Monthly Archives: September 2015

Avast

DeepScreen technology protects your business data before it’s at risk

Eliminate the risk of your sensitive business data being hacked.

Avast for Business protects your business data

Avast for Business protects your business data

Most of the truly dangerous malware is designed to harvest valuable business information – especially financial data. So hackers design malware to look like an innocent video, application, or website cookie. Sometimes malware can even be disguised as a exit button on an infected website. Basically, hackers use all kinds of tricks to get unsuspecting people to click, download, or run their malware.

The problem is that malware often ends up on a company computer or network completely by mistake. The file might look like a useful business graphic or tool, but when opened, it unleashes malicious code that takes over the computer and even the network.

So how do you stop this when you have 10, 20, 30, or more PCs, Macs, and servers under your care?

Make protection automatic

When a file is “DeepScreened” by Avast, it actually runs in the Sandbox, which is mainly responsible for keeping things isolated while watching for various high-level events and behavior of the program running. For example, it monitors the system call invocation and overall behavior of the program which is being executed.

This gives DeepScreen a chance to analyze the code and compare it against Avast’s massive cloud-based database, compiled from more than 230 million systems worldwide, to see if anything looks familiar. If the file behaves like malware, DeepScreen keeps you safe by quarantining the file in the Avast for Business Virus Chest. With no additional work on your part, DeepScreen automatically protects your company’s computers, files, sensitive information, and even your reputation.

Save time and money

When malware is restricted  to a secure virtual sandbox, your PCs, Macs, and servers are protected BEFORE any risk is introduced. No more having an employee sit idly by while somebody restores a computer. No more losing files that were corrupted. No more work interruptions from malware.

Most importantly, DeepScreen keeps sensitive information private, protecting the trust you’ve earned from employees and customers. And, as some larger companies in the news are finding out, business security can be the difference between profits and out-of-business.

Start protecting your company with Avast for Business which incorporates  DeepScreen technology, all for completely FREE .

Sign up for Avast for Business and save money and time for your company.

 

Avast

What does the Avast Sandbox do?

The Sandbox is like a hamster ball. It keeps potential troublemakers isolated.

The Sandbox is like a hamster ball. It keeps potential troublemakers isolated.

The Avast Sandbox lets you run a questionable program without risking your computer.

The Avast Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. This is particularly useful if you don’t completely trust whatever you just downloaded or you visit dodgy websites because programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files.

Here’s how it works: By default, if an application is started and Avast detects anything suspicious, it will automatically run the application in the Sandbox.  The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.

The browser or other application will then open in a special window, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.

Avast Sandbox

The sandbox window in Avast Premier.

The Avast Sandbox is part of Avast Premier 2015, Avast Internet Security 2015 and Avast Pro Antivirus 2015.

 

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Security

FTC, Experts Push Startups to Think About Security From the Beginning

About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go through that same painful process. The FTC […]

Ubuntu

USN-2735-1: Oxide vulnerabilities

Ubuntu Security Notice USN-2735-1

8th September, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

  • oxide-qt
    – Web browser engine library for Qt (QML plugin)

Details

It was discovered that the DOM tree could be corrupted during parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to bypass
same-origin restrictions or cause a denial of service. (CVE-2015-1291)

An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to bypass same-origin
restrictions. (CVE-2015-1292)

An issue was discovered in the DOM implementation in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1293)

A use-after-free was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1294)

A use-after-free was discovered in the shared-timer implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash, or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-1299)

It was discovered that the availability of iframe Resource Timing API
times was not properly restricted in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to obtain sensitive information. (CVE-2015-1300)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1301)

A heap corruption issue was discovered in oxide::JavaScriptDialogManager.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking the program. (CVE-2015-1332)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
liboxideqtcore0

1.9.1-0ubuntu0.15.04.1
Ubuntu 14.04 LTS:
liboxideqtcore0

1.9.1-0ubuntu0.14.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1291,

CVE-2015-1292,

CVE-2015-1293,

CVE-2015-1294,

CVE-2015-1299,

CVE-2015-1300,

CVE-2015-1301,

CVE-2015-1332,

LP: 1470905