Home + Mobile

The Future of Work: Being Successful in the COVID Era and Beyond

Working from home is no longer something some of us can get away with some of the time. It’s become essential for our health and safety. So, what does the future of work look like in a post-COVID world? We asked some of our cybersecurity and tech experts for their...

2020’s Most (and Least) Cyber-Secure States

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk...

Staying Cyber Resilient During a Pandemic

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than...

5 Security Tips for Setting Up a New Device

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you...

Bringing Layers of Security to Your Home Computer

Reading Time: ~ 2 min.

When it comes to protecting your personal information in our ever-expanding cyber world, there are many ways to defend yourself. Since the vast majority of attacks originate on the Internet, it is smart to use multiple layers of security to ensure your computer (and the information it contains), stays secure.

One of the most common forms of protection is a Firewall, which is designed to block unauthorized access to the system, while still allowing communication outbound. Microsoft provides a firewall within the Windows OS as a standard security setting.

Along with having a Firewall, it is strongly recommended to have an Antivirus software running as well. This layer provides a defense against known malware and can use behavioural data to determine if a program is acting suspiciously. Of course I recommend Webroot SecureAnywhere, but the general rule is no matter who you have protecting your machine, to keep it updated at all times.

In the case of a successful breach or even just a computer malfunction, having some form of backup (online or external), can be extremely valuable. With an external backup solution, it is important to update it regularly, to ensure any new data or changes are saved. Also ensuring that this backup solution is not constantly connected to your PC helps if any infection does get through, keeping that backup protected. Online backup services usually allow backups to be created at a pre-determined time/day, automatically.

Finally, having the latest version of your preferred Internet browser along with a good Ad-blocking program will aid in keeping your web-browsing experience safe and more enjoyable. With the latest version, it will have many updates to the current security risks, coupled with usability and feature changes.

Each of these solutions has their own strong and weak points, but combined together they cover most of the areas you will have access to while using a computer. With multiple layers of security, you can make your computing experience safer and have the reassurance that your personal information is much more difficult to compromise.

It’s Time To Join The Family

Reading Time: ~ 2 min.

Cybercrime. Remember the days when cybercrime was a word only super nerds and fans of the hilariously bad 1995 film Hackers used to say? No longer. You can hardly go a week without reading about the latest data breach, exploit, or hacktivist plot.

Back in the day, cybercriminals used to primarily fall under the lone wolf category, writing scripts and hunting for exploits without sharing their techniques, because if they did, it might cut into their profits. But, in the last few years, cybercrime has shifted from strings of unrelated, uncoordinated attacks—the digital equivalent of a bank robbery or a mugging—to highly calculated, business-like maneuvers determined to maximize revenue and get the hackers’ branding out there.

It isn’t just businesses that are suffering from these well-planned attacks, either. Even people with no affiliation to the companies suffering from data breaches are having their identities and payment information stolen.

AC-blog-table

The FTC has seen growth in the last several years in reported cases of identity theft and payments fraud among consumers, with the costs also rising each year. With cybercriminals banding together to exploit the masses, it’s time consumers did the same.

Webroot® AntiVirus for PC Gamers takes a new approach to securing your gaming rig. By utilizing a Smarter Cybersecurity® approach to protecting devices, each computer defended by Webroot helps secure the rest of the Webroot network—our own, modern-day digital Family.

In Victorian London, the working-class had to band together to fight against exploitation and crimes perpetrated against the masses. In Assassin’s Creed Syndicate, you will play as twin Assassins Jacob and Evie Frye and fight for their cause. It’s time you did the same today and secured your gaming experiences with the lightest, fastest security in history!

Try Webroot AntiVirus for PC Gamers for FREE today and enter for a chance to win an Origin® EON15-S gaming laptop! Take down enemies of The Family in high-def style on this sleek, performance-driven laptop.

Get rewarded for doing what you already love to do. Sign up at www.assassinscreed.com/rewards to earn credits towards bonus in-game content, enter sweepstakes, and even win an Origin® EON15-S gaming laptop! Check out protect-the-future.com today and earn even more bonus Credits!

Why are we using biometrics as passwords?

Reading Time: ~ 2 min.

After seeing a great presentation on newly discovered biometrics/fingerprint vulnerabilities (“Fingerprints On Mobile Devices: Abusing And Leaking”, by Tao Wei and Yulong Zhang) at Blackhat 2015, I have to wonder why we are even using a lone fingerprint as a password. Wouldn’t fingerprints be better implemented as a username?

When your fingerprint is compromised, it is compromised forever. We’re talking about something associated with criminal records, banking, and other fairly-critical segments of one’s identity. It only makes sense your fingerprint remain part of your identity and not some password you hope to remain secret for the rest of your life. You can’t change them. Not easily, anyways… As your username, it would simply remain a part of your identity, unable to be used against you without the secrets you can more easily hide and change: passwords, pins, etc.

casFingerprints would normally need to be physically gathered, dusting for prints and all that, making their compromise a less-than-likely situation. The issues outlined in the presentation I saw, however, showed it could be possible for their digital counterparts to be gathered remotely and en masse. Imagine if a fingerprint wasn’t the password, but only the login. That wouldn’t be that big of a deal anymore. So they know your username, so what? They still can’t log in. Email addresses are scraped up off the internet all the time. Someone’s email address is bound to be in many places they don’t want it to be, but the threat of compromise is still extremely low if they’re securing their account properly. In reality, a leaked fingerprint is a big deal because you can do things like pay someone via PayPal with it. The fingerprint is the password and the username can be gotten easily (they’re almost always stored insecurely and most of the time it’s just an email address anyways).

Other situations and issues involving fingerprints being used as a mix authentication and authorization – depending on what app you’re in – are outlined in the presentation as well. In one example, they showed malicious actors’ ability to snag fingerprints in the background, causing you to authorize a payment when unlocking your phone, for instance. Yet another situation where, if the print was your username, there wouldn’t be an issue.

At the very least, there clearly needs to be better security standards around fingerprint data and sensors. Still, making them less powerful (read: not the sole password used to access banking information) would be the best way to go.

Back to School Means Back to Security

Reading Time: ~ 3 min.

Not a week goes by where we are not hearing about, reporting on, or providing comment to another major breach. From big box chains to mom and pop shops, it seems to be a constant source of news. Beyond the commercial and financial industries though are the education sectors, with colleges and private schools under attack at the same rate as their commercial distant-cousins. And with school less than a month away for most students, we think it is time for some reminders on personal security. While you will not be able to impact the local educational institutes security layer, you can add layers to your personal protection.

  • Use two-factor authentication whenever possible.

We talk about this a lot because it is one of the easiest aspects of security to implement. Two-factor authentication adds another layer of security when logging into a website, be it e-mail, banking, or other websites.  Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code.  Authentication apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option.

  • Signup for login notifications

This security layer is often used in place of two-factor authentication, including by websites such as Facebook.  If your account is accessed from an unfamiliar location, a notification is sent via e-mail, app, or text-message to the account holder.  This is a great layer of security that offers you on-the-go protection.  This feature, if offered, can usually be found in the security settings of the website, such as banking and social media, you are accessing.

  • Change your passwords before school starts

There is a reason your office requires regular password changes for your e-mail.  Even if your password is compromised, by changing it regularly across all your accounts, you remove the chance of your account being accessed.  A pro-tip would be to set a reminder for every 90 days on your calendar with a link to all your accounts settings pages.  It makes it easiest to click through and make the changes regularly.

  • Increase junk filtering and avoid clicking through on e-mails

You just received an e-mail from a teacher asking for you to login and verify your school credentials.  Many phishing schemes start with something looking very innocent and official, but lead unassuming users to websites designed to collect the information direct from you.  If you receive an e-mail from one of the account-holding websites, or even a known person, open a new tab and go direct to the website instead of clicking the links provided.  It adds only a few seconds to the access, but keeps you out of any legit-looking phishing websites. Most legitimate services will never ask you for your login credentials, so make sure to avoid giving out this information.

  • Use an up-to-date security program

Whether you use Webroot SecureAnywhere or another product on the market today, ensure you have the most up-to-date version and have the correct security settings enabled.  Security programs are designed to keep the malicious files such as keyloggers and data-miners off your computer and the user protected.  This direct layer of security ensures your devices, from phones to tablets to computers, are all protected when you are downloading and accessing files.  Note that some programs, such as Webroot SecureAnywhere, are always up-to-date and require no further action from the user..

While schools will continue to be a target, you can work to minimize any breach impact on your personal data by following these steps. And if you were to receive news that your education institution has been breached, use these steps to go back and conduct a personal audit, while also taking advantage of credit alerts and other tools out there.

Happy Video Game Day 2015

Reading Time: ~ 3 min.

Webroot would like to wish our fellow gamers a happy Video Game Day! To celebrate this epic game playing day, we want to help keep you safe and highlight the top motivation for PC gaming attacks.

TopReasons

Gamers are being targeted more and more by malware, trojans, and keyloggers, especially those that participate in pay-to-play games and MMORPGs (Massively Multiplayer Online Role-Playing Game). Your accounts, personal identity, banking information and even credit card numbers can be stolen if you are playing without a cyber-security solution. The PC gaming market is increasing rapidly and is expected to reach $30.9 Billion in 2016, and with that, the targets are getting bigger and more lucrative.

Top Motivations for PC Gaming Attacks:

  1. Financial Gain: To obtain records of your secure data
  2. Digital Assets: Take control of your account to sell or trade
  3. Social Hacking: Damage to user reputation and identity theft
  4. Free Gaming: Access to your user account for free gameplay

So the motivation is there, but some people might insist that the threats do not exist. But already this year, we have seen a large variety of attacks targeting gamers through a variety of methods. Some are simple, others more advanced, but the threats against gamers and their accounts do exist.

Top Threats in 2015:

  1. Spear Phishing: Targeted attacks via email and game chat to steal login information
  2. Keylogging: Captures keystroke information and sends it to the attacker
  3. Chat Attack: Hacking attempts where the attacker embeds the attack via chat systems on Skype, TeamSpeak, Steam, League of Legends, etc.
  4. Ransomware: Malware that restricts access to a system until the ransom is paid
  5. Trojans: The attacker sends the system instructions to install malicious software or remote execution of system commands and other data intrusion

Some gamers defend the idea of installing no antivirus security one their machines, citing claims of slowed performance and interruptions. While traditional security solutions often have gamer modes, they still impact security, and others will turn off security layers during game play, rendering machines less secure.

Top Reasons Why Gamers Don’t Use a Security Program:

  1. They rely on free diagnostic and clean-up tools
  2. There are too many alerts and interruptions during gameplay
  3. It slows down their gameplay
  4. They aren’t concerned about infections
  5. It requires switching to a gamer mode

But new technologies do exist that are designed to keep gamers safe while playing online, even in this ever increasing threat world. Webroot SecureAnywhere for Gamers will not scan or update during your game and does not require a gamer mode.

Using real-time protection without sacrificing performance be using the cloud, Webroot SecureAnywhere ® Antivirus for PC Gamers reduces maintains a small  footprint the PC increasing drive space, decreasing hard drive read/writes, and improving overall performance. No longer do gamers need to make the sacrifice of turning off security software to increase their speeds. One of a gamer’s worst nightmares is being milliseconds away from a kill shot or reaching a checkpoint when their screen minimizes for a Windows Update or a system scan from their antivirus solution. That’s why Webroot’s gamer security will not alert you or minimize your screen during gameplay. We understand the importance of lightning fast internet connections and zero slowdowns during gameplay.

To learn more about Webroot SecureAnywhere ® Antivirus for PC Gamers, click here.

InstallSize

Google’s new Chrome extension is worth downloading

Reading Time: ~ 2 min.

Yesterday, Google announced the release of their newest Chrome extension, Password Alert. The new free tool is designed to warn users of the popular browser when they are entering their Google passwords on non-Google websites, helping to protect their Google accounts from phishing attacks. The application also prevents users from using the same password for their Google account on other sites. While this secondary feature may seem overzealous, it is a necessity if one of these accounts are breached, then a hacker would have a higher chance of accessing the victim’s Google account with the same credentials.

As our Threat Brief revealed, Google is by far the number one target of phishing attacks. Developing a Chrome extension that protects users accessing their Google accounts will certainly help defend against the onslaught of phishing attacks targeting Google. It would be great to see this same technology extended to other browsers and also to protect other major targets of phishing. The Threat Brief includes the top targets for phishing, and while each company uses a different login technique, there is something to be learned from what Google has done with respect to protecting customers as they access their accounts.

This is a good time to remind everyone of very simple and effective strategies to keeping online accounts secure. To start, make sure your primary email password is different from all other passwords. As I mentioned, there is a domino effect if you can break into this account. We all hate remembering different passwords, but this one is a must for proper online security. Secondly, hard to break passwords are very easy to create, and the key is length. My tip is to think of a phrase that is unique to you. For example, I love cheese and skiing -> !Lovech33s3andsk!!ng*. A password like this is very easy to remember and very difficult to crack.

Technology like this is not the end all to password and internet security, but adding this to your tools for everyday use will only help to enhance your protection online.

Download the Password Alert for Chrome here: https://chrome.google.com/webstore/detail/password-alert/noondiphcddnnabmjcihcjfbhfklnnep

Apple’s Sept 9 Event: New (and larger) iPhones and (gasp), a Watch!

Reading Time: ~ 6 min.

Well, September 9th is here, and the launch of Destiny, one of the most (if not the most) anticipated video games ever, isn’t the only major piece of news coming out of the tech world today.

You may have heard that one Cupertino fruit-logo’d tech company had an event today. And now the details of Apple’s next big(ger) things are official. Initial takeaway? They’re pretty in-line with the the rumors that have been swirling around for months now.

In other words, people got a lot of what they were expecting. Is that a good or bad thing? Depends on what camp you’re in. Probably.

Similar Phones, New Sizes

If you’re an Apple fan who’s only gripe was the small-by-today’s-smartphone-standards screen, your wish is (finally) Apple’s command. The company announced two new phones, each with a never before used (by Apple) size: the new iPhone 6 has a 4.7 inch screen while the new iPhone 6 Plus sports a 5.5 inch one. Yep, the iPhone will finally be competing in the phablet category.

 

iPhone 6 and 6 Plus

(Source: ARS Technica)

The new devices are also thinner than the current 7.6 mm enclosure of the 5s, with the iPhone 6 measuring 6.9 mm and the iPhone 6 Plus coming in just slightly chubbier at 7.1 mm. To accompany these ‘gains’, Apple also introduces a new ‘Horizontal Mode’, which will help retain comfortable one-handed use and make everything within reach.

The glass now curves around the edges of the phones, but the screen isn’t the sapphire one many people expected, but rather incorporates “a slightly different design element”, according to CNET’s report. The phones’ power/lock button make a move from the top edge to the right spine.

The colors remain unchanged. You will be able to get the new devices in gold, silver, or space gray.

iPhone 6 colors

(Source: PC Mag)

What about the display? The regular 6 gets a 1334×750 resolution with 326 PPI (Pixels Per Inch) while the 6 Plus gets a slightly crisper 1920×1080 resolution with 401 PPI. Both iPhones sport Apple’s familiar ‘Retina Display’ (although it’s now being called ‘Retina HD’). While these numbers improve on the 1136×640 (326 PPI) display of the 5s, they still lag behind many of today’s higher-end Android devices, a few of which (LG G3 and the newly-announced Galaxy Note 4 and Note Edge) pack 2560×1440 displays.

But pixels don’t always tell the whole story and it’s very difficult to tell the difference between 1080p and 1440p on such (relatively) small devices. That, and battery life typically suffers from a higher resolution. Speaking of…

The Internals

When it comes to battery life, Apple is claiming an improvement in battery life in both phones over the current 5s (see chart below)

new iPhone battery life

(Source: ARS Technica)

The devices’ internal hardware gets a boost as well. The new iPhones are powered by Apple’s new A8 processor, which Apple says has 50% faster graphics and a 25% faster CPU. The transistor count has also been bumped up to 2 billion from the A7’s 1 billion. This should all lead to better efficiency and performance.

There’s also the M8 co-processor, which improves on the 5s’ co-processor and will assist the health-conscious iPhone users keep track of their activity and take better advantage of the iPhone’s fitness apps. It’ll also be handing the data coming from the new barometer sensor.

The phones also get upgraded LTE connectivity, bumping speeds up to 150Mbps. Wi-Fi speeds should also clock in at about three times faster than those of the 5s, thanks to Wi-Fi 802.11 support. VoLTE (Voice over LTE) and Wi-Fi calling are also now supported.

Camera

Updated rather than upgraded (if pixel count is your measurement), the camera in the iPhone 6 and iPhone 6 Plus retains its 8MP, but gets a new sensor with ‘Focus Pixels’ technology, which Apple claims uses DSLR-style phase detection autofocus, helping the new devices autofocus lock up to 2x faster than previous iPhones. Users will be able to record 30 and 60 FPS videos in 1080p and capture slow motion videos at 120 or 240 FPS, an improvement.

As far as image stabilization goes, the iPhone 6 gets digital stabilization, but you’ll have to purchase the bigger and more expensive (more on that later) 6 Plus if you want optical image stabilization.

If selfies are your thing, Apple also didn’t forget about its Face-Time camera (otherwise known as the front-facing camera), which receives a larger f/2.2 aperture plus a new sensor for better lighting and sharper image quality. Video capture remains at 720p and there’s also now a burst mode.

NFC/Apple Pay

Apple Pay

(Source: Macworld)

Apple has resisted the NFC (Near Field Communication) push for years, but that no longer the case with the new iPhones. With the 6 and the 6 Plus, Apple not only added the protocol, but have also built their new Apple Pay payments system entirely for this cause. It works with the Passport app (as well as without it) and will finally allow users to use their new iPhone to purchase things. For more on Apple Pay, check out this Macworld article.

iOS 8

Apple announced that the new operating system will be available Wednesday, September 17th. For a detailed breakdown of the new features of iOS 8, check out this CNET article.

Pricing and Availability 

The new iPhone 6 and 6 Plus will launch in eight countries on September 19th. Pre-orders begin on September 12th.

So far, Apple has only released US pricing, but, as you might expect, the new iPhones ain’t cheap. The iPhone 6 starts at $199 for the 16GB version. $299 will get you 64GB, and if you want the max 128 GB of storage, you’ll need to dish out $399. Tack on $100 across the board (for the same amount of storage) and voila, that’s how much the iPhone 6 plus will cost you. Yep, that means on-contract pricing for a 128 GB iPhone 6 Plus is a whopping $499!

In the US, the new iPhones will be available on AT&T, Verizon, T-mobile, Sprint, and US Cellular to start.

The other seven countries that get the September 19 launch are UK, Australia, Canada, France, Germany, Hong Kong, Japan, Puerto Rico, and Singapore.

This also means that the iPhone 5C’s price will drop to ‘Free’ and the iPhone 5S’s price goes down to $99 (for the 16 GB version).

iPhone Prices

(Source: Apple.com)

‘One More Thing’: The Apple Watch 

Apple didn’t end with the iPhone 6 and 6 Plus reveal, however. It wouldn’t be an Apple event if they did, would it? As many people expected, they introduced a new wearable device, called the Apple Watch (interestingly not iWatch like most predicted).

iWatch

(Source: CNET)

The Verge has a very visual ‘hands-on’ write up and you can read it in its entirety here. Nevertheless, here’s some basic info on Apple’s long-rumored entry into the wearables market:

  • Will be available ‘Early 2015’ starting at $349
  • Will come in three collections – all different versions (with different finishes) of the same watch. The Apple Watch Edition will be finished in 18K gold.
  • Touch-screen (flexible Retina) display, digital crown, infrared LEDs, and photo diodes
  • Runs on an S1 Processor
  • Equipped with gyro accelerometer
  • Has NFC
  • You need an iPhone 5 or better to use it

Security 

Many people forget that iPhones are not malware-proof. I won’t dive deep into this, but it’s important to keep your new devices protected, whether you’re an iPhone or Android user. We offer protection for both.

Concluding Thoughts

It will be interesting to see how consumers will react to the new iPhones. Many Android vs. Apple battles are already raging on in pretty much every comment section of every story written up on the iPhone 6 and 6 Plus.

The thing is, most Android and Apple users are already dedicated to their respective camps and I don’t think these new iPhones have enough revolutionary features that will lure many Android users away from their Google-powered machines, most of which already have the screen sizes Apple is finally embracing.

But because the 4.7 and 5.5 inch screens are a first for Apple, the real question comes down to the Apple fans themselves. Will the new screen sizes be the must-have addition many previous iPhone users were wishing for or will it alienate the fan base that loved Apple for offering a pocket-friendly premium smartphone?

For now, all we can do is wait and see.

8 Tips to Stay Safe Online

Reading Time: ~ 4 min.

Yesterday, the New York Times published an exclusive story on what many are stating to be the largest series of hacks ever, all revealed by Hold Security in their latest report. With a report of over 1.2 billion unique username-password combinations and over 500 million e-mail addressed amassed by a Russian hacker group dubbed CyberVol (vol is Russian for thief). While the reactions among the security industry are mixed, with some researchers raising a few questions of the masterwork behind the hack, the story does bring to the public’s attention the necessity of strong, personal, online security policies for all aspects of the connected life.

As our researchers have shown in the past, gathering a collection of username and passwords can be easier than many think, with many scraping programs being sold on the deep-web market to the highest bidders. And while some companies, including Hold Security, are offering paid solutions to help detect and monitor if their accounts have been breached, this does not change the fact that the first layer of security begins at the user.

8 tips to help you stay safe and secure on the internet

  1. Use two-factor authentication whenever possible.Two-factor authentication adds another layer of security when logging into a website, be it e-mail, banking, or other websites.  Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code.  Authenticator apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option.
  2. Signup for login notifications. This security layer is often used in place of two-factor authentication, including by websites such as Facebook.  If your account is accessed from an unfamiliar location, a notification is sent via e-mail, app, or text-message to the account holder.  This is a great layer of security that offers you on-the-go protection.  This feature, if offered, can usually be found in the security settings of the website, such as banking and social media, you are accessing.
  3. Use a secure password. We have all signed up for some website with a basic password, thinking there is no way that someone would want to hack our account.  But that may not be the case.  Setting an easy password on one website often leads to that password being used across many websites.  The easier you make it for a thief to brute-force access your account, the more likely you are to have your other accounts hacked.  By establishing a mixture of characters, numbers, and letters into a password, recommended to be 10 characters or more, you add a high level of difficulty for any brute-force password theft. Password managers like the one included in our Internet Security Plus and Complete antivirus programs can help make managing this easier.
  4. Change your passwords regularly. There is a reason your office requires regular password changes for your e-mail.  Even if your password is compromised, by changing it regularly across all your accounts, you remove the chance of your account being accessed. A pro-tip would be to set a reminder for every 90 days on your calendar with a link to all your accounts settings pages. It makes it easiest to click through and make the changes regularly.
  5. Only access your accounts from secure locations. It might only be 30 seconds of access to your bank account on that free WiFi at the coffee shop, but if the network has been compromised, that is more than enough time to collect all the data needed for a thief. While the convenience factor is there, if you must access the accounts, you might want to look into a VPN (Virtual Private Network) to ensure an encrypted connection to your home or work network.
  6. HTTPS access. In most browsers and information heavy websites, there is a way to force a HTTPS connection when available. This connection adds another level of encrypted security when logging in, making it even more difficult for data thieves to gather your information when logging in. To check if you are on a HTTPS connection, look for a padlock in the URL bar in the browser or check the URL itself for it to begin with HTTPS.
  7. Increase junk filtering and avoid clicking through on e-mails. You just received an e-mail letting you know that you have a new deposit pending and need to login and verify. Many phishing schemes start with something looking very innocent and official, but lead unassuming users to websites designed to collect the information direct from you. If you receive an e-mail from one of the account-holding websites, open a new tab and go direct to the website instead of clicking the links provided. It adds only a few seconds to the access, but keeps you out of any legit-looking phishing websites. Most legitimate services will never ask you for your login credentials, so make sure to avoid giving out this information. By increasing your level of junk filtering with your e-mail client as well, many of these e-mails will be caught before making it to your inbox.
  8. Use an up-to-date security program. Ensure you have the most up-to-date version and have the correct security settings enabled. Security AV programs are designed to keep the malicious files such as keyloggers and data-miners off your computer and the user protected. This direct layer of security ensures your devices, from phones to tablets to computers, are all protected when you are downloading and accessing files. Note that some programs, such as Webroot SecureAnywhere, are always up-to-date and require no further action from the user.

While the threats to online accounts are out there, the tips to staying safe can help you stay protected and utilize features often already available by the companies and their websites, and most without costing you additional money. These internet safety tips should help ensure your security online while still providing the convenience online access offers.

Helpful links:

A Look at PC Gamer Security

Reading Time: ~ 2 min.
Gamer Infographic

In the new study on security and PC gamers, Webroot found that many gamers sacrifice their protection to maximize system performance and leave themselves vulnerable to phishing attacks and gaming-focused malware. The study also provides tips for protecting gaming credentials and safeguarding against phishing attacks.

Webroot PC Gamer Security Study Findings:

  • 47% experienced an online attack with 55% of the attacks impacting system performance.
  • 35% of PC gamers choose not to use security or rely on free clean-up tools.
  • “Does not slow down system performance” ranked among the most important security program characteristic to gamers and Webroot has the first antivirus for PC gamers without system impact.
  • Trojans, Phishing, and Rootkits ranked as the top attacks against PC gamers.
  • The top source for information about Internet security were from forums and fellow gamers.
HalfPCGamers

The survey was conducted during E3 2014 and was based on the responses gathered from over 1,200 PC gamers. The conclusion was that one third of PC gamers do not use a security program while gaming, although 47% have experienced a malware or phishing attack.

“We understand the high expectations that gamers have of their systems, and the frustration they have had with traditional antivirus programs. But the desire for performance can’t be at the expense of protection – there’s too much to lose,” said Mike Malloy, executive vice president of products and strategy at Webroot. “We believe by following some basic best practices and using a cloud-based security program that is very light on system resources, such as Webroot SecureAnywhere Gamer Edition, PC users don’t have to choose between performance and protection.”

Running a gaming system without traditional antivirus security can improve gameplay performance, but it leaves gamers vulnerable to identity theft and online attacks that can jeopardize both their real and in-game lives. This is why Webroot created the first cloud-based antivirus for PC gamers and developed a list of tips for staying safe online.

Tips for Gaming Securely:

  • Use browser-based URL filtering.
  • Deploy anti-phishing detection.
  • Avoid public Wi-Fi and use a cloud-based anti-malware program.

To read the full press release, please click here.

If you’d like to view or download the infographic on the report, you can do so by clicking here.

Successful Launch of Webroot for Gamer at E3

Reading Time: ~ 2 min.photo 4Webroot, the market leader in cloud-based, real-time Internet threat detection, recently returned from the 18th annual Electronic Entertainment Expo, or E3 for short, hosted by the Entertainment Software Association.  Used by many of the video game manufacturers across the various platforms, as well as hardware and software developers, the trade show is used to show off the next generation of games-related products.  Hosted at the Los Angeles Convention Center, the 2014 conference had over 50,000 reported attendees between June 9th and 12th, 2014.

With this being Webroot’s first appearance at E3, the company was on site to show off Webroot’s new gaming specific antivirus, SecureAnywhere™ AntiVirus for PC Gamers.  Designed to keep users protected with maximum performance and protection, the newest protection offering for consumers garnered a large amount of interest from those in attendance, with a busy booth all day.  From the gamers themselves to the industry experts, many were impressed with the performance, speed, and direct gaming focus that Webroot was providing with the gamer protection product.

Along with the booth presence, Webroot’s team hosted an online campaign to drive awareness of the products with the #CyborgSelfie giveaway, a contest where entrants had to submit a selfie of themselves with the specific Twitter hashtag in hopes of winning a custom built Origin PC protected by Webroot.  With over 40,000 entries, the winner, Johnny Interiano, was drawn at random, and will soon have one of the most powerful Origin PC machines at their disposal for their next gaming conquests.  And to not pass an opportunity to work with Webroot’s newest partner Plantronics, twelve runner-up winners from the same contest won Plantronics RIG gaming headsets.

Through a strong awareness campaign and booth presence, all backed by an innovative security product designed specifically for gamers, Webroot’s presence at E3 was a major success for all that were involved.

 

 

How to avoid unwanted software

Reading Time: ~ 3 min.We’ve all seen it; maybe it’s on your own computer, or that of a friend, your spouse, child, or parent. Your home page has been changed to some search engine you’ve never heard of, there’s a new, annoying toolbar in your browser. Maybe you’re getting popup ads or have a rogue security product claiming you’re infected and asking you to buy the program to remove the infection. Even worse, you don’t know how it got there! Welcome to the world of Potentially Unwanted Applications (PUAs.) Chances are that these programs were inadvertently installed while installing software from sites that use “download managers” that add additional software to otherwise free downloads.

Many of these “download managers” and the additional applications they install use a Pay Per Install business model that is often used by unscrupulous individuals that use various techniques to trick you into clicking on their sites rather than the official download site for the software you’re attempting to download. These techniques include using advertisements on search engines and various Search Engine Optimization (SEO) techniques to get their sites to show up before the official downloads in search results. We’ve even seen fake image upload sites whose sole purpose is to direct you to a page that looks like an official download page for a program but uses one of these “download managers” instead.

So how do you avoid these “download managers?” It’s actually pretty simple. Whenever possible, download software from the software company’s official page (this is not always possible since some software is only available through third-party download sites.) As mentioned earlier, some of the most popular techniques to get you to install software using these “download managers” is through ads and SEO techniques on search engines, so we’ll show you how to locate the official download links in search results from Google, Bing, and Yahoo.

For this example we’ll search for the popular voice and video chat program Skype by searching for “download Skype.”

With Google it is rather easy to spot the official download link since the advertisements are clearly marked, and the first actual result is the official download link:

google

 

Let’s have a look at Bing next. Since both Skype and Bing are Microsoft products, the first two search results are for the official download links:

Bing_Skype

 

For a better example of Bing results, let’s search for Adobe Reader by searching for “download adobe acrobat reader.” This one is also pretty easy to spot since the ads are clearly marked.

Bing_Adobe

 

Now let’s have a look at the results for “download Skype” on Yahoo. Once again, the ads are clearly marked and the first actual result is the official download link.

Yahoo

 

Looking at these search results, you’ll notice a few things in common: The top results are all ads, and none of the ads point to the official download links, and the first actual link that is not an advertisement is the official download link. While this will not always be the case, it is common, and fortunately the three search engines we used in this example all do a very good job at identifying their advertisements. Does this mean that all ads are bad? Of course not! But when looking to download free software, the ads may not be your best choice. Also pay attention to the URLs, the official downloads are all on “skype.com” domains, while all the adds point to other domains.

Now you should have a better understanding of how some of those unwanted toolbars and search pages ended up on your computer, that clicking on the top result on a search page may not be the best way to go about downloading free software, and how to find the official download links for software on some of the most popular search engines. Pass this information onto others, and maybe you’ll save yourself a trip to a friend or family member’s house to remove an unwanted toolbar.

Phishing For Bank Account Information

Reading Time: ~ 2 min.

When you’re a threat researcher, you are always on the look out for anything that looks ‘phishy’, even if it’s on your own personal time. Today, I opened my personal email to find this:

Although the email looked very convincing, I don’t bank with Smile Bank so I knew something was up. Smile Bank is an actual bank based in the UK. The bad guys used a spoofed email address to make it look like it came from the legit Smile Bank domain smile.co.uk. If someone did bank with Smile Bank, I can see how they could easily be tricked. It’s the “Click here to proceed” link that gives the bad guys away. The link goes to a page hosted by pier3.hk, which is a legitimate domain, but appears to be compromised with a simple HTM page that is a redirect to the real malicious site. The redirect sends you here:

Once filled in and submitted, it then sends you here:

When this page is filled in and submitted, it sends you to the legitimate Smile Bank site:

In the background, I captured the network traffic to discovery all the input I entered being sent in plain text to the malicious URL:

In comparison, I went to Smile Bank’s real login screen. It was identical except for the fact it didn’t accept my nonsense for inputs:

This trick could easily be done with any large bank. Make sure to always be suspicious of any email claiming to be from your bank that threatens your account has been locked and insists that you need to enter your account information. Also, if the link to enter your account information isn’t to the URL of the bank it claims to be from, you know it’s malicious.