[Avast Anti Track Key
Iberio Ralda
Web researcher David Eade found and reported CVE-2020-8987 to Avast: this is a trio of blunders that, when combined, can be exploited by a snooper to silently intercept and tamper with an AntiTrack user's connections to even the most heavily secured websites.
This is because when using AntiTrack, your web connections are routed through the proxy software so that it can strip out tracking cookies and similar stuff, enhancing your privacy. However, when AntiTack connects to websites on your behalf, it does not verify it's actually talking to the legit sites. Thus, a miscreant-in-the-middle, between AntiTrack and the website you wish to visit, can redirect your webpage requests to a malicious server that masquerades as the real deal, and harvest your logins or otherwise snoop on you, and you'd never know.
"The consequences are hard to overstate. A remote attacker running a malicious proxy could capture their victim's HTTPS traffic and record credentials for later re-use," he said. "If a site needs two factor authentication (such as a one-time password), then the attacker can still hijack a live session by cloning session cookies after the victim logs in."
The first issue is due to AntiTrack not properly verifying HTTPS certificates, allowing an attacker to self-sign certs for fake sites. The second issue is due to AntiTrack forcibly downgrading browsers to TLS 1.0, and the third is due to the anti-tracking tool not honoring forward secrecy.
Separately, the Avast antivirus tool potentially has another vulnerability. This time, Googler Tavis Ormandy has found the antivirus suite running its JavaScript interpreter with system administrator-level privileges, which is like running around with a gun in your pocket and the safety off.
"Despite being highly privileged and processing untrusted input by design, it is un-sandboxed and has poor mitigation coverage," Ormandy said of the process. "Any vulnerabilities in this process are critical, and easily accessible to remote attackers."
Are you one of the allegedly 400 million users of Avast antivirus products? Then I have bad news for you: you are likely being spied upon. The culprit is the Avast Online Security extension that these products urge you to install in your browser for maximum protection.
One of the things that frustrates me most is the consolidation of so many great AV/AM/AS tools/products/companies throughout the years, and it is almost always the same story. One of the big fish consumes one or more of the smaller fish because the smaller fish was in a unique niche doing something that the big fish envied, so they make the acquisition only to eventually either kill off the small fish's product or integrate it into their 'suite' where it lives on as a shadow of its former self, usually losing much of what made it unique and effective. It also means that the bad guys end up with one less engine/set of technologies/group of researchers and devs to deal with.
This is one of the many reasons I respect Malwarebytes, because throughout the years they have had many offers from big AVs trying to acquire them but they have so far stuck to their guns and refused all offers because they know all too well what usually ends up happening. Additionally, when they have made acquisitions of other companies/products they have always ensured that the developers, researchers and unique technologies lived on and remained as effective as they had always been, usually improving upon them following their acquisition (and when it makes sense, continuing to offer them as standalone products/tools), and at least so far I haven't seen a single instance where a tool/product lost its effectiveness after acquisition, I have only ever seen them either remain as effective as ever, and usually actually improving after coming under the control of Malwarebytes.
The AV software inserts a JavaScript bug in every webpage you load. Incredibly, Kaspersky included a unique identifier that allows any other website to track you, too. The company has patched that latter behavior, but the Russian tracking remains in place.
Your antivirus knows a heck of a lot about you. It knows what programs you run, because it has to make sure they're legit. It knows the websites you visit, and steers you away from frauds and dangers. In addition, the antivirus company may learn a lot about you as you interact with sales, support, and so on. But that's fine, right? Well, a recent attempt by free antivirus giant AVG to clarify its privacy policy caused quite a fuss.
Free Isn't Free
No security company in the world could survive solely by giving away free antivirus protection. There has to be some income, or the company will dry up and blow away. Yes, some vendors use the free version as a teaser and profit from upgrades, but those aren't the giants. AVG needs to monetize the anonymous data and telemetry received from the more than 200 million users; the same is true of Avast, Avira, and other major publishers of free security products.
It would be suicide for a security company to actually misuse private data. I can't see it happening. But if you're at all worried, dig in and read your own antivirus's privacy policy. Just make sure you have a college graduate handy to interpret the complex language.
Yeah, Norman used to be a really decent AV and they had some good tools too. I used to run their portable/standalone scanner all the time when doing malware checkups/cleanups; it was always on the short list of go-to tools for general virus scanning (a list of only about 4 or 5 products total, as I was quite picky).
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
The Federal Trade Commission will require software provider Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.
After Avast bought Jumpshot, a competitor antivirus software provider, the company rebranded the firm as an analytics company. From 2014 to 2020, Jumpshot sold browsing information that Avast had collected from consumers to a variety of clients including advertising, marketing and data analytics companies and data brokers, according to the complaint.
In addition to paying $16.5 million, which is expected to be used to provide redress to consumers, the proposed order, will prohibit Avast and its subsidiaries from misrepresenting how it uses the data it collects. Other provisions of the proposed order include:
The Commission voted 3-0 to issue the administrative complaint and to accept the proposed consent agreement. FTC Chair Lina M. Khan joined by Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya issued a statement on this matter.
The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments will appear in the published notice. Once processed, comments will be posted on Regulations.gov.
The Federal Trade Commission works to promote competition and protect and educate consumers. The FTC will never demand money, make threats, tell you to transfer money, or promise you a prize. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
I recently installed avast! free antivirus and it kept giving me a warning that some file (bootloader or something like that) had a warning because of it's "decompression rate". After some research, found out it was harmless and recommended that I uninstall avast! for an alternative. So I uninstall avast with the uninstaller it came with, however, now when I check my console log, every 10 seconds it shows a log for "com.avast.helper" that says "Error connecting to master socket: connect ( ) : No such file in directory". How can I permanently stop this, and possibly remove any remaining fragments left from avast!? I tried going into my library, but the application folder for avast! was no longer there.
Open Avast! Preferences and uncheck or "open" File System Shield and disable it. (If you are on line and not downloading anything, then you are still protected. I disconnected from my router to do this stage.)
Return to finder and select the first part of the system pass and get it to allow you to choose that path as part of the exclusion. That will copy the path to the "Exclusion" window on Avast! It may take trial and error to get it to appear, but you will get at least part of it to move. Then you can edit and add the rest of the filepath to the exclusion window.
After you do this, either click done, or repeat the process until all the inaccurately identified files are added. You can also add the entire Library or other folder to the exclusions, but I suggest not doing that, since in the unlikely event you are infected with malware, it might go unnoticed.
Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.
Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
795a8134c1