now we are witnessing a revolution from “standard” programs and some specialized tools to a world where every common thing can be done by our smartphones. Sometimes it seems, that the device is smarter than we are!
But can it protect itself from the increasing number of threats?
You’ll find a lot of articles on the Internet which state that security companies exaggerate the need for mobile security and antivirus protection. You’ll read that Google Play and the new security technologies of Android Lollipop are the only things necessary for security. I could post many examples of such (bad) tips, but I don’t want to waste your time or mine.
Do you use only Google Play as your app source?
A common (and wise) security tip is to stick with Google Play for downloading apps. This is good advice despite the fact that we see here in the Avast blog that Google Play fails to detect some apps as malware. Look for our mobile malware senior virus analyst Filip Chytry’s articles. He continuously discovers holes in Google Play security.
However, what if you want apps that have been banned from Google Play? No, I’m not talking about (just) adult apps. Google banned anti-ad apps, for instance. So where is a safe place to get them? The answer is simple: outside of Google Play. The Amazon Appstore for Android is quickly increasing the possibilities.
Do you think that clean apps can’t become bad ones?
Clean apps can become bad ones, and with the new Google Play permission scheme, you may not even notice. This makes updating your apps (another very common and wise hint) an additional complication.
As the apps we love can turn against us, the best tip of all is that you install a mobile security app that helps you know what it being added to your phone. Avast Mobile Security updates its virus database very often to detect the latest threats and allows you to install securely all the apps you love.
This makes you smarter than your smartphone!
Avast is the leader in the cyber security arms race.
There are others fighting the fight, but a 21.4% share makes Avast the leader in the antivirus vendor market as reported in OPSWAT’s quarterly market share report.
That’s good news for individuals and business owners concerned about protecting themselves from vulnerable networks, swiped passwords, pilfered finanical data, erased online identities, and stolen Social Security or national ID numbers. Opinions about the future of cyber-attacks range from doom and gloom to optimism about the steady progress in security, but the fact remains that in today’s world, we have to work around the Internet’s vulnerable design and motivated hackers challenging businesses and home users.
“Installing an antivirus product is the first, not last, step to having a safe and secure computer,” said OPSWAT’s Gears product manager, Adam Winn. “Avast’s popular antivirus and security products are helping to improve security for all. Creating accessible antivirus products for home users contributes to an overall improved security status for everyone, even businesses.”
The OPSWAT report contains the latest figures on antivirus market share and usage, as well as analysis of compromised devices. A disturbing finding from the report stated,
More than 90% of Windows PCs have not run an antivirus full system scan in the last 7 days. Of these, 15% hadn’t even had their antivirus definitions updated within the previous three days which might explain why over3% were found to be seriously infected.
“It’s reasonable to assume in an organization with 400 PCs, a full dozen are compromised,” said Winn as an illustration of the seriousness. “The interconnected state of computing has blurred the lines between home and business, especially with BYOD, remote working, and SaaS. For this reason, it’s in everyone’s best interest that traditional antivirus protection continues to be in place to deter casual and commodity attacks.”
A lack of regular updates and full system scanning is especially problematic. Organizations without robust endpoint management and solutions in place to identify and remediate these risks are giving insecure devices access to their networks and could find themselves in violation of data security regulations.
The data for the report was collected by OPSWAT GEARS, a free device security and management tool. You can add your computer to the sample if you don’t mind them collecting information regarding the applications installed on your computer. Check it out here, https://www.opswatgears.com/
Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution - You can find them online! The catch? Your contacts are in a publicly accessible place.
If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.
Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.
A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.
Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.
We found log in data inside those entries from countries like Greece, Brazil, and others
The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.“
Avast detects it as Android:DataExposed-B [PUP].
We’re really excited by the popularity of our Free for Education program. It’s growing so much that we recently reached the 5 million milestone for the number of free licenses issues. This means that over 1/10 computers in schools, libraries and charities in the US could be protected by our enterprise-grade antivirus for FREE already!
Since November 2012 we have given avast! Endpoint Protection Suite, a product which is already purchased by many businesses worldwide, to education institutions in the USA for FREE. Over 4500 institutions have been granted a license for their network, savings schools on average $14,000 per year in antivirus license fees – freeing up much needed budget which can be better spent on other equipment to benefit your students. We’ve recently heard how one school will be putting their savings towards buying tablets for the classroom – a great investment for future technology.
When you consider what little funding this program has for advertising and promotion (after all, it’s a free project), the numbers we’ve achieved are huge and we hope the program continues this way and more and more schools can benefit from this.
How does a school get avast! Endpoint Protection Suite for free? It’s easy – apply here: www.avast.com/education I personally review and check all applications that come in to verify eligibility – so keep them coming!
Is avast! Free for students? AVAST Free for Education protects you at school and avast! Free Antivirus protects you at home. Students and their parents can use avast! Free Antivirus to help protect their school network further from outside threats. Download from: www.avast.com/students
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Running multiple antivirus programs on the same computer can cause conflicts resulting in false positives, a slowdown in performance, or system instability.
Question of the week: Can I have more than one antivirus program on my computer at a time?
This is a good question to ask the week that security geeks are discussing the death of antivirus all over the media. The antivirus program of the 90s may be among the dearly departed, but modern anti-malware solutions such as avast! security products incorporate firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection, making it an extremely sophisticated piece of software.
With all that complicated software, it’s not a good idea to run two antivirus programs simultaneously. In fact, many antivirus programs will not install if another antivirus is detected on your system.
Lukas Hasik, Vice President of Customer Care and Satisfaction at AVAST, says,
Most people think that more is better. However, there are situations when it isn’t true. More ice cream doesn’t make you more satisfied. And more antivirus programs on the same computer will not make you more secure. You may want to know why? The explanation is easy.
Antivirus itself has to access areas of your operating system that “normal” programs wouldn’t have access to because accessing these areas would make the program suspicious. This is the space for collisions with other programs; mostly other antiviruses. We always advise our users to have only one active protection at the time. It’s like adding more air deflectors to make your car faster – seems like a good idea, but it only slows you down.
Generally speaking, it’s good to have an antivirus program that scans every file or download for malware and a firewall which controls what comes into your computer so you can keep out hackers, viruses, and worms. Running multiple antivirus programs on the same computer can cause conflicts resulting in false positives, a slowdown in performance, or system instability.
Therefore it is strongly recommended to uninstall all other previously installed antivirus applications before installing avast! on your computer. Most antivirus companies produce a special uninstaller program to remove their antivirus software. You should use these removal tools because typical uninstallation from the Control Panel in Windows can leave stray files behind in some cases. These files may still remain in the system and prevent avast! Antivirus from being correctly installed.
We have compiled a list of vendors that provide a special removal tool to uninstall their antivirus software on the AVAST FAQ page. Follow their instructions before proceeding with the uninstallation.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our avast! Business Solutions.
Today almost everyone and their mother has a smartphone, even your mom’s mom probably has a smartphone! Smartphones help us connect with people near or far, whether it be through traditional phone calls, text messages, photo and video sharing via apps or messaging services, smartphones have made keeping in touch routine, easy and instant. We share personal moments, large or small, with the people we love the most: our moms. All these personal moments are then stored on our smartphones, so it is imperative to protect them, which is why we think avast! Mobile Security is the perfect Mother’s Day gift.
Here are 6 reasons reasons to back that up:
1. Antivirus: Mom has always protected you, whether it be checking for monsters under your bed or making sure you put on a jacket before you leave the house. Now its your turn to protect your mom from mobile malware monsters from getting to her data. Our anti-virus scans apps, files and SMS for malicious malware and includes spyware.
2. Anti-theft: We all know moms are superheroes that don’t wear capes, always on the go, making sure everyone is taken care of and where they are supposed to be. We also know that mom-purses are like Mary Poppin’s never-ending bag, so it wouldn’t be surprising if mom lost her phone running between work and soccer practice drop-off or if she were to “lose” her phone in her ginormous wonder bag. avast! Anti-Theft helps locate, control and lock lost or stolen phones remotely, GPS track and sound a siren alarm, making it simple to retrieve missing devices.
“Antivirus, as customers know it, incorporates firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection and not just antivirus. It is far from dead.” ~Vince Steckler, CEO
A weekend article in the Wall Street Journal in which traditional antivirus vendor, Symantec, described its new business strategy and declared that antivirus software is dead, prompted AVAST’s CEO, Vincent Steckler, to respond about the effectiveness of current antivirus:
Symantec’s statement seems to relate to the enterprise, and not the consumer and small business. Enterprises have traditionally relied on many layers of defense and antivirus is one of those layers. Antivirus though is a broad-spectrum defense and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about.
In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product.
These products though are not the simple AV products of past years. The true statement in the story is that consumer security is so much broader than AV. AV is used as a generic name as it is what customers know. They instead incorporate firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection and not just antivirus. Therefore, we believe AV is not dead in the consumer space. It is far from dead there.
AVAST has had this broad offering under the umbrella name of antivirus for quite some time now. Adding to its tool set of anti-spam, anti-phishing, and a silent firewall is a new set of tools to keep consumers safe from clever attacks.
avast! Mobile Security leads the fight against the exponentially increasing malware written for Android. Just as AV software is not exclusively a malware combatant, the Mobile Security app includes password protection, back up, VPN, etc. – all features that increase your security. avast! Anti-Theft for mobile devices addresses the more prevalent problem for the time-being; lost or stolen devices. Also on offer is software not traditionally in the “antivirus” universe: A password management system, a browser cleanup tool to remove potentially unwanted programs such as browser toolbars; military-grade backup storage services, and VPN services to protect unsecured WiFi.
So yes, the statement that antivirus is dead has been greatly exaggerated. Antivirus and the additional services are a necessity in today’s insecure environment, for consumers and enterprise.
And for those Symantec/Norton customers who feel abandoned by their security provider, we welcome you to switch to Avast for free. Antivirus is alive and well and continues to protect more than 200 million Avast customers daily from online threats.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.
Smartphone owners are careless about security, says survey.
Guys are more likely to get a virus on their smartphone than girls (36% vs 32%), and more than one third (34%) of survey respondents don’t have any anti-theft or antivirus security on their smartphones. Add to that nearly half of the people AVAST polled in the US said they did not back up their data or know if they did on their mobile devices. This is despite nearly one in ten saying they had lost their phone or it was stolen in the last 12 months. These results are from a recent smartphone survey conducted for antivirus software company, AVAST.
AVAST surveyed 9,060 people earlier this year in the US about smartphone ownership and use and have released the results today. Read more…
Does the title of this blog post have a mysterious meaning? Not exactly.
In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.
Name \ Info
\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.
Current Status: Removed from Google Play
\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.
\PUP – A screensaver application that has permissions unrelated with the purpose of the app.
\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.
\Malware – This app steal personal data and SMS messages from the user.
The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.
Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.
While most of the AVAST team is located in freezing Prague, some of us are enjoying sunshine in Florida. The AVAST Free for Education team is excited to be attending FETC 2014 in Orlando, Florida for the first time! Check out the preparation progress and don’t forget to follow AVAST on Instagram and stop by at the Booth 356!
AVAST Free for Education team is FREEking awesome!
Getting ready: booth 356 already looks pretty!
Why pay for Antivirus, if you can get one for free? Read more…