Category Archives: Avast

Avast

Surviving my 25 day Offline Holiday

If you’re reading this,  you probably read Part I of my social experiment, 25 Day Offline Holiday: Can a techie do it? I’m trying to live without the Internet for 25 days while I’m on vacation in Chile. Well, not absolutely without. It’s available, but I’ve banned myself from receiving or answering emails or messages, playing with the apps on my phone… that sort of thing.

I am on an Offline Holiday. Can I survive it?

I discovered that I can run without a fitness app tracking my progress

I discovered that I can run without a fitness app tracking my progress

Day 8. Today, while running under the sun and watching the fields, I wondered what Bob would think about my 25-day experiment? Bob is my fellow Avast evangelist and like me, he’s extremely active on the Avast Forum. He makes presentations all over the United States about security, anti-malware, and how to be safe while connected. I guess he’s never recommended Avast to anyone offline. All he must  be doing, while I’m on my offline vacation, is teaching people to be protected, have their antivirus fully updated, and so forth.

And what about David, another Avast evangelist? I wonder if he is solving all the issues on the Avast Forum? Would he survive in England without being connected? What about Asyn? Has he recommended that you read any Avast Blog articles yet? And Polonus? Is he fighting off online malware?

I’m not sure what my friends are doing, as I’ve been offline for over a week now.

Look for yourself: Join the Avast Community Forum and meet real people that can guide you through online security. Tell them I said hello.

Day 9. Nothing new. I’m bored because I can only read the local newspaper. I have a lot of time to watch movies.  My health is very good: I lost some weight. But I don’t know for sure. Maybe it’s wishful thinking since I’m not following my app.

Day 10. I love ice cream and today I have one. Isn’t life beautiful?

As I write this, my thoughts drift back to what I enjoy doing the most when I’ve got an Internet connection – helping people stay secure when they’re online. If you’re connected, you need to be safe.

I can’t imagine connecting  to the internet without the protection of Avast SecureLine in all these cafes offering public Wi-Fi. As I sit here eating my ice cream, and not looking down at my phone, I watch the people.  It’s a pity that I can’t teach all of the guys here that their internet traffic could be eavesdropped on without a proper VPN. Well, Avast Mobile Security team, at least I’m safe since I’m offline. Plenty of work for you…

Here, the sun is in the sky, and I have all day to enjoy myself. OK, now what…?

Day 11-13. Nothing new during these past few days, I mean, nothing interesting enough to be written about here in the Avast blog. As I don’t know if Deborah published Part I, maybe these musings are useless?

I may be offline, but my thoughts are connected to my work with Avast. I miss everyone and hope the Avast team is working hard to protect more than 230 million people round the world. They have one less to protect for another week and a half.

Did you see the picture of the Avast Virus Lab some days ago? Wow, all that malware coming to your devices. But I’m sure if you’re reading this, you are smart enough to protect both your notebook and your mobile devices.

Day 14. Hmmm… I wonder if this blog is useful to anyone? Did anyone comment on part one? Did our social media team receive any comments about my experience on Facebook or Twitter?

The worst part about being offline for the past 14 days, is that I don’t really know what is happening. No feedback. No likes, plus 1s, or retweets. No news is good news, I suppose.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

In search of the perfect instruction

Knowing the language of common microprocessors is essential for the work of virus analysts across the AV industry.

Each program you run – clean, malicious, no matter – is actually a set of commands (called instructions) specific for particular processors. These instructions can be very simple, e.g. addition of two numbers, but we can see very complex cryptographic functions as well.

As the processor architecture evolves in time, it becomes more and more complicated and understanding or decoding the language is more difficult. It (hypothetically) does not have to be like this, but there’s a hell called backward compatibility.

proc_comic

Sooner or later, popular products such as (the majority of) desktop computers with the x86 processor need some innovative development to meet future requirements. Sometimes the amount of innovation is so vast, that it could easily form a completely new product. That’s the decision point – to be, or not to be – are you going to start a new product line and throw away the old platform, or will you stick with the old solution and keep the backward compatibility by hook or by crook?

Intel actually tried both ways.They admitted that there’s a need to make fundamental changes in the architecture and not limit themselves with the 20 year old shackle of 8086 processor.

So they started with the Itanium series – a completely different processor without the old limits. But the majority of common applications were written/compiled for traditional x86 architecture and Itanium has never made it to the “mainstream”.

To be honest, Itanium’s primary focus is a sphere of enterprise servers and high-end solutions, but it was a chance to make a big change with an impact also to traditional desktop systems. However, it would mean a successive conversion of current users to the new platform, motivating developers to write applications (browsers, media players, office suites…) for that platform, etc. This never happened and Itanium remains a enterprise solution. The x86 ecosystem was, and still is, so strong, that it was a necessity to paste all innovations to the old architecture. If you can’t start a greenfield project, you will always end up finding the lesser of two evils.

What are the drawbacks to Avast virus analysts?

The language of x86 processors is called x86 assembler. If we want to understand it, we must decode it with our x86 disassembler. This is a crucial part of static analysis, emulation, dynamic translation; weapons used by, I would guess, all antivirus engines to fight malware.

Having such a disassembler means having over 16,000 lines of C code and data, including padding and formatting in our case. It could be much shorter, if there were no logical exceptions from the decoding scheme, reusing prefixes for different purposes and giving them completely different meaning, etc. With such circumstances, writing a reliable, fast, and small disassembler is really difficult and with each “paste-to-old-architecture” innovation it gets closer to impossible. It’s going to be either big, slow, or not that reliable by design, because the x86/x64 architecture is so rich and in-homogeneous.

What should be done about x86

Here’s my point. It’s OK to add native support for AES and other cryptographic functions, it’s useful, but this is not the perfect instruction. I would really like to see the disasm instruction. Once the architecture is so complicated and the opcode map so messed up and there’s no way back, why not let Intel engineers deal with it?

We have a saying in Czech Republic, loosely translated: “Let them eat, what they cooked.” It would be so nice if a processor was able to provide us with its own native decoding capability. It would be so nice if we did not have to walk through the whole instruction set reference and find which part was twisted this time to fit new demands along with old shackles. After all, we could have smaller, faster, and the most reliable code (because who’s supposed to know x86/x64 processors better than their architects?).

So, Intel engineers, for the sake of all emulator programmers, will you pick up the gauntlet and implement the perfect instruction? :-)

25 Day Offline Holiday: Can a techie do it?

To get away from it all, I decided to take an unplugged vacation. But can I survive it?

Chile's Atacama Desert is the perfect destination for an "Unplugged" holiday

Chile’s Atacama Desert is the perfect destination for an “Unplugged” holiday

The day before I left Brazil for my vacation, a young lady who works with me said, “My vacation concept is different than yours.” She said that her vacation is time to take a break, to disconnect. So she unplugs all her devices and goes offline.

I’ve thought I could do the same while traveling to Chile. I won’t write about the trip itself, but about my Offline Holiday. For sure there are a lot of free Wi-Fi hotspots, and I have Avast SecureLine and Avast Wi-Fi Finder, so I could be secure the entire time. But, that’s not the point.

I just want to see what will happen in my life, and in my body and mind, being 25 days offline.

Day 1. I’m using Windows Preview Pro 11102, my machine is fully updated and Avast Software Updater shows that all the software on my computer is OK. I can’t believe that I will disable Avast!

Yes, as a rule you should keep your protection fully updated and on. But, I ran a full scan before beginning this offline journey and with no connection to the internet, I am not afraid. I am traveling for the first time in this new country, but my favorite apps do not work and I have no internet.  Thankfully, I’ve installed an off-line map and GPS app. This option is showing me the way.

Day 2. I thought it would be easy, like when I stopped smoking 15 years ago. “I can manage it,” I told myself.

I’ve disabled some of my startup items. Why should I start a browser, an online backup, and an email client if I’m offline? I’ve put my smartphone in airplane mode and the battery stays charged all day. Isn’t it good?

My fitness app did work. GPS is there, but without internet it’s not loading. So I’ve moved to my backup fitness app that I tested offline before. Worked. Good. I don’t need anything more.

Day 3. Everything is quiet… So quiet… No smartphone notifications… Not a single message and email, nor my RSS showing any news… Will I make it? “25 days is too much,” I thought. “No, I’ll stay determined!”

I bought a newspaper! Paper! International news shows my country hasn’t changed a lot in a few days. Why worry with getting news all the time? I’m on holiday.

Day 4. I hate to have Windows saying my protection is off, so I disabled the notifications. No problem. Everything is still working. No email. No messages.

I’ve started to enjoy the simple things more. Chile is a fantastic country. I appreciate the food and the fruits (not that I could read about them first on the net) and a lot of fantastic wines.

Day 5. I’m traveling in a very dry part of the country. Who needs an app that notifies you when you need to drink water, I think to myself? I’m drinking a lot of water anyway. The Atacama Desert seems like Mars. Recently I watched a DVD movie called Mars with Matt Damon. In the movie the stranded astronaut has communication with Earth but I’m alone here.

Well, not exactly, I’m surrounded by people and technology, just crazy enough to be doing this social experiment of being offline.

Day 6. I’ve committed a sin today. I had to send some blog articles to Deborah. I promise that I borrowed a phone from a friend of mine, prepared the email, logged into my Gmail account with two-authentication factor – how exciting is to be secure! – and sent them to her. Generally, she thanks me about my hard work. She will do the same now. Nobody will be listening. I am tempted to go further and read tons of emails that have accumulated in my inbox, but I don’t give in. No, I logged out.

Day 7. If you’re reading this post, that means Deborah received my email. I was at a museum and with public Wi-Fi, I just sent this to her. I promise, no other communication. Avast SecureLine gave me protection over this public Wi-Fi, so I logged into my Gmail account and sent her the text using my phone.

 I suppose I’ll continue next week. Or maybe I’ll quit. This is harder than I thought…

Wish me luck and keep yourself connected to our blog with Avast fully updated. Remember: I’m offline, not you. Will I survive?

5 questions with Timmy Forson: Business Support Hall-of-Famer

Business support person, Timmy Forson

Business support Hall-of-Famer, Timmy Forson

Timothy “Timmy” Forson is one of Avast’s business products finest Support Specialists. He began working at Avast on June 1st, 2015. We sat down to learn more about one of our support Hall-of-Famers. This is 5 questions with Timmy!

1. What is your role at Avast Software?

Senior Support Specialist. Basically I support all our business solution customers, from Endpoint and Server protection to Avast for Business via email, phone, and chat. I work from our Charlotte, North Carolina office.

2. What is your approach to supporting customers?

First, I analyze the customer’s issues one step at a time, this way I can gather a clear and concise picture of the overall problem. Then through a streamlined method of troubleshooting, I can provide a solution for the customer’s issue and communicate that as plainly as possible.

In this, I am not only solving the customer’s issue but also educating the customer about what caused the issue and how it can be further avoided. This way the customer walks away truly feeling how much they mean to us and not just like another number to the company. We want our customers to have a positive experience with support.  

3. What is your favorite part of chat support?

Not knowing what will show up in chat next. It is very rewarding taking someone’s bad day and turning it around just like that.

4. A lot of us have been “that customer,” the one that runs to support for something obvious. What is the funniest issue you’ve ever had to resolve? (KEEP IT G-RATED TIMMY ) :-)

This would have to be a customer that came into chat one day and needed help downloading the installer file from the console. I asked the customer to click on the blue “add new devices” button. They looked all over that page for the button and could not find it….about 30 seconds later they reply ”…oh…the blinking blue button that says ‘add new devices?” ….Yes….that is it I replied. Everyone has those moments.

5. Traditionally the last question is not work related. I understand you fly stuff. Tell me all about that, then tell me what your favorite plane is and why?

I have been flying since the age of 14 (it runs in the family). I started out in a J-3 Piper Cub and rapidly moved my way up through the Cessna Caravan and also have time in a B-200 King Air and a BeachJet 400.

Currently, I fly search and rescue for the Civil Air Patrol (CAP), an auxiliary of the U.S. Air Force. We conduct 95% of all homeland search and rescue missions. We operate a beefed-up Cessna 182, and the Gruman GA-8.

Along with flying the big airplanes, I also enjoy designing, building, and flying R/C model aircraft as well. I currently have a collection of 12 airplanes and 4 helicopters. Here’s a video of Timmy flying one of his helicopters in the meeting room at Avast offices in Charlotte.

I would have to say that I have two favorite aircraft; the first one is from WW2 called the Republic P-47 Thunderbolt. It was a formidable fighter with a reputation for taking a pounding and bringing its pilots home safe. The other is my favorite fighter of today – the Boeing F/A-18 Super Hornet. I fell in love with these aircraft the first time I saw them when I was 5 years old at an airshow in Maryland.

Flying is the one thing that I can say without a doubt I am 100% passionate about. I am also a member of the Avast Aviators group on Google Plus. It is an internal group for anyone in Avast that enjoys the splendors of aviation.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Online dating scams target divorced, middle-aged women

mature woman looking out of the window on a rainy miserable day

Romance, or Sweetheart, scammers troll for lonely, vulnerable people on dating sites

 

Lonely hearts still waiting for their soulmate are easy prey for online dating scams.

Many people search for love through online dating sites, dating apps, or social media. Unfortunately, before you find your prince (or princess), you have to eliminate the frogs.

“Romance” scammers, sometimes referred to as “sweetheart” scammers take advantage of vulnerable people, especially divorced women over 40, by posing as an eligible romantic prospect.

How romance scams work

It all starts with a fake online profile. Scammers may use a fake name or steal the identity of a real person. There is often more than one person perpetuating the scam – there have been reports of a room full of people working from the same script. Often they portray their fictional selves as living overseas or on active duty in the military. This gives them a good reason for why they cannot meet their intended in person.

Romance scams are a long form of social engineering. The scammer can take weeks building an interesting backstory that draws their victim in, but they often express strong emotional feelings in a short period of time, which keeps the victim psychologically engaged. They use words filled with love, share personal information, and sometimes even send their victims small gifts.

Once trust is established, the scammer will push to take the communications to email or an instant messenger service. The new online lover will soon have a problem which requires money to fix. It could be a personal emergency like a family member who needs immediate medical attention, or some kind of financial hardship like a failed business or street mugging.

A shot to the heart

While declaring their love and devotion for the victim continually, the scammer may directly ask for money to be wired to them, send a check or money order and ask their sweetheart to cash it for them, or send a package and ask it to be reshipped to a different address. The Federal Trade Commission warns that scammers are now upping the ante and engaging in online bank fraud.

“They ask their love interest to set up a new bank account. The scammers transfer stolen money into the new account, and then tell their victims to wire the money out of the country. Victims think they’re just helping out their soulmate, never realizing they’re aiding and abetting a crime,” writes the FTC in their consumer blog.

The FBI’s Internet Crime Complaint Center (IC3) reports that the average complainant loses over a hundred thousand dollars to internet dating scams. They saw more than $82 million in victim losses in the last six months of 2014. Females suffered 82 percent of the losses; males sustained the remaining 18 percent.

Recognizing an online dating scammer

The online dating scam is a variation on the Nigerian scam, which started before the days of the internet. Here are tips from the FBI on how to identify a dating scammer.

Your online “date” may only be interested in your money if he or she:

  • Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging
  • Professes instant feelings of love
  • Sends you a photograph of himself or herself that looks like something from a glamour magazine
  • Claims to be from your home country and is traveling or working overseas
  • Makes plans to visit you but is then unable to do so because of a tragic event
  • Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization).

If an online dating scam happens to you or someone you care about, please report it at ftc.gov/complaint — click on Scams and Rip-Offs, then select Romance Scams.

Find reliable, secure Wi-Fi hotspots with new Wi-Fi Finder app

Avast Wi-Fi Finder for Android finds secure Wi-Fi connections, wherever you are.

Everyone loves saving their data by using free Wi-Fi hotspots, but that can be risky if the hotspot is unsecure. Hackers can eavesdrop on what you’re doing, see your messages, watch the sites you navigate to, and even steal usernames and passwords. Wi-Fi FInder mapWi-Fi Finder list view

How to find safe Wi-Fi hotspots

New Avast Wi-Fi Finder is an Android app that can help you find reliable, fast, and secure Wi-Fi connections, wherever you are.  With the mobile app’s user-friendly map interface, it’s easy to find hotspots recommended by people around the world. Avast Wi-Fi Finder helps you select a secure Wi-Fi connection without the worry of going over your data plan or the frustration of slow data connections. Avast Wi-Fi Finder is free for Avast Mobile Security users. Download Avast Wi-Fi Finder from the Google Play Store. For iOS, download Wi-Fi Finder from iTunes.

“Many of us have found ourselves in situations when traveling or working remotely in which we’re unable to find reliable and secure Wi-Fi,” said Gagan Singh, president of mobile at Avast. “With the Avast Wi-Fi Finder, consumers are now able to find a safe and fast Wi-Fi connection whether you’re at the gym, hotel, airport, bus station, library or café.”

The Avast Wi-Fi Finder helps you:

  • Connect to the fastest, most secure hotspots
  • Obtain speed without compromising privacy
  • Navigate a collection of nearby Wi-Fi hotspots, recommended and crowdsourced by nearby users

Here’s how Avast found all those safe Wi-Fi hotspots

In August 2015, Avast launched a product crowdsourcing program that allowed Avast Mobile Security users to help Avast harvest nearby available Wi-Fi spots. By enlisting our 230 million users, our team collected Wi-Fi hotspot data from volunteers and evaluated each hotspot’s security level before launching Avast Wi-Fi Finder.


Please follow us on FacebookTwitter and Google+.

Sharing personal information plays part in Neiman Marcus hack

Data that you share on social media could end up for sale on the Dark Web.

Adjust your privacy settings on social networks. You never know who may be watching!

Adjust your privacy settings on social networks. You never know who may be watching!

The luxury retailer Neiman Marcus is the latest victim of a data breach. At the end of January, Neiman Marcus notified their online customers that unauthorized individuals attempted to access customer’s online accounts by trying various login and password combinations using automated attacks. The hackers were able to accurately guess the username and password combinations and access some online accounts. Neiman Marcus reported that only a small number of these accounts were used to make unauthorized purchases.

Personal information shared on social sites combined with Personally Identifiable Information (PII) and username and passwords for sale on the Dark Web, are making data breaches of this type more common.  Cybercrooks, terrorists, and nation states buy information from shady sites, then use it to break into banks, launder money, or make trouble for big U.S. companies like Neiman Marcus Group.

“These bad guys are assembling portfolios of individuals,” said Avivah Litan, an analyst at Gartner in an interview with DataBreachToday about the breach. “They’ve got a big database of American citizens and all the data associated with their identity, and lots of different people are buying up this data on the Dark Web. And they’re using this data to get to their targets.”

Unsafe practices make hacker’s jobs easier

Responsibility for customer safety belongs heavily with the organization. They should encrypt any customer contact information and use stronger authentication methods than just a username and password. But, we as consumers make the hacker’s job easier by using the same username and password on multiple accounts. Once one set of credentials is compromised, then hackers will test them to get access to other websites.

We can take steps that make it harder for a cybercrook to gather information on us and break into our accounts.

Clean up those passwords

One of the simplest ways to protect yourself against online threats is to use strong passwords for each of your accounts. Yesterday in the Avast blog, we told you how Avast Passwords can help you manage multiple accounts across the web and create encrypted, strong, unique passwords. Every Avast Antivirus customer can use this feature for free.

Avoid oversharing on social sites

Social media is fertile ground for cybercrooks to gather personal information. Sharing something seemingly innocent like your dog’s name, your birthday,  or your mother’s maiden name can give insightful crooks the answers to security questions of your bank account. Put that together with PII and they’re in.

  • Lock down your social profiles. Each social site has security settings so you can have more control over who sees what you share. Use these direct links to update your privacy settings on popular devices and online services.
  • Limit the number of online quizzes you take. Yes, they are popular and fun but these quizzes can gather information about you, your interest, and your life assisting bad guys in creating an online portfolio of user information.

A nova sede da Avast em Praga está pensada para atrair talentos

A nova sede da Avast está localizada no Enterprise Office Center de Praga.

Avast's new headquarters are located in Prague's Enterprise Office Center.

A nova sede da Avast está localizada no Enterprise Office Center de Praga.

A abertura da linda sede da Avast, no Enterprise Office Center de Praga é uma boa ocasião para celebrar. Há alguns dias, no evento de inauguração, alguns dos nossos executivos mostraram as razões da mudança, bem como detalhes específicos sobre o novo edifício e o seu potencial para a empresa. O COO da Avast, Ondrej Vlcek, descreveu os conceitos que estão por trás do edifício:

O projeto foi pensado por empresas de muito sucesso no Vale do Silício, trarão um novo espírito empreendedor e conduzirão a equipe à excelência.

O edifício tem uma impressionante funcionalidade:

  • Quarenta e cinco salas de reunião em ambientes formais ou casuais.
  • Escadas de seis metros de largura ao longo de todos os seis andares que servem como ponto de encontro dos funcionários.
  • Uma cantina com comida gratuita servida diariamente da manhã até o início da noite. Isto permite o contato informal entre as equipes que tradicionalmente não iriam almoçar juntas, além de melhorar a comunicação interdepartamental.
  • Uma área de fitness, uma sala com poltronas, cinema e uma biblioteca para melhorar a cultura e relaxar.
  • Uma sala para as crianças que dá uma mão aos pais que trabalham conosco.

 

Não é difícil de acreditar que este espetacular espaço de trabalho atrai talentos do mundo inteiro para trabalhar na Avast. Os atuais funcionários da Avast também têm muitas coisas positivas para dizer sobre o nosso novo espaço de trabalho:

Quando eu vi a nossa cantina, eu não consegui acreditar. Tantas variedades de comida, de leves e saudáveis saladas até cafés da manhã de Champions. — Tomas Penka (Especialista de eComm)

É leve e único, e tem uma atmosfera que convida à criatividade. – Che Johnson (Suporte Técnico Corporativo)

A escada central força os funcionários a utilizá-la e caminhar mais, o que foi uma surpresa saudável. – Petr Prusa (Engenheiro de Qualidade)

Começando um novo ano, vamos nos lançar de cabeça em nosso novo edifício e aproveitar a oportunidade de demonstrar como trabalhamos para manter seguras as pessoas em todo o mundo, todos os dias.

Siga o Avast no FacebookTwitterYouTube e Google+, onde a gente mantém você atualizado todos os dias com notícias sobre segurança digital.

 

 

How to create strong, unique passwords for all your accounts (and remember them!)

One of the best ways to protect yourself online is by using strong passwords. Yeah, right.

Do you write your passwords on sticky notes?

You’ve seen the rules before

1. Use long, strong passwords that mix letters, numbers, special characters, and capital letters

2. Avoid using the same password on different websites.

But since we have so many to remember, the average is 19 per person, then most people default to using easy-to-remember passwords. The most popular passwords for the past few years have been 123456 and password.

 Is it safe to store my passwords in the browser?

Most browsers offer to store your passwords, and on the surface it seems like a convenient way to keep them handy. But the problem is, when you store passwords in your browser, they are stored on your device along with the information necessary to decrypt them – which makes them easy to hack.

One password to rule them all

What if you could remember only one password, but still follow the rules for creating strong, unique passwords? Cue the angels, because Hallelujah, you can!

Avast Passwords is a password manager free to all Avast 2016 users. Avast Passwords helps you manage passwords across all your devices and all you need to remember is one main password! Avast Passwords automatically imports passwords stored in your browser and when you need to create a new password, all you do is click a button and a secure password is automatically generated and stored.

Avast Passwords is available for Google Chrome, Firefox, and Internet Explorer.  Even better – you can sync your passwords with other devices when they are connected to the same Avast account. Opera and Google Chrome are supported on Android phones, and Apple Safari on iPhones.

Watch this video to learn How to set up Avast Passwords on your Windows desktop.

Passwords is available on all editions of Avast Antivirus 2016, including Avast Free Antivirus. For additional features, you can upgrade to the premium version.

The cat and mouse game of internet security

Virus Lab analysts can see real-time threats on the monitoring wall

Virus Lab analysts can see real-time threats on the monitoring wall

Security is an evolutionary business rather than a revolutionary one.

“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.

The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.

Avast CEO Vince Steckler

Avast CEO Vince Steckler

Keeping up with the bad guys

To combat today’s cybercrooks, Avast Virus Lab analysts must study what the bad guys have done previously.

“You start trying to predict what the bad guys might be trying to take advantage of in the future and closing off those holes. At the same time, those guys are finding other little ways in and you have to catch up with them,” said Steckler.

Antivirus companies have done an excellent job at protecting the consumer and small business “endpoint” – such a good job that it’s actually very difficult to break into the endpoint itself. This forces cybercrooks to look for other entry points.

Avast experts agree that the likely path cybercrooks take is through the home router.

Home routers give cybercrooks an easy target

Consumer routers tend to be acquired based on price and they have a lot of flaws. Steckler estimates that, “We can break into probably about 70% of home routers in the world.”

The reason home routers are so vulnerable, he says, is that, “They are very poorly protected and the username-password on them is something that’s easy to crack. It’s not that difficult for someone to break in remotely over the Internet via the username and password or in a drive-by, in which case it’s even easier.” Most routers also have unpatched software leaving them with a number of vulnerabilities.

Recently the hacktivist group, Anonymous, launched a DDoS attack using compromised home routers so Steckler thinks that the frequency of those types of attacks will increase.

How to secure the Internet of Things,the Smart Home, and Industry 4.0

“The Internet of Things and 4.0 get a lot of press because they have nice catchy buzz words,” said Steckler. People have connected refrigerators, connected thermostats, door locks, security cameras, and baby cameras, but, “Right now a lot of internet-connected refrigerators don’t do anything. They are just a browsing tablet.”

“But when people start looking at what kind of protection is needed, you have to be thinking about what’s the risk. If my internet-connected refrigerator gets hacked, what happens? If my thermostat gets hacked, what happens?,” asked Steckler.

“The common thing with all of this is that none of these devices in the so-called Internet of Things really have any direct connection to the Internet. They are all connected, once again, through the home router,” said Steckler.

Since the home router is a vulnerable entry point that means that the risk for attack exists. “If you can harden your home router, that really goes a long way towards protecting the Internet of Things.

The risk of BYOD

“The Enterprise is a much different story, when you get into the BYOD (Bring Your Own Device). We all have mobile devices, and for many reasons it’s much more convenient to use one mobile device for both your personal and your business,” said Steckler.  “Some businesses encourage it by providing a device, but the fact of the matter is most everyone is going to be using one mobile device for both.”

That co-existence of personal and business-related data on one device that the employee is responsible for causes a risk to the consumer and the business. To the business it means that their data can be lost if access to the internal systems is compromised. If the employee loses the device, the typical company response will be to remotely wipe everything on it including all their personal stuff – then they suffer a big data loss.

“A solution is really to virtualize the entire corporate usage of it and run all the corporate usage on the corporate servers,” said Steckler. “That’s why we’ve brought out a new solution this year that does exactly that.”

Avast Virtual Mobile Platform (VMP) addresses these security risks, helping IT organizations liberate their businesses from leaks of confidential data and minimize mobile device costs.


Watch the entire interview including Mr. Steckler’s opinion about when Artificial Intelligence will become a threat to humanity and why Avast built a Silicon Valley-style building for its headquarters.