{"id":11178,"date":"2022-12-12T17:21:20","date_gmt":"2022-12-12T14:21:20","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11178"},"modified":"2022-12-12T17:21:20","modified_gmt":"2022-12-12T14:21:20","slug":"is-avast-safe","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/is-avast-safe\/11178\/","title":{"rendered":"Avast’\u0131 2023’te Kullanmak G\u00fcvenli mi?"},"content":{"rendered":"

Art\u0131k \u00e7ok uluslu bir \u015firket olan Gen Digital b\u00fcnyesinde yer alan Avast, vir\u00fcslerle ve ba\u015fka tehditlerle sava\u015fan etkili g\u00fcvenlik \u00e7\u00f6z\u00fcmleri sunma konusunda iyi bir itibara sahip. Peki ama bu \u00e7\u00f6z\u00fcmler ne kadar g\u00fcvenli ve g\u00fcvenilir? Bu yaz\u0131m\u0131zda, baz\u0131 kullan\u0131c\u0131lar\u0131n Avast\u2019tan neden \u015f\u00fcphelendi\u011fine ve bu geli\u015ftiricinin \u00fcr\u00fcnlerine yine de g\u00fcvenip g\u00fcvenemeyece\u011finize g\u00f6z ataca\u011f\u0131z.<\/p>\n

Avast g\u00fcvenli mi?<\/h2>\n

Avast \u00e7\u00f6z\u00fcmleri, d\u00fcnyan\u0131n her yerinden milyonlarca kullan\u0131c\u0131 aras\u0131nda olduk\u00e7a pop\u00fclerdir. Ba\u011f\u0131ms\u0131z uzmanlar da bu \u00e7\u00f6z\u00fcmleri iyi de\u011ferlendirmektedir: \u00d6rne\u011fin 2022\u2019nin 2. \u00c7eyre\u011fi i\u00e7in yap\u0131lan SE Labs testinde<\/a> Avast yaz\u0131l\u0131m\u0131, tehditlerin %98\u2019ini alg\u0131lam\u0131\u015ft\u0131r. Bu oran, birincili\u011fi payla\u015fan Kaspersky ve McAfee\u2019nin (tehditlerin %100\u2019\u00fcn\u00fc alg\u0131lam\u0131\u015flard\u0131r) \u00e7ok az gerisindedir. Bununla birlikte Avast, y\u0131llar i\u00e7inde birtak\u0131m naho\u015f olaylar da ya\u015fam\u0131\u015f, bu da bir\u00e7ok kullan\u0131c\u0131 ve uzman\u0131n, Avast \u00e7\u00f6z\u00fcmlerinin ne kadar g\u00fcvenilir oldu\u011funu<\/strong> sorgulamas\u0131na neden olmu\u015ftur.<\/p>\n

Avast g\u00fcvenlik sorunlar\u0131<\/h2>\n

Avast, kullan\u0131c\u0131lar\u0131n\u0131 bir\u00e7ok kez hayal k\u0131r\u0131kl\u0131\u011f\u0131na u\u011fratm\u0131\u015ft\u0131r. 2017\u2019de iki milyondan fazla<\/strong> insan, \u015firketin \u00e7\u00f6z\u00fcmlerinden birisi olan CCleaner\u2019\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015fm\u0131\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc indirmi\u015ftir<\/a>.<\/p>\n

Avast i\u00e7in 2019 y\u0131l\u0131 daha da talihsiz ge\u00e7mi\u015ftir. S\u00f6z konusu y\u0131lda \u015firket, amac\u0131 muhtemelen yine CCleaner\u2019a eri\u015fim sa\u011flamak olan yetkisiz ki\u015filer taraf\u0131ndan kurum i\u00e7i a\u011f\u0131n\u0131n tehlikeye at\u0131ld\u0131\u011f\u0131n\u0131 bildirmi\u015ftir<\/a>. Fakat \u015firketin 2019\u2019daki sorunlar\u0131 bununla da bitmemi\u015ftir. K\u0131sa bir s\u00fcre sonra ba\u011f\u0131ms\u0131z uzmanlar, Avast taray\u0131c\u0131 eklentilerinin kullan\u0131c\u0131 verilerini, koruma i\u00e7in gerekenden \u00e7ok daha fazla \u015fekilde, kullan\u0131c\u0131lar\u0131n bilgisi olmaks\u0131z\u0131n toplad\u0131\u011f\u0131n\u0131 ortaya \u00e7\u0131karm\u0131\u015ft\u0131r<\/a>.<\/p>\n

2020\u2019nin ba\u015flar\u0131nda ise Avast\u2019\u0131n kullan\u0131c\u0131 verilerini i\u015ftiraki olan Jumpshot ile payla\u015ft\u0131\u011f\u0131, Jumpshot\u2019\u0131n ise bu verileri daha sonra b\u00fcy\u00fck \u015firketlere satt\u0131\u011f\u0131 bildirilmi\u015ftir<\/a>.<\/p>\n

Antivir\u00fcs yaz\u0131l\u0131m\u0131n\u0131n etkili \u015fekilde \u00e7al\u0131\u015fmas\u0131 i\u00e7in ilgili cihaza ve i\u015fletim sistemine tam eri\u015fiminin olmas\u0131 gerekir (aksi takdirde vir\u00fcsleri ve di\u011fer tehditleri alg\u0131lay\u0131p etkisiz hale getiremez). Ayr\u0131ca, veri tabanlar\u0131n\u0131 g\u00fcncel tutabilmesi i\u00e7in sunucularla s\u00fcrekli ileti\u015fim halinde olmas\u0131 gerekir. Bu nedenle, antivir\u00fcs se\u00e7erken itibar\u0131na dikkat etmek \u00e7ok \u00f6nemlidir.<\/p>\n

Avast, cihaza kurulduktan sonra \u00e7ok miktarda kullan\u0131c\u0131 verisine eri\u015fim sa\u011flar. \u015eu ana kadar \u015firket taraf\u0131ndan etik d\u0131\u015f\u0131 bir tav\u0131r sergilendi\u011fine ya da \u00fcr\u00fcnlerinin g\u00fcvensiz oldu\u011funa dair bir kan\u0131t ortaya koyulmam\u0131\u015f olsa da, y\u0131llar i\u00e7inde belirli say\u0131da olay ya\u015fanmas\u0131, Avast \u00e7\u00f6z\u00fcmlerine g\u00fcvenip g\u00fcvenmeme konusunda kullan\u0131c\u0131lar\u0131 \u015f\u00fcpheye d\u00fc\u015f\u00fcr\u00fcyor.<\/p>\n

CCleaner\u2019da k\u00f6t\u00fc ama\u00e7l\u0131 kod<\/h3>\n

Temmuz 2017\u2019de Avast, yukar\u0131da s\u00f6z\u00fc ge\u00e7en CCleaner\u2019\u0131 geli\u015ftiren Britanyal\u0131 \u015firket Piriform\u2019u sat\u0131n alm\u0131\u015ft\u0131r<\/a>. Pop\u00fcler bir PC optimizasyon ve bak\u0131m \u00e7\u00f6z\u00fcm\u00fc olan CCleaner toplamda iki milyardan fazla indirilmi\u015ftir (2016 verileri).<\/p>\n

Bundan k\u0131sa bir s\u00fcre sonra, 15 ve 24 A\u011fustos tarihlerinde \u00fcr\u00fcn\u00fcn yeni s\u00fcr\u00fcmleri kullan\u0131ma sunulmu\u015ftur: CCleaner 5.33.6162 ve CCleaner Cloud 1.7.0.3191. Eyl\u00fcl ay\u0131nda ise Cisco Talos<\/a> ve Morphisec<\/a> uzmanlar\u0131, bu yaz\u0131l\u0131m\u0131n kurulum dosyalar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 kod bulmu\u015ftur. Etkilenen \u00e7\u00f6z\u00fcmler ge\u00e7erli dijital sertifikalarla imzalanm\u0131\u015f, do\u011frudan CCleaner\u2019\u0131n resmi sunucusunda bulunmu\u015ftur.<\/p>\n

Yap\u0131lan detayl\u0131 incelemeler<\/a> sonucunda sald\u0131r\u0131n\u0131n karma\u015f\u0131k oldu\u011fu ve en az \u00fc\u00e7 a\u015famadan meydana geldi\u011fi anla\u015f\u0131lm\u0131\u015ft\u0131r. Birinci a\u015famada, k\u00f6t\u00fc ama\u00e7l\u0131 koddan etkilenen CCleaner yaz\u0131l\u0131m\u0131 iki milyondan fazla kullan\u0131c\u0131 taraf\u0131ndan indirilmi\u015ftir. Sonras\u0131nda, komuta ve kontrol sunucusunda \u00e7al\u0131\u015fan bir komut, sahiplerinin b\u00fcy\u00fck IT \u015firketlerinde \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6steren alan adlar\u0131na sahip cihazlar\u0131 se\u00e7mi\u015ftir. Bu \u015fekilde, ikinci a\u015famada 40 bilgisayar se\u00e7ilmi\u015ftir<\/a>. Siber su\u00e7lular, bu 40 cihaz aras\u0131ndan (muhtemelen manuel olarak) ilgilerini en \u00e7ok \u00e7eken d\u00f6rt hedef bilgisayar\u0131 se\u00e7mi\u015ftir.<\/p>\n

\u00dc\u00e7\u00fcnc\u00fc a\u015fama: Ard\u0131ndan bu d\u00f6rt cihaza, ShadowPad<\/a>\u2018in de\u011fi\u015ftirilmi\u015f bir versiyonunu kurmu\u015flard\u0131r. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m sayesinde sald\u0131rganlar, kurbanlar\u0131n\u0131n cihazlar\u0131na gizlice uzaktan eri\u015fme imkan\u0131 elde etmi\u015flerdir. Uzmanlar daha sonra, sald\u0131r\u0131n\u0131n arkas\u0131nda \u00c7inli grup Axiom\u2019un (APT17) oldu\u011funu \u00f6ne s\u00fcrm\u00fc\u015ft\u00fcr<\/a>.<\/p>\n

Vurgulanmas\u0131 gereken \u00f6nemli nokta \u015fudur: Piriform\u2019un sunucular\u0131nda siber su\u00e7a dair ilk i\u015faretler Nisan 2017\u2019ye, yani Avast taraf\u0131ndan sat\u0131n al\u0131nmas\u0131ndan \u00fc\u00e7 ay \u00f6ncesine<\/a> dayanmaktad\u0131r. Sald\u0131r\u0131 tespit edildikten sonra Avast derhal bir g\u00fcncelleme yay\u0131mlam\u0131\u015f<\/a>, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n sertifikas\u0131n\u0131 iptal etmi\u015f ve sald\u0131r\u0131n\u0131n ikinci a\u015famas\u0131ndan etkilenen herkesle irtibat kurmu\u015ftur<\/a>.<\/p>\n

\u0130hmal edilen bir VPN \u00fczerinden sald\u0131r\u0131<\/h3>\n

May\u0131s 2019\u2019da siber su\u00e7lular, iki fakt\u00f6rl\u00fc kimlik do\u011frulama i\u015flevi olmayan ge\u00e7ici bir VPN profili kullanarak Avast\u2019\u0131n kurum i\u00e7i a\u011f\u0131na s\u0131zm\u0131\u015ft\u0131r<\/a>. Bundan d\u00f6rt ay sonra Avast\u2019\u0131n uzmanlar\u0131, \u015firket a\u011f\u0131nda \u015f\u00fcpheli faaliyet tespit etmi\u015f<\/a> ve alarma ge\u00e7mi\u015ftir.<\/p>\n

\u015eirket derhal kolluk kuvvetleriyle ileti\u015fime ge\u00e7mi\u015f ve soru\u015fturma ba\u015flatm\u0131\u015ft\u0131r. Siber su\u00e7lular\u0131n, farkl\u0131 kullan\u0131c\u0131lar\u0131n muhtemelen \u00e7al\u0131nt\u0131 olan kimlik bilgilerini kullanarak, bir VPN \u00fczerinden \u015firketin a\u011f\u0131na ba\u011flanmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 ortaya \u00e7\u0131km\u0131\u015ft\u0131r. Ele ge\u00e7irilen ve sonunda a\u011fa eri\u015filebilmesine neden olan hesap, etki alan\u0131 y\u00f6neticisi ayr\u0131cal\u0131klar\u0131na sahip de\u011fildir fakat sald\u0131rganlar, kendi haklar\u0131n\u0131 bu seviyeye getirebilmeyi ba\u015farm\u0131\u015ft\u0131r.<\/p>\n

Soru\u015fturman\u0131n ard\u0131ndan Avast, iki y\u0131l \u00f6ncesinde oldu\u011fu gibi olas\u0131 hedef olarak CCleaner\u2019\u0131 g\u00f6stermi\u015ftir. Ayr\u0131ca bu tekrar niteli\u011findeki sald\u0131r\u0131n\u0131n, ge\u00e7ici VPN profilinin \u201cyanl\u0131\u015fl\u0131kla aktif durumda b\u0131rak\u0131lmas\u0131\u201d sayesinde m\u00fcmk\u00fcn oldu\u011fu ortaya \u00e7\u0131km\u0131\u015ft\u0131r.<\/p>\n

Avast, sald\u0131r\u0131n\u0131n tespitinden sonra CCleaner g\u00fcncellemeleri yay\u0131mlamay\u0131 ask\u0131ya alm\u0131\u015ft\u0131r. Bir aydan k\u0131sa s\u00fcre sonra \u015firket, \u00e7\u00f6z\u00fcm\u00fcn yeni bir sertifikayla imzalanm\u0131\u015f \u201ctemiz\u201d bir g\u00fcncellemesini yay\u0131mlam\u0131\u015f ve \u00f6nceki versiyonlar\u0131 imzalamak i\u00e7in kullan\u0131lan sertifikay\u0131 iptal etmi\u015ftir. Avast, bu olay sonucunda kullan\u0131c\u0131lar\u0131n hi\u00e7bir \u015fekilde zarar g\u00f6rmedi\u011fini \u00f6ne s\u00fcrmektedir.<\/p>\n

Fazla merakl\u0131 eklentiler<\/h3>\n

Ne yaz\u0131k ki Avast, g\u00fcvenli\u011fin yan\u0131 s\u0131ra kullan\u0131c\u0131 verilerinin gizlili\u011fi konusunda da birtak\u0131m tats\u0131z olaylar ya\u015fam\u0131\u015ft\u0131r. 2019 y\u0131l\u0131nda siber g\u00fcvenlik uzman\u0131 Vladimir Palant; Avast Online Security, Avast SafePrice, AVG Online Security ve AVG SafePrice eklentilerinin (birka\u00e7 y\u0131l \u00f6nce Avast taraf\u0131ndan sat\u0131n al\u0131nan bir ba\u015fka \u00c7ek antivir\u00fcs geli\u015ftiricisi<\/a> taraf\u0131ndan geli\u015ftirilmi\u015ftir), kullan\u0131c\u0131lar\u0131n \u00e7evrimi\u00e7i aktiviteleriyle ilgili olarak gere\u011finden \u00e7ok daha fazla miktarda veri toplay\u0131p \u015firketin sunucular\u0131na g\u00f6nderdi\u011fini \u00f6ne s\u00fcrm\u00fc\u015ft\u00fcr<\/a>.<\/p>\n

\u015eirket taraf\u0131ndan toplanan bilgiler, kullan\u0131c\u0131lar\u0131n hangi siteleri ziyaret etti\u011fini ve neleri aratt\u0131klar\u0131n\u0131 tespit etmek i\u00e7in yeterlidir. Palant ayn\u0131 zamanda bu verilerin kullan\u0131larak kullan\u0131c\u0131lar\u0131n bir siteyi ne kadar s\u00fcreyle g\u00f6r\u00fcnt\u00fclediklerinin, nelere t\u0131klad\u0131klar\u0131n\u0131n ve ne zaman ba\u015fka bir taray\u0131c\u0131 penceresine ge\u00e7tiklerinin anla\u015f\u0131labilece\u011fini de bildirmi\u015ftir.<\/p>\n

Palant\u2019\u0131n bu if\u015fas\u0131 kamuda ciddi itirazlara sebep olmu\u015f, bunun sonucunda da Avast eklentileri Chrome, Opera ve Firefox\u2019un resmi ma\u011fazalar\u0131ndan kald\u0131r\u0131lm\u0131\u015ft\u0131r<\/a>. Ancak \u015firket, kullan\u0131c\u0131lar\u0131n\u0131 veri toplama konusunda uyarlamaya ba\u015flad\u0131ktan ve toplad\u0131\u011f\u0131 bilgi miktar\u0131n\u0131 ciddi \u015fekilde azaltt\u0131ktan sonra, Avast eklentileri s\u00f6z konusu ma\u011fazalara tekrar kabul edilmi\u015ftir<\/a>.<\/p>\n

Kullan\u0131c\u0131 verilerinin sat\u0131lmas\u0131<\/h3>\n

2020 y\u0131l\u0131n\u0131n ba\u015flar\u0131nda Avast, kullan\u0131c\u0131 verilerinin gizlili\u011fine ili\u015fkin olarak kendini bir ba\u015fka skandal\u0131n ortas\u0131nda bulmu\u015ftur. Bu sefer, \u00e7evrimi\u00e7i ortamda s\u0131zd\u0131r\u0131lan belgelere dayal\u0131 olarak PCMag<\/em> ve Motherboard<\/em> taraf\u0131ndan yap\u0131lan ortak ara\u015ft\u0131rmada<\/a> Avast, kullan\u0131c\u0131lar\u0131n taray\u0131c\u0131 ge\u00e7mi\u015fini almak ve i\u015ftiraki Jumpshot arac\u0131l\u0131\u011f\u0131yla bu bilgileri b\u00fcy\u00fck \u015firketlere satmakla su\u00e7lanm\u0131\u015ft\u0131r.<\/p>\n

PC Mag<\/em> ve Motherboard <\/em>taraf\u0131ndan g\u00f6r\u00fclen \u201ckullan\u0131c\u0131 dosyalar\u0131ndan\u201d baz\u0131lar\u0131:<\/p>\n