Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘security’
February 2nd, 2015

14 easy tips to protect your smartphones and tablets – Part I

A few precautions can make a huge difference in the safety of your phone and the important things you saved on it.

Protect your smartphone

Follow our tips to secure your phone and the data on it.

We talk a lot about protection and privacy here in our blog. It’s a bit obvious as our “life” is in our devices nowadays: Photos of our last trip or our loved ones, videos of our children playing and growing up, contacts both professional and personal. All our precious and irreplaceable data is stored in these little machines. Take a minute of your time and follow us in this easy tour to protect them and save a lot of time and headaches.

1. Set your lockscreen

You wouldn’t leave your home door unlocked, would you? Same goes for your phone with all your private data. Set a password or PIN to prevent direct and easy access to your phone. Gestures and face recognition are less secure, but are better than nothing.

2. Hide your passwords from nosy people

You will argue that people around you can look over your shoulder and see what PIN or password you’re typing or gesture you make. Generally, we’re not worried about trustworthy people around us, but what about strangers in a public place like a bus or train? Open your phone settings and hide your passwords by unchecking the option: Settings > Security > Make passwords visible.

3. Protect your apps with a PIN

Not all apps are equal when it comes to security and privacy. Probably the weather app or calculator won’t keep your personal info. However, your messages and banking apps will thank you if you help them to keep their data private. You can imagine what might happen if your kids to open a specific app while they’re playing in your devices. Use Avast Mobile Security to set a PIN to block access to your apps. As an extra security measure, it will be good that your lockscreen and Avast PINs are different ones.

4. Disable installation of apps from unknown sources

If you do not use other app stores besides Google Play, then uncheck the option “Unknown sources” in your phone’s Security Settings page.  Even the Google Play Store sometimes allows malware to get by. It’s well known that most Android malware are fake apps disguised as legitimate apps, so double check the publisher. Be cautious of downloading from fake sites disguised as official ones – check the URL. Avoid completely pirated and cracked sources.

5. Set Avast Mobile Security to scan any app before installing

If you really need to use legal third party stores, like Amazon or F-Droid, please be careful: Keep Avast Mobile Security always on. You know that Avast scans any installed and running app. But do you know that you can set it to scan any app that is about to be installed? After you’ve installed Avast, when you’re about to install a new app, the phone will ask you if you want Avast or the default installer to handle the installation by default. Use Avast, it will scan and then release the app to the default installation process.

6. Disable USB Debugging

This tip is for advanced users. If you have enabled Developer options into your device (and you will know exactly if you did as you’re an advanced user!), please, turn USB debugging off. You will protect your device from outside abuse (via adb connections) if you do so. You don’t need it to be on all the time.

7. Install and set Avast Anti-Theft

This is an old tip, but it’s so important that it should be on all smartphone safety tips lists. Just note that installing is not enough. You need to properly configure Avast Anti-Theft (don’t worry, there is an easy wizard for it) step-by-step. It’s good to check if your location services are properly set also, otherwise, it will be difficult to track it. In other words, go to Settings > Location Access and set High accuracy mode.

We’ll talk about the other 7 tips in next days, so come back to the Avast blog.

January 28th, 2015

Infographic: Privacy tips for business

Privacy plays a growing part in customer buying decisions. With every data breach, trust is eroded further.

Privacy and security are intertwined when it comes to our individual information. Consumers are becoming increasingly aware of the value of their personal data, so that means that businesses have to step up and do a better job of securing that data. Identity theft is the #1 fear of consumers, but for your business the risk is loss of trust and brand damage.

Since trust is the core of any transaction it’s important to know how privacy factors into your customer’s buying decisions. Research shows that almost 40% of consumers made buying decisions based upon privacy. When looking at who these people are, it was found that these individuals are aged 46-65 and have the highest incomes. But don’t rely on the business of the younger generation to supplant that once trust is lost; 27% of millenials abandoned an online purchase in the past month due to privacy or security concerns.

To mark Data Privacy Day on January 28, the following Privacy is Good for Business tips were created by privacy experts in civil-society, non-profit, government and industry and aspire to help business address the public’s growing privacy concerns:

DPD-Privacy-is-Good-for-Business-2014_1_13

  • If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
  • Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used.
  • Build trust by doing what you say you will do. Communicate clearly and concisely to the public about what privacy means to your organization and the steps you take to achieve and maintain privacy.
  • Create a culture of privacy in your organization. Explain to and educate employees about the importance and impact of protecting consumer and employee information as well as the role they play in keeping it safe.
  • Don’t count on your privacy notice as your only tool to educate consumers about your data practices.
  • Conduct due diligence and maintain oversight of partners and vendors. You are also responsible for how they collect and use personal information.
December 3rd, 2014

Is backing up your data the same as exposing it? In this case – Yes!

Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution -  You can find them online! The catch? Your contacts are in a publicly accessible place.

1playstore photo

Seriously.

If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.

Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.

 2app

A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.

3savedatacloud

Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.

4fiddlerinfo 5datafromserver

We found log in data inside those entries from countries like Greece, Brazil, and others

The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

6appinfoplaystore The application has been reported to Google without receiving any response.

Avast detects it as Android:DataExposed-B [PUP].

Samples (SHA-256):

F51803FD98C727F93E502C13C9A5FD759031CD2A5B5EF8FE71211A0AE7DEC78C 199DD6F3B452247FBCC7B467CB88C6B0486194BD3BA01586355BC32EFFE37FAB

November 24th, 2014

Cybercriminals take advantage of relaxed security measures during Black Friday

Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.

 

BlackFriday-crook

Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.

The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,

Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.

Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.

It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?

Believe Macy's

Cybercrooks believe in their ability to succeed this time of year.

Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?

The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.

How to protect yourself during Black Friday

  • Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
  • In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
  • Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
  • Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

November 19th, 2014

Keep track of your family’s devices using your Avast Account

The average US family owns four mobile devices, plus Internet-connected computers and other devices. Your Avast Account helps you manage their security.

Avast Account screenshot

Manage all your devices with a free Avast Account.

Keeping your security software up-to-date on all of these devices can quickly get confusing, and with today’s risks you want to make sure everything has adequate protection. Your Avast Account can simplify that task greatly.

Here’s what you get with an Avast account

Management made easy

  • Register any Avast free product which you have installed and which requires registration.
  • Manage multiple Avast-protected devices (PC, smartphone, tablet) from one place.
  • Remotely control Android mobile devices with Avast Mobile Security and Avast Anti-Theft installed. This is especially useful in case of loss or theft of the device .

Information at your fingertips

You can find information about your connected devices.

  • License status
  • Expiration date
  • Basic statistics
  • Version of virus signature database
  • Logs of activities, and more

Earn Avast Reward points for free stuff

You can generate your own special Avast Free Antivirus link to give to your family members and friends. When they download their own protection using your link, you collect “Karma” points to earn a free copy of Avast Internet Security. In your Avast Account, you can see how many points you have, earn badges and even see how you’re doing compared to other users.

Give Avast feedback

We provide links to the Avast Community Forum where you can ask questions of our experienced “evangelists,” and the Feedback page, where you can give suggestions, report a problem, or just say thanks.

Secure your Facebook profile

You can secure your Facebook profile using Avast Social Media Security. We help you navigate thorough the frequently changing security and privacy settings in Facebook. In the future we plan to add security profiles on other social networks.

How do I get an Avast Account?

New registrations of Avast Free Antivirus will automatically create an Avast Account and connect your device automatically. Visit https://my.avast.com or click Account in the Avast user interface. Use of the Avast Account for accessing other Avast services is completely optional.

NOTE: It’s especially useful to connect any mobile devices that have Avast Mobile Security installed because it gives you remote control over your device if the device is stolen. These remote control features have not yet been implemented for PC or Mac devices, therefore if you are not interested in the activity log or other information, you don’t have to connect your device to your Avast Account at all.

When you do connect your device, please be patient because of the large amount of data we have to process; the device status isn’t updated in real-time. It could take up to a half hour before the actual security status and other device information appears on the devices page, so check again later.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Categories: General, How to Tags: , , ,
October 14th, 2014

Adobe gathers data from your eBook reader

Image from http://www.quickmeme.com

Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.

“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.

If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.

Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.

It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

September 26th, 2014

What is the Bash bug, and how do I prevent my systems from being Shellshocked?

Shellshock is a newly discovered security flaw that has been around for 22 years, and works by exploiting the very nature of web GUI.

Shellshock

Working in the same way as SQL injection, Shellshock allows users to insert Bash (a Unix-based command processor, or shell) commands into a server via a web form or similar method, and exploits the very nature of environment variable handling, which is that after assigning a function to a variable, any trailing code in the function will be then executed.

Where the SQL injection vulnerability allows a hacker access to the database, Shellshock gives the hacker an authentication-free access to the server, which makes it much more powerful. With this type of access, one with malicious intent could create a worm that could multiply and reproduce the exploit across entire networks to collect or modify data, or open other security holes that would otherwise be closed. Though Bash does not natively run on Microsoft Windows machines, it can be ported, but it is not yet known if the vulnerability will remain present.

Ok, so I get it, it’s dangerous. Am I vulnerable?

Absolutely.

Why?

Because Unix has a much wider grip on our networks than most people can really appreciate. Due to its ubiquity, everything from routers and smartphones, TVs, cars and more could be exploited. Worse, is that many of those devices are very difficult to update. Your home router, for example, has control of all your incoming and outgoing network traffic, and if someone has that, not only do they have the potential to collect your data, but to enable ports, disable the firewall, and further their access into your network infrastructure. With that being said, if you are running any versions of Unix or Mac, and haven’t familiarized yourself with this vulnerability, you’re well overdue.

Luckily, many vendors have now patched for Shellshock by updating Bash, but at this time, Apple users should wait for an update.

I’m running Unix. What do I do now?

First, it’s best to find out if you’re affected. Specifically, are you running Redhat, Ubuntu, Fedora, CentOS (v5-7) CloudLinux, or Debian? If so, then run this command and find out to see if you’re vulnerable

$ env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”

If you see the word “vulnerable”, you’ve successfully run the exploit and you’ve got some work to do.

Luckily, most Linux distributions have issued fixes, so you can simply run your update manager, but for those who haven’t, you can do so manually by running the following commands:

yum update bash

OR

sudo apt-get update && sudo apt-get install bash

Help, I have a Mac!

Are you affected? Run this command from your shell and find out

$ env x=’() { :;}; echo vulnerable’ bash -c ‘echo hello’

Again, if you see the word “vulnerable”, you’ve successfully run the exploit and you’ve got some work to do.

If you’ve got Mac machines in your environment that can be exploited, you can disable the exploit by temporarily changing the default user shell. For IT administrators that have the know-how, get started right away – but for those that have to ask “how?”, it’s best to keep your eyes peeled and wait for an official update from Apple.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

10/1/2014 updated Unix and Mac instructions for clarity

August 21st, 2014

Employees using public Wi-Fi put sensitive business data at risk – VPN services provide proper protection

travel tipsJohn Smith works for a small business with ten employees. The company is sending John abroad to meet with potential investors. Being the productive employee that John is, he connects to the public Wi-Fi provided by the airport to do some work. He visits the investors’ websites and sends a few emails to his colleagues. On the flight, John continues to surf the web using the in-flight Wi-Fi. Once John lands he goes to a café before his first meeting. At the café he connects to the Wi-Fi to download a revised version of his presentation. After his meetings, John goes to his hotel for the night. There, John connects to the hotel’s Wi-Fi to send his boss a summary of the meetings and to catch up on some news from home. To John’s disappointment, local news videos are blocked due to geographic restrictions.

This sequence of events is typical for traveling business professionals. Connecting to public Wi-Fi frequently while on the go may be a great way to get work done, but it can be dangerous if employees don’t use a VPN (Virtual Private Network) connection.

During John’s journey he connects to four different hotspots. John works for a small business, so they do not have an IT administrator who set up a secure VPN for John to use. John therefore transferred valuable information, entered log in credentials, and browsed websites that reveal his business’ intentions without any protection. Anyone could observe which websites John visited, read messages he sent, and access files he transferred via unsecured sites with tools readily available online.

Unless you are visiting sites beginning with HTTPS, your communication is unencrypted. This means all your communication is out in the open for anyone to see, including log in credentials. Sharing information, such as files, via file transfer protocol (FTP) while connected to public Wi-Fi is also never a good idea. Like visiting non-HTTPS sites, files and data transferred via FTP are up for grabs.

Don't forgetSmall businesses, without a VPN network, should turn to VPN services, like avast! SecureLine VPN to protect their data. A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects business data, thus preventing hackers from accessing files and other sensitive information stored on the device. VPNs also anonymize location; an added plus for when business professionals who need access to content from home that may be blocked while traveling.

REMEMBER THIS!

With a VPN connection you can:

  • Protect your business data by preventing hackers from accessing files and other sensitive information stored on the device
  • Anonymize your location (IP address) online so you can access restricted content from home that might be blocked while traveling (Netflix, anyone?)
  • Hide your login details from snoops on public Wi-Fi. Avast encrypts all of your web use, including log ins and passwords.

avast! SecureLine VPN is available in packages of three, five or ten licenses and can be purchased from authorized AVAST resellers. avast! SecureLine VPN can also be purchased directly from the AVAST online shop.

Read more about VPN and avast! SecureLine from these blog posts:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
August 1st, 2014

Security and privacy settings across your Google accounts

Google is the most popular Internet search provider worldwide. The name itself has even become a verb: We don’t look online anymore, we Google everything. Moreover, we use plenty of Google products not even realizing how connected they are. Gmail, YouTube, Translator, Google Drive, Photos (the former Picassa), Play, as well as Google+. The integration of Google products has became stronger.  Now we access our email, YouTube videos, images, documents, and social networks such as Google+ and YouTube using one log in and credentials. Therefore it is extremely important to ensure that all of accounts are set up correctly. Following our previous articles on Security on Social Media, on Facebook privacy, Graph search or your reputation online,  let’s take a closer look at Google products with a special focus on privacy of your social account.

Security and privacy for your Google accounts

Google+ is a very specific social network, very often underestimated by the users. Most Google+ owners don’t even realize that they have an account on the social channel! You might not use it actively, but  it is important to have your data and profile under control.  So let’s start with the basics.

In the top right corner you can start editing your profile settings.

Privacy settings G+

Go to the privacy section. One of the most important features here is a 2-Step Verification.
Read more…

Comments off
July 31st, 2014

Security basics: Internet scams and your identity

If you’re afraid “to do something wrong” when you sit behind your computer, this new series is for you.

AVAST has expertise in developing security products and we want to bring you a complete series about internet danger, with good practices to avoid scams, loss of money, and identity theft. You’re just about to join a tutorial that will help you avoid such threats in the virtual world.

Privacy July 2014 B (2)

First, being afraid to do something wrong is healthy because it will slow you down, which can be a good thing since most mistakes are made due to rushing through something. Computers, smartphones and tablets are advanced tech devices. Those of us who did not have the opportunity to learn and gather knowledge and experience on using these devices when we were young, can be a little shy with them. Searching for information about how to do something with your device is not always easy because people tend to use complicated language. Making it simple and easy-to-understand is a task that we assume with pleasure.

The Basics

The internet is a space for sharing and dialog. However, alongside this encouraging environment you will face some areas where you need to exercise caution: Inappropriate content for children like adult sites; sites which promote hateful content such as racism and intolerance; and cybercriminals who use different methods to steal your personal, banking, and credit card data.

You may be tempted to think that no one will be interested in your computer, or that your computer cannot be found in the internet jungle. That would be a mistake.

Cybercriminals hide in the jungle and misuse your computer as a base to attack others, and spread viruses (malware) or spam. Think of it this way – the banking systems and e-commerce sites have, in general, a much bigger and more sophisticated security arsenal than your own computer (smartphone or tablet), and yours is the weakest point in this chain.

So let’s start from the same place.

Here’s The Rule: All safety measures you take in real life should be applied when you use the internet: Visit only trustworthy sites and stores, do not share your personal data with anyone, lock the doors, and put an alarm. AVAST believes security implies prevention: Be prepared before something bad surprises you.

Your identity is up for grabs

Your personal data or your credentials for a particular site (username and password) are quite valuable to cybercrooks. With this data, scammers act on your behalf; sending emails (like the phishing ones we’ve written about lately), shopping with your credit card, and doing things that can cause harm to you, not only financially but also for your reputation. They could share false information about you, photos and personal data. This could led to problems when, for instance, you are looking for a new job, but also in your personal and family life.

Create strong passwords to protect your online accountsTaking care of your passwords is essential. Use different passwords for each service or internet site. You should create the so-called strong passwords: CAPS letters, symbols, and numbers. AVAST offers an automated solution for your passwords called avast! EasyPass. This way, using different and secure passwords, cybercriminals can’t easy guess your credentials, enter in sites, or shop in your behalf.

Do not answer unsolicited emails or sales promotions that promise you a financial return after you make a small payment. Never help or join into the financial operations of a third party, close to you or not. Do not trust in NGOs that ask for donations, rather look for the official sites to contribute. Never giveaway your banking data for “personal credit and rewards” announcements, for example, bogus companies offering jobs that ask for a preliminary payment. Scams that prey on your emotions are prevalent. Dating scams in-the-wild ask for money to make a trip to meet your  love interest personally. In fact, after you pay, you’ll never see your love again. Beware of these types of scenarios.

How can we avoid these scams? Generally, they ask for a quick and secret decision and, often they have spelling and grammar errors because many still originate from foreign locales and rely on online translation software to spread the scams all over the world.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.