Category Archives: Avira

Avira

Avira Antivirus is No. 1 in test results

We have developed the very nice habit of constantly excelling in Independent Labs testing. The latest results revealed by AV-Test and AV-Comparatives confirm it, as both our Antivirus for Windows and our Android Security App receive awards for impeccable detection, performance and usability.

Avira Antivirus Security for Android strikes again

avtest_certified_mobile_2015-03The free Android version of our Antivirus has consolidated its position as the best antivirus software for Android in the most recent AV-Test round of testing. During the “Mobile Security Test” performed in March 2015, Avira obtained a perfect 13/13 score with 100 % detection of the malicious apps used to catch security vendors off guard.

In case you were wondering, the Industry average is somewhere around 99.7% so not missing any of the 3,077 samples is definitely a result worth mentioning.

Regarding its usability and performance, Avira Antivirus Security for Android proved once more that it doesn’t have any impact on your device’s battery life and it doesn’t slow it down either.

No. 1 in AV-Comparatives tests

In the March edition of the Real World Protection Test Avira Antivirus Pro incontestably conquered the first position with a perfect score: 100% detection rates and 0 false positives.

Avira Antivirus test results

Avira Antivirus also received an “Advanced” award from AV-Comparatives, following the most recent File-Detection Test. Avira detected 99.9% of the malicious files, being number one in detection.

Avira Antivirus

If you want to make sure that no corrupted file finds its way through your device, download Avira.

It’s all about consistency

We’ve talked about detection, performance and usability as incontestable qualities the users may enjoy in our product. Let us add one more to the list: consistency, especially when it comes to receiving certificates and other types of recognition for our award winning products.

Celebrate with us our outstanding performance and Benefit from a 50% discount on Avira Antivirus Pro using the following voucher code: YE9-DDP-R8X

The post Avira Antivirus is No. 1 in test results appeared first on Avira Blog.

Does your company have a security threat on the payroll?

While security used to be an afterthought for many businesses, it’s now something that they realize cannot be ignored. Much of the focus is placed on keeping threats out, but too few companies focus on the threats that may already be internal. And we’re not talking about malware.

What we’re talking about are employees of the companies themselves. Here you have people who are paid to be a part of the company, and along with those jobs comes a high level of trust. The more exposure that these employees have to sensitive systems and data, the more that they’re trusted to deal with them in the proper way. Most of the time that trust is well founded because the employees have worked hard to advance their careers and gain that level of trust, but sometimes it can cause security problems.

There is a reason for which the BYOD policy should become a hot topic in the IT department of every company. Allowing employees to use their personal devices at work can cause incredible damage. Even so, there is also a less discussed threat for businesses to take into consideration.

Just think about what can happen if an employee suddenly becomes disgruntled. In certain situations, someone who used to be a trustworthy employee can suddenly become a security threat to the company.

It’s not hard to see how an employee with access could start to steal data, publicize confidential information, or infect the internal network in some other way. While outside threats can be monitored, detected, and acted upon, many internal threats can be invisible until it’s too late.

With that in mind, companies need to start paying more attention to what’s going on internally. While they shouldn’t view all of their employees as criminals, they should keep their eyes open for signs of an employee who might be tempted to cause some problems.

The post Does your company have a security threat on the payroll? appeared first on Avira Blog.

Avira Team Gears Up

The Avira Fitness Studio

Logo Avira GymA few months ago we decided to equip our offices in Tettnang with fitness facilities for employees who want to do some sports just before or after work hours. For those wishing to continue their sport routine during the weekend, the Studio’s doors are open 24/7. The Fitness Studio comes as a perfect service to offer our employees together with the in-house catering service and the (already famous) coffee place, our dear Chocavira.

We have acquired modern equipment and tried to organize the space by type of activities so that people can enjoy a professional workout environment. Personal trainers are also available at specific times, making sure that people are making the best out of their fitness sessions. Other logistics have also been taken care of: showers, personal lockers and towels being at our employees’ disposal.

On the Activities menu:

  • Traditional Workout
  • Yoga
  • Spinal + Stretch Workout
  • Pilates
  • Functional Circuit
  • Cycling

Besides being a great place to engage in physical activities, our two months old Fitness Studio has proven to be also a social catalyzer for our employees. It’s fun to see that colleagues of yours share your passion for cycling or yoga and join you for the classes that are being organized on a weekly basis.

In the past couple of months, not only have we come to realize that the Avira gym is an amazing boost for employees’ health and well-being, there are in fact a lot of benefits to be discovered once a company decides to build a workout space for the employees.

What’s the best thing that happened with the Avira Fitness Studio opening in our Tettnang HQ? We simply made our employees happy. How? By showing them their voice matters and we actually do our best to make their wishes come true and transform the work place into a friendly environment. Happy employees contribute to an overall happy atmosphere in the office so we can issue an official warning:

Watch out, viruses! We’ll be coming a lot stronger at you!

The post Avira Team Gears Up appeared first on Avira Blog.

Avira Antivirus Security for Android – Version 4.0

Previously discovered bugs have been successfully fixed in the latest version and new features have also been added to the application. You can now lock the applications you use on your mobile devices thanks to the new App Lock feature.

It’s all about performance and security

Although several improvements can be noticed in the design of the interface, most of the updates referred to internal processes and they were aimed at offering Android users the best possible protection. The latest version of Avira Antivirus Security also makes it easier for users to upgrade to the Pro version and thus benefit from a Secure Browsing experience on their Android devices.

Mobile applications secured with Avira’s App Lock

Officially released within the newest version of Avira Antivirus Security for Android, the App Lock feature enables users to protect their mobile apps against unauthorized usage by simply blocking access to them. This comes as an extra layer of protection highly welcomed for apps known to store precious data such as personal information, photos, videos or any other type of sensitive content.

“Our Mobile Development team is proud to offer Android users more than an antivirus application for their devices, an app that treats all privacy aspects equally serious. Data theft can occur under many forms and it is our duty to help the user benefit from extra layers of protection for all sensitive data. The updates in the latest Avira Antivirus Security version, such as the new App Lock feature, work exactly towards this goal: enhanced protection with no extra costs” said Cornel Balaban, Mobile Development Manager at Avira.

FREE Avira Antivirus Security for Android Version 4.0 is available for download in the Google Play Store

Let us know what you think about the latest updates and what future changes you would like to see in our app: https://play.google.com/store/apps/details?id=com.avira.android

The post Avira Antivirus Security for Android – Version 4.0 appeared first on Avira Blog.

Employee Testimonials: 29 Years of Avira

A company builds its success on quality products & services brought to people by talented, dedicated employees. We are no exception to that rule, the Avira employees being…simply awesome.

We are lucky enough to count among Avira employees people who have been with the company for 9, 10 or even 18 years. Despite the fact that some of them were just kids when our business was in the process of being created, when the moment came, they joined Avira and their time spent here rewarded them with beautiful memories and unforgettable successes. The company thrived simultaneously, becoming the chosen Antivirus provider for millions of users around the world.

At Avira we are more than a team, we are a family.

PS: Word to the wise, whenever in doubt about whatever makes your company be successful… just ask THEM.

The post Employee Testimonials: 29 Years of Avira appeared first on Avira Blog.

The voice of a user – why PUA is a misleading term

In quite severe cases, not only are additional programs installed but several settings on the computer are changed too, making it behave completely differently. In the worst case, this then means that the computer can no longer be used correctly and must be reconfigured.

The topic of PUA makes the issues with free software particularly clear. If, as a user, I purchase a piece of software, then I expect to get that exact software. No more. No less. Ultimately, I am paying for the effort put into developing the software.

If I download a free piece of software from the Internet, that’s where it gets complicated – because a lot of effort has also been put into developing this software and if the software is good and up-to-date, it is being maintained by someone and is constantly being optimized and improved. This “someone” may want to or only be able to afford to do this occasionally, and if the software is distributed for free, this “someone” needs to earn money in some other way. It doesn’t matter if the developer is an individual or a company. One possible way to pay for the effort put into development is as follows: Additional applications are installed alongside the actual application, and the manufacturers of these additional applications then pay for their software to also end up on the users’ PCs.

The topic of PUA makes the issues with free software particularly clear.

Who, then, is still interested in bundled software being installed along with other software? Download portals, i.e., the areas of the Internet where users download software, are opportune places for this. Although these portals offer a “free” service (presenting and providing software) for users, they still need to be financed somehow. It is also here where some software manufacturers are willing to pay for the distribution of their software, a possible source of revenue for the operators of the download portals. The user downloads program A from the Internet and installs it. At the same time, programs B and C are automatically installed alongside it. The manufacturers of programs B and C pay for this, meaning that their software is distributed further, whether the user had wanted it or not. From a financial perspective, this may be a good reason for software manufacturers and download portals to combine further applications with the application that was actually wanted, and install them at the same time. But what’s the picture like for those on the other side – the users?

Bernard has bought a new PC. He is quite familiar with computers, but he is by no means an expert. After a short amount of time, he has got his computer set up in the same way as his old one. Bernard loves filming and wants software he can use to edit small films. After a few searches he finds exactly what he is looking for in a download portal and it’s free! Bernard installs the software. He doesn’t understand why he has to click through lots of different windows once the software has been downloaded. Actually, he was expecting the software to install quickly and easily. But the manufacturer must think that this is the easiest way of installing the software, so Bernard clicks on “Next” several times so that he can test the software as quickly as possible. While the installation is still running, it slowly but surely fills the desktop with more and more icons. “Why does an application need so many icons?”, Bernard asks himself. Again and again, he is presented with further windows which require him to confirm something. It seems strange to him, but the supplier of the software must know why this needs to be done. After 20 minutes, the installation is finally completed. On the desktop, next to the icon for the film editing software, are seven other icons which must come from software that Bernard did not want. As Bernard opens his Internet browser, he hardly recognizes it. The usual search has disappeared, new toolbars are displayed, and everything looks different somehow. His Windows installation, which was still almost brand new just an hour ago, is no longer useable. He only has one solution: to call his son and ask for his help.
“You’ve really got yourself in a mess here”, he says dryly after a quick inspection of the computer. “All PUA”.
“PUA?”, asks Bernard. “What’s that then?”
“Potentially unwanted applications”, says his son. “Programs you don’t actually want”.
“What does it mean by ‘potentially’ unwanted applications?”, replies Bernard. “They are unwanted applications!”

As a user I would like to know what I am getting without having these things imposed on me using various tricks and ruses.

Many years ago, the principal of WYSIWYG (what you see is what you get) was “devised”. This implies that what I see as a user is what I get. Sure, the term was introduced in a different context, but it actually suits the current discussion on PUA quite well. As a user I would like to know what I am getting without having these things imposed on me using various tricks and ruses, things which I do not want at all and need even less so. The additional software is not potentially unwanted, it IS unwanted, as long as I as the user have not explicitly agreed that I want it.

The post The voice of a user – why PUA is a misleading term appeared first on Avira Blog.

Secure your DNS to avoid losing business – Part 3

What happens if someone “owns” your DNS records

The direct consequence is that suddenly when contacting domain.com and all its subdomains (www, mx, ftp, etc.), some other servers owned by the new owner (legal or attacker) answer.

This disruption in normal operation means a loss of reputation, loss of market share, loss of trust from your customers and last but not least, financial loss for your business.

dns-good
Unaltered DNS records
dns-wrong
Altered DNS records

As can be seen in the above illustration, from the moment in which the DNS records are altered, the company that owns domain.com will no longer control where the traffic goes. The new owner can set up his web server to serve www.domain.com and his email server to serve mx.domain.com. Yes, this means that he can receive all email traffic for that domain.

Owning a black-white list can have even more consequences: the new server can serve whatever fits its needs. Either block any request reporting back that the item should be blacklisted (valid web sites, emails, files, etc.) or allowing everything (marking as good any malicious website, email, file). Fortunately, in such services there are many other controls that make such a task pretty complex.

What can you do to secure your domains?

Yes, there are things which you can do to prevent an attacker from taking ownership of your domains.

Lock your domains

Domain Lock or Registrar Lock is a status which can be set to a domain. When set, the following actions are prohibited by the registrar:

  • Modification of the domain name, including:
    • Transferring of the domain name
    • Deletion of the domain name
  • Modification of the domain contact details

Renewal of the domain name is, however, still possible when this flag is set.

Unfortunately, not all registrars support this functionality. If you want more security, you should choose a registrar that supports this feature. This functionality usually doesn’t come for free, but the price is not very high (10$-50$/month) and it is worth paying, especially if you have a large website or company.

Secure your domain administration information

All registrars allow entering contact persons for various functions. For example, there are some contacts for changing the IP address or deleting the domain and some others for paying the subscription. Make sure you separate them.  Also, make sure that you have a contact email address that is not hosted at the respective domain. Otherwise, if something happens to the domain, you can’t access your email anymore. Remember that all traffic goes to the new owner, including your emails.

If you use some free email servers like Gmail, Yahoo or others, make sure to activate two factor authentication for those accounts.

Set up a good password and make sure you don’t use the address hosted on the domain you try to protect as the recovery email address.

Make it harder for the attacker to get access to your account.

If you have multiple domains, it would be better to host them at different registrars. If one goes down, you can at least use the other ones.

The post Secure your DNS to avoid losing business – Part 3 appeared first on Avira Blog.

The Avira experience @ CeBIT

The week’s highlights: Moscow calling

3,300 exhibitors from 70 different nations did their best at offering visitors useful information and unique experiences related to their products: all digital, all shiny and new…pure joy and innovation.

If you ask us, robots were the keyword of this CeBIT edition. Walking around, there was always a robot right around the corner either imitating the human language or just transporting umbrellas to the ceiling and back. Sweet and scary.

Ed Snowden’s presentation was also one of the most expected moments by the crowd gathered in the Global Conferences Space. During a video call from Moscow, Snowden answered some questions but also tried to give away some of his future plans. To use his own words: “I think that something has gone incredibly wrong. So I did what I did. And I would do it again!”

If you want to get a better feel for what happened this year at CeBIT, there’s a whole collection of videos on the official site of the event.

The Avira Stand

CeBIT 2015Members of the Avira Team were permanently present at the D40 stand in Hall 7, in the space dedicated to Public Sector entities. It was great to have our stand under the Hessen region umbrella, one of our long term partners in Germany. Our presence at the stand allowed us to get in touch not only with potential customers but also with current and future partners. Needless to say that we are always glad to interact with the people we create software for. We’ll also try to bring even more Avira umbrellas with us next year; they seem to be unbelievably popular among our German friends.

“Schutzpaket” officially released

CeBIT SchutzpaketFor us, one of the event’s highlights was represented by the release of the “Schutzpaket” by Deutsche Telekom. In case you haven’t already heard about it, Deutsche Telekom will start offering a free security package with Software made in Germany. You may find in the Schutzpaket not only our antivirus but also the Avira Browser Safety solution. It is both an honor and a great responsbility to be part of such an important initiative.

Looking forward to the next edition of CeBIT, hope to see you there!

The post The Avira experience @ CeBIT appeared first on Avira Blog.

Secure your DNS to avoid losing business – Part 2

What happens when DNS doesn’t work?

Of course, having a non function DNS causes problems. We have to differentiate between two types of disruptions which have as consequence that the DNS resolution doesn’t work anymore: unintentional and intentional.

Unintentional disruption

In this case, nobody intentionally caused the issue that prevents the DNS service to function correctly. This can happen because of a configuration error or a hardware failure.  A good IT administrator can deal with it rather fast, especially if there is no change in the IP addresses or domain names (it is about restoring). If there are IP or name changes, even if the problem gets fixed on the source quickly, it takes usually minimum 24h for the changes in the DNS to propagate to enough servers so that someone can feel the difference.  Propagation is the way DNS servers exchange information between them so that as many as possible services know how to resolve a certain domain to its IP address. This delay can cause serious problems to your customers and visitors.

Intentional disruption

There are, however, cases when DNS errors are caused intentionally by persons or organizations who want to produce damages to the owner of a domain. This happened many times in the past and even some big companies where hit by this problem (Facebook, Google, Twitter, AVG, Avira, WhatsApp, etc.).

Let’s see how someone can change your DNS records.

Registrar manipulation

DNS is a service, and as any service, there has to be a service provider that offers the infrastructure that host the records (the tables that map a name to an IP address). Such service providers, usually called registrars, are all big ISPs like Comcast, 1&1, Network Solutions and so on. If one of them gets hacked then it is possible to alter the DNS records for any of the domains hosted there. In the past 12 months a couple of big registrars were hacked and this resulted in downtime for many domains.

This attack has potentially global consequences since, most of the time, authoritative DNS servers are affected.

Cache poisoning

DNS cache poisoning or DNS Spoofing, is a complex attack because it targets a certain audience. It is directed against the users that are dependent on the attacked service.  This can happen after an attacker is successfully injecting malicious DNS data into the recursive DNS servers that are operated by many other ISPs. The attacker usually chooses the DNS servers that are the closest to the targeted users from a network topology perspective. The best way to prevent this type of attack is to use DNSSec. If this is not possible, another way to protect the DNS records is to restrict their propagation to only servers that prefer to get fresher information from the Internet instead of caching an entry for a long time (in order to save bandwidth and time).

Legal DNS takeover

While related to the first case which is illegal, this takeover is completely legal (it is enforced by a court order) and it is performed by the registrar directly without consulting the owner of the domain. Recently, in an incident with domains hosting malware in the U.S., Microsoft managed to obtain legal custody of the DNS entries of the well-known service NO-IP Managed DNS. This had as consequence that thousands of innocent users who used No-IP’s service were no longer able to resolve their domains. The customers were using a form of <user-dns>.no-ip.com and several other hosts to reach their own domains. Without no-ip.com, the base domain, no subdomain worked anymore.

This can happen at any time and in any country because the laws are (still) very blurry in regards to cybercrime and what is allowed and what not.

The post Secure your DNS to avoid losing business – Part 2 appeared first on Avira Blog.

22 Million PUA detected last month. STOP!

Potentially Unwanted Applications (PUAs) are causing our security analysts to rethink the detection patterns used in Avira’s software solutions. We therefore released a new set of ethical guidelines for all vendors and distribution partners to respect, in order to offer the best protection against PUA.

Most of the time, potentially unwanted applications end up on the user’s PC as a bundled component of the initially desired programs. Standard installation processes can mislead users into complying with this recurring scenario. Avira detects as PUAs all those which attempt to inject malicious content, or those which request an unjustified amount of personal data, as well as payment processing apps that may overcharge the user without explicit consent. Products which require unnecessary access rights or inject unwanted advertising on the device, not to mention spy or remotely controlled software, all get detected by the Avira radar.

Only last month, the Avira Virus Lab detected 22,508,407 PUAs threatening users’ devices.

Our security analysts have provided a list of the five most frequently encountered PUAs and the impact they have:

  • iLivid: an app that hijacks your Internet web browser and redirects your Internet searches to ilivid.com. iLivid will attempt to infect all Internet browsers installed on your PC.
  • SeaSuite: this toolbar is installed in browsers as an extension or add-on. It shows advertisements and injects ads in the web.
  • SoftPulse: a bundle that installs an additional program to display and/or download to your device unwanted advertisements and toolbars, and it may be considered privacy-invasive.
  • NextLive: a browser plugin that changes your internet browser settings, such as your home page and default search. This kind of adware is causing unwanted browser redirections, and displays unwanted pop-ups, coupons, and other advertisements.
  • OptimizerPro: tracks your computer’s web usage to feed you undesired pop-up ads and some might even hijack your browser search or home pages, redirecting you to a different site or search engine than the one you had originally configured. The application itself should optimize the computer’s performance, but it acts as a scareware, making users pay for fictitious improvements to their PCs.

“We believe in the free internet, and therefore accept advertising as means to sponsor content, however downloading free software does not imply agreeing to also install unwanted or unknown applications on your device. We expect software publishers and download portals to not abuse users and be more transparent in their intentions. It is our duty to protect users against, not only malware, but privacy and financial loss. We have chosen to raise the protection of our users, therefore we have established a set of acceptable application guidelines, which our product enforces”, said Travis Witteveen, Chief Executive Officer of Avira.

Reducing the number of Potentially Unwanted Applications populating the user’s devices is one of Avira’s main concerns. Avira’s new list of guidelines for software providers is an important step toward this goal. It is, nonetheless, extremely important that users themselves understand the dangers and keep themselves protected.

The post 22 Million PUA detected last month. STOP! appeared first on Avira Blog.