Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday October 28 2015, @04:34AM   Printer-friendly
from the everybody-else-is dept.

Your antivirus software is watching you. A recent study shows that popular antivirus applications like Avast assign your computer a unique identifier and send a list of all web addresses you visit to the manufacturer. If the antivirus finds a suspicious document, it will send the document to the antivirus company. Yes, your antivirus company might have a list of web pages you've visited along with your sensitive personal documents!

http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf (PDF Download) pretty charts comparing a variety of specific data reporting between vendors and products, https://www.bof.nl/live/wp-content/uploads/Letter-to-antivirus-companies-.pdf (PDF download) I believe this is the original open letter which led to the charts PDF

"According to a top-secret GCHQ warrant renewal request written in 2008 and published today by The Intercept, the British spy agency viewed Kaspersky software as an obstruction to its hacking operations and needed to reverse engineer it to find ways to neutralize the problem. Doing so required obtaining a warrant."

https://s3.amazonaws.com/s3.documentcloud.org/documents/2106783/project-camberdada.pdf (PDF Download) purports to be a top secret document outlining the interception to malware reporting to AV providers

So - how valuable is an AV program? Is your AV transmitting data to the NSA? Does your AV provide a "backdoor" into your computer?

Much has been said about the advisability of running an AV on *nix. Much has been said about the inherent security of *nix. Right now, I'm somewhat happy/relieved that I am NOT running any proprietary antivirus programs.

Disclaimer: I am reading a fascinating work of fiction, which postulates that your antivirus shares data with the NSA. Given that postulation, I went looking for information. I'll be more than happy to disclose the title and author in the comments section - just ask!


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday October 28 2015, @04:49AM

    by Anonymous Coward on Wednesday October 28 2015, @04:49AM (#255438)

    Disclaimer: I am reading a fascinating work of fiction, which postulates that your antivirus shares data with the NSA. Given that postulation, I went looking for information. I'll be more than happy to disclose the title and author in the comments section - just ask!

    Do tell!

  • (Score: 3, Insightful) by Mr Big in the Pants on Wednesday October 28 2015, @05:40AM

    by Mr Big in the Pants (4956) on Wednesday October 28 2015, @05:40AM (#255448)

    "Avira prevents you from opening a potentially harmful website."

    lol.

    Harmful to their reputation perhaps??

    • (Score: 2, Disagree) by q.kontinuum on Wednesday October 28 2015, @10:23AM

      by q.kontinuum (532) on Wednesday October 28 2015, @10:23AM (#255496) Journal

      No, really dangerous. The site tries to discourage usage of virus scanners, which, obviously, is deeply problematic.

      --
      Registered IRC nick on chat.soylentnews.org: qkontinuum
      • (Score: 2) by bugamn on Thursday October 29 2015, @11:19PM

        by bugamn (1017) on Thursday October 29 2015, @11:19PM (#256265)

        But does the site really present malicious software, or are only its ideas that can be problematic?

  • (Score: 1, Offtopic) by aristarchus on Wednesday October 28 2015, @05:47AM

    by aristarchus (2645) on Wednesday October 28 2015, @05:47AM (#255451) Journal

    Microsoft Problems!!! Hey, for the first time I did not put the $ in Micro$oft! Only a Fine Article like this could make me do it.

  • (Score: 5, Funny) by jasassin on Wednesday October 28 2015, @06:06AM

    by jasassin (3566) <jasassin@gmail.com> on Wednesday October 28 2015, @06:06AM (#255453) Homepage Journal

    I hope not! On my system I'm currently using Bitdefender Antivirus Plus, Kapersky Anti-Virus, McAfee AntiVirus Plus, Norton Security, Trend Micro Antivirus + Security, Avira Antivirus Pro, BullGuard Antivirus, eScan Anti-Virus, Zonealarm Antivirus + Firewall, and G Data AntiVirus. It only takes my system an hour and a half to boot, but until now I was feeling pretty fucking secure!

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
    • (Score: 2) by Runaway1956 on Wednesday October 28 2015, @06:10AM

      by Runaway1956 (2926) Subscriber Badge on Wednesday October 28 2015, @06:10AM (#255454) Journal

      All of them running in real time? You must have a fast computer if you can boot up in 1 1/2 hours!

      • (Score: 4, Funny) by Anonymous Coward on Wednesday October 28 2015, @01:57PM

        by Anonymous Coward on Wednesday October 28 2015, @01:57PM (#255583)

        I run the Windows port of systemd so they all start up in parallel.

  • (Score: 1, Informative) by Anonymous Coward on Wednesday October 28 2015, @06:13AM

    by Anonymous Coward on Wednesday October 28 2015, @06:13AM (#255456)

    but some of the anti-malware programs too... these can be anti-rootkit, anti-spyware, etc.

    some of these programs ship with "share x,y,z data" enabled by default! Or "join the x,y,z network" - look for both!

    the open source antivirus program ClamWin for Windows and clamav for Linux may not have the best
    detection rates, but both have found some trojans/rootkits where some others have failed. False positives? Maybe, but
    unlikely, especially if you tear apart the executable, research strings, etc.

    a good resource is: http://www.kernelmode.info [kernelmode.info]

    • (Score: 1, Informative) by Anonymous Coward on Wednesday October 28 2015, @01:05PM

      by Anonymous Coward on Wednesday October 28 2015, @01:05PM (#255556)

      Maybe but unlikely? I want some of that cool aid. Clam's FP rate is absurd.

    • (Score: 1) by SDRefugee on Wednesday October 28 2015, @01:33PM

      by SDRefugee (4477) on Wednesday October 28 2015, @01:33PM (#255568)

      I gave up using Windows in 2010, when I retired after a nearly 25 year career of cleaning up after Windows (and its users). The ONLY Linux I currently run with any kind
      of AV is my mail server, with ClamAV. After reading some of the traffic analysis done on Windows 10, I feel I REALLY dodged a bullet by leaving the MS ecosystem.

      --
      America should be proud of Edward Snowden, the hero, whether they know it or not..
  • (Score: 0) by Anonymous Coward on Wednesday October 28 2015, @07:12AM

    by Anonymous Coward on Wednesday October 28 2015, @07:12AM (#255466)

    Actions sound about the same. And of course, you only need one on a legacy malware operating system so...

  • (Score: 4, Insightful) by lentilla on Wednesday October 28 2015, @07:51AM

    by lentilla (1770) on Wednesday October 28 2015, @07:51AM (#255475)

    The only thing that would surprise me is if antivirus software was NOT tracking you.

    Runaway1956 mentions a work of fiction in his submission, so I'll match it with one of mine! I've just finished re-reading Heinlein's "The Moon Is a Harsh Mistress". Germane to this discussion and that book: TANSTAAFL - There Ain't No Such Thing As A Free Lunch!

    Of course antivirus software is likely tracking you - and those that are not yet are ripe to be considered "incompletely monetised". This applies equally to "free" and paid-for antivirus. Paying for something in this era should be considered a "sticker price" at best - the old assumptions that "cash on the barrel-head" in exchange for a product are long gone. Now we pay the sticker price and companies continue to monetise our product long after the transaction has been completed.

    • (Score: -1, Troll) by Anonymous Coward on Wednesday October 28 2015, @11:54AM

      by Anonymous Coward on Wednesday October 28 2015, @11:54AM (#255519)

      Runaway1956 is a loud mouth closet queer.

      • (Score: -1, Offtopic) by Anonymous Coward on Wednesday October 28 2015, @12:54PM

        by Anonymous Coward on Wednesday October 28 2015, @12:54PM (#255545)

        Tell us how you really feel.

  • (Score: 3, Interesting) by wonkey_monkey on Wednesday October 28 2015, @08:21AM

    by wonkey_monkey (279) on Wednesday October 28 2015, @08:21AM (#255478) Homepage

    Yes, your antivirus company might have a list of web pages you've visited along with your sensitive personal documents!

    And does it, by any chance, tell you it's going to do this when you install it?

    --
    systemd is Roko's Basilisk
    • (Score: 1) by ewk on Wednesday October 28 2015, @12:00PM

      by ewk (5923) on Wednesday October 28 2015, @12:00PM (#255521)

      If so already, most likely on page X of an Y pages sized EULA (with X = Y, for sufficient large values of X and Y) that nobody reads anyway.
      And even if they do not tell: the non-validity of click-through agreements works both ways... doesn't it? :-)

      --
      I don't always react, but when I do, I do it on SoylentNews
      • (Score: 2) by joshuajon on Wednesday October 28 2015, @03:38PM

        by joshuajon (807) on Wednesday October 28 2015, @03:38PM (#255635)

        I think it's more a matter of end users not understanding that in order for these types of "web reputation" filters to work the software would necessarily have to transmit URLs back to the manufacturer. There's no other way for them to build the database of URLs. So unaware end users enable the feature and then feel their privacy was violated because they didn't understand how it worked.

        • (Score: 1) by ewk on Thursday October 29 2015, @09:43AM

          by ewk (5923) on Thursday October 29 2015, @09:43AM (#255947)

          Uploading just URL's by themselves are fine... Feeding the masterbase is needed.
          URL's combined with a UNIQUE identifier (identifying my computer or computer/user-combo) are not.

          --
          I don't always react, but when I do, I do it on SoylentNews
    • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @04:05AM

      by Anonymous Coward on Thursday October 29 2015, @04:05AM (#255877)

      I think that's covered by the "we own your soul" clause in the license.

  • (Score: 1) by TechieRefugee on Wednesday October 28 2015, @01:51PM

    by TechieRefugee (5665) on Wednesday October 28 2015, @01:51PM (#255579)

    Surprising that Comodo hasn't been listed, as it's something I've been recommending for all of my Windows user family. I'm not sure whether that's a good or a bad thing.

    ...ah hell, let's be honest; Comodo is probably doing it as well.

  • (Score: 5, Insightful) by ledow on Wednesday October 28 2015, @04:28PM

    by ledow (5567) on Wednesday October 28 2015, @04:28PM (#255669) Homepage

    "Let's allow a program with administrative privileges, which regularly scans and indexes every file on your hard disk / network for patterns, which can upload examples to the cloud, acts on signatures and heuristics updates sent to it by its manufacturer every single day, and which the user EXPECTS to listen in on all their Internet traffic, every file they open, whenever they open it, etc. and which has carte blanche to decide what other programs can and cannot run (and which does not co-operate nicely with any competing software trying to see what IT is doing)"

    Because THAT'S the way that we'll stay secure and nobody will get their hands on our data.

    It bugs me that for decades people have not considered this.