PRAGUE--Avast isn't content with merely 130 million active Windows users. In addition to expanding its security offerings for the PC, the company plans to move at least some of its threat definitions to the cloud, while introducing a personal VPN and debuting an Android app with some features only for rooted phones.
Avast Chief Technical Officer Ondrej Vlcek spoke to CNET during a recent tour of the company's virus lab about what the company had planned. Vlcek, who has been with Avast for 16 years and wrote the company's first Windows product, said that Avast looks to leverage its community data to develop better software for businesses as well as attract even more home consumers. "In the next few months, we'll be coming out with some extra products not included in the suite, such as online backup, password management, and identity protection," Vlcek said.
Given Android's skyrocketing marketshare, it's not surprising that Avast is working on an Android security app, too. What's interesting is that Avast is aiming specifically for users who have rooted their phones. "Rooted phones are more prone to certain kinds of attacks," said Vlcek, "because they are more able to run a wider range of programs. We consider people with rooted phones higher-risk users, and so they need more security. Fifteen [percent] to 20 percent of Android phones are rooted, including the Nexus which comes rooted."
He wouldn't reveal what the root-specific features Avast is considering are, but he did mention the app's basics. These included the company's antivirus engine, anti-theft and phone tracking, a contacts filter, and parental locks. A backup feature has yet to be settled on, he said, "because there's a big difference between a contacts list backup and backing up media files and apps." The company is also considering tying its WebRep engine for search result ratings and verification to the Android app. Vlcek wouldn't commit to a specific month for release, either, only saying that it would arrive sometime in the fourth quarter and be completely free.
The most unusual feature that Avast will soon offer, however, is a personal VPN for both desktops and mobile. "It's a bit risky for us because we don't know how heavily people will be using it," Vlcek said. "But because of the insecurity of open, public Wi-Fi, where somebody can copy your session cookie and log on, we had to make people safer." The VPN solution will create a secure tunnel through which people can send data without fear of being tracked by an ISP or government, or having their computer or phone hacked.
Avast's virus lab relies on robust community
"The Digital Millennium Act mandates ISPs to keep logs of everything for some time, and some people are not comfortable with that. We encrypt everything that goes through the ISP and then it's unencrypted after it passes through," he said. The VPN will support multiple secure protocols, including PPPT, OpenVPN, SSL, and L2TP. A new companion VPN client for desktops and smartphones will help users configure the VPN, Vlcek said, and there won't be any bandwidth limitations.
He also noted, with a smile, that it will also allow country IP address spoofing to one of 17 countries in North America, Europe, or Asia. Vlcek wasn't concerned about how useful it would be to people living in countries with restrictive Internet policies. "The Chinese officials won't try to block it because they know that business people need it for travel," he said.
He wouldn't make the timeline for release of the VPN public, but Vlcek did say that it would be a paid product "with yearly and monthly plans, in the ballpark of $50 year." Avast Chief Executive Officer Vince Steckler said the company plans to start with the long-duration subscriptions but wants to move into micropayments so people can use the VPN on a per-session basis.
Vlcek went on to talk about what's coming in the 2012 Avast suite, due next February. Avast will be moving at least some of its threat definitions to the cloud, following many of its competitors such as Symantec, Trend Micro, Microsoft, and Panda. Vlcek said that Avast's cloud-based detection will be better because of the number of active Avast users, which is more than 130 million people. "With our user base, we have the potential to have a much stronger cloud than anybody else."
Additionally, Avast is looking at running your browser in its auto-sandbox by default. "Since just after the release of version 5, we haven't seen anything bypass the sandbox," Vlcek said.
Speaking of older versions of Avast, Vlcek also revealed some interesting numbers about which versions of the program people are using. It turns out, Internet Explorer and Firefox aren't the only programs struggling with version creep. About 60 percent of the active user base is on version 6, the current version, he said, but there are still about 15 percent of active users on version 4. "These are mainly people running a cracked, pirated license. We actually converted about 1 million users to version 6 free by circulating a 'license key' and passively upgrading them," Vlcek said.
Avast has plans to compete with more feature-heavy paid security suites, too. Users will soon be able to get online backup and password management solutions from Avast. The company has licensed Mozy to provide an Avast-branded online backup option, said Vlcek, with "no real changes" to Mozy's license or fees.
Roboform will provide Avast's password management tool, for about $10 a year. "We didn't use LastPass because they weren't very flexible about third parties," said Vlcek. "The goal is to provide a low-cost password manager that we think our free users will enjoy."
Vlcek said both the password manager and the online backup solutions will be available around before the end of the summer.