Category Archives: Avira

Avira

Avira Launches Android Optimizer

Our team is excited to announce the release of Android Optimizer, a FREE mobile version of our PC optimization tool you already know called System Speedup. The app dramatically enhances your smartphone’s speed and performance in three easy steps: Analyze – Clean – Optimize. Our new app can be used not only to remove junk files but also to identify all previously installed apps threatening to slow down the device.

Android Optimizer excels at boosting the overall performance of smartphones and tablets through a powerful set of key features. You can access the app to safely remove sensitive data from the device, delete browsing and calls history and, consequently, improve the stamina of the battery. Another important advantage for Android users is that they will be able to benefit from more space for photos, videos and other apps.

Key Features

  • One Tap Boost: automatically cleans up junk files and frees up memory, without any data loss.
  • Memory Optimizer: shows a list of all active processes, their memory footprint, and enables the user to terminate the unwanted ones.
  • Application Manager: lists all current installed apps, their storage footprint, and enables the user to uninstall the unwanted ones.
  • Junk Cleaner: scans for and lists potentially useless files that fill up the storage on the device, including caches, duplicate files, large files and APK files (Android app kits).
  • Privacy Cleaner: Empowers the user to wipe sensitive data off their phones (browser history, call logs, clipboard data, Facebook cache, messenger cache, WhatsApp cache,…)

“Smartphones are the new feature phones if we look at the sales volume of these devices. Unfortunately, one year later to the purchase, Android devices tend to be technically obsolete. We decided to jump in and fix this problem, by making it easier for users to understand the background actions of their apps and empower them to optimize their devices with one tap”, said Andrei Petrus, Product Manager of Avira.

“We put together all the key features required to make any Android device feel as good as new.

This comes on top of the best-in-class antivirus protection that our Mobile Security solution offers to the world”.

Download it now: http://www.avira.com/en/avira-android-optimizer/

The post Avira Launches Android Optimizer appeared first on Avira Blog.

Microsoft patches FREAK for Windows, IE, Office

The FREAK flaw itself resides in the SSL protocol, so Microsoft has fixed with this patch (MS15-031) its own implementation of the protocol, which is used in all its proprietary software (workstation, server, IE Office).

The release contains fixes for 14 new bulletins in total, five of which are rated as Critical, nine as Important.

The bulletins address vulnerabilities residing in both the consumer and server editions of Microsoft Windows, Internet Explorer, Office, SharePoint Server, and Exchange Server. Most of them may disclose information, bypass security features or would allow an attacker to elevate privileges.

What should you do?

Once your Windows computer signals the availability of the updates don’t wait too long to apply it and reboot your system.

The post Microsoft patches FREAK for Windows, IE, Office appeared first on Avira Blog.

Apple fixes FREAK flaw in OS X and iOS

What is FREAK?

By exploiting the Factoring RSA Export Keys vulnerability in SSL (FREAK), an attacker could intercept the network traffic between entities running any implementation of the vulnerable protocol and decrypt the secure communication. In other words, the attacker is able to act as a man-in-the-middle and decrypt the secure traffic between the client and the server.

The well known OpenSSL library, Apple’s Secure Transport, and Microsoft’s Secure Channel (which is impacting all supported versions of Windows) have all been found vulnerable to this type of attack.

IMG_0059The flaw resides in the fact that the SSL/TLS encryption was forced to use a weaker cipher suite (so called “export grade”) with a 512-bit key that could be broken with today’s technology in a few hours.

Apple is describing the affected area as a “Secure Transport vulnerability which allows an attacker with a privileged network position to intercept SSL/TLS connections”.

The security update 2015-002 which fixes FREAK is available for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2.

The iOS 8.2 is available for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later.

What should you do?

Apple’s security update for MacOS also includes mitigation for arbitrary code execution by leveraging flaws in iCloud Keychain recovery, IOAcceleratorFamily and IOSurface and the Kernel (OS X Yosemite).

For the iOS, Apple patched bugs in CoreTelephony, which caused the device to restart and buffer overflows in iCloud Keychain which allow an attacker with a privileged network position to execute arbitrary code.

Even if CVE-2015-1067 also known as FREAK is more theoretical than most vulnerabilities affecting the SSL protocol and its implementations (Heartbleed, Poodle), it is strongly advisable to apply the update.

Usually, the update comes over the wire, so follow the known procedures for each device to apply it:

  • iOS: go to Settings ->General -> Software Update
  • Go to Updates (or Software Updates for older versions) and click Update All.

The post Apple fixes FREAK flaw in OS X and iOS appeared first on Avira Blog.

FREAK: All Windows versions are affected too

We wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to computer scientists at the University of Michigan.

Android, iOS and a lot of embedded devices that make use of the affected SSL clients (including Open) are in danger of having their connections to vulnerable websites intercepted.

The two most used operating systems for smartphones, tablets, laptops and embedded devices  are in good company. Yesterday, Microsoft made known that all its supported Windows versions are also affected due to the presence of the vulnerability in the Windows Secure Channel (SChannel) – the Microsoft own implementation of SSL/TLS:

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8 and 8.1
  • Windows Server 2012
  • Windows RT

Microsoft published an TechCenter an advisory where the problem is analyzed and solutions are offered. Also a patch is promised to fix all supported operating systems.

What does it mean for the user?

It means that if you are in Windows and make use of the vulnerable SSL libraries delivered by default, your connection to the affected servers can be intercepted. If you use Internet Explorer to visit www.freakattack.com you will be surprised to see this:

FREAK vulnerability
What should the users do?

We do not recommend messing up with the standard cryptography settings of Windows (or any operating systems) unless you know what you are doing (and there is a just hand full of people that actually do). You should try a browser that is not affected (like Chrome, which was updated in the meanwhile) and apply the patches for operating system and browsers that will come in the next few days.

 

The post FREAK: All Windows versions are affected too appeared first on Avira Blog.

Security experts are FREAKing out: new OpenSSL vulnerability

As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204  and a dedicated website https://freakattack.com/ .

FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to computer scientists at the University of Michigan.

This time, the vulnerability can allow hackers to perform a Man In The Middle(MITM)  attack on traffic routed between a device that uses the affected version of OpenSSL and many websites, by downgrading the encryption to an easy to crack 512 bits (64KB).

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.

To be affected, devices must use the vulnerable version of OpenSSL. The problem is that OpenSSL is embedded sometimes in the firmware of the device like those running Apple’s iOS, Google’s Android. This makes the patching anything else than trivial. IfApple and Google will hurry up to patch their devices, not the same is going to happen with embedded devices that have the affected OpenSSL library in a firmware burned in a chip.

How is the attack happening?

If an attacker can monitor the traffic  flowing between vulnerable devices (that is, running the vulnerable OpenSSL) and websites (that use the same vulnerable OpenSSL) they could inject code which forces both sides to use 512-bit encryption, which they can then crack in a matter of hours using the power of cloud computing.

It would then be technically pretty straightforward to launch a MITM by pretending to be the official website.

OpenSSL released a patch to the problem in January 2015, while Apple plans to do so next week and Google has released one to its Android partners.

As you can see, it is not trival to perform the MITM attack: special skills, a special environment and special tools are required to make use of this vulnerability. So, this makes FREAK a more theoretical vulnerability.But, this doesn’t mean that it is less dangerous.

However, as many times in the past, good intentions are badly implemented and the page freakattack.com is generously helping attackers to find which servers are affected. On that page the researchers from University of Michigan have published the top 10K domains listed by Alexa.com website.

Who is affected?

Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted.

You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check available at this page.

The post Security experts are FREAKing out: new OpenSSL vulnerability appeared first on Avira Blog.

The phishy side of text messaging

Email is still a massive form of electronic communication, but the trend towards text messages and text messaging apps can’t be ignored. Younger generations in particular are ditching email in favor of these kinds of solutions. And you better believe that the hackers are aware of this trend, too.

When we focus on text messages in particular, you’ve probably noticed that companies are starting to utilize text messaging as a way to communicate with you. If you haven’t received text messages from outside companies yet, then you’ve probably at least received them from your mobile carrier for alerts about billing, bandwidth usage, and so on.

The unique thing about these messages is that they’re so simple. They usually come from a short number, they’re only a few lines long, and sometimes they include a link. This is a format that we’ve come to expect from text messages of this sort, but it’s a dream come true for hackers.

Just think about how hard hackers have had to work to send believable phishing messages through email that contain images and formatting that seem like the real thing. Many computer users have been trained to identify a fake email message, but all of that training goes out the window when it comes to text messages. Since the format and expectations are so different, people who don’t fall for phishing over email could fall for it through text messaging.

This is especially dangerous because it can be incredibly easy for a hacker to compose a text message for phishing. A recent article from CNNMoney showed how AT&T text messages in particular can be faked without much trouble. Hopefully more people will be trained to think twice about believing every text message, but until then…

It’s open season for hackers and text messaging

.

The post The phishy side of text messaging appeared first on Avira Blog.

Is there such a thing as too much privacy ?

In a rather bold move, Apple has published a Privacy page that talks more about the security measures in iOS 8 that prevent Apple from bypassing your security and accessing your data. Of course, if Apple can’t access your data, then there’s no way for them to provide it in response to a government warrant. Not one to be left out, Google has also talked about their security and encryption methods in Android that will keep data safe.

During certain criminal investigations, government agencies will try to access data from smartphones to help them learn more about the case, and if they’re not going to be able to do that effectively thanks to these safety measures, then the argument is that it’s going to make it harder to solve crimes and criminals will be even more bold with their use of technology.

Only last week the news spread about the largest SIM card maker in the world being impacted by a major security breach. Nothing unusual, except Gemalto’s system seems to have been compromised by both NSA and GCHQ in the aim of storing the encryption keys that protect SIM cards. “Once successful, the program would have allowed intelligence agencies to decrypt cell phone signals in mid-air or implant malware remotely into any phone with a Gemalto SIM card” according to The Verge.

For many people, this topic presents an interesting conundrum. As much as the public may want privacy, a lot of the people that you ask would likely say that the government should be able to access certain data from a smartphone when necessary in order to solve a case. In other words, they don’t want the government to have access to everything so that they can pick and choose what they want to see, but they do think that technology can hold the key to solving certain crimes and should be used when appropriate.

What do you think? 

Should everyone have equal #smartphone privacy or should concessions be made when it comes to criminals?

The post Is there such a thing as too much privacy ? appeared first on Avira Blog.

Linguistic Consistency In Translations @Avira

Translation processes do not start with the content transfer from one language to another. They start with the process of creating the source text. This source text will have a crucial impact on the later result. One tiny difference as the one between “Real Time Protection”, “Real-Time Protection” and “real time protection” can lead to multiple differences in the target text.

Let’s have a look at a really simple example, the word “email”; and one of our target languages, for example; French. “Email” has an official translation inside Avira’s terminology: “e-mail”. If the source text contains a tiny variation such as “e-mail” or “mail”, the terminology software will fail to find the term. Therefore, the end result might vary from “e-mail” to “adresse électronique”, “messagerie” or “messagerie électronique”. The difference, in this case, doesn’t seem that crucial. Anyway, all of them are synonyms, right? But when the difference affects a product name or a feature name the problem starts to grow bigger.

At Avira we also have examples of these problems with feature names. “Remote Yell”, “Remote Alarm”, “Trigger Scream” and “Remote Scream” are used as names for the same feature. This usually leads to even more different translations, which confuse the user.

Of course, consistency problems do not end in the source text, they are also important to solve in the target content. It is important to adapt the terms to the target culture and accomplish a consistent language within it. This way the user will feel the message as if it was originally written in the target language.

Why value linguistic consistency?

Linguistic consistency keeps users happy and prevents them from finding conflicting, poorly written, or unintentionally humorous content.

On the other hand, linguistic inconsistency—for example, at the company’s webpage—can give the impression that the company does not value its customers or the market it is addressing to. Regarding software localization, consistency helps to have a user friendly interface, where it is clear what the program is referring to.

Linguistic consistency saves us time. New translations always take time and effort. Even a three words translation can take up to one working day. Sometimes, similar sentences already exist inside the company’s TM, so why not use them? Linguistic consistency also saves us money, as simple as the fact that using a previous translation prevents from spending on new ones.

From the user interface, to the documentation, the social media, the customer support to the marketing texts, a company needs to address to concepts in a clear and consistent way. Just imagine for a second one of our era giants wouldn’t care so much about this subject. We will be still trying to differentiate “G Earth” from “G Land”, “G Globe” and “G World”. Seems like the perfect nightmare material.

 

The post Linguistic Consistency In Translations @Avira appeared first on Avira Blog.

Avira Antivirus Pro: is it really the best?

Advanced Real Time Protection

It seems redundant to even mention it because a good protection is what everybody would expect from an Antivirus. Take a closer look at our product and you will notice that Protection is where Avira Antivirus Pro really excels. Fortunately, it’s not only us who say so, industry experts agree: we are scoring some of the highest results on a regular basis in the AV-Comparatives, AV-TEST and VB100 testings. We owe every success to our cutting-edge antivirus technology, including the Avira Protection Cloud. This little gem strengthens the protection, helps with detection, and makes it almost impossible for cybercriminals to bypass our defenses.

Ever wondered how the Avira Protection Cloud works?

Ever wondered how the Avira Protection Cloud works?

Faster and Safer

Avira Protection Cloud is not the only cool thing that makes Avira Antivirus Pro shine among all other security programs. With new digital threats emerging all the time, an antivirus has to be fully up-to-date. It is exactly why the information about malicious software required for detection is saved by Avira in V(irus)D(efinition)F(iles) files. With one of our latest upgrades those files received, they were enhanced to minimize the amount of data involved and to keep the updates small and therefor faster.

Easy to Use

All of the above might sound rather complicated, but let’s be honest: when you have to use an antivirus application you don’t want to go through pages of cryptic information, complex menus, and confusing instructions. Sure – the development and technology behind an antivirus can be complex but you, our user, should not be affected by it. That’s why our software comes with a clear and streamlined user interface designed with your comfort in mind.

Are you ready to give it a try? Benefit from a 50% discount on Avira Antivirus Pro using the following voucher code: YE9-DDP-R8X

The post Avira Antivirus Pro: is it really the best? appeared first on Avira Blog.

Are you making it easy for hackers to hack you?

Simply put, it all comes down to social media. Many of us feel free to communicate openly on social media platforms, and while you may be sharing content with the intention of reaching your friends, you might also be reaching people who don’t have good intentions. For example, what kinds of personal details do you openly tell others about on Twitter? Information about your life, location, preferences, and even the people you communicate with might seem innocent on its own, but for a motivated hacker, combining these elements together can bring about a pretty complete profile of who you are, which could then be used to try to steal your identity and break in to your accounts.

Text isn’t the only content that hackers can parse, either. In many ways and with certain demographics, photo sharing networks like Instagram are even more popular than standard social networks like Facebook and Twitter. Is your life an open book on Instagram? Can your followers describe everything about who you are and what you like just based on the images that you post?

This might be fine for family and friends, but it’s important to spend some time thinking about how others may view this content and what they might be able to do with what you reveal. In an extreme example, it was recently reported that hackers can even copy your fingerprints from pictures of your fingers.

While having someone steal your fingerprints from a picture isn’t something that’s realistic to be concerned about right now, on a smaller scale, it does highlight why it’s good to be more mindful about what you’re putting out there in the world. Hackers might be known for exploiting weaknesses in computer systems, but they can also exploit weaknesses in your social media habits, especially if you’re an attractive target.

The post Are you making it easy for hackers to hack you? appeared first on Avira Blog.