avast! Mac Edition
https://macintoshgarden.org/apps/avast-mac-edition
Various Releases of the Avast! antivirus.
#macgarden #antivirus #2007 #avast
#avast
0 posts0 participants0 posts today
TuneUp and services in Avast, AVG, Avira, Norton expose security vulnerabilities
The products of the Avast, AVG, Avira and Norton brands from Gen Digital include services with security leaks.
heise online · TuneUp and services in Avast, AVG, Avira, Norton expose security vulnerabilities
TuneUp und Dienste in Avast, AVG, Avira und Norton reißen Sicherheitslücken auf
Die Produkte der Marken Avast, AVG, Avira und Norton von Gen Digital bringen Dienste mit, in den Sicherheitslecks klaffen.
heise online · TuneUp und Dienste in Avast, AVG, Avira und Norton reißen Sicherheitslücken auf
Noodlophile: novo malware disfarça-se de vídeos IA para roubar os seus dados
https://tugatech.com.pt/t66486-noodlophile-novo-malware-disfarca-se-de-videos-ia-para-roubar-os-seus-dados
TugaTechNoodlophile: novo malware disfarça-se de vídeos IA para roubar os seus dados Ferramentas falsas de geração de vídeo, alegadamente potenciadas por Inteligência Artificial (IA), estão a ser utilizadas para distribuir uma nova família de m
Today I received email from Avast with the subject "Attention! Password leak detected." It lists several old breaches containing my email address which of course I already know about. At the bottom it says, "You received this email because [my email address redacted] was entered into Avast Hack Check to see if there were any leaked passwords associated with that email address."
Reader, I assure you that I did not enter my email address into Avast Hack Check.
1/2
#infosec #Avast #scam
MakeUseOf: A Popular Antivirus App Was Caught Selling Your Data: Here’s How to Apply for a Refund. “Almost 3.7 million people are now eligible to collect some cash from Avast, a popular antivirus software company that stole and sold customer data for years. Here’s what you need to know if you bought any Avast products in the last decade.”
I just replied to a blog comment, and I thought that I post my reply here as well:
I think that I have good reasons to be “against Avast,” having published seven articles on them so far. The security issues alone are bad enough. But Avast abused their position to collect and sell users’ browsing profiles. After they were caught they claimed the data to be anonymized, they claimed to only sell aggregated data – and they continue lying to this day, despite there being conclusive evidence to the contrary. While the company has been bought, it’s still the same people in charge. This sort of undermines any trust in them for anything related to security.
As the security of antivirus software goes, I’m not very fond of any as the articles in the “antivirus” category of my blog show. With Kaspersky it wasn’t only the security issues but also how they handled them, pushing out half-hearted fixes only for these to be circumvented shortly afterwards. McAfee and BullGuard had massive security issues stemming from being careless about security and not following best practices.
I’ve found a critical security issue in Bitdefender’s solution as well, but with them I at least had the impression that they were trying. Unfortunately, that’s currently the bar in the antivirus industry – at least trying to make their product secure.
Security-wise, one good thing about Windows Defender is that it only needs to do one job. It doesn’t need all the extra functionality as a selling argument. It doesn’t need to be a banking browser, it doesn’t need to be a phishing protection, it only needs to be an antivirus solution. It can keep a very small attack surface compared to all those antivirus suites, and so it does (yes, I checked).
Norton relies on Avast scan engine
The number of malware scan engines is falling again. Protection software from the Norton brand now also uses the Avast engine.
heise online · Norton relies on Avast scan engine
Norton setzt auf Avast-Scan-Engine
Die Zahl an Malware-Scan-Engines sinkt erneut. Schutzsoftware der Norton-Marke nutzt nun auch die Avast-Engine.
heise online · Norton setzt auf Avast-Scan-Engine
My #avast subscription expired a few day's ago and I don't plan to renew it at all. That mean's I can no longer use it's build in vpn. Therefore, I'm searching a new #VPN which is simular to the one from avast. Nothing fancy. I want to have an accessible client, be able to connect do different servers, just to hide my IP or set my IP to other country's, and to hide which websites I'm visiting from some networks I need to use. Can anyone recommend me something price worth?
It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.
TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.
Some highlights:
- Eleven pre-installed browser extensions but only two visible to users.
- Two extensions unnecessarily relax Content-Security-Policy protection.
- One of these two extensions also requesting all privileges possible, despite not actually using them.
- Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
- One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
- The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
- To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).
Enjoy!
Almost Secure · How insecure is Avast Secure Browser?Another look into Avast Secure Browser shows a massive attack surface, with some issues mentioned five years ago only partially addressed, all while new ways to attack the browser have been added.
#Avast muss wegen Datenweitergabe 16,5 Millionen Dollar zahlen | Security https://www.heise.de/news/Avast-muss-wegen-Datenweitergabe-16-5-Millionen-Dollar-zahlen-9788887.html #Datenschutz #privacy #FTC #FederalTradeCommission
heise online · Avast muss wegen Datenweitergabe 16,5 Millionen Dollar zahlen
Are you using #Avast #antimalware software?
I would certainly delete this #spyware from my host if I were you. They steal your data and sell it to others:
An anti-malware software that is actually the #malware. You can't make this up. 
A good example for my https://karl-voit.at/cloud/ collection!
Consumer Advice · Software provider Avast will pay $16.5 million for compromising consumers’ privacySoftware provider Avast sold products to people that were supposed to protect their privacy online. But in a recently settled lawsuit, the FTC says Avast’s business practices actually compromised consumers’ privacy and broke the law.
Avast banned from data sales, fined $16.5M by FTC
https://stackdiary.com/avast-banned-from-data-sales-fined-16-5m-by-ftc/
Stack Diary · Avast banned from data sales, fined $16.5M by FTCTo protect consumer privacy, the Federal Trade Commission (FTC) has finalized an order against Avast, banning the antivirus software provider from selling
Continued thread
Reading the Czech decision a bit more (it’s a long text), it’s quite fascinating. It’s a second instance ruling, and the authority appears to have rejected Avast’s appeal in all points. Even more so: they are explaining to Avast that the privacy law doesn’t work the way Avast thinks it does.
Did Avast decide to represent themselves without proper legal advice? Did they hire incompetent lawyers? Did their lawyers just give up, seeing this case as hopeless? Beats me. But they seem to have acted similarly incompetent here as with their media response.
In particular, Avast tried to argue down the imposed fine based on the fact that the decision refers to a data collection period of “merely” two months. And they get the explanation that, as far as GDPR is concerned, violating the privacy of 100 million users on a single day would have already been sufficient. There is also the clarification that the data protection authorities aren’t as naive as to assume that violations only happened during these two months.
And they also didn’t like Avast’s “but no actual harm was done” defense:
“the harm caused to data subjects cannot be individually examined due to the large number of data subjects affected. As already stated, the privacy of data subjects has been compromised by the conduct of the Accused, and the effects on the rights of individual subjects may become apparent in the future. Furthermore, it cannot be safely stated that users have not been identified, nor that they are not already being targeted in any way based on knowledge of their preferences or behaviour.”
Now to the funny part: Avast accuses the data protection authority of damaging them by publishing a short announcement back in 2020. Mind you, the media shitstorm against Avast was already in full swing. And so the data protection authority simply states:
“the Charged Company’s shares on the Prague Stock Exchange had significantly fallen even before the press release was issued”
And on the claim that Avast should be excused because they didn’t know they were violating privacy laws:
“At this point, the Appellate Authority considers it necessary to recall that the Charged Company provides software designed to protect the privacy of its users. As a professional in the information and cyber field, the Charged Company is thereby also expected to be extremely knowledgeable in the field of data protection. The Accused was aware of the risks of data processing and of the difficulty of achieving complete anonymisation of data (especially in a rapidly evolving technological environment) but decided to monetise the data of its users in the abovementioned manner anyway.”
For some context: the first-instance decision fell in 2022. It looks like it might not have been triggered by my investigation at all but rather by a complaint a few months earlier. That seems to be the reason why they are talking about data collection between April and July 2019.
uoou.gov.cz · Úřad pro ochranu osobních údajůVyjádření Úřadu pro ochranu osobních údajů k aktuální kauze společnosti Avast Software s.r.o.
Nice to see Avast being held liable for their data collection. After the Czech fine in May for the GDPR violation they are now also being fined by the FTC in the US.
Interesting fact here: according to the Czech decision Avast is continuing to claim that the data was properly anonymized and no personal data was being transferred to third parties. As I could document four years ago, these claims are definitely untrue.
It seems that the Czech data protection authority didn’t buy into these blanket claims either and requested detailed information on the data handling – which Avast failed to provide. They also seem to have read my blog. So their conclusions (like my original analysis) are largely based on the patent Avast filed. Which is already quite damning but not really as much as the real data which shows that the patented approach was severely misimplemented.
The FTC decision is far less detailed but also states: “The FTC further alleges that, in some cases, the data Avast shared with Jumpshot was not aggregated or fully anonymized before Jumpshot sold it, and in some cases, Jumpshot sold the data in a form that could have allowed third parties to link back browsing information to you or your devices.”
Now one might be inclined to ask: why does it matter? Avast has since been sold. So the people paying the fines now aren’t the ones responsible.
But I’d like to think that this controversy had a significant impact on the selling price. This was likely the reason why Avast was in such a hurry to shut down Jumpshot and to end this affair.
www.edpb.europa.euCzech SA imposed fine of 13.9 million EUR for infringement of Art. 6 and Art. 13 of GDPR | European Data Protection Board
Donnerstag: Garantiesticker in USA unzulässig, Avast-Ausgleich in Millionenhöhe
Aufkleber gegen Reparaturrecht + Datenschutzverstöße von Avast + Threads wächst weiter + Opels E-SUV günstig + Telekom mit neuen Glasfaser-Tarifen + #heiseshow
heise online · Donnerstag: Garantiesticker in USA unzulässig, Avast-Ausgleich in Millionenhöhe
Avast muss wegen Datenweitergabe 16,5 Millionen Dollar zahlen
Die Antiviren-Firma Avast muss auch in den USA Millionen zahlen, weil sie Browserverläufe und Cookies heimlich an die Werbewirtschaft verkauft hat.
heise online · Avast muss wegen Datenweitergabe 16,5 Millionen Dollar zahlen
Are you a lover of all things books? Do you consider yourself to be a trans ally, or would like to be a better one? Do you wish there were more pirate tales written for adults? Will you be in the region of Naarm on Wednesday the 12th June?
If you said yes to any of these questions, click the link below to RSVP and come to the Pirates Tavern in Williamstown at 6pm, as part of the Willy Lit Fest, as anthology Avast! is launched by nonbinary co-editor Michael Earp.
https://hobsonsbay.sales.ticketsearch.com/sales/salesevent/135077
TicketSearchTicketSearch OnlineTicketSearch is a powerful event ticketing, box office management, CRM and fundraising solution providing organisations of any size the tools and support to sell tickets, memberships, merchandise, gift vouchers, subscriptions and manage customer relations. Funds are directed to your bank account daily using your own merchant account giving you complete control or you can elect to use the TS merchant account
Avast Antivirus: Angreifer können Rechte durch Schwachstelle ausweiten
In Avast Antivirus für Windows klaffte eine Sicherheitslücke, durch die Angreifer ihre Rechte im System ausweiten können.
heise online · Avast Antivirus: Angreifer können Rechte durch Schwachstelle ausweiten