Category Archives: Avira

Avira

How to safely access the Internet while on vacation

Posting your latest vacation photos to Facebook whenever you want is easy to do now even while abroad, especially as the EU has now capped roaming costs in Europe. Maximum price caps for data roaming have been introduced at 23 euro cents per Megabyte, with an automatic cost-brake kicking in to cut off the mobile Internet connection once the limit of 59.90 euros per month has been reached. That said, roaming charges further afield can be much higher, with costs varying depending on the cellular network provider even in a few European countries like Switzerland. You really need to know the terms of your cell phone contract, even if you only want to connect to the Internet occasionally to, for example, retrieve the weather forecast. Most installed apps communicate constantly with the Internet in the background; they also collect data, send location information, and attempt to download and install their latest versions. What’s more, it’s tedious and sometimes completely impossible to deactivate these resource-hungry apps.

Protect your wallet
The best thing to do is to contact your network provider before going on vacation, as contracts are not always clear and transparent – especially those notorious bundle deals which combine SMS, talk-time, and data allowances. If you use up your allowance for data and you’re still in credit in terms of your SMS and talk-time allowances, the bundle offer remains valid, but data is charged at a much higher standard price. In such cases, it makes more sense to buy a temporary international roaming bundle. Many providers offer these and they often include cheap-rate talk-time and SMS allowances. You can now also do this while abroad. They will send you information on the current tariff conditions when you first register with the foreign network and provide you with updated conditions afterwards.

Monitor your usage
Knowledge is power, and that also applies to the costs you accumulate. Many providers offer an app which lets you see how much you’ll be charged for the talk-time you’ve used. This lets you pull the emergency brake and deactivate the mobile data connection if it gets too expensive. Another option is to use your precious data resources more economically. Opera and Chrome browsers let you compress websites before you download them, resulting in data savings of 80 to 90%. However, this method has one disadvantage: since Opera and Google servers compress the data, they can tell which websites you’ve been visiting.

Pros and cons of WiFi hotspots
Privacy and data security are important vacation topics anyway. WiFi hotspots are often used to connect cheaply to the Internet. One global company offering access is Fon, which says it has over 13 million hotspots worldwide at around 3 US dollars per day to use. This would pave the way for unrestricted surfing, were it not for one or two digital threats lurking around every corner. WiFi hotspots are notorious for their lax security. Anyone can see the wireless signals, with communication often continuing over an unsecured connection once the user has logged in. The user has no influence on this as the hotspot provider defines how the connection is secured. What’s more, anyone who has access to the hotspot provider’s Wi-Fi network and is near the hotspot can see the data.

Best approach for now
The easiest way to avoid such risks is to use a Virtual Private Network (VPN). This encrypted tunnel protects information right from the start to the end of its transfer. To use it, you need to have software installed on your mobile phone, tablet or notebook and a node which creates the tunnel only after you have logged in correctly. Companies like OpenVPN and Hotspot Shield offer free or reasonably priced VPN connections. These types of connection are merely a restricted type of VPN where the connection between the device and the server is secured by the provider; after that, data packets escape into the Internet unencrypted. Despite this, at least third parties in the direct vicinity of the hotspot cannot eavesdrop on the network connection. That said, the question remains as to whether the VPN provider handles the information with due care; after all, it can read all the data as plain, unencrypted text.

Public PCs at hotel or Internet cafes can be extremely dangerous to use while on vacation. The computers are often infected with viruses and Trojans that log key strokes (with spyware known as ‘keyloggers’) to intercept your private data. If you absolutely need to transfer sensitive information using such a device, you should take a secure operating system environment with you on a DVD or write-protected USB stick and use this to boot the computer.

The best thing to do is to send as little personal information as possible over an unsecured connection while on vacation. In addition, you should enable the firewall on your device and install the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus (also available for iOS & Android).

 

The post How to safely access the Internet while on vacation appeared first on Avira Blog.

Popular topics are also popular with hackers

Events and topics that are interesting to a large number of people make great malware campaigns for hackers, as they tend to target the largest possible groups for their endeavors. If they’re going to plant a trap online, then they’re probably not going to do it with a method that very few people are interested in.

The recent World Cup is a good example of a major event that hackers used for illicit purposes. An article from EnterpriseAppsTech highlighted that 375 fake World Cup apps were created to target Android devices — in addition to approximately 2,000 daily cyber attacks that took place during the World Cup event.

The World Cup may be over (although Avira is still reveling in Germany’s win), but there are plenty of other events and topics to watch out for when clicking or tapping through the Internet. As a first step in protecting yourself, make it a practice to think twice before you engage with content that you find about extremely popular things online. This could be content related to celebrities, entertainment (movies, television, music, games), sporting events, top news stories, and so on. Just be careful, always.

The good news is that with a proper amount of caution and our security software running quietly in the background, you can feel safe while you research any of those popular topics that everyone is talking about.

The post Popular topics are also popular with hackers appeared first on Avira Blog.

Tips and tricks how to improve smartphone battery life

Although not all things were better in the past, mobile phone batteries definitely were. The classic Nokias and Samsungs, which you could use only to make calls, would easily last for up to two weeks in standby mode. Conversely, you’ll be lucky to get a full 24 hours of battery power from one of the latest smartphones. This is due to improved and more powerful components, countless additional functions, and of course the energy consumption of dozens of apps. That said, even the most heavily used smartphones can have a bit longer battery-life if you follow a few simple tricks.

Built-in ways to save some power
A few hours of battery life can be gained by using your phone’s onboard tools. For instance, your screen is an immense consumer of energy. The screensaver should be activated as soon as possible; 30 seconds of waiting time is usually enough. Both Android and iOS offer automatic brightness controls that you should limit to lower maximum levels. One trick in particular helps save power on modern OLED and AMOLED (organic-LED) screens, such as those used on the Samsung S5: Only active pixels consume power; black pixels do not. Background images with large black areas are less draining on the battery than a colorful, bright image – so choose your images wisely.

Control larger data updates manually
Next up for making a big difference are the interfaces to the outside world. Bluetooth, WiFi, and GPS consume a disproportionately high amount of power. If you don’t need to use the smartphone’s wireless connections, deactivate them. In most cases, it’s also possible to throttle the data-connection speed and save power in the process by using UMTS instead of LTE or 3G instead of UMTS. A reduced bandwidth is also more than fine if you’re just checking your emails occasionally. What’s more, push services like email and regularly staying in touch via the Internet really drain the battery. If you collect your emails at the press of a button and also update Facebook manually, your battery will last much longer.

Be discerning about the apps you use
In this respect, apps that are sponsored by ads are also fatal. Compared to paid apps, they communicate more often with the developer to share location data and other information – pushing the charging indicator into the red. Widgets for weather forecasts or audio streaming of Internet radio services are power hungry as well. It’s also worthwhile to deactivate automatic app updates. Downloading an update doesn’t just require a lot of power; the apps constantly checking to see if a new version is available also drains battery. The Google Play Store is configured by default to download app updates automatically.

Double-check app permissions
Depending on your version of iOS or Android, it can become a real game of hide and seek to find out whether apps remain active in the background. Later mobile OS versions make it easier for users to find out which apps are the most power-hungry. In most cases you can also remove the app’s permission to remain active in the background. If the operating system doesn’t reveal any (or very little) information about how power is being consumed, other apps can help. One Touch Battery Saver (Android, free) provides information on how much power apps are consuming and switches off Bluetooth, WiFi, and GPS positioning automatically, according to predefined rules. Other apps like Juice Defender (Android, free) and Tasker (Android, € 4.49) use profiles for specific situations that only allow you to use essential apps and interfaces.

Apple makes it difficult for apps to save power actively. The security model implemented in iOS prevents intervening in other apps’ runtime behavior. As such, most apps primarily supply users with information, based on which they must then decide which apps they want to continue to have running. Battery HD+ (iOS, free) also does a detailed job of helping reveal the most power-hungry apps, as does Battery Doctor Pro (iOS, free). It’s worthwhile checking on a regular basis as even reliable apps suck the battery dry as a result of faulty updates. Scotty Loveless describes in even more detail all the steps for getting maximum life out of iOS devices in the “ultimate guide to solving iOS battery drain.”

The future is just… different
There is little to criticize when it comes to advancements in rechargeable batteries and technology. The memory effect of the past is no longer an issue for standard li-ion and li-polymer batteries, plus they’re charged to perfection using extremely smart charging circuits. The old rule of “only recharge the battery once it’s completely flat” is no longer valid. Modern batteries can and should be connected to the charger as often as possible. Extreme temperatures, however, are still public enemy number one, with heat in particular causing batteries to lose storage capacity rapidly. As such, never leave your smartphone or tablet in direct sunlight or in the car during summer.

And if, despite all of these tips and tricks, some of you find your battery doesn’t pack enough power to keep your smart phone running as long as you’d like, you can always buy an additional battery. These are available in stick form or as a slim gadget for handbag or briefcase. There are also some really stylish rechargeable battery packs out there which additionally serve as smartphone cases.

 

The post Tips and tricks how to improve smartphone battery life appeared first on Avira Blog.

Fixing bugs is hard – Rosetta Flash is back


software is a long chain

 Software is like a very long chain, made of millions of links.

a link of the chainIt’s more or less impossible to check all links individually in detail. a weak linkSome links are weaker than others and make the whole chain vulnerable.
But they’re needles in a huge haystack.

a vulnerability in the chainWhen a vulnerability is found, it’s critical to fix it. CORRECTLY.

patching a vulnerabilitySo, a patch is created…

Of course, you need to apply the patch to keep your software secure! But most people don’t, choosing instead the “Remind me later” option — unaware that they are leaving themselves open to security holes exploitable by malware writers.

Releasing a patch highlights weaknesses

Once the patch is available, the weak link is now highlighted: it now stands out from the millions of other links in the chain.

Whether the vulnerability is documented or not, whether the patch is documented or not, it’s possible to reverse-engineer the patch and see the changes (there are several advanced tools for that). By checking out the changes, one can determine what is actually fixed rather than what should be theoretically prevented to fail.

a new vulnerabilityBy looking closely where the patch was applied, it’s possible that a related and smaller vulnerability which is still not fixed might be easy to find, thanks to the information provided by the patch.

That is, when comparing the changes introduced by the patch, it’s possible to quickly find what was fixed, and by doing this discover a new vulnerability that is still not fixed. And since patches are usually released once a month, it gives a person an easier 0-day, that could stay unpatched for a complete month!

Fixing bugs is hard

We can see the difficulties of releasing a patch: it has to be done fast, reliably, but it also has to cover more than the initial descriptions or test cases.


In a previous blog entry, we looked at how crafting an Adobe Flash file made of alphanumeric characters enabled an attack on many websites. The initial Proof Of Concept only used 0-9A-Za-z characters.

It's actually possible to make a Flash file only made of printable characters.

It’s actually possible to make a Flash file only made of printable characters.

This is what the patched fixed: checking if the flash file is made entirely of these characters.

However, the risk is more significant than the initial PoC: with the same technique it’s easy to craft a file just by letting it finish with another character ‘(‘. Just changing this last character bypasses the filter implemented by the official patch! This new vulnerability remained unpatched for a whole month (8th July -> 12th August) !

Another CVE was assigned to this new vulnerability, which is now patched, but this shows that releasing a patch is a double-edged sword: you give the defenders a new protection layer, but you also highlight a — previously — weak area for the attackers. Fixing bugs is hard.

Here is small chronology

  1. 8th July: the original Rosetta Flash PoC (made only of alphanumeric characters) is public, along with the patch and announcment (CVE-2014-4671).
  2. The patch is not enough! Just by letting the PoC end with “(” the filter is bypassed. This is way too weak.
  3. 12th August: the 2nd patch is released (CVE-2014-5333).

The post Fixing bugs is hard – Rosetta Flash is back appeared first on Avira Blog.

The dangerous side of USB convenience

How many USB devices do you own? At this moment, you probably have one or more of them connected to your computer. USB devices are everywhere, and they come in the form of flash drives, webcams, keyboards, and so on. One of the attractive things about a USB connection is that you just plug in a device and it works. That convenience, while nice to have, presents a real danger.

For years, many computer users have just plugged in USB devices without putting much thought into any vulnerabilities they might present, but hackers have found ways to prey on the carefree nature of USB usage. You may remember the Stuxnet worm that targeted nuclear facilities in Iran. USB flash drives were used to initiate the infections, and this brought a lot of attention to how USB devices could play a key role in IT attacks.

Fast-forward a few years to today and USBs are a hot security topic once again because of details revealed by security researchers about an exploit called BadUSB. Essentially, the BadUSB hack makes it possible to reprogram the firmware on USB devices, which means that they can then be used maliciously. Since the majority of USB devices will just accept any firmware update that they’re offered, it’s really difficult to know if the firmware on your device is secure or not.

That said, any malware introduced via USB can be detected, depending on the payload. It is why we can consider #BadUSB as being a means to install malware on a machine rather than being a specific virus or malware itself.

Because of the insidious way in which this hack works, protecting yourself from it is really difficult at this point. One of the most logical things that you can do is to make sure that the USB devices that you use have remained only in your possession. USB flash drives in particular tend to get passed between people on a regular basis, but based on this new information, that’s not always such a good idea.

The post The dangerous side of USB convenience appeared first on Avira Blog.

Airplane WiFi – Secure surfing or danger for onboard electronics?

The “fasten your seatbelts” signs turn off and you can finally recline, fold down the tray table, and switch on your notebook or tablet. Many airlines now even offer WiFi access in the cabin, so you can surf the Internet, post to Facebook, and write emails without restriction. Hard to believe, given that it wasn’t long ago that you couldn’t even leave your cell phone switched on during the flight. So, is it safe and secure to use WiFi and portable devices? There are two major aspects to this question:

  • First, whether airplane systems are secure, even though WiFi radio waves are used to communicate and passengers have access to the digital infrastructure aboard the airplane.
  • And second, whether passengers’ devices are also safe and secure, as they share the airplane WiFi network with all other users in the cabin.

Hacking airplane systems

A clear answer can be given to the first question, at least at the moment: Yes, the airplane is still safe and secure. The radio waves are irrelevant to the onboard electronics in terms of power and frequency, as the cockpit and internal technology have to be able to cope with completely different types of possible interference. In addition, there is no potential risk of airplane systems being hacked into. Every airplane manufacturer separates the in-flight entertainment and WiFi systems from the critical airplane systems. Furthermore, they use data and signal formats to communicate, which are incompatible with Ethernet; they also don’t use the TCP/IP protocol. Frequently, additional security functions are integrated into the systems, such as specific transmitter restrictions and extremely strict time intervals, within which data must be exchanged between communication partners. And even if there was a widespread failure of the electronics system, irrespective of what measures are taken to deal with it, all flight-critical systems have a mechanical backup – cable controls and hydraulic systems instead of servos and electronic actuators.

This doesn’t mean, however, that airplanes are immune to potential security loopholes. Researchers are repeatedly discovering weaknesses in various systems, such as those involved in satellite communications, which could theoretically be exploited. By exploiting this bug, false positioning data can be transmitted to the airplane while in flight causing a change of course; however, other experts have given the all-clear. Even if a person were able to exploit this security loophole, the pilots themselves could just simply make a course correction. Other means of communication are available in each passenger airplane which allow verification of positioning data and flight plans. On top of this, the flight-control center would also spot each course change and alarm the pilots.

The statistical probability of mounting such attacks successfully is far below the other typical causes of failure, technical or human error, which are also rare. Airplane manufacturers also want to save costs and are trying wherever possible to integrate standard IT components that transfer and process data using standard IT formats.

Airline operators have set out countless operational cases where digital data would improve services, shorten ground times, and resultingly save costs. Whether over the short term or long term, manufacturers will eventually meet these requests and integrate an ever greater amount of standard IT equipment into airplanes. Hopefully the security measures will be tightened to meet the aviation industry’s more stringent requirements.

Security measures above the clouds

So how about the information on your notebook or tablet? WiFi access aboard an airplane is just like a standard public hotspot – no difference from the one in the airport or at Starbucks. Those who use the WiFi network share the wireless network with all other users. Whether airplane manufacturers integrate specific security measures in their switches and routers is information that currently only they know. For this reason exactly, the same security measures that are also suitable at Starbucks or in the airport should apply: Either you encrypt all data traffic using a virtual private network (VPN), which companies usually install on professional users’ devices anyway, or you encrypt each app’s data. In the case of email, this can be done using encryption programs like Pretty Good Privacy (PGP), EnigMail or GnuPG. For browser-based communications, it can be achieved using Secure Sockets Layer (SSL) technology, usually identifiable by the little padlock icon in the address bar. Plug-ins for many browsers can also take care of this automatically if required, such as HTTPS Everywhere for Firefox and Chrome. Naturally, the internal firewall should be enabled on each device and the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus should also be installed and active.

 

The post Airplane WiFi – Secure surfing or danger for onboard electronics? appeared first on Avira Blog.

Browser Extensions that nobody wants… but a lot of people have!

The marketplace for browser extensions is quite big. With Firefox alone, there have been more than four billion add-ons downloaded. But not every extension makes the user happy:

In the last couple weeks, we monitored rampant spreading of browser extensions with new machinery for harming the user – via the publishing of unwanted advertisements. The list of names of such extensions is long: Browsefox, Swiftbrowse, Betterbrowse, Browsesmart, Browseburst… All share the same two major traits: They user doesn’t want them, and they are hard to remove from the computer.

Of course, we’ve had our attention on this kind of browser extension, with the aim to protect and warn Avira customers about it. We tracked the extensions’ speed of global growth, created specific Avira Intelligent Repair System (AIRS) routines, and adjusted our engine detection to detect these types of unwanted browser extensions.

Finally, with the engine detection pattern “Adware/Browsefox.Gen,” included in Avira version 8.3.24.22, we took the first step forward.

And the first results are incredible:

Since the release of the engine version, we were able to recognize more than 20 million detections in the ‘Avira World’. And regarding the spreading of these extensions: During our initial research, we noticed extreme propagation for the browser extension in Germany. But after the release of the generic detection, we saw that even more regions in the world have these unwanted extensions installed. Now, we can see better their global movement.

extension-worldwide-detections

But what exactly are these browser extensions doing on your computer? Their primary goal is to make money. And, as mentioned, their means of doing such is, after the installation, to publish unwanted advertisements on your computer. For example, it will show coupons with their offers. And this is exactly their means of earning money. With each additional advertisement, the cash flows.

extension-ads

The list of names using this tactic is long. Very long. But if you take a look at some of their “official” websites, you will see that they are all related. They share the same style and options. Only the name of the product changes, along with different photos…

extension-ads-photos

Also interesting is the word ‘official’. We tried to find out the official company or person behind these sites, but there is no official contact information.

extension-blog

How would you get this extension? It would most likely be installed as a third-party software in other setups. For example, if you are looking for a new Internet Browser, search for it in your search engine of choice and pick the first offer – you will get an installer and won´t recognize that this installer was not from an official website. When starting the browser installation process, the extension will also be installed – silently. The behavior of these components is typically the same. They create new folders on your computer in the following directories. Here is one example with the extension ‘BrowseBurst’:

%PROGRAM FILES%BrowseBurst
bin
utilBrowseBurst.exe
BrowseBurst.BrowserAdapter.exe
FilterApp_C64.exe
BrowseBurst.PurBrowse64.exe
BrowseBurst.PurBrowse.exe
BrowseBurst
updater.exe

On the registry, there are some changes made by installing the extension:

HKLMSoftwareBrowseBurst
HKLMSoftwareWow6432NodeBrowseBurst
HKLMSoftwareMicrosoftInternet ExplorerApproved Extensions
Value: %CLSID%
HKLMSoftwareMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{%CLSID%}
HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallBrowseBurst
HKLM SYSTEMCurrentControlSetservices%ExtensionName%

The extension may contain options (Browser Helper Object) that the extension will load into the memory all the time. This is why the combination of detection and repair routine by AIRS is so important.

If you like to know more details about the extensions’ behaviors, our virus researchers have created a detailed description:

Adware/Browsefox.Gen: http://www.avira.com/en/support-threats-summary/tid/8495/tlang/en

The post Browser Extensions that nobody wants… but a lot of people have! appeared first on Avira Blog.

Kyle & Stan Malvertising Hits Amazon, YouTube

The “Kyle and Stan” method is an example of a particular type of exploit known as ‘malvertising’, because it inserts malware into online advertising, so as to infect visitors of legitimate, high-traffic websites. Because online advertisements are served up by a relatively small number of ad-publishing networks that reach many popular websites simultaneously, malvertising is a very efficient means of malware distribution.

This particular exploit is called “Kyle and Stan” because the malware code contains references to specific sub-domains with the URLs “kyle.mxp2038.com” and “stan.mxp2099.com.”

Although most malvertising exploits do not harm individual users directly, they will often make unscrupulous revenue by generating fake advertising clicks, or by redirecting users to other scam websites, or installing spyware or back-doors that are later used to hijack the users’ computers for misuse, for example as botnets. In the case of the Kyle and Stan exploits, users are redirected to websites that offer a legitimate media-player app that, when downloaded, comes bundled with a malicious browser hijacker that installs itself automatically.

Unfortunately, this new threat makes detection extra difficult by creating a unique profile for each and every installation.

In the bigger picture, the Kyle and Stan malvertising exploit may represent a new style of malware distribution that is OS-agnostic and highly efficient. We may soon see an industry call for ad publishers to more carefully scan the ads that are distributed through their networks. Our experts will monitor the progress of Kyle and Stan and will inform you as we learn more.

The post Kyle & Stan Malvertising Hits Amazon, YouTube appeared first on Avira Blog.

Read before clicking: Potential app permission risks

Who is allowed to do what – when it comes to the world of apps, this isn’t a straightforward question to answer. Whether you’ve got an iOS, BlackBerry or Android device, apps on all operating systems require your permission to access specific functions like network communications or the camera and microphone. While BlackBerry and Apple review the permissions prior to store approval, Google leaves this task up to the user. If you use an Android tablet or smartphone, you’ll be familiar with the list of app permissions requested prior to installation. You have a choice: Either you agree to all the app’s wishes or you have to do without the app – no ifs or buts.

Of course, many developers handle this situation responsibly, only asking for permissions the app actually needs to do its job. But the temptation to ask for a few more pieces of information than are needed is huge: Details about user preferences can be gleaned and data sold on straight away to make a little bit extra on the side. Free apps in particular are infamous in this respect. A while ago, the example of the Brightest Flashlight was in the media spotlight. While it didn’t require any permissions for it to work, it practically granted itself full access to the smartphone – the developer then sold all the data it harvested.

The app is still listed on the Play Store, it still asks for permission to access everything, and has meanwhile racked up over 50 million downloads.

An app tells you, more or less, everything it wants to know and influence prior to installation. It does this either when you actually download it or right at the bottom in the Play Store under “Permission” and “View details”. All the details of “dangerous” permissions are shown, whereas permission requests deemed less critical are not. To view them, you have to click the “Display all” tab. This can be problematic especially when it comes to updates for installed apps. This is due to a change to the Play Store’s permissions-management system (version 4.8) which saw Google introduce “simplified permissions”. Permissions are now divided into the following 13 groups:

  • In-app purchases
  • Device & app history
  • Cellular data settings
  • Identity
  • Contacts/Calendar
  • Location
  • SMS
  • Phone
  • Photos/Media/Files
  • Camera/Microphone
  • Wi-Fi connection information
  • Device ID & call information
  • Other

If you initially granted permission during installation and another permission has since changed in the same group, you are no longer informed about it. The newly requested permission is granted without so much as a whisper. To some degree the groups are also fairly unclear and this has some really surprising impacts. For instance, the “Phone” group includes the following functions: Directly call telephone numbers (including chargeable numbers), write call log, read call log, reroute outgoing calls, and modify phone state.

If you want to learn more about which app can do what, take a look at “Settings” and then “Application manager” followed by choosing the app’s name and “Permissions”. The free app Permission Viewer makes things a bit easier.

It lists every app (incl. internal system apps) and displays apps’ permission levels using colored bars. That said, knowing about potential weaknesses does not lead to greater security. To do that, you need the help of other apps such as App Guard by Backes SRT. The security company, a spin-off of Saarland University, offers a security and data-protection app for Android smartphones and tablets with Android version 2.3 and later for € 3.99. There’s also a free demo version which can monitor up to four apps. App Guard lets you monitor other apps and make subsequent changes to their permissions. Superfluous permissions can be revoked without needing root access.

By contrast, App Ops Starter is free but it only works on Android versions 4.3 to 4.4.1. The app starts Android’s integrated but hidden “App Ops” mode. It’s also possible to revoke individual permissions from apps without root access. Rooting your device opens up further options to monitor and change access permissions such as by using XPrivacy.

Everyone has to be clear about one thing: people who experiment with permissions can render an app unusable. Less experienced users should stay away from system services; otherwise the entire Android operating system could quickly become unstable.

 

The post Read before clicking: Potential app permission risks appeared first on Avira Blog.

Your holidays start on the Internet: tips for booking vacations online

Everything is possible online nowadays: reading newspapers, ordering books and clothes, flirting, checking out recipes – and of course booking vacations online. Hotel comparison sites are immensely popular, every airlines offer online booking services, and instead of combing through endless travel-agency brochures, you now simply visit Expedia, Opodo or Travelocity. While it’s all very easy and convenient, it isn’t without its risks. Whether it’s a dodgy low-cost website which goes bust before your vacation starts or a seemingly harmless invoice attached to an email which is infected with a virus – at Avira we find that a little caution goes a long way.

Many problems with online booking stem from legal issues. In some instances, the difference between provider, organizer or contracting party is not clear to the customer. In case of questions and complaints, it is important to know whom to contact. Whether you can even make any claims and how easy that is differs immensely depending on the location of the company you signed the contract with. On top of that, costs often aren’t as transparent as they could and should be, with hidden additional transfer costs or trip-cancellation insurance suddenly selected on the final page before the last confirmation click without it ever being mentioned beforehand.

Low-cost portal or not, no operator offers its services for free. The cheaper the offer, the greater the risk that the small print conceals hidden costs. Free hotel room? Perhaps a minimum stay is involved, or you need to pay service and agency costs. Extremely cheap flight and accommodation? There may be compulsory shopping trips planned involving visits to carpet makers, jewelers, and leather factories.

Internet transactions always involve risks – even if they have become safer over the years. You should always transfer money over an encrypted connection. For that, the online travel agent has to offer a SSL-secured Web session. Operators usually make a specific point of mentioning this at the virtual checkout, but you can also tell the session is encrypted by the little padlock icon or the different color of the Web browser’s address bar. This type of encryption is extremely secure and cannot be cracked without a reasonable amount of effort – effectively meaning no risk is involved.

However, other risks are beyond the user’s control. Hackers often manage to crack the websites of legitimate online travel operators. In 2005 the Japanese tour operator Club Tourism had to admit that hackers had stolen the information of over 90,000 customers. In 2009 a website in the USA which government officials use to book travel was compromised. And only in April 2013 Traveltainment, a subsidiary of the Amadeus Group, had to concede that hackers had broken into its servers and stolen the personal details, including payment information, of an unknown number of customers. This theft caused harm when customers opened their emails containing phishing software which the thieves were able to send as they knew the customers’ email addresses and booking details. A comprehensive security software solution like Avira Antivirus Pro offers protection against such attacks and should therefore be a staple on every computer.

The post Your holidays start on the Internet: tips for booking vacations online appeared first on Avira Blog.