s v e c c svecc newsletter 20.pdf · the avast antivirus product. avast says this data is...
TRANSCRIPT
![Page 1: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/1.jpg)
and head to menu > Settings > General > Personal Privacy to control what data is collected and shared. Disable the data-sharing options here.
We recommend just uninstalling Avast. But, if you want to leave it installed and disable the data collection, this is Browser Exten-sions Are Only Part of the Problem Antivirus software often bundles browser exten-sions that collect de-tailed data for market-ing purposes. In Octo-ber 2019, Adblock Plus creator Wladimir Pal-ant cataloged the way several Avast browser extensions gather and transmit data about people’s browser histo-ries. An AVG browser extension was doing the same thing, too—that’s not surprising, as Avast bought AVG a few years ago.
Google and Mozil-la cracked down, re-moving the browser extensions from the
Do you use Avast’s antivirus? By default, Avast collects your web browsing activity and offers it to market-ers through a subsidi-ary named Jumpshot. Companies who pay Avast can view full “clickstream data” to see what Avast users are doing online. Here’s how Michael Kan puts it over at PCMag:
The data collected is so granular that clients can view the individual clicks users are making on their browsing ses-sions, including the time down to the milli-second. And while the collected data is never linked to a person’s name, email or IP ad-dress, each user histo-ry is nevertheless as-signed to an identifier called the device ID, which will persist un-less the user uninstalls the Avast antivirus product.
Avast says this data is “anonymized,” but PCMag and Mother-board were able to link it to individuals. For
example, if you know which Amazon user bought a specific prod-uct at a specific second on a specific date, you can identify the “anonymized” individu-al and then look back through their browsing history.
Avast Harvests the
Data Through Its
Desktop Antivirus If you have Avast in-stalled with the default settings, your browsing history is being sold to marketers through Jumpshot. This data isn’t collected through Avast’s browser exten-sion. Instead, it’s col-lected through the main desktop Avast antivirus application.
When you install Avast, you’ll see a prompt asking whether you want to share data. Most people who clicked “I agree” proba-bly didn’t realize every-thing they agreed too.
If you have Avast in-stalled, you can open the Avast application
Avast’s Collects and Sells Your Browsing History
Monthly Reminders:
Run Malwarebytes
Run Super Anti-
spyware
Manually Update
Windows
Run computer
clean-uo
SVECC Newsletter Sunland Village East Computer Club
Volume 17 Issue 2
February 2020
S V E C C
Selling Data 2
Encrypting Drives 3
Passwords 4
Passwords 5
Calendar 6
Security Tips 6
Exit laughing 8
Inside this issue:
![Page 2: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/2.jpg)
Chrome Web Store and Mozilla Addons site until Avast made some changes. They’re now available for download once again. It’s not clear ex-actly how much the data collection was lim-ited, but Avast is also more “transparent” in its privacy policy.
While Google and Mozilla can crack down on what an antivirus company’s browser extensions can do, no one’s stopping a com-pany like Avast from collecting data using its desktop application. That may be one rea-son why Avast is en-gaging in such whole-sale data collection through its desktop ap-plication.
We recommend against installing your antivirus’s browser ex-tensions, but you can’t avoid privacy problems just by avoiding the browser extensions.
Free Antivirus Soft-ware Has to Be Paid For Somehow Free antivirus software has to make a profit somehow, so it’s no surprise that compa-nies like Avast have turned to gathering and
monetizing their cus-tomers’ data.
In the past, Avast has even incorporated a “shopping” feature that added advertisements to other web pages as you browsed. Avast no longer does that, but the data collection doesn’t feel entirely out of character.
As we pointed out back in 2015, free antivirus software really isn’t “free” anymore. Many antivirus companies have turned to chang-ing your default search engine, swapping your browser’s homepage, and integrating extra software “offers” into their installers. Today, many other antivirus applications are likely tracking your browsing and, presumably, sell-ing that data.
What Antivirus Software Doesn’t Track You? Not every free antivirus necessarily tracks you. We haven’t examined every antivirus out there. Some might pro-vide a free trial that doesn’t collect and sell data, instead attempt-ing to sell you the com-pany’s paid antivirus product.
For example, Wladimir Palant, who exposed the data collection in Avast and AVG’s browser exten-sions, said in response to a comment that he hasn’t found any indi-cation Kaspersky’s free antivirus is spying on its users. However, back in 2019, Kaspersky was previ-ously injecting a unique identifier into web browsing traffic that would have allowed its users to be identified online.
We recommend Mi-crosoft’s Windows De-fender, which is inte-grated into Windows 10. Microsoft’s antivi-rus doesn’t have an agenda beyond keep-ing malware off your computer. It doesn’t track your web brows-ing. It doesn’t try to upsell you any extra software, although Mi-crosoft does offer more advanced security soft-ware contracts for busi-nesses.
We also like and rec-ommend Malwarebytes, which we’ve found does a good job of de-tecting and removing junk software. The free version of Malware-bytes can’t run in the background.
Page 2
Avast’s Collects and Sells Your Browsing History
SVECC Newsletter
While Google and
Mozilla can crack
down on what an
antivirus
company’s browser
extensions can do,
no one’s stopping
a company like
Avast from
collecting data
![Page 3: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/3.jpg)
Last month I described a BIOS password problem that I had to solve. This month, we’ll look at other password locks such as those used for protecting hard drive data.
One of the added fea-tures of Windows 10 Pro over the Home edition capabilities, is the ability to encrypt a drive to pro-tect all data and files con-tained on that drive from unauthorized access. An administrator can select a drive from the File Explor-er app and turn on the BitLocker option from the right mouse button option list. The user must then select an encryption key using any combination of uppercase and lowercase letters, numbers or sym-bols up to 64 characters long. It is critical to record this password as it will be impossible to access the files afterwards without this key. Windows will prompt you to save this key on your cloud ac-count, or in a file or by printing it before encrypt-ing the drive.
I recently had a customer who had a broken Sur-face PC and needed to recover some business files from the drive. The first place they’d taken it to had told them that it was not possible to ac-cess the data, not be-cause it was encrypted, but because the drive was a solid-state circuit board, as is usually found
in tablets and many Macs, and did not have the usual SATA drive connector. Having used many drives of this type before, I had the correct adapter to convert it to a SATA type connector. That was when we dis-covered that it had been locked using BitLocker. It prompted us to enter the key and the owner had no idea what that key may be. I told them that without the key I could not access the data for them. They were advised to check all of their pa-perwork to see if it was recorded somewhere. Fortunately, when the PC was purchased, the Bit-Locker key was written on their bill of sale by BestBuy! When they re-turned later with the key, we were able to access the data and transfer the files to a USB stick.
If you need to encrypt just specific files or folders and not a complete drive, there are several alterna-tives available. For exam-ple, Word and Excel pro-vides for the ability to pro-tect a document by apply-ing the ‘protect document’ option to the file through the Word or Excel op-tions. Adobe Acrobat can also be used to protect PDF type files. In certain versions of Windows, namely Windows 10 Pro, Windows 7 Professional, Windows 7 Ultimate, Win-dows 7 Enterprise, Win-dows 8 Pro or Windows 8 Enterprise also come with
an Encrypting File Sys-tem (EFS), which lets you encrypt any kind of file, as well as whole folders and subfolders. Users with a Home edition of Windows will need to use either the Office Suite encryption or a third-party solution, such as True-Crypt, VeraCrypt or 7-Zip. EFS is applied by select-ing the folder or file, se-lect the properties/advanced through a right button click, and then select the ‘encrypt con-tents to secure data’ op-tion. This encryption is applied using the logon ID and password so it is not as secure as that used by the BitLocker and I’m not sure what would happen if the pass-word used by that ID was removed using a pass-word removal tool. Possi-bly the data would stay encrypted and still require the original password to allow the files/directories to be accessed.
Many USB drives also offer their own encryption system for the files on that drive, but I would be hesitant to use these as the proprietary nature of the program may cause problems later.
Dan’s Desk
Encrypting a Drive
By Dan Douglas
Encrypting a Drive
Volume 17 Issue 2 Page 3
Many USB drives
also offer their
own encryption
system for the
files on that drive,
but I would be
hesitant to use
these
![Page 4: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/4.jpg)
In support of Safer In-
ternet Day, Google
conducted research to
gain insight into be-
havior that might be
putting users at risk,
with password issues
being a primary con-
cern.
The internet by default
is not always safe,
which is why Safer
Internet Day on Feb. 5
exists—it’s a day to
educate and remind
users about the steps
that should be taken
to reduce cyber-
security risks.
But what are the un-
safe things that users
are doing online?
Google conducted a
study along with a
Harris Poll of 3,000
Americans over the
age of 16 to try to
gauge the current
state of safe, or in
many cases unsafe,
internet usage.
Among the key find-
ings in the study is
that there is a clear
gap between user
perception and reality
for cyber-security. Six-
ty-nine percent of re-
spondents rated
themselves highly for
how they protect their
accounts, even
though the responses
to other questions in
the poll would seem to
indicate otherwise.
"I found it sad, though
not terribly surprising,
that two in three peo-
ple [65 percent] reuse
the same password
for multiple accounts,"
Emily Schechter,
product manager of
Chrome security at
Google, told us "Using
unique passwords is
important for good
password manage-
ment, and tools like
password managers
can help you easily
generate and store
strong unique pass-
words."
The use of the same
password for multiple
accounts puts users
at elevated risk from
data breaches. At-
tackers are increas-
ingly making use of
credential stuffing at-
tacks, where pass-
words stolen from one
site are "stuffed" and
attackers attempt to
reuse them on other
sites to gain access.
Improper practices
surrounding pass-
words is a key theme
in Google's Safer In-
ternet Day research.
Less than a quarter
(23 percent) of re-
spondents indicated
Page 4
Password Reuse Remains a Barrier to Safer Internet Use
SVECC Newsletter
In support of Safer
Internet Day, Google
conducted research to
gain insight into
behavior that might be
putting users at risk,
with password issues
being a primary concern.
![Page 5: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/5.jpg)
that they believe hav-
ing long passwords is
a good best practice
for cyber-security. Re-
membering pass-
words was a pain
point identified by 60
percent of respond-
ents, yet only 24 per-
cent noted that they
make use of a pass-
word manager appli-
cation.
Generational Dif-ferences
The study also found
variances in how dif-
ferent age groups
make use of safer in-
ternet practices.
"There wasn’t a clear
winner in regard to
which generation un-
derstands and practic-
es strong security be-
haviors, but there
were some interesting
trends around genera-
tional differences," It
was noted that Gen Z
(16-24-year-olds) is
more likely to use two-
factor authentication
(2FA) and more regu-
larly update their
desktop, mobile and
web applications. But
Baby Boomers (50+-
year-olds) are more
likely to use a unique
password for each of
their accounts (40
percent vs. 35 percent
overall).
Safer Internet Day Security Tips
There are several key
security tips that
Google has for users
to help reduce risk
and create a safer in-
ternet experience.
Keep software updated. Security vul-nerabilities are patched regularly in applications, and at-tackers often look for
unpatched victims to exploit. Use unique pass-words. Reusing the same password on multiple sites might seem convenient for users, but it also makes it easier for an attacker as well. Make Use of two-factor authentica-tion. With 2FA, even if a user's password is stolen, a second password (or "factor") is needed to gain ac-cess. Set up a recovery phone number or email address and keep it updat-ed. Having proper re-covery information helps users get back into accounts if ac-cess is lost.
While tips like keeping
software updated or
using unique pass-
words may not seem
super exciting, they
can go a long way to-
ward improving your
security posture.
Password Reuse Remains a Barrier to Safer Internet Use
Volume 17 Issue 2 Page 5
While tips like keeping
software updated or using
unique passwords may
not seem super exciting,
they can go a long way
toward improving your
security posture.
![Page 6: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/6.jpg)
you. Please see http://bit.ly/2Y2KRBo
Did you get an Ama-zon Alexa during the holidays? If so, are you aware that while it is listening for the wake-up phrase, it is listening AND record-ing everything it hears? Check out the Amazon Alexa Priva-cy page: click on Alexa Privacy and review voice history. Furthermore, there are fake setup apps
portable devices transmit information about you and your “doings” when the app opens. This in-formation comes from an investigation by a company that has resulted in the EU banning those apps unless they are rewritten to notify us-ers and asking per-mission to use the data. You are warned that this aggregates under a unique iden-tifier that can reveal information about
for Alexa. Searching for the setup, you'll find an app near the top called "Setup for Amazon Alexa" by One World Software. That's the fake. This app actually climbed the Apple popularity chart to among the top ten, and it was worse for the Android and Google Play folks. For Alexa, the official version is de-veloped by AMZN Mobile, so look for that before down-loading. And it shows
Page 6
Security Tips Facebook and Android
SVECC Newsletter
.Security Tips – Feb-ruary 2020
By David Shulman, WPCUG Weekly Up-date editor, inter-group liaison, and a co-organizer of WPCUG’s Meetup
www.wpcug.org / in-tergroupliaison (at) wpcug.org
Attention Facebook and Android users: Apparently, some platforms and appli-cations on those
SUN MON TUE WED THU FRI SAT
1
2 3 Computer Club
4 no Fix-it Tuesday
5 6 7 8
9 10 Computer Club
11Patch and
Fix-it Tuesday
12 Linux Meeting
13 14 15
16 17 Computer Club
18 Fix-it Tuesday
19 20 21 22
23 24 Computer Club
25 Fix-it Tuesday
26 27 28 29
February 2020
![Page 7: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/7.jpg)
up in the Apple App Store's Music sec-tion, not Utilities. If you have an Alexa-enabled Fire tablet, the real app is down-loaded automatically.
“San Diego School District Hacked, 500,000 Employees and Students Possi-bly Affected” was the headline in the San Diego Union-Tribune. The takeaway for all of us no longer in school or working in schools is: DO NOT provide personal, un-changeable infor-mation about your kids or grandkids to school systems that do not need it, and demand that the schools secure the information they probably need to le-gitimately run their institution. See http://bit.ly/2F8bi10
Is privacy an ongoing concern for you? Check out Po-gowasright.org. This website, founded in 2006 by two people who loved Pogo and thought that the icon-ic cartoon with the caption “We have met the enemy and
he is us,” drawn by Walt Kelly was the motivation for their website.
Five biometric securi-ty measures to keep you safer in 2019. Fingerprint and facial recognition, gait anal-ysis, and behavioral, palm, and voice bio-metrics are some of today's cutting-edge biometric technolo-gies that can help identify and authenti-cate users. See: http://bit.ly/2CdTZcY.
Secret Win-
dows Hotkey
Instantly Makes
Your Start
Menu Bigger
Windows: If your Start menu isn’t quite big enough for all your tiles you can quickly make it big-ger by pressing Con-trol+Up.
Try it out now: just open the start menu, then use the key-board shortcut. You can also use Con-trol+Down to make it smaller, if you over-due things (we did). Failing that, you can also manually re-size the start menu like you can any other window. Thanks to the incomparable @SwiftOnSecurity for the tip.
Security Tips
Volume 17 Issue 2 Page 7
Is privacy an
ongoing concern
for you? Check
out
Pogowasright.org.
This website,
founded in 2006
by two people
who loved Pogo
![Page 8: S V E C C SVECC Newsletter 20.pdf · the Avast antivirus product. Avast says this data is “anonymized,” but PCMag and Mother- ... version of Malware-bytes can’t run in the](https://reader034.vdocuments.site/reader034/viewer/2022050605/5facd0c10dbe9e51e71148c9/html5/thumbnails/8.jpg)
Founded for the Residents of
Sunland Village East Mission: To help each other learn about Computers
Membership is open to all residents of SVE
Dues are $20.00 each or $30.00 family per year
Due October 1st
then began removing the cream with a tissue. 'What's the matter, asked Larry 'Giving up?'
Larry's kindergarten class was on a field trip to their local police station where they saw pictures tacked to a bulletin board of the 10 most wanted crimi-
nals. One of the young-sters pointed to a picture and asked if it really was
the photo of a wanted person. 'Yes,' said the policeman. 'The detec-tives want very badly to
capture him.' Larry asked,"Why didn't you
keep him when you took his picture ? "
A new teacher was trying to make use of her psy-chology courses. She
started her class by say-ing, 'Everyone who thinks they're stupid, stand up!'
After a few seconds, Little Larry stood up. The
teacher said, 'Do you think you're stupid, Lar-ry?' 'No, ma'am, but I
hate to see you standing there all by yourself!'
Larry watched, fascinat-ed, as his mother smoothed cold cream on her face. 'Why do you do that, mommy?' he asked. 'To make myself beauti-ful,' said his mother, who
Little Larry attended a horse auction with his
father. He watched as his father moved
from horse to horse,
running his hands up and down
the horse's legs and rump, and chest. After a
few minutes, Larry asked, 'Dad, why are you doing that?' His father replied, 'Because when I'm buy-
ing horses, I have to make sure that they are
healthy and in good shape before I buy. Larry,
looking worried, said, 'Dad, I think the UPS guy
wants to buy Mom ...'
Little Larry
Check us out at
svecc.com
SVECC
President
Dick Moon
Check us out at
svecc.com
SVECC
People helping
People