ProActiv: How to add exceptions and deactivate it (Updated)

Update:

Please perform a product update in order to receive the fix which we released to all customers.

 

 

If you have problems with the ProActiv module after updating to the Service Pack, please follow the steps described in the Knowledge Base:

- English version

- German version

 

 

If it is too complicated, just deactivate ProActiv  by following these steps:

  1. Open the Avira Control Center
  2. Click on Extras → Configuration
  3. Activate the Expert mode in case it is not active yet
  4. Click on Realtime Protection → ProActiv
  5. Disable Enable Avira ProActiv
  6. Close the window using the button OK
  7. Restart your computer

 

Affected products

Avira Professional Security, Version 2012 [Windows]
Avira Antivirus Premium 2012 [Windows]
Avira Internet Security 2012 [Windows]
Posted on May 15, 2012, 7:17 am
Posted in Misc News | Tagged , ,

Security 101: April – Questions & Answers

As previously announced, we continue to answer questions received from the readers of the PC.COM magazine.

 

How does a phishing website gets access to our account number

A phishing websites try to fake official websites of financial corporations (banks, unions, credit card companies) or webshops (amazon, ebay, etc.)  in order to trick the users to enter their login credentials.

The user receives usually an email which pretends to come from entities like the above mentioned (phishing email) which  urges the user to login on the fake website. Once the user logins with his correct credentials, they are saved by the fraudsters and misused later.

Fortunately, more and more websites (especially financial) have introduced multi-factor authentication which adds another layer of protection. The classical authentication represents something that the user knows because it is based on user/account and password/PIN. The multi-factor authentication introduces another element which usually represents something that only the authorized user has, like a mobile phone (the user receives an SMS to authorize financial transactions) or a token generator (which generates a unique token for each transaction).

 

 

 

How can I prevent virus from attacking my PC, besides installing antivirus?

Malware (viruses, trojans, adware, etc.) can these days attack the PC from multiple directions. It can be delivered while browsing a webpage (drive-by downloads), reading an email (malware attacked) , reading a specially crafted document (allows exploits) and others. This is why it is very important to protect all these attack directions by installing dedicated security solutions for protecting these entry points in the PC: web surfing protection, mail protection, patch management. Last but not least, a very important factor of protection is represented by user’s know-how. So, user education is becoming increasingly important in today’s rapidly changing world.

 

Sorin Mustaca

Data Security Expert

 

Posted on May 15, 2012, 6:15 am
Posted in Misc News | Tagged , ,

Security updates for Safari and OS X Lion products

Apple released Safari 5.1.7 addressing multiple cross-site scripting, remote code execution, crashes  and other vulnerabilities. Also notable is the automatic deactivation of  Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

Safari 5.1.7 is available via the Apple Software Update application, or Apple’s Safari download site at: http://www.apple.com/safari/download/.

 

OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses a multitude of vulnerabilities. For more information visit the dedicated Apple KB article.

OS X Lion v10.7.4 and Security Update 2012-002 may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/. The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4.

 

Sorin Mustaca

Data Security Expert

Posted on May 14, 2012, 11:50 am
Posted in Security News | Tagged , , , ,

Security 101: Questions & Answers from readers

The magazine PC.COM (Malaysia) is publishing on a monthly basis the questions and answers coming from their readers. The editor of the magazine was kind to allow us to publish the questions and the answers I provided.

This means that every month we will have a special article with questions and answers.

 

What’s the difference between a threat, a vulnerability and a risk?


A threat is the indication of a possible danger or harm. In the IT security a threat is a possible negative effect caused by some internal and external factors on the applications and their users. The most known threats are buffer overflows, cross-site scripting, SQL injection, elevation of privilege, disclosure of confidential data, data tampering, session highjacking, session reply, man in the middle and others.

A vulnerability is a weakness that makes a threat possible. The threats mentioned above are possible because of vulnerabilities in software. Some examples are:
- lack of input validation (which can cause SQL Injection)
- lack or improper authentication, authorization and session management (which can cause disclosure of confidential data, data tampering, session highjacking, session reply, man in the middle)

A risk is the likelihood that a chosen action or inaction will lead to some kind of loss. Usually, potential losses are called risks. In IT security, a risk has also an associated value which might potentially be lost if threats and known or potential vulnerabilities are not mitigated and addressed.

The Risk (potential loss) can be calculated as the likelihood of a security incident occurring times the impact that will be incurred to the organization due to the incident

What are the steps I can take to protect myself during mobile banking on iOS or Android devices?

The biggest dangers associated with mobile banking are phishing attacks, man in the middle attacks and malicious apps which steal your credentials.
The best way to protect yourself is to have a security solution installed on the device that protects your data against these threats.
If this is not given, then the access to the Internet should be filtered directly on the router or on the gateway.
Usually, financial institutions or known companies with an impeccable reputation create the apps required to access the mobile banking system.
If the created of the app is not known or not trusted, it must be avoided to enter any credentials for accessing the mobile banking system.
Always the access to any banking system must be done via a secured connection (https or other proprietary secured protocol). Also, if the access to the Internet is done via WiFi, the access to the wireless network should be encrypted using WPA2. This way also the risk of session hijacking or man in the middle attacks is seriously reduced.

Sorin Mustaca

Data Security Expert

Posted on May 8, 2012, 3:06 am
Posted in Misc News | Tagged , , , ,

Some ways to stay in touch with Avira

There are many ways to stay in touch with us:

Read the Techblog: http://techblog.avira.com.

 

Subscribe to the RSS Feed of the Techblog in your favorite news reader.

 

Like us on Facebook – we regularly have actions which might give you licenses, laptops, smartphones and more.

 

Subscribe to our Twitter feed.

 

Subscribe to our Google Plus feed.

 

Subscribe to our YouTube video feed.

 

But, the best thing you can do is to join us.

 

Posted on May 7, 2012, 7:00 am
Posted in Misc News | Tagged , , , , , , ,

What to do if your computer has a virus

So, the unthinkable, the only thing which you always thought that it can’t happen to you did happen: your computer got a virus or more.

What to do now?

First of all, don’t be scared and think well before taking the next steps.

Many people format first their computer and reinstall the operating system or even change their hardware without thinking at the consequences: you lose all your data!

Let’s start with a risk analysis of the situation without going into too many technical details.

If you have a file infector virus (e.g. W32/Stanit) then potentially any access to other executable files would lead to new infections with this virus. If you have a keylogger, there might be the danger that it may have recorded all keystrokes, or it may be sophisticated enough to monitor for specific activity – like opening a web browser pointing to your online banking site. If it spied on your login credentials then you might have a long term problem. If it was a trojan, it might have downloaded other malicious software on your computer.

Of course, you can’t really know what kind of virus it is unless you work in a Virus Lab, so the best thing to do in case of an infection is to perform an offline scan. An offline scan means that the operating system is not started and you have full access to all files existing on the hard drive of your computer.

Our Knowledge Base provides a very short and useful How-To in three steps:

  1. Start your computer in Safe Mode and run a full scan with Avira software (in safe mode)
  2. Download and create Avira Rescue CD
  3. Start the computer with Avira Rescue System and use it
In order to make sure that the system is really clean, we recommend to perform another System Scan after rebooting again and starting Windows.

At this point, the computer should be clean but you’re not done yet. You must find out how did you get the virus in the first place:

  • did it come via email?
  • did you download it via a website?
  • was it from a freeware product you used?
  • did you use cracked software?

But, independent on which way you got it, make sure you have always your antivirus active and if you do deactivate it even temporarily, make sure you don’t do that action which got you the virus again. Just to be sure, simply never deactivate your antivirus.

We also recommend performing the following actions immediately after system cleaning:

  • check your email accounts (Outbox, Sent items) - The virus might have distributed itself via email to all your contacts and it would make sense to inform your contacts that they might receive strange emails from you. They should erase them without opening.
  • change the login data for home banking, eBay, Amazon, PayPal, Facebook and so on – in case the virus installed also a keylogger as payload, change all your password immediately.
  • keep a close eye on your finances for the next couple of months – if the keylogger was long enough active on your system, it might happen that the cyber criminals already have your credit card data or other login information which they can use to get some money from you.

 

If you can’t manage to get rid of that virus you can always call for help.

 

Sorin Mustaca

Data Security Expert

 

Posted on May 4, 2012, 8:01 am
Posted in Security News | Tagged , , , , , ,

Improve your security #8 – change the default passwords

Very often people buy new gadgets or devices which because they are “secured” out of the box. Or, better said, this is what the producers write on their boxes, because the reality is quite different.

These devices are delivered most of the time with default passwords like “0000″, “admin”, “1234″ and so on. This is not security, this is a bad joke made by marketing people who pretend to sell security.

First thing to do when buying a new device is to change its default password. For example, many producers have started already to understand that it is not at all user unfriendly to ask for a password or PIN as first thing after the installation of a router or at the first startup of a mobile phone. Seriously, there are websites like http://www.routerpasswords.com/ for routers and thousands of websites giving the default password for most of the mobile phones available.

 

 

Unfortunately, the situation is not much better in other areas which are not related to devices but to software. For example, many wireless routers come with default SSIDs for the wireless network and with no password or with a default password like those mentioned above.

In a continuous fight between security and usability, many forget that it is actually absolutely OK to reduce the usability a little in order to have a minimum security. After all, what would you prefer, to allow full access for anyone to all your photos and documents or to be forced to enter a password when enabling the wireless network access in your router?

Another issue is represented by the DECT telephones and headsets. In case you didn’t know, their default password is “0000″. The worse part is that many of them don’t even accept anything else than “0000″.

The same applies to many bluetooth headsets, but here the situation is not that bad because usually the mobile phones ask the user for manual confirmation before connecting a headset via bluetooth.

As a conclusion, please change the default password of your devices (router, smartphone, laptop, DECT phones, etc) and wireless networks.

For other useful tips related to your computer’s and your digital life’s security check our “Improve your security” series.

Sorin Mustaca

Data Security Expert

 

Posted on April 27, 2012, 12:34 pm
Posted in Security News | Tagged , ,

Spring cleaning your computer

We are now close to the end of April and the spring is everywhere. Some people are used to perform a general cleaning of their houses and gardens.

 

What about your computer? Don’t you plan to do the same? If not, then you should and here are the most important points to consider:

  • Install all available patches for the software you use. Here are some tips how to do this.
  • Uninstall the software you don’t use very often. Here is a tip how to identify which programs you use most: just have a look in the Start->Programs and if you don’t know what a program from that list does, it probably means that you have not used it lately.
  • Remove useless files, registry entries, cookies. Use a tool like CCleaner.
  • Erase old emails (or at least archive them) which you don’t need anymore. Your email program will work much faster.
  • Backup your data. Use either a local backup solution(Synctoy from Microsoft does a good job) or an online backup solution. The best is to use both. In case the solution you’ve chosen doesn’t backup automatically, don’t forget to set up an automatic backup schedule, because you want to have your latest data available, in case something has happened.
  • Install and update your security solution. In case you don’t already use Avira, it is then time to install it and run a full system scan after the installation.
  • In case Avira found malware on your computer, make sure you create a Rescue System and boot from it to scan and clean your system.
  • When did you last change your most used password? Yes, I know that you use only one for all your accounts. Now it is the best time to try to change it to a different one for each account.

 

For other useful tips related to your computer’s and your digital life’s security check our “Improve your security” series.

 

Sorin Mustaca

Data Security Expert

Posted on April 23, 2012, 6:22 am
Posted in Misc News | Tagged , , , ,

YouTube and Tagged phishing leading to online pharmacy sites

We are quite used to see well known brand names being used in phishing spam campaigns that lead to spam websites, usually online pharmacies. We’ve seen eBay, Amazon, Yahoo, Google, Microsoft, Facebook, Twitter, LinkedIn and so on.

It is to  us still a question why do the spammers try so hard to create phishing messages which use these known brands, because the only result is that they will get blocked faster.

Now it is time for YouTube and Tagged.

The Tagged phishing campaign is a classical one, using a well established social engineering trick: show pictures of beautiful women and ask men that they have to click in order to see “more”.

The YouTube spam campaign is much better made. There are actually quite a large number of different messages being used to spread the word.

We have seen the following texts coming quite often:

  • YouTube Content Service sent you a notification: Your video has been approved
  • Your video has been rejected
  • Terms of use violation
  • You are on the 2nd place.
  • Congratulations, your video has been approved
  • YouTube Service sent you a message: Your video on the TOP of YouTube
  • Congratulations, Your video on TOP10

Some of these emails are quite nicely done, because they seem to be created specially for the email address to which they were sent.

 

We strongly advise all users to simply delete such messages.

Sorin Mustaca

Data Security Expert

 

Posted on April 19, 2012, 6:00 am
Posted in Spam/Phishing Analysis | Tagged , , , ,

Old Microsoft Office for Mac vulnerability actively used to install malware

Not surprisingly, more than two and a half years after a critical patch has been delivered, we see customers that didn’t update. And if we can see them, then also the bad guys see them as well. Even worse, we see such an issue affecting MacOS users who usually are not used to think to install anti-malware protection.

That’s because most of the users think that Macs don’t get malware. But as reader of this blog, you know that this is a myth…

As any other myths, this one is also wrong. Macs do get malware and we see this pretty often. In order to protect the Macs we released a dedicated security solution which is completely free.

The already forgotten MS09-027 published in June 2009 (!!!) which could allow remote code execution in Microsoft Office, makes waves again. As presented at that time, also the Microsoft Office for Mac 2004 and 2008 were affected.

Security researchers analyzed the spear phishing attacks that spread the emails containing specially crafted Word documents making use of this security vulnerability. According to the researchers, once the document is opened, the affected software executes some shell scripts that drops a binary embedded in the document and starts it. This executable is even signed with a fake Avira GmbH digital signature.

On Macs, this executable, delivered even for PowerPC and Intel, installs a backdoor which monitors everything what the user does (yes, it can copy usernames, passwords, it can spy even audio, etc.).

As usual, we advise our readers to install the latest updates for their applications and operating system.

In order to protect the users who didn’t install the required patches, we released a generic detection for the Word vulnerability. As of today, all Avira software running the engine version 8.2.10.36 and above detect the Word documents as  EXP/Word.Exploit.Gen.

Don’t forget that we  have now protection for Macs and it is for free.

 

Sorin Mustaca

Data Security Expert

Posted on April 2, 2012, 1:54 pm
Posted in Security News | Tagged , , , ,