Terms and Conditions
Please note that when accessing The F-Secure World Wide Web pages you agree to the following terms:
The contents of F-Secure World Wide Web pages are provided “as is” and “as available”. No warranty of any kind, either express or implied, is made in relation to the availability, accuracy, reliability or content of these pages. To the extent permitted by law, F-Secure shall not be liable for any direct, indirect, incidental or consequential damages arising out of the use of or inability to use these pages, even if F-Secure has been advised of the possibility of such damages.
Third Party Sites
This policy only addresses our activities from our servers. This web site contains links to web sites that are not under our control. We are not responsible for the content, commentary or applications of these web sites. We are providing these links only as a convenience and the inclusion of these links does not imply endorsement by us of the linked web site.
The contents of F-Secure World Wide Web pages are protected by international copyright laws © F-Secure 1994 – 2006. All rights reserved. Reproduction, transfer, distribution or storage of part, or all of the contents, including but not limited to pictures, design format, logo, audio clips, video clips and HTML coding, in any form without the prior written permission of F-Secure is prohibited. Any and all reproduction, total or partial, of the texts, illustrations, design format or logo by any means whatsoever, is illegal. Such reproduction requires the prior written consent of F-Secure. We protect our intellectual property rights to the full extent of the law. F-Secure” and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation.
All other trademarks mentioned in the F-Secure World Wide Web pages are the property of their respective holders. Nokia is a registered trademark and the Nokia OK logo is a trademark of Nokia Corporation. Nokia id-codes are a00014, a00015 and a00018. Symbian and all Symbian-based marks and logos are trade marks of Symbian Limited.
F-Secure is committed to ensuring the security of your information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to s afeguard and secure the information we collect online.
Any bulletin messages, suggestions, ideas, bulletin board postings or concepts that are submitted to F-Secure via this web site shall become, and remain the property of F-Secure. Furthermore, F-Secure is not responsible for the confidentiality of any information communicated to our web site. By communicating material to the F-Secure web site, you agree that F-Secure has the right to publish the material in products or publications for any purpose, including, but not limited to, advertising and promotional purposes. You agree not to take action against us in relation to material that you submit.
F-Secure reserves the right to modify the pages or deny access to them at any time. Amendments to this policy will be posted at this URL and will be effective when posted. Please visit us again for updates.
The following legal terms (“terms”) govern your right to use and access to F-Secure blog “Safe and Savvy” (“blog”) provided by F-Secure Corporation (“F-Secure”, “we”, “our”). By using or visiting the blog you have read these terms, understand them and agree to be legally bound by them. You also agree not to use the blog against these terms and specific instructions elsewhere in the blog. If you do not agree to all of these terms, or if you are below the age of twelve (12), you are not allowed to access, visit or participate in the community
Description and Purpose
F-Secure provides this blog as a service to its users and customers, to help them exchange ideas, tips, information, and techniques related to overall security related issues and to our services. This blog is here for the enjoyment and benefit of all members and accessible to all. The community of the blog, like any community, is most valuable when everyone obeys certain basic guidelines and rules for online behavior:
Posting and Prohibited Content
Use of the blog is at your own risk. Do not post any information, especially personal information such as addresses and phone numbers, that you do not wish to make public. Any information that you post to public sections of the blog can be obtained and used by others. You are responsible for any personal information you disclose to the blog. F-Secure or WordPress.com provided by Automattic Inc. (“Platform Provider”) is not responsible for third parties’ use of information posted on the blog and to the blog community. Users of the blog agree not to upload, post, or otherwise transmit any content that includes any of the following inappropriate content:
- Content that is: unlawful, libelous, harmful, vulgar, obscene, derogatory, pornographic, abusive, harassing, threatening, hateful, objectionable with respect to race, religion, creed, national origin or gender;
- Any private or personal information or content that is not your own or that you do not have rights to transmit, such as: address, phone number, personal email address, social security number and copyrighted content, trade secrets or securities
- Off-topic content not relevant to blog community purpose;
- Spam, such as advertising, promotion or solicitation, including chain letters, class action lawsuits, charitable appeals;
- Content or links to content that contains contaminating or destructive features that may damage someone else’s computer;
- Duplicate or excessively repeated submissions in one or more areas;
- Content designed to evade profanity or other filters;
- Hyperlinks to sites that violate the terms;
- Content used to impersonate another person;
- Content or behavior that violates any applicable laws;
- Content or behavior that interferes with the operation of the site or with another member’s ability to use the site;
- Evading site controls such as bans, or otherwise disregarding the directions of the site moderators or administrators
- Content that infringes copyrights or other intellectual property rights of third parties.
F-Secure may remove any information, in its sole discretion, including but not limited to personal data or data, material or content provided by any of the users, considered to violate the Terms or be inappropriate for the blog for any reason. F-Secure shall under this agreement have no obligation to monitor any of the material provided by you to F-Secure and/or to the blog community, but may do so at its discretion. F-Secure also retains the right to immediately revoke any and all of Your access rights in case Your breach of any of these Terms or suspected misuse of the blog.
To report violations, please contact the F-Secure blog team and include the blog-post/comment and the author-name in question: email@example.com
RIP Flash? Has Chrome signed Flash’s death warrant?
The first day of September may go down in internet security history -- and not just because it's the day when F-Secure Labs announced that its blog, which was the first antivirus industry blog ever, has moved to a new home. It's also the day that Google's Chrome began blocking flash ads from immediately loading, with the goal of moving advertisers to develop their creative in HTML5. Google is joining Amazon, whose complete rejection of Flash ads also begins on September 1. "This is a very good move on Amazon’s part and hopefully other companies will follow suit sooner than later," F-Secure Security Advisor Sean Sullivan wrote in August when Amazon made its announcement. "Flash-based ads are now an all-too-common security risk. Everybody will be better off without them." Last month, Adobe issued its 12th update in 2015 for the software addressing security and stability concerns. An estimated 90 percent of rich media ads are delivered through Flash. Having the world's largest online retailer reject your ad format is a significant nudge away from the plugin. But it would be difficult to overstate the impact of Chrome actively encouraging developers to drop Flash. About 1 out of every 2 people, 51.74 percent, who access the internet through a desktop browser do it via Chrome, according to StatCounter. This makes it the world's most popular web interface by far. Facebook's Chief Security Officer has also recently called for the end of Flash and YouTube moved away from the format by default in January. “Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely," F-Secure Senior Researcher Timo Hirvonen told our Business Insider blog. So what's keeping Flash alive? Massive adoption and advertisers. “Everyone in every agency’s creative department grew up using Adobe’s creative suite, so agencies still have deep benches of people who specialize in this,”Media Kitchen managing partner Josh Engroff told Digiday. “Moving away from it means new training and calibration.” And Flash does have some advantages over the format that seems fated to replace it. "HTML5 ads may be more beautiful, and are perceived to be more secure, but the files can be a lot larger than Flash," Business Insider's Laura O'Reilly wrote. In markets, stability can breed instability and it seems that our familiarity and reliance on Flash has resulted in unnecessary insecurity for our data. Has Flash hit its moment when its dominance rapidly evaporates? We can have hope. "I sincerely hope this is the end of Flash," Timo told us. Cheers, Sandra [Image by Sean MacEntee | Flickr]
6 reasons the Internet of Things is difficult to secure
It's a new world when we have to worry about our sprinklers getting hacked. While it's still easier to hack a smartphone or throw a brick through a window to get into our homes, the trend of connecting and automating almost everything presents a bevy of security concerns that many of us are just beginning to consider. In a recent post for our brand new Internet of Things blog, our Mika Stahlberg succinctly laid out the unique challenges for keeping our "things" safe: 1) Most of the devices are cheap and lack a screen and keyboard. 2) Ease-of-use, especially during setting up, is critical for these kinds of products. 3) Devices use wireless protocols to connect to the home, so that there is no need to install wires into the walls. Hence, they and their signals are likely also reachable from outside the walls of the house. 4) Some of these devices, like garden sprinklers or porch lamps, are located outside and hence can be accessed physically without breaking into your house. 5) There are many manufacturers and many ways to buy the device: Devices don’t come pre-installed with any secret code or certificate specifically for your home. 6) Many smart home devices use mesh networking where radios are low power and each device also acts as a relay station and thus devices need some way of communicating with all other devices in the network. If you want to know how you can get ahead of the curve, here are three keys make your smart home safer now. Cheers, Jason [Image by Maurizio Pesce | Flickr]
Only 10% protected – Interesting study on travelers’ security habits
Kaisu who is working for us is also studying tourism. Her paper on knowledge of and behavior related to information security amongst young travelers was released in May, and is very interesting reading. The world is getting smaller. We travel more and more, and now we can stay online even when travelling. Using IT-services in unknown environments does however introduce new security risks. Kaisu wanted to find out how aware young travelers are of those risks, and what they do to mitigate them. The study contains many interesting facts. Practically all, 95,7%, are carrying a smartphone when travelling. One third is carrying a laptop and one in four a tablet. The most commonly used apps and services are taking pictures, using social networks, communication apps and e-mail, which all are used by about 90% of the travelers. Surfing the web follows close behind at 72%. But I’m not going to repeat it all here. The full story is in the paper. What I find most interesting is however what the report doesn’t state. Everybody is carrying a smartphone and snapping pictures, using social media, surfing the web and communicating. Doesn’t sound too exotic, right? That’s what we do in our everyday life too, not just when travelling. The study does unfortunately not examine the participants’ behavior at home. But I dare to assume that it is quite similar. And I find that to be one of the most valuable findings. Traveling is no longer preventing us from using IT pretty much as we do in our everyday life. I remember when I was a kid long, long ago. This was even before invention of the cellphone. There used to be announcements on the radio in the summer: “Mr. and Mrs. Müller from Germany traveling by car in Lapland. Please contact your son Hans urgently.” Sounds really weird for us who have Messenger, WhatsApp, Facebook, Twitter, Snapchat and Skype installed on our smartphones. There was a time when travelling meant taking a break in your social life. Not anymore. Our social life is today to an increasing extent handled through electronic services. And those services goes with us when travelling, as Kaisu’s study shows. So you have access to the same messaging channels no matter where you are on this small planet. But they all require a data connection, and this is often the main challenge. There are basically two ways to get the data flowing when abroad. You can use data roaming through the cellphone’s ordinary data connection. But that is often too expensive to be feasible, so WiFi offers a good and cheap alternative. Hunting for free WiFi has probably taken the top place on the list of travelers’ concerns, leaving pickpockets and getting burnt in the sun behind. Another conclusion from Kaisu’s study is that travelers have overcome this obstacle, either with data roaming or WiFi. The high usage rates for common services is a clear indication of that. But how do they protect themselves when connecting to exotic networks? About 10% are using a VPN and about 20% say they avoid public WiFi. That leaves us with over 70% who are doing something else, or doing nothing. Some of them are using data roaming, but I’m afraid most of them just use whatever WiFi is available, either ignoring the risks or being totally unaware. That’s not too smart. Connecting to a malicious WiFi network can expose you to eavesdropping, malware attacks, phishing and a handful other nasty tricks. It’s amazing that only 10% of the respondents have found the simple and obvious solution, a VPN. It stands for Virtual Private Network and creates a protected “tunnel” for your data through the potentially harmful free networks. Sounds too nerdy? No, it’s really easy. Just check out Freedome. It’s the super-simple way to be among the smart 10%. Safe surfing, Micke PS. I recently let go of my old beloved Nokia Lumia. Why? Mainly because I couldn’t use Freedome on it, and I really want the freedom it gives me while abroad. Image by Moyan Brenn