Category Archives: Antivirus Vendors

Antivirus Vendors

AVG

Who do you trust with your online data?

Dropbox recently disclosed that 68 million of its user’s login credentials were published after it was initially hacked back in 2012. Does changing a password now really make a difference?

The file servicing company is back in the spotlight after the login details of 68 million of its users were published after it was hacked back in 2012. Dropbox has taken the usual, sensible approach by reminding people to change their passwords regularly in any case and, in particular, when the security of any online provider they use has been compromised.

It has also initiated a push reset that changes all the passwords of those potentially affected to ensure no one was missed, reassuring impacted users that even if their previous passwords were compromised, their accounts cannot be accessed.

While companies suffering an unfortunate hack often recommend resetting passwords, few take the step of actively encouraging users to use 2-step authentication. In its blog, Dropbox recommended this approach – but its email notifications only mention passwords; the same is true of their help page on ‘Email and Passwords’.

I am sure, however, that we are not too far away from a company enforcing enhanced security, such as 2-step authentication, on its users. AVG recently conducted a poll in the US and UK to find out who people think is responsible for their online data. Against this backdrop, the findings are interesting.

Those who are most responsible for keeping online data safe are any businesses that store personal data (74%), banks (66%) and online security companies (57%). Only banks and security companies were seen as taking this responsibility seriously enough by 74% and 63% of people respectively.

So it seems that people expect a company like Dropbox to take responsibility for keeping their users’ data safe but they don’t necessarily think such businesses take this seriously enough. In addition, 86% of people polled said that personal identification data was the type of information they were most concerned about sharing, and having collected by businesses.

It’s great to see that people are aware – and concerned – about how other entities handle their private data and what degree of responsibility they take for holding that data. The news about Dropbox merely confirms that we can’t simply trust companies to keep our data safe.

So if you are affected by this breach, or have been affected by any other, then I recommend taking two steps to try to remedy the situation.

Firstly, secure any online accounts, such as banking or social media, by ensuring they aren’t using the same email and password combination. If you are re-using login details across multiple accounts, change them and use two-step authentication if possible, such as a password and a back-up phone number or other account.

Secondly, be alert to suspicious activity on your accounts such as receiving any potentially fake emails. If your data is at risk for having been compromised, you should validate these as genuine by contacting the company that sent them directly or visiting their website before taking any of the action suggested by the email.

Finally, as you would expect, I always recommend having a good internet security product on your PC or mobile devices. Whether you use a laptop or a tablet to access your online accounts, you should always ensure you are as protected as possible against any hacks, phishing tricks or spam emails because as we have seen, we can’t rely on other people to keep us safe online.

AVG

Finding too much in your Pokémon app?

Are you addicted to the augmented reality of Pokémon Go yet? If so, then you are not alone and if not, beware of playing the game because you might be.

 

But be careful, whether you are an existing or new player as with any craze as popular as this then cyber-criminals see an opportunity to make some cash.

In the last week several security researchers have released details of threats ranging from fraudulent social media accounts to malware infected apps available in the Google Play store.

The malware infected app found by security researchers this week was available in the Google Play Store and is reported to have been downloaded over 500,000 times. The apps malicious payload is capable of taking root access rights on a user’s phone. The app masqueraded as a ‘Guide for Pokémon Go’, leveraging the huge success of the game to dupe people into downloading an app that could then uninstall/install apps or display unwanted adverts.

The research on social media accounts found 543 accounts related to Pokémon Go across Facebook, Twitter and Tumblr with over 30% (167) of them delivering fraudulent content to their visitors. With a mix of downloadable game guides, imposter accounts and free giveaways affecting both desktop platforms and mobile devices delivering adware, malware or software not related to the content advertised.

With cyber-criminals motivated to cash in on the phenomena we strongly recommend that vigilance is needed when downloading or researching details about the game and the best way to play.

If you think you may have clicked a bad link or downloaded a rogue app then download AVG AntiVirus for Android, it’s free and detects malicious app downloads in real-time. AVG detects the threat from the malicious app mentioned above and our researchers work 24×7 to ensure that we bring you protection to threats as they happen.

Panda Security

Regain your privacy: Facebook’s new (creepy) ad system

PandaSecurity-Facebook

Running a service as large as Facebook is extremely expensive. So rather than charge users like you and me a fee for accessing the social network, Facebook use our profiles to sell adverts. The more they know about us and our preferences, the more advertisers are willing to pay to show us online ads that match our tastes.

For most people, a few targeted ads in their Facebook timeline is a more than fair swap for the entertainment they get in return. However a new development in the Facebook advertising model may not be quite so agreeable.

All your advertisement profile data in one place

Claiming they want to “enhance” the online advertising experience for their users, Facebook has announced a new partnership with four data brokers, Datalogix, Epsilon, Acxiom and BlueKai. These businesses also create profiles based on our shopping and dining habits (among other factors), giving Facebook a way to link up our on- and off-line lives.

Combining all of these profiles gives Facebook an incredibly detailed insight into every detail of our lives – and means that they can target adverts at us even more accurately. They will also be showing us adverts outside the confines of the Facebook site and apps. We will start to see highly targeted ads everywhere as we surf the web.

For anyone concerned about retaining even the smallest degree of privacy, this is a concerning development. So what can you do about it?

1. Check your Facebook advertising settings

Facebook does provide you with a (limited) selection of account controls. You can find out more in this blog post here.

2. Install ad-blocker and security software

Many of the systems used by online advertisers and data brokers are incredibly similar to the malware used by cybercriminals. Panda Gold Protection provides tools designed to protect your data on social networks (or elsewhere on the web) for instance.

A second tool, like AdBlock or Ghostery allows you to block specific trackers used by advertisers for an additional layer of privacy. These tools are especially effective for preventing BlueKai from collecting your web browsing data.
We highly recommend non Panda users to download and use our Panda Cloud Cleaner to check if their computer is free of malware and Potentially Unwanted Programs (PUPs).

3. Opt out from the brokers

Three of Facebook’s data broker partners allow you to opt out of their data collection routines. Although relatively straightforward, you have to do the hard work to make it happen.

The instructions below will help you opt out:
• Acxiom (complete the form, and click the confirmation link in the email that follows): https://isapps.acxiom.com/optout/optout.aspx
• Datalogix (simple – just click this link): https://www.datalogix.com/privacy/rel-opt-out-confirmation/
• Epsilom (click the “Choose all companies” button on the AdChoices website to opt out): http://www.aboutads.info/choices/

What happens when you opt out?

Following these steps will somewhat limit the tracking habits of these companies, but it won’t stop them entirely. After all, everything you share on Facebook is fed into their advertising algorithms.

You will also find that the adverts you do see online may have no relevance to your interests at all. So you need to weigh up the importance of relevant advertising to your web browsing experience.

Ready to improve your online privacy? Start your free Panda Protection Service trial today.

The post Regain your privacy: Facebook’s new (creepy) ad system appeared first on Panda Security Mediacenter.

Panda Security

Anti-malware Testing Undercover

lab malware

This week Cylance’s Chad Skipper published an article called Security Testing Houses: Know the Truth! that all people interested in security solutions testing should read. There are some serious accusations against some testing houses and vendors (without naming them) such as:

–          “vendors who pay so that their test results will show 100% efficacy”

–          “bribing the testing house to hide the negative results of their tests.”

Even though I have been involved in this industry for more than 17 years, I am not aware of any case like those described above. That being said, I do agree with most of the article. To name a few: outdated testing methodologies, not enough samples being used, having to pay to challenge the test results… that happens. And it has to be fixed, that’s why organizations like AMTSO exist, and the first thing that came to my mind after reading the blog was “we need to have Chad in the next AMTSO meeting”. Guess what, when I asked AMTSO about it they told me he had already registered for the next meeting we’ll have next month in Malaga. Awesome!

Chad ends the article saying “Test for Yourself”. I also agree with this, and in fact it is something that has been happening for a long time. The largest customers we have in different areas (Governments, Telecommunications, Financial, Health, Facilities industries) have selected our EDR solution (Adaptive Defense 360) after several months of intensive and deep testing of different solutions.

The truth is that this kind of “do-it-yourself” testing is only available for big corporations. Small and medium companies lack the resources to do it properly, and that’s why they trust professional testing companies’ results to make decisions. Security Week’s Kevin Townsend wrote an article a few months ago about this topic in this fantastic article: “Inside The Competitive Testing Battlefield of Endpoint Security”.

Out of all the regular tests performed by the biggest testing companies one of the tests I like the most is the Real-World Protection Test performed by AV-Comparatives. In the aggregated February-June 2016 test with 1,868 test cases (PDF), how many vendors obtained 100% accuracy with 0 false positives? None of them. It is clear that Chad cannot be referring to AV-Comparatives when he is talking about vendors that pay to obtain a 100% efficacy.

This is the same AV-Comparatives I talked to last year to test our EDR solution, Adaptive Defense 360, with a number of other similar solutions. Have you seen that test? No, that’s because even though Panda offered to pay for each product included in that test, the other vendors (Cylance was NOT one of them) didn’t want to.

In 3 weeks I will be in Denver to discuss these topics at the 26th Virus Bulletin conference with ESET’s Righard Zwienenberg in our talk “Anti-malware Testing Undercover”.

The post Anti-malware Testing Undercover appeared first on Panda Security Mediacenter.