At the 2012 edition of Google I/O, security and privacy got a whole hour in the “Security and Privacy in Android Apps” session, which seemed modest at the time, but looks fairly indulgent now that we’re left digging through all the presentations to see if there was even a mention of privacy this year.

Luckily, there were two telling mentions of privacy at the event: one in a Google Glass fireside chat and another anecdotal mention from Google’s top brass.

Perhaps not surprisingly, the best privacy discussion was prompted by an audience member in a Google glass session. According to our friends at the Verge, when an audience member asked Google Glass’s product director, Steve Lee, about the privacy implications of the wildly anticipated product, Lee downplayed concerns, claiming, not encouragingly, that it is easy to tell if someone is recording you with their Google Glasses and that the user-privacy was at the forefront of the product design team’s thinking as they developed Google Glass.

In a truly shocking departure from the norm, the United States Congress seemed to mirror public sentiment when they penned a letter to Google CEO and co-founder, Mr. Larry Page, expressing concerns about the new product’s impact on user- and non-user-privacy, and demanding answers to some pretty tough questions. Page must provide answers to these questions by July 14, which will give us a far-clearer view into the real privacy implication of the yet-to-be-released computer-spectacles.

It might be slightly unfair to say that Google scoffs at user-privacy just because they didn’t host any privacy talks at a yearly conference that is really about teaching developers how to optimize Google’s resources, tools, and gadgets in order to make better applications and other Web services. Also, in Google’s defense, the tech company received very high marks in the Electronic Frontier Foundation’s 2013 “Who Has Your Back?” report. However, Page made it a whole heck of a lot easier to criticize Google on privacy, which is saying a lot, because privacy-hawks have been taking Google to task on its handling of user-data for years. The CEO and co-founder took the stage at I/O, and seemed to suggest that because he blogged about some nerve issue that paralyzed his left and later his right vocal cord on his Google Plus account, that everyone needs to be less uptight about the privacy of their medical records.

There is no way to know for certain if Page’s views on medical privacy reflect his views on personal-data privacy, but it’s no-less interesting to hear such a pivotal character in the privacy debate advocate for openness with regards to medical history. To his credit, he seemed to be trying to say something about the potential for technological and medical advances that would be achievable with such openness.

Of course, it may have taken some courage for Page to come forward with this, but a billionaire publically talking about a non-life-threatening condition that affects the way he speaks is one thing, while allowing public access to the medical records detailing commonly stigmatized, communicable, or deadly conditions is another thing altogether.

It absolutely rocked the world in 1991 when Magic Johnson publically announced his retirement after contracting HIV. In retrospect, Johnson’s announcement was overwhelmingly good, but Magic Johnson was perhaps the greatest basketball player to have ever played the game to that point. The reaction to Johnson’s announcement ranged from incredibly positive to equally negative, but the reality is that he never needed to work again. Not all of us have that kind of job security. Crippling post-traumatic stress or anxiety disorders or any number of other ailments aren’t necessarily things you want a potential employer or school admissions officer to know about before you even get a chance at an interview.

It’s entirely possible that Google has the best of intentions for Google Glass (and Android for that matter) or that Larry Page means well when he says he wants us to be more open about or medical history, but it’s also possible that Google’s new privacy strategy is to deflect, denigrate and downplay until no one cares about personal privacy anymore: a policy behooving to any organization attempting to build an empire upon data.

Tell us what you think this all says about privacy in the comments.

• Restricting Internet access for users, particularly teens, isn’t just about content — it’s about data. Users with metered Internet connections or data restrictions on mobile devices should think long and hard about who uses their systems, and how. To prevent unwanted downloading of large files that could, when done too much, inflate your monthly bill or slow your service deliver, think about restricting or blocking access to sites that enable massive music and video downloads.
  There are many straight-forward types of restriction functionalities, but there are also some unconventional ways to restrict access to web content to protect your systems as well as the people who use them.

• Parental controls aren’t just about restricting access to certain content, but limiting the actual amount of time kids can spend online and/or with their devices. Amazon isn’t alone in this, but one of the great features of the new Kindle Fire HD is FreeTime, an app that lets parents set time limits based on the type of content their children are viewing and to edit those preferences to tailored specifically to each user profile, i.e. each child.

• Parental controls aren’t just targeted at kids anymore. Elderly users may get confused sometimes by all of the programs offered on an operating system, but you can help them by setting up controls for their user accounts that limit the programs that they have access to, reducing the possibility that they will be confused by an application they inadvertently launch.

• Of course, you can limit the programs that seniors run, but you’re probably not preventing them from going online — and that’s where a lot of damage can happen. But today’s controls can help steer seniors clear of confusing and harmful sites where they could unwittingly download unwanted programs, or launch system software that will only confuse them. Utilizing the anti-banner feature in Kaspersky Internet Security 2013 can eliminate useless popups that will only confuse seniors with unneeded and potentially malicious content.

• Ultimately, the surest way to protect your system and to manage how users operate your systems and devices is by diligently setting up and monitoring your operating system and web browser profiles — and by protecting your systems with robust security programs like Kaspersky Internet Security 2013, which creates fine-grained web controls, and system security suites like Kaspersky PURE 3.0, which is there to protect your system for the inevitable times that parental controls are skirted, inadvertently or otherwise.

Stay tuned for Olga’s next volcano expedition to Damavand in Iran this June. In the meantime, send us a story about your dream journey and get ready to make your dreams come true! Get more contest details!

I don’t want to beat the dead horse too relentlessly here, but there is literally no good reason not to install security updates. Not one. You don’t have to do anything but click ‘yes,’ or, in most cases, wait a few extra minutes while your machine boots up and installs them automatically. In fact, just now, as I was writing this up, Adobe informed that it successfully updated. I didn’t even know it was installing anything. That’s how easy it was.

Ease aside, not installing security upgrades is like not getting a flu shot: it puts everyone else at higher risk of getting infected, because when you shirk on your updates, you’re contributing to the increasingly voluminous pool of easily exploitable machines. Furthermore, the problem is one of those pesky, self-perpetuation ones. As more machines are compromised, the cybercriminals have more computing power, potential account access for phishing attacks, and other resources that they can use to compromise more and more machines.

And these updates aren’t just willy-nilly, intangible things that no one understands. Criminals exploited one of the now-patched Internet Explorer vulnerabilities used in watering hole attacks targeting the United States Department of Labor. The DoL attack is widely believed to have been a stepping stone in a broader campaign targeting nuclear weapons program researcher at the Department of Energy. In the days that followed, the same vulnerability was exploited in Cambodian watering hole attacks on the US Agency for International Development (USAID).

Water holing or watering hole attacks are a technique whereby attackers compromise a website that they believe their real target will visit. So, in these cases, attackers infected a DoL website to snare DoE and other valuable government employees and it was also used to phish USAID workers in Cambodia.

Perhaps more alarmingly yet, Adobe patched a vulnerability in its ColdFusion application development platform that attackers had already exploited to compromise servers belonging to the Washington State court system, exposing an astounding 160,000 social security numbers as well as the driver’s license numbers and names of more than a million people.

As noted by Kaspersky Lab expert and friend of the blog, Kurt Baumgartner, Microsoft also supplied fixes for a few “less sexy” but no less important escalation of privilege vulnerabilities. EoPs, as they’re called, are often used after a compromise so that attackers can gain full user rights of infected machines. Of course, once an attacker has full user rights, he or she can do whatever nefarious thing he or she wants.

We respect the right of any user to choose a reliable antivirus solution. That is why Kaspersky Lab participates in almost all industry recognized independent tests: after all, when users want to compare security solutions, they are going to refer to the results of these tests. But it is important to understand what is behind each “approved” and “certified” logo.

Of course, every vendor will say their product is the best. Therefore, when choosing between several reputable, popular security solutions, a sensible user will not only look at the arguments and claims of each developer, but also look at independent analysis. There are numerous companies that spend days on end doing exactly that – testing various antivirus solutions, firewalls, proactive protection systems and all the other security components that are now integrated in the comprehensive protection suites used by individuals and companies. Each test laboratory has its own evaluation system and methodology, so it’s important to understand what their “awards” are worth and what you can expect from a certified solution. We will briefly describe a few of the most renowned independent labs: AV-Comparatives, AV-TEST, Dennis Technology Labs and VirusBulletin.

The main test
The most important thing evaluated in the test labs (something that is difficult to perform at home) is the quality of anti-malware protection (protection against viruses). Two main approaches are used for this – “real world” and “classical” – and sometimes a combination of the two may be used.

Today, many experts believe that real world testing is more important for the user. It simulates situations where malicious or infected websites and email attachments are opened on a protected computer and calculates the percentage of threats that are detected and blocked before they penetrate the system. The advantage of this method is its ability to check all the protection technologies integrated in a product (there are now a great many of them) using the very latest threats.

There are several variations of the classical approach, but testing is generally performed as follows. A virus scanner is pitted against a folder containing several thousand files that includes a collection of hundreds or even thousands of currently active malicious programs of various types. Ideally, the antivirus solution should detect 100% of the malicious files. Another important parameter, which can be evaluated concurrently, is the percentage of false positives. The “clean” files in the folder must be ignored, so ideally this figure should be 0%.

Important extras
Even the most reliable antivirus solution cannot guarantee 100% protection. Simply being good at detecting viruses is not enough – an AV solution must be able to treat the infected computer if, for example, an infection has already penetrated the machine. This is important because, according to Kaspersky Lab statistics, 5% of antivirus solutions are installed on infected PCs. And then there are user errors, which can result in malware finding its way onto the computer.

Ideally, the antivirus shouldn’t slow the system down and shouldn’t bother the user with frequent requests and warnings about program activity because it annoys people and ultimately reduces the effectiveness of the protection since users end up ignoring the pop-up windows.

AV-Comparatives
The AV-Comparatives test lab carries out separate tests to evaluate the most important functions: protection in real-world scenarios, detection of infected files (classical testing), performance and many  more. Once a year, based on all of its tests, AV-Comparatives announces its highest “Product of the Year” award as well Gold, Silver and Bronze awards for each test type. But if you don’t want to wait until the end of the year, you can get a pretty good idea of how good a product is by looking at the results of 2-5 different tests. The most interesting are the Real World test and the Performance evaluation. False positives reduce the score in the first test. The best solutions are awarded an Advanced + certificate. Those that are not so perfect get an Advanced certificate while the others end up with Standard and Tested badges. Every month, AV-Comparatives publishes the intermediate results of its Real-World test containing information on the current threats that every popular antivirus solution was able to block. The lowest protection level, which can be provided by the Windows-integrated mechanism Windows Defender or Microsoft Security Essentials, is taken as 90% of blocked threats. The market leaders are usually fighting it out for a fraction of a percentage point in the range of 95-100%. Kaspersky Internet Security blocked 100% of the threats in the latest Real-World test.

AV-TEST
Until recently, AV-TEST certification was held once every two months and included three categories of tests: Protection, Repair, and Usability. Each of the three categories was scored from 1 to 6. A solution that got a total of 11 points or more received a certificate.

However, this year the tests have been altered and it has now become much easier to earn a certificate than before. Previously, such factors as the detection rate, the repair rate, the number of false positives and the level of system slowdown were taken into account. This year the Repair category has been withdrawn from testing and the minimal score for obtaining a certificate has been lowered to 10 points. That means an antivirus solution certified in 2013 may be unable to repair an infected system. Kaspersky Anti-Virus received the annual AV-TEST awards and certificates before the changes. Now it will be even easier for mediocre solutions, on par with student coursework, to be able to earn the test lab’s certification. You can find out more about the reasons for the changes to the certification rules in Eugene Kaspersky’s blog.

Dennis Technology Labs
British test lab headed by Simon Edwards has been specialized in a real world antivirus testing for a long time. Dennis Labs produces quarterly reports for different product categories – protection for home users, SOHO and large companies.

The certification methodology deserves special emphasis, as it was created in accordance with recommendations of AMTSO international association. There are a lot of factors affecting final rating: ability to detect malware, ability to treat infection, frequency of false positives. Each factor has its own weight and the final result quite accurately indicates the quality of the antivirus software in real world conditions.

Dennis Labs also diversified its competence by adding new tests – at the end of 2012 Dennis Labs started to test the functionality of corporate antiviruses application control.

Virus Bulletin
One of the oldest and most respected resources in the antivirus sphere, appearing in the form of a magazine since 1989, performs its own antivirus testing and awards its own VB100 certificates. Only solutions that detect 100% of infected samples and produce 0% false positives receive these certificates. Virus Bulletin conducts the “classic” rather than “real world” test; products evaluate a collection of files that includes a small number of current viruses. A good-quality product is quite capable of achieving the 100% result. For example, the April results show that 29 of 67 security solutions successfully passed testing. Unfortunately, the VB100 certification does not take into account the performance and the repair quality, which makes a full evaluation of a product impossible. A consumer has to bear in mind another feature of the VB100 award – the logo could be used in vendor’s marketing material even after one basic level certification. That is why we recommend using a handy results table, which provides a quick overview of a few of the last tests.

Other tests
We have only mentioned four popular laboratories that test antivirus software, but there are many others that carry out similar work, not to mention the tests performed by magazines and other sources of comparative information. These tests are very different in quality and completeness – as we’ve already mentioned, even the leading labs do not always aspire to the highest quality standards. Therefore, if you are interested in a particular test and its results we recommend you find out how it was conducted. Did all the leading antivirus vendors participate in it? How big was the test collection of clean and infected files? Were all the key quality factors of an antivirus solution taken into account? And finally, what sort of result earns the highest award? If more than a dozen solutions received the top award, it was obviously given out too easily.

The report examines the ways that online service providers respond to government requests for user-information held by a handful of well-known, widely relied upon, and influential Internet companies. The EFF bases this report on six yes or no categories of corporate data protection policy: do the companies in question require a warrant for content of communications? Do they tell users about government data requests? Do they publish transparency reports? Do they publish law enforcement guidelines? Do they fight for users’ privacy rights in courts? And finally, do they fight for users’ privacy in congress?

Only Sonic.net and Twitter received six stars, meaning they could honestly answer yes to all of these questions. Only Verizon received zero stars, meaning that their honest answer to all of these questions would have to be no, according to the EFF’s findings. Google appears to be the only company that regressed this year. In last year’s report, Google received a star for telling users about government requests for data. This year, Google introduced some ambiguous wording into their privacy policy by saying that they would notify users about government data requests “when appropriate,” and, consequently, the EFF did not give them a star in that category and the information in you Gmail inbox could be handled somewhat less transparently than in recent years.

As noted by the EFF, these are not the only ways that companies can stand up for users’ privacy, but they are significant benchmarks nonetheless and they are publically verifiable. The companies included in the EFF’s examination are, the Web-hosting and sales giant, Amazon; the world’s most valuable tech company, Apple; the cellular service providers, AT&T and Verizon; the Internet service providers, Comcast and Sonic.net; the online storage up-and-comers, Dropbox and Spideroak; the world’s most populous social network, Facebook; the check-in-based social network, Foursquare; the search and everything-else-internet-and-computer-related giants, Google and Microsoft; the professional’s social network, LinkedIn; the once-dominant social network, Myspace; the micro-blogging social sites, Twitter and Tumblr; the content management and blog-hosting provider, WordPress; and the recently-famous-for-not-letting-employees-telecommute, Yahoo. You can see how each of these companies fared in the image below:

It used to be the case that if the U.S. Government wanted access to information about its citizens as part of an investigation, prosecutors or police would need to acquire warrants from Judges granting them permission to conduct searches of the houses or offices of persons of interest. In certain cases, judges would grant warrants giving investigators permission to conduct wiretaps along with help from the telephone companies or monitor mail with the United States Parcel Service.

That was the twentieth century. Now we’re thoroughly engaged in the information age, and as the name of this latest period of human existence suggests, information about our lives is more diffuse than ever. In addition to wiretaps, mail-monitoring, and home and office seizures, investigators also gather evidence from the services used by suspects online. Unlike phone-tapping, physical searching and seizures, and the monitoring of mail, all of which are clearly regulated under U.S. law, there is no clear precedent protecting user communications of information stored online against unreasonable search and seizure.

The EFF is fighting to change this, but draconian laws like the patriot act, questionable interpretations of laws written when computers were the size of tennis courts, and other controversial surveillance initiatives like the National Security Administration’s warrantless wiretapping program make it so that consumer data is more susceptible to government interception than ever. The good news, according to the report, is that strong consumer protections against and transparency in regards to government data requests are trending toward the industry standard, particularly when it comes to companies informing customers when the government comes knocking.

There is an old saying that, “It’s bad to be right when the government is wrong.” So, as I have said before, if you are communicating information that runs afoul of your government’s laws or preference, you’ll need to be very careful, and should probably avoid these companies’ altogether.

There is another saying that goes, “If you’ve done nothing wrong then you have nothing to hide.” That’s nonsense. Just because you are not doing anything wrong doesn’t mean you’d be comfortable under the constant scrutiny of federal investigators.

Pragmatically though, most of us don’t have to worry about living under constant scrutiny or communicating information that puts our livelihood at risk. So what does this report mean to us relatively normal people? Well, our friends at the EFF are smart and judicious, and it does the Internet user in all of us well to listen when the EFF speaks. At the very least, we should read this report every year, and be aware of how the services we use protect our data. When possible, we should also give preference to companies that fight for our privacy rights in courts and congress, publishing guidelines for law enforcement and transparency reports. Beyond that, I think we should vote with our feet and be very reluctant to entrust our personal data to companies that don’t require warrants and don’t inform users about data requests.

No matter what we do, we should take to our respective pulpits, whether they are our personal blogs, social media platforms, comment boxes, or good old fashioned letters to our elected officials, urging all companies to follow the leads of Twitter and Sonic.net and do everything in their power to protect consumer data.

To protect your files from unsanctioned recovery, you can use the File Shredder function of Kaspersky PURE 3.0.

File Shredder supports deletion from local and removable drives. It’s possible to shred individual files and whole folders.

To delete your file permanently, Shredder uses industry-standard procedures – it overwrites your data multiple times by zeroes, ones and random symbols. Depending on the number of overwrite cycles, the speed and quality of deletion varies.

For typical personal information we suggest the quick delete method, which is more than enough to stop most hackers.

If you choose to delete system files and folders, File Shredder will ask for the extra confirmation.

You can explore the Additional Tools of Kaspersky PURE 3.0 here: http://support.kaspersky.com/9470.

According to a piece of research published last week by mobile forensics researcher, Richard Hickman of Decipher Forensics, “snaps” create and locally store what is called metadata (data about data), which could actually be used to recover expired Snapchat photos.

The technical explanation of Hickman’s research is fairly dry, but the gist of his work is that Snapchat stores just enough of this so-called metadata on user-phones that it is possible to rebuild Snapchat photos after they allegedly expire on Android devices. It’s not clear if the photos are recoverable on iOS devices or if Snapchat videos are recoverable. Hickman will need to do more research to determine is these are possible as well.

Obviously, Snapchat won’t last very long if it touts itself as a sender of non-permanent images and videos but actually sends fairly permanent photos and videos. I mean, really, what’s the purpose of a Snapchat without its photo deletion feature? It’s like drinking Four Loko after the Food and Drug Administration put stops to the whole alcoholic-energy-drink thing.

So what should you do? Well, for now, it’s pretty hard to recover expired Snapchat photos. The process is technically demanding and time-intensive and I doubt that any of your knucklehead friends will be able to do it. However, you should have in the past and should continue to assume moving forward that nothing that happens online is ever deleted. Again, assume there is no such thing as permanent deletion online and react with skepticism whenever someone claims that something can be permanently deleted online.

It obviously doesn’t really matter if a dumb picture of you and your friends is supposed to go away forever but doesn’t. It’s a vastly larger problem if you are trusting Snapchat to communicate highly sensitive information. In a recently published Kaspersky Daily piece, we speculated that, depending on its security, Snapchat could potentially be a good place to communicate secret information. We now know that that is a bad idea.

It’s well known that poorly implemented ‘HTTPS’ that can lead to data breaches is a ubiquitous security problem among mobile applications. Elcomsoft researchers also found that “Many password management apps offered on the market do not provide adequate level of security.”

The moral is this: if you are storing, sending, or trying to protect sensitive data, then you should not rely upon proprietary, non-standards based applications. There are plenty of good, secure communications channels out there, so don’t risk it.

Which can be a problem if you have kids. So how do you implement parental controls on your e-reading device lest it fall into the hands of your dangerously curious, Internet-savvy child? Let’s take a look at some of the features and setup protocols of the most popular e-readers out there right now.

• iPad: From the home screen, select ‘Settings.’ Scroll down and select ‘General,’ then ‘Restrictions.’ Follow the on-screen prompts, then select ‘Enable Restrictions.’ Enter your passcode here if it’s your first time doing this. Now you are in the control panel where you can choose the settings you prefer, adjusting the levels of access to all content including movies, music and apps. When these apps are disabled, they won’t appear when your child is logged in as him/herself. For more details on this setup process, check out this article.

• Nook: Parental controls on the Barnes & Noble Nook revolve around the creation and management of child profiles. So the first step is to create a unique profile for each of your children. Once you’ve done that, you then set the parental controls, including the ability to block access to the web browser, cutting off the ability to watch movies or preventing them from visiting the Nook store. The final step is to tailor your child’s profiles by setting their interests in the Nook. The whole process is not a complicated process, but it involves a few different steps, which are outlined excellently here.
  A passcode is a good barrier for strangers, especially if your device falls into the wrong hands.

• Kindle Fire: By now you’re realizing that the concepts here are largely the same — so are the basic movements of the setup process. A cool feature of the Kindle Fire is that by downloading the FreeTime app, parents get to choose not just the regular content restrictions but also the amount of time they want their child to spend using the device. For a full breakdown of setting the parental controls on the Kindle Fire, go here.

An important consideration for all parents regarding e-readers is whether or not your child has their own. If they do, make sure it is passcode enabled. If they lose their device, which will likely have personal information about their name, email address or physical address, that’s information that shouldn’t fall into the wrong hands. A passcode is a good barrier for strangers, though not an insurmountable one.

Additionally, whether it’s your or your child browsing on your e-reader, Internet browsing always brings along the danger that your device could become the target of attackers. While iPads can be protected with safe browsers  like those offered by Kaspersky for mobile devices, the best way to protect other devices is to use the various security apps offered for Kindles and Nooks.