Avast is in hot waters again: subsidiary sells browsing data

The past couple of months have not been good for Avast. The company faced a wave of criticism ever since some of its business practices came to light. Wladimir Palant kicked it all off with a detailed analysis of Avast’s browser extensions.

He discovered that the extensions transmitted browsing history information to Avast that that went beyond the data needed to provide the security the product promised. Among the data was the full URL of any page visited, the page title, referer (site the user came from), as well as every link on search result pages.

Palant concluded back then that the over-collecting of data was not an oversight but deliberate. Mozilla and Google removed Avast and AVG extensions from their respective web stores as a consequence. Avast updated its extensions and they are now available again.

avast web shield

A joined investigation by Vice and PC Magazine looked deeper into Avast’s business practices surrounding collected user data. According to the info, Avast subsidiary Jumpshot gets data from Avast antivirus installations on user devices, processes it to sell the processed data to companies.

One product, called All Clicks Feed, would provide companies, customers included large corporations such as Google, Microsoft, Pepsi, Home Depot, or McKinsey, with information on user behavior, clicks, and activity across visited websites in great detail.

The data is anonymized according to Avast which means that personally identifiable information such as a user’s IP address or email addresses are removed from the data before it is sold.

While that looks good on paper, methods exists to de-anonymize data. A data package may include a device ID which means that it is easy enough to look up the browsing history of a particular device. It includes date and time, and information about the visited site as well.

One option that companies that purchase the data have is to use other data sources to identify individual users. Imagine Google or Amazon using date, time and URL information to cross-check with user activity on their sites.

If the full URL is provided in a data package, it could also be easy to identify users depending on activity. Visits to a personal homepage, Twitter replies, uploads to YouTube, or any other activity that may be linked to accounts would provide third-parties with information on the actual user.

According to the reports by PC Magazine and Vice, Avast stopped using data for “any other purpose than the core security engine”. PC Magazine notes that Avast’s Jumpshot division can still obtain data through Avast’s main antivirus applications (including those by AVG). Both antivirus solutions include a Web Shield component designed to check visited URLs to ensure that they are not a security risk (e.g. phishing sites).

Thank you for being a Ghacks reader. The post Avast is in hot waters again: subsidiary sells browsing data appeared first on gHacks Technology News.

Microsoft Windows Security Updates January 2020 overview (end of Windows 7 support edition)

Welcome to the first Microsoft Patch Day overview of 2020 and the last Patch Day for the company’s Windows 7 operating system (as well as for Windows Server 2008 and Windows Server 2008 R2).

Microsoft released security updates for all supported client and server versions of windows on the January 2020 Patch Tuesday. The company released updates for other products, e.g. Microsoft Office, as well on this day.

The overview starts with an executive summary and the operating system distribution that lists the number of vulnerabilities and the severity rating for each supported version of Windows as well as Microsoft Edge and Internet Explorer.

The list of released updates, non-security updates, security advisories, and known issues follow. You find links to direct downloads for Windows updates as well as resource links at the bottom of the guide.

Click here to open the overview of the December 2019 Windows Security updates.

Microsoft Windows Security Updates January 2020

You may download the following (zipped) Excel spreadsheet that contains a list of released updates in January 2020: windows-security-updates-january-2020

Executive Summary

  • This is the last Patch Day for Windows 7 unless you are a business / Enterprise and subscribed to ESU. Home users may find the “what now” article useful.
  • Microsoft released security updates for all client and server versions of the Windows operating system.
  • Other Microsoft products that received security updates are: Internet Explorer, OneDrive for Android, Microsoft Office, .Net Framework, .Net Core, Asp.net Core, Microsoft Dynamics.

Operating System Distribution

  • Windows 7: 18 vulnerabilities: 1 rated critical and 17 rated important
    • CVE-2020-0611 | Remote Desktop Client Remote Code Execution Vulnerability
  • Windows 8.1: 23 vulnerabilities: 1 rated critical and 22 rated important
    • same as Windows 7
  • Windows 10 version 1803: 29 vulnerabilities: 1 critical and 28 important
    • same as Windows 7
  • Windows 10 version 1809: 29  vulnerabilities: 1 critical and 28 important
    • same as Windows 7
  • Windows 10 version 1903: 29  vulnerabilities: 1 critical and 28 important
    • same as Windows 7
  • Windows 10 version 1909: same as Windows 10 version 1903

Windows Server products

  • Windows Server 2008 R2: 19 vulnerabilities: 1 critical and 12 important.
    • CVE-2020-0611 | Remote Desktop Client Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 26 vulnerabilities: 3 critical and 23 important.
    • CVE-2020-0609 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
    • CVE-2020-0610 | Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability
    • CVE-2020-0611 | Remote Desktop Client Remote Code Execution Vulnerability
  • Windows Server 2016: 31 vulnerabilities: 3 critical and 28 important.
    • same as Windows Server 2012 R2
  • Windows Server 2019: 33  vulnerabilities: 3 critical and 30 are important
    • same as Windows Server 2012 R2

Other Microsoft Products

  • Internet Explorer 11: 1 vulnerability: 1 critical
    • CVE-2020-0640 | Internet Explorer Memory Corruption Vulnerability
  • Microsoft Edge: none
  • Microsoft Edge on Chromium: none

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2 SP1

Improvements and fixes:

  • Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Storage and Filesystems, and Windows Server.

Windows 8.1 and Windows Server 2012

Improvements and fixes:

  • Fixes an issue with the new SameSite cookie policies for Google Chrome 80.
  • Security updates to the Microsoft Scripting Engine, Windows Input and Composition, Windows Media, Windows Storage and Filesystems, and Windows Server.

Windows 10 version 1803

Improvements and fixes:

  • Security updates to the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Input and Composition, Windows Media, Windows Virtualization, Windows Storage and Filesystems, and Windows Server .

Windows 10 version 1809

Improvements and fixes:

  • Fixes an issue with the new SameSite cookie policies for Google Chrome 80.
  • Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Virtualization, the Microsoft Scripting Engine, and Windows Server.

Windows 10 version 1903

Improvements and fixes:

  • Security updates to Windows App Platform and Frameworks, Windows Input and Composition, Windows Management, Windows Cryptography, Windows Storage and Filesystems, the Microsoft Scripting Engine, and Windows Server.

Windows 10 version 1909

Improvements and fixes:

  • Same as Windows 10 version 1903

Other security updates

  • KB4534251 — Cumulative security update for Internet Explorer: January 14, 2020
  • KB4532935 — Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709
  • KB4532936 — Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803
  • KB4532933 — Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016
  • KB4535102 — Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
  • KB4534976 — Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1

Here is the master list of all released security updates.

Known Issues

Windows 8.1 and Server 2012 R2

  • Long standing issue: certain rename operations on files or folders on Cluster Shared Volumes may fail.

Windows 10 version 1803

  • Same as Windows 8.1 plus
  • Issue with creating local user accounts during the Out of Box Experience.

Windows 10 version 1809

  • Same as Windows 10 version 1803 plus
  • Devices with certain Asian language packs may throw the error 0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.

Security advisories and updates

Non-security related updates

Microsoft Office Updates

You find Office update information here.

How to download and install the January 2020 security updates

microsoft-windows-security updates january 2020

The security updates are made available via Windows Update, WSUS, and other updating tools and services. Most home users get the updates automatically via Windows Updates; those who do not want to wait for Windows to pick up the newly released updates can run a manual check for updates to speed up the process.

Note: we recommend that important data is backed up before any updates are installed.

Do this to run a manual check for updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4534310 — 2020-01 Security Monthly Quality Rollup for Windows 7
  • KB4534314 — 2020-01 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4534297 — 2020-01 Security Monthly Quality Rollup for Windows 8.1
  • KB4534309 — 2020-01 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

  • KB4534293 — 2020-01 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1809)

  • KB4534273  — 2020-01 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4528760 — 2020-01 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4528760 — 2020-01 Cumulative Update for Windows 10 Version 1909

Additional resources

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates January 2020 overview (end of Windows 7 support edition) appeared first on gHacks Technology News.

Kaspersky replaces Free Antivirus with Security Cloud Free

Internet users who try to download the free antivirus solution Kaspersky Free Antivirus from the Russian security company are redirected to the Kaspersky Security Cloud Free download page instead.

The Russian company released Kaspersky Free Antivirus in 2016 to select regions and began the worldwide rollout of the free software program in 2017.

The free antivirus solution evolved over time, in no small part caused by changing requirements of computer users. Kaspersky Free evolved to a different program and Kaspersky made (German blog article) the decision to change the name to better reflect the program’s functionality.

Kaspersky Security Cloud Free was born and it has replaced the classic Antivirus Free solution already on the Kaspersky website.

Note: While Kaspersky Free Antivirus is no longer available, it is still working and Kaspersky revealed that it has no immediate plans to stop supporting the program with antivirus definitions. For now, the solution should work just like before.

The classic free antivirus solution offered limited functionality. It included protection against viruses and could protect emails and web browsing next to that. Upgrades were available to add more protections and security tools.

kaspersky security cloud free

Kaspersky Security Cloud Free offers comparable functionality for the most part. Core differences include that the solution is also available for the mobile operating systems Android and iOS, and that the VPN service Kaspersky Secure Connection is included automatically (but limited to 200 Megabytes per day of traffic).

Android users may use the free version to manage application permissions and remove unwanted apps from the device.

Kaspersky integrated additional tools into the application. Many of these are reserved for the commercial personal or family plans but some are available in the free version. Tools that are provided to free users include a file shredder to securely delete files, a utility to clean unused data or activity traces, and a Windows troubleshooter designed to analyse the impact that a successful malware attack had on a system.

Closing Words

Free remains free, that is a good thing especially since Kaspersky Free Antivirus users will continue to receive signature updates for the application for the time being.

When I see cloud, I assume that more data flows between the application and servers on the Internet. Whether that is the case here as well remains to be seen. Free users don’t really get more functionality, apart from the barely usable free version of Secure Connection, some tools, and the mobile apps.

Now You: What is your take on the change? (via Born)

Thank you for being a Ghacks reader. The post Kaspersky replaces Free Antivirus with Security Cloud Free appeared first on gHacks Technology News.

ScreenWings can block malicious programs from taking screenshots

We have talked about quite a few screenshot tools here, the most recent of which is Free Shooter. Let’s take a look at a freeware anti-screenshot tool, ScreenWings. First of all, we need to answer a question: why do we need such an application. Short answer, privacy.

There are many kinds of malware out there on the internet, some of which are intended to steal user information. While most target user credentials, i.e., your username and password, low-level malware like screen loggers may capture a screenshot of the content on your monitor and secretly send it to the malware creator.

There is also the case where someone else who has physical access to the system may capture screenshots, or may install software that does so automatically.

ScreenWings can block malicious programs from taking screenshots

So, let’s say a screen logger infects your computer, and even if your password is obscured by the password field box, your username which is normally an email address becomes compromised. Well, technically such a malware can take screenshots of other information too, like your email inbox, bank statement, social network, private information and anything you do online. This is the problem that ScreenWings tries to address.

How to use ScreenWings

It is a portable application which means you can carry it with you on a USB Flash drive and use it to secure your data even on a publicly accessible computer. The program does not require administrator privileges to run so any user can use it. Extract the archive that you downloaded, run the EXE and you should see a small pop-up window appear.

This minuscule interface has a monitor icon which has a colorful Windows logo inside it. Click on it: the logo should disappear and the monitor icon should appear black. This means ScreenWings is in anti-screen shot mode. Click on the monitor icon in ScreenWings to disable the protection, and you can resume capturing screenshots as normal.

That’s it, how simple was that? There are no settings or menus that you need to tinker with.

Testing the protection

To test whether it blocks screenshots, use the Print Screen key, or Snipping tool or any other tool and it should block the screen capture. When you try to paste the clipboard content after using trying to capture the screenshot, you will see just see a blank screenshot which is black (no text or picture appears). That’s the proof you need. This works with all applications, system-wide.

Now for a bit of good news and bad news. The Good news is that ScreenWings has a Ghost mode, which can be used from the Command line. It makes the program run silently in the background without the pop-up and automatically enables the protection. Bad news? It’s not available in the free version, which is meant for non-commercial usage.

The program is compatible with Windows 7 and above and runs on basically any hardware. The developer claims that ScreenWings can protect up to six screens, so multi-monitor setups are supported as well.

The application is about 3.28MB in size, and uses about 60MB of RAM, which is quite acceptable for the level of protection that it offers.

Closing Words

ScreenWings is a specialized problem to protect against a special kind of threat. While that means that only some users will find it useful, those who do may use it on any system that runs Windows, even on public computer systems as it does not require elevated rights to run.

Now you: do you use specialized security software?

Thank you for being a Ghacks reader. The post ScreenWings can block malicious programs from taking screenshots appeared first on gHacks Technology News.

KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files

Manually deleting file and folder leftover by an uninstallation, is quite the chore.  I have used various uninstaller tools in the past to clean the remnants to keep systems clean and tidy.

KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files

You probably already know about my stance on registry and system cleaning tools.

We’re not going over the same topic now. Rather, we will be looking at a new open source program called KpRm, which can detect and remove a ton of malware tools. This can be helpful after you have disinfected malware from a system. The name of the program probably stands for Kernel-Panic removal (tool?), because Kernel-Panic are the developers of the program.  The application does not detect or delete real-time antivirus programs, it only removes the standalone malware removal tools that are listed on its official page.

Note: I used a Windows 10 VM for testing KpRm for 2 reasons. One, because you need to disable your antivirus when using the program, otherwise it could potentially cause issues and I wasn’t comfortable with this on my main OS. Two, it’s never a good idea to test security related programs on your primary computer.

Let’s dive in to KpRm. I decided to use the program to remove AdwCleaner, Autoruns, and Emsisoft Emergency Kit, all of which I have used in the past on systems. All of these are portable applications.

KpRm has a simple interface. The main window has a few options that you can select, the primary of which is “Delete Tools”; select it and hit the run button. The program will begin scanning for the malware removal tools on your computer, and delete them. Once the process is completed, KpRm opens the report file that it saves to document the process. This is a text document that contains the log of what actions were taken by the program including the names and folders of the malware tools that were detected and deleted.

KpRm scan

One odd thing that I noticed during the testing process was that KpRm deleted its own executable (KpRm) after finishing the cleaning operation. This was really annoying since I had to copy it over and over while testing it.

An interesting observation

KpRm failed to delete the Emsisoft Emergency Kit folder and its contents in my test.

KpRm scan 1

That’s probably because I copied the EEK folder from my main Windows 10 to the virtual machine’s downloads folder. But, the other tools were located in the Downloads folder too, so why did KpRm delete those and completely miss EEK? My guess was KpRm is probably set to detect the “EEK folder” inside its default location C:EEK, which is why it didn’t scan the Downloads directory.

To put this to the test, I copied the Emergency Kit folder to the C drive, and then ran KpRm again. And this time it found and deleted it just fine. Based on this, we can assume that the application only searches known locations where the malware removal tools usually run from and deletes them.

KpRm scan 2

Advanced options

KpRm has some additional tools which can be handy. However, I’d advise not using these unless absolutely necessary. You can use the restore point options to delete or create system restore points. It also has a registry backup tool but to restore it you’ll need to use a different tool called KPLive (also from the same developers).

The final option is the Restore system settings toggle which is sort of a post-malware disinfection tool that resets the DNS, Winsock, hides hidden and protected files, and displays known file extensions.

Closing Words

I would have preferred it if the tool had a scan for tools option, rather than deleting them outright. EEK for example can be updated without re-downloading the entire package, and serves as a secondary scanner.  A scan option and a results page much like the quarantine option in antivirus programs which you can go over, and delete items from manually, would make KpRm even better.

Another thing that I think is missing is a dry-run mode to determine what the program will do when it is run in earnest.

Thank you for being a Ghacks reader. The post KpRm is a post-disinfection program that can find and delete malware removal tools and their remnant files appeared first on gHacks Technology News.