Antivirus software: Protecting your files, at the price of your privacy?

“Privacy” is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. [Wikipedia]

We have to make a statement here: Privacy is important. Period.

Large companies and governments unfortunately tend to disagree with us these days. They want to make us believe that security and comfort always come at the price of privacy. We think that the risks for potential misuse of collected mass data always outweighs any argument for the advantages of gained functionality that is based on big data analysis.

Only a few people are aware that one of the biggest threats to their privacy is actually a piece of software running on almost all computers. A software they have bought believing it would actually protect their data: antivirus software.

Antivirus features that rely on techniques which affect your privacy

There are a couple of highly questionable features in everyday’s protection software that we’d like to analyze a bit more in detail:

1) Scanning and blocking of dangerous URLs

Almost all internet security products claim to prevent you from accessing dangerous and fraudulent websites to keep you safe from malware downloads and fraud attempts. To do that, they typically forward all website addresses you visit to a centralized server which scans the domain names and paths against a massive database of dangerous URLs.

You may ask why these scans can’t be done on your local computer. The reason behind this requires a bit of technical knowledge: to check addresses locally would require the whole database to be constantly transferred and synchronized via online updates onto your computer. The problem with that approach is that there are literally millions of known bad website addresses that change very frequently. Online updates of protection software would become far too heavy for most users and every day hundreds of megabytes of data would need to be updated, which is simply impractical. That’s why it is more efficient to send each visited address to a server who does all the work and just returns a “safe” or “dangerous” flag.

The bad thing about this technology is that the antivirus vendor can track ALL your visited websites. Even worse: some vendors can read encrypted data that you enter on online banking websites or other private communication channels. These massive database servers are of course protected at the highest level, but history shows us that data is never 100% safe. Just think for a second about what would happen if that antivirus vendor lost control over their servers for any reason, and what would happen if your surfing habits were shared with criminals.

2) Cloud based file scanning

A few years ago, any software company who didn’t join the “cloud” hype was considered lame and old-school. There is no doubt that cloud computing—which means shifting heavy computing jobs from the local PC to a server ‘somewhere’—can be a very useful thing to speed things up. Since the early days of antivirus software, file scanning is typically done on the local computer. Antivirus vendors create a database of fingerprints/signatures of viruses and other threats, then send that collection of unique markers to the antivirus software on your computer where it compares all local files with each of those signatures.

Cloud scanning sort of reverses that process. It creates signatures of all potentially suspicious files on your hard disk and uploads them to cloud servers where these signatures are scanned against a large database of known threats. Signatures are typically short sequences of letters and numbers, so they don’t allow any antivirus vendor to restore your file content. Though they know which programs you run on your PC if the same pattern was seen before and other meta data can be linked to the data set.

Many antivirus vendors go one step further: They don’t just upload a unique file identifier, they upload the whole file so it can be analyzed on a cloud server. For program files that typically doesn’t mean any danger, but has any antivirus vendor ever published their rules for selecting files that are to be uploaded? You are forced to blindly trust that they don’t send any of your private data files.

3) Collecting the computer’s meta data

Sometimes, collecting meta data about a computer can even be more helpful than collecting data files. Meta data describes all sorts of information such as computer name, user logon name, IP address, country, operating system, running programs, their version numbers, hardware components or similar. Collecting and combining these data points allows someone to sketch a quite precise picture of each computer and derive a certain level of exposure to online threats.

But that data also reveals a lot about the person sitting in front of the PC. Combining data can tell which software you have used for how long. Where you live, what your areas of interest are, your age group, how much you spend on hardware, etc.

AV-Comparatives, a well respected security software testing organization, conducted an analysis of Data Transmission in Internet Security Products in 2014. A quick overview of their findings:

• 8 out of 21 antivirus submit hardware information, and 5 didn’t disclose that information.


• 6 out of 21 submit information about running programs, and 4 didn’t disclose that.


• 18 out of 21 submit website addresses (malicious and non-malicious).


• 5 out of 21 submit “suspicious” non-executable files (such as documents), and 7 didn’t disclose that.


• 6 out of 21 don’t allow their users to opt-out of sending files.

AV-Comparatives recommends reading the privacy policy and EULA of vendors carefully, so that users can make an informed decision. They state: “Users should also avoid being lured into using free products that require submitting personal data (data mining is a business model too, as well as the inclusion of third-party toolbars which collect information on their own).”

Antivirus vendors that trade user data

Users who run Avast’s security software should be aware that their surfing habits are tracked by a company called Jumpshot who creates statistics based on visited websites, as Avast recently announced. These might be impressive and interesting statistics, but keep in mind that once data is sent to countries with different legislation, there is little control left on what really happens with all the information. Avast’s installer also preserves the right to submit usage data without specifying further what that means.

Alternative ways to protect that don’t compromise privacy

Some good news for all of you who have been told that there are no alternatives to collect data in order to keep you safe from malware: there are alternatives. They may require a bit more effort in programming and may be a little less convenient for software vendors, but they are proven to be just as efficient as methods that impact your privacy.

Blocking website domains instead of website addresses

Instead of blocking individual website addresses, Emsisoft Anti-Malware and Emsisoft Internet Security use a locally stored blacklist with bad domain names. Most malware today is spread by hacked web servers. If a specific server is hacked, we don’t trust any website on that server anymore until it is clean again. So we simply block access to the whole server, which reduces the amount of data to be stored in a blacklist-file significantly, effectively allowing us to avoid cloud based scanning and do the checks locally on your computer only. Updates of that file are provided every 15 minutes. Tests confirm that this approach often beats cloud based scans.

Avoiding file uploads for cloud scanning

Emsisoft products never upload any files to our servers without asking you first. Any scans that require information to be obtained from a server rely on a minimum amount of data. In most cases, only a MD5 hash (32 letter checksum sequence) is required to verify if a program is safe or not. User documents are never uploaded at all.

Minimizing meta data collection

AV-Comparatives confirmed in their report that Emsisoft is one of the most privacy conscious antivirus vendors around. Our products avoid sending any information that may be used to create detailed user profiles.

Privacy options we provide our users

With the recent release of our version 10 protection product series, we are once again one step ahead of our competitors in terms of privacy. You can find all settings that may have an impact on your privacy in a newly formed Privacy settings dialog. There you can choose whether you want to allow us to create statistics based on detected malware, or configure your participation in the Emsisoft Anti-Malware Network, which helps to improve the malware detection quality for all users. Options for disabling SSL in server communication and creating crash reports are included too.

Emsisoft Anti-Malware Privacy Settings

During installation of our software you are asked whether you are fine with sharing some of your data or not. We don’t force you to participate at all and we don’t even set a default option for these things— it’s totally up to you.

Conclusion: Privacy doesn’t need to be given up on

Emsisoft is the living proof that privacy doesn’t need to be traded for security. There are ways to provide the same, if not a better level of protection, without harming your privacy.

 

Have a nice, private day!

Related Posts:

• Buzz word: “cloud anti-virus” – what is it…


• Emsisoft: Quite Possibly The Most Privacy Conscious…


• Is this file safe? Re-launch of the Emsisoft Anti-Malware…


• Prevent malware from entering your PC with Emsisoft Surf…


• Version 10 beta: Emsisoft Anti-Malware and Emsisoft Internet

Antivirus software: Protecting your files, at the price of your privacy?

The NSA is just one malware writer out of thousands

With the recent news concerning surveillance of antivirus software companies, The NSA is revealed to be just another actor on the stage of cyber security, creating state-sponsored malware to spy on businesses, agencies, and everyday internet users like you and me.

But you aren’t really surprised, are you? We aren’t here at Emsisoft. EVERYONE is monitored nowadays by big government agencies like the NSA and GCHQ (the NSA’s British equivalent, Government Communications Headquarters). Whether you’re an AV specialists or a toilet paper manufacturer, big government has its hand in your information.

What else is new?

It goes without saying that we all have a part to play in online privacy. Sure, there are holes in some antivirus software, as there are in all types of software. There also are holes in the way you conduct yourself online everyday, from weak passwords to transmitting sensitive information through free email providers.

But don’t let this “expose” about big brother scare your pants off! These holes are exploited daily by hundreds of malware writers.

The NSA may have an edge when it comes to the multitude of entry points it has to intercept traffic. But the NSA isn’t doing anything other malware writers aren’t already doing. To get to our internal information, the NSA must ultimately overcome the same hurdles that every hacker and malware writer must overcome.

To date, none have succeeded here at Emsisoft.

If you’ve checked out the article linked above and you’re still hit with a case of the heebie-jeebies, take solace in the fact that the NSA’s Project CAMBERDADA got some of the facts wrong in their presentation slides—in listing the anti-virus software companies they were targeting, both Eset and Nod32 are listed separately…even though Nod32 is a product of Eset, not a software company on its own.

Potential targets (source: The Intercept)

So take it all with a grain of salt; it just takes a little misinformation to turn this molehill into a mountain.

(Additionally, how well can the NSA be at hacking if they don’t even know the names of their target?)

So what are we doing here at Emsisoft to ensure your protection and privacy?

• We encrypt years worth of internal emails


• We use a secure VPN (Virtual  Private Network) for all internal processes and file sharing


• We carefully research threats to internet safety through malware samples and vigilant testing

Sure, we communicate freely with external partners and marketers. But no private information is shared, and I’m fairly certain that the NSA doesn’t get much use out our website banners and press releases.

But if you big-wigs are actually reading this somewhere out there, do you mind sharing your opinion on our branding strategy?

Have a nice, fear-free day.

 

Related Posts:

• Multinational SIM cards manufacturer Gemalto hacked by NSA…


• Is the NSA Spying on Gamers?


• Emsisoft: Quite Possibly The Most Privacy Conscious…


• Joint international police operation targets Beebone botnet


• Twitch user accounts possibly compromised

The NSA is just one malware writer out of thousands

How to find and clean malware infections with Emsisoft Emergency Kit

Emsisoft Emergency Kit is the only free, fully portable dual-engine cleaning toolkit that scans for and removes Malware and Potentially Unwanted Programs (PUPs) from your PC. It’s the tool of choice for a second opinion scan and works well in combination with any other antivirus- and anti-malware programs. Use it if you suspect your computer is infected, but other protection and cleaning software fails to get you out of your misery. It doesn’t take you a lot of time – a typical malware scan with Emsisoft Emergency Kit takes no more than a minute.

This tutorial provides step-by-step instructions on how to scan and clean your computer.

1. Download and run the Emsisoft Emergency Kit


2. Check for the latest online updates


3. Run a scan and clean your computer


4. What to do if malware is found


5. For geeks: Emsisoft Commandline Scanner


6. For malware removal professionals: Emsisoft Emergency Kit Pro

1. Download and run the Emsisoft Emergency Kit

Download: If you don’t have the Emsisoft Emergency Kit yet, download it here. It’s free for private use and it’s fully portable, which means no installation is required. The download package just unpacks to “C:\EEK\” or any other destination of your choice and place a shortcut on your Desktop.

Note: If you don’t need the software anymore, just delete the whole folder and the shortcut at any time.

Run: Simply double-click the Emsisoft Emergency Kit shortcut that appears on your Desktop to launch the scanner. If Windows issues an alert and asks for your permission to run the program, allow it to run with elevated rights.

The software can also be started from a read-only device such as CD/DVD/BD or any write-protected USB-devices. While online updates are not possible in that case, the software itself remains fully functional for scanning and cleaning, without risking an accidential infection of the plugged in drive or disk.

2. Check for the latest online updates

We recommend that you run an online update each time you start a new scan, to ensure all the latest malware signatures are included. If you’re opening the program for the first time, it will automatically prompt you to do so.

We also recommend that you select “Yes” when asked if you’d like the program to detect Potentially Unwanted Programs (PUPs). Emsisoft specializes in removing PUPs, like unecessary browser toolbars or annoying adware that are notorious for bloating and slowing down your system.

Once the update process has completed successfully, the color in the first menu block will change from orange to green.

After the update has finished, click “SCAN” in the main menu.

3. Run a scan and clean your computer

You are now ready to run a scan. There are three options: Quick Scan, Malware Scan, and Custom Scan.

The Malware Scan is the best choice for most users because it’s optimized to scan locations where malware typically infects. This scan typically does not miss any malware; however, if you want to be absolutely thorough and also find inactive malware files or if this is the first time you’re scanning your computer we recommend doing a Custom Scan. It will by default scan all the contents of your PC, including local drives and more. This scan is also useful if you wish to configure your own scan settings, scan additional drives for malware or exclude certain folders.

Use the Quick Scan if your are quite sure that the system is clean already, e.g. when you have a new computer. It will only scan active programs and perform a quick search for known malware traces in file system and registry.

4. What to do if malware is found

If the scan detects any malware or PUPs on your computer, it will display and preselect all findings.

You can either quarantine or delete selected objects. We recommend you quarantine objects in most cases, as this option will completely disable the malware by wrapping it in an encrypted container. It will render the malware harmless, while allowing it to be analyzed by one of our technicians if needed or restored in the off chance that it is a false positive.

If you opt to delete files instead, you will irreversibly delete the detected files – so only do this if you are absolutely certain the files are malicious.

Very rarely, a scan detects a rootkit that cannot be automatically removed without a significant risk of damaging your system. If this occurs, you will get a notification to contact one of our malware removal experts in the Emsisoft support forum. Follow their instructions to safely get back a clean system.

View scan logs

All scanner, quarantine and update events are thoroughly logged and can be viewed at the “LOGS” section. Logs can be helpful to our analysts if you ever encounter a complication.

Additional privacy settings and options

The “SETTINGS” area lets you define how the Emsisoft Emergency Kit will operate, especially in regards to your privacy. You can join the Emsisoft Anti-Malware Network, our cloud based database that stores information about all types of programs, good and bad, and checks them in real time. By opting in you give the program permission to collect anonymous information about malware it finds on your computer, which helps improve our products’ overall malware detection capabilities.

In this section you can also opt-out of using SSL encryption for all server communications which will allow you to analyze all the information that is being sent and received from Emsisoft webservers.

A Quarantine Re-Scan is by default performed every time new signature updates are downloaded. If it ever happens that you have a wrongly detected object in quarantine, a re-scan with corrected detection signatures would ask you to restore the quarantined objects back to its original place.

Enable Beta Updates only if you are an advanced user and want to take advantage of the latest untested software updates. If you would like to get more insights, please sign up for our beta tester program.

5. For geeks: Emsisoft Commandline Scanner

System administrators, security experts, and experienced commandline users will love this. The Emsisoft Emergency Kit also includes the Emsisoft Commandline Scanner, a console application

Emsisoft Commandline Scanner

for professionals who don’t need a graphical user interface. Its features are nearly identical to those of the graphical Emsisoft Emergency Kit scanner, and many professionals have called its latest incarnation “one of the most sophisticated command line scanners around”.

Emsisoft Commandline Scanner makes it easy to run repeated scans, perfect for use in automated batch scripts. It can easily be integrated in multi-engine scanning toolkits and its created log files are easy to parse. For more information, see product details.

To run the Emsisoft Commandline Scanner, either navigate to “C:\EEK\” and run the file “Start Commandline Scanner.exe” to see an overview of available paramaters or directly locate the “a2cmd.exe” file in “bin” folder and start from there.

6. For malware removal professionals: Emsisoft Emergency Kit Pro

Corporate users, such as helpdesks and PC repair companies please buy a Pro-license at a reasonable rate. $99 can get you the following hard- and software-package:

• 16 GB USB stick: More than 15 GB for your own use, i.e. to make backups while cleaning a PC.


• Up to 250 cleaned PCs per year: Higher packages for 500, 1000, 2000 and 4000 PCs available too.


• Company branded GUI: Doesn’t show any “freeware” texts.


• 2 in 1: Emsisoft Emergency Kit scanner + Emsisoft Commandline scanner.


• Bonus: Emsisoft Anti-Malware license for 1 PC/1 year included for free.


• You can clone the self-updating USB stick for your team as often as you require.

For details, please check out the Emsisoft Emergency Kit Pro page.

 

Have a Great (Malware-Free) Day!

Related Posts:

• How to scan and clean a computer with Emsisoft Emergency Kit


• Emsisoft Emergency Kit 9 Beta available


• New version of the popular free virus scanner…


• Emsisoft Emergency Kit 4.0 released!


• The Emsisoft Emergency Kit is a Komputerswiat Editor’s

How to find and clean malware infections with Emsisoft Emergency Kit

Ransomware “Locker” automatically decrypts all affected files, after its creator is struck by conscience

New ransomware variants emerge regularly but here is an odd story of a ransomware author who actually repented his actions. The ransomware “Locker” was discovered and analyzed by Bleeping Computer with the help of the Emsisoft research team. Unlike other ransomware samples, Locker did not encrypt the files of the user immediately. Instead, it lay dormant until May 25th after which it began its hideous operations. Like most other ransomware, Locker encrypts the user’s files and then demands payment in bitcoin. The ransom amount is also increased if the user fails to pay the original amount within a stated time. In a surprising turnaround however, the creator of this ransomware posted an apology a few days after its release, promising that affected files on all infected computers would automatically be decrypted on 2nd June. Although it may sound bizarre, based on the reports, the automatic decryption did actually take place.

Ransomware infects system through a “daisy-chain” installation

As stated by Bleeping Computer:

“Locker appears to be installed via a dropper that creates a daisy-chain installation of various Windows services that ultimately launches the Locker screen.”

The primary dropper is placed in C:\Windows\Syswow64 with a random name. Then, a “Steg” service is created in C:\ProgramData\Steg. After that, tor is installed in the Program Data folder in order to enable anonymous communication.

Finally, the locker user interface is launched with a random version number like Locker v1.7, Locker v3.5.3, Locker V2.16, or Locker V5.52.

Locker User Interface (Source- http://www.bleepingcomputer.com)

On a specific date and time (midnight, May 25th) the ransomware begins its operations and encrypts the victim’s data files. The malware also deletes all Shadow Volume Copies in order to prevent the user from restoring any of the encrypted files that way.

Malware author demands ransom and then offers apology and free decryption!

The demanded ransom was 0.1 bitcoin, which is only about US$ 22 but the amount was increased to 1 bitcoin (ten times the original) if the payment was not made within 72 hours. However, the story didn’t end there. In a surprising turn of events, the creator of the ransomware actually posted a public apology on pastebin on 30th May. The post stated:

“I am the author of the Locker ransomware and I’m very sorry about that has happened. It was never my intention to release this.

I uploaded the database to mega.co.nz containing “bitcoin address, public key, private key” as CSV. This is a dump of the complete database and most of the keys weren’t even used. All distribution of new keys has been stopped.”

The hacker also promised that automatic decryption would commence on all affected systems soon, and it turns out that actually did happen. This was the decryption message window:

Decryption message (Source- http://www.bleepingcomputer.com)

This kind of behavior gives rise to several interesting questions. Was the hacker really struck by conscience? Was the release of the malware truly unintentional? or did the hacker simply realize that the plan wasn’t foolproof and may have backfired if not withdrawn?

Either way, the good news is, there is one less ransomware for users to worry about and the already affected victims are getting an easy escape.

The threats posed by ransomware and best policies to help avoid them

Ransomware is one of the fastest growing malware families, with several new variants coming up regularly. Given the direct monetary benefit, this is not a surprise. Research shows that some of the popular ransomware variants end up earning over US$ 2000. The crooks behind such threats make enormous profits, thus fueling their malicious intentions. Most users pay the attackers out of fear of losing their precious files. Your data is valuable, but the key is to not to get trapped in this hostage scenario in the first place. Below are some tips to help avoid such an undesirable situation:

• Do not let cybercriminals use your data as hostage. Keep regular backups of your important files in external storage drives. For smaller files you can also use cloud storage.


• Always keep your anti-malware program up to date with realtime protection turned on. Ransomware programs are detected by security products and will be blocked automatically.


• Do not run unknown executables. Since these types of files can make major changes to your system, it is always a good idea to think twice before running them.


• Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

Although there are decryptors for many ransomware variants, prevention is always better than cure.

Have a nice (ransomware-free) day!

Related Posts:

• Copycat Ransomware “Locker” Emerges


• New Cryptolocker variant attacks games


• New Cryptolocker copycat PClock2 discovered that targets…


• Android Outbreak: Koler ransomware has learned how to worm


• Warning: File Encrypting Ransomware, Now on Android

Ransomware “Locker” automatically decrypts all affected files, after its creator is struck by conscience

Mobile Office Development & Mobile Device Management - Columbus, OH

Businesses are increasingly relying more and more on mobile technology. That dependency means that more and more businesses across Columbus, OH are in need of mobile office and device management from those that specialize in mobile office solutions.

Discuss helpdesk services

AhelioTech is an expert in mobile business setup, infrastructure, and management. We have the tools and expertise necessary to perform all sorts of mobile business solutions, including:

• Installation and Setup of Mobile Office Applications


• Support and Maintenance for Mobile Devices


• Mobile Data Security and Monitoring

Whether you have a Bring Your Own Device (BYOD) policy or you’re supplying the mobile devices, mobile device management becomes a crucial component of an effective business, and at AhelioTech, we provide all of these services for costs that won’t hurt your ROI.

We work with all smartphone platforms, including:

• Android


• Apple


• Microsoft


• Blackberry

We also work with Tablet PCs, and we’ll continue to stay updated with the future of mobile device technology. We make it easy to collaborate with other professionals securely, as well as share files, work through cloud media and cloud storage, and so much more.

Our Columbus Mobile App Development Services

We are also one of the few providers of custom mobile app development, so if you are in need of a special app to help you with your mobile computing needs, we’ll be able to complete it for you. There is nothing that we cannot offer you at AhelioTech, with a variety of solutions that are certain to help you with your business’s mobile needs.

If you’re interested in learning more about how we use these solutions for your mobile business needs, contact us today at (614) 305-7363. Let AhelioTech show you why we are the number one IT outsourcing company in Ohio, and how we’ve helped so many Columbus businesses thrive.

Mobile Office Development & Mobile Device Management - Columbus, OH