{"id":9691,"date":"2015-06-27T19:00:21","date_gmt":"2015-06-27T23:00:21","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=9691"},"modified":"2015-06-27T19:00:21","modified_gmt":"2015-06-27T23:00:21","slug":"can-you-trust-your-antivirus-software","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/can-you-trust-your-antivirus-software\/","title":{"rendered":"Can you trust your antivirus software"},"content":{"rendered":"

We found the following article by Emsisoft very interesting. We’ve seen evidence that some free antivirus programs like AVG and Avast are edging dangerously close to becoming spyware and PUPs. This is extremely disturbing because the essence of security is the expectation or privacy and trust.\u00a0<\/em><\/p>\n

We are publishing the following Emsisoft article with the permission of our friends at Emsisoft.
\n<\/em><\/p>\n

\n

Antivirus software: Protecting your files, at the price of your privacy?<\/h1>\n
In Emsisoft Lab<\/a>, Emsisoft News<\/a>, Security Knowledge<\/a> by Emsi<\/a> on June 26, 2015 | Fran\u00e7ais<\/a>, English, Deutsch<\/a><\/div>\n

\u201cPrivacy\u201d is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively.<\/em><\/strong> [Wikipedia]<\/p><\/blockquote>\n

We have to make a statement here: Privacy is important. Period.<\/h3>\n

Large companies and governments unfortunately tend to disagree with us\u00a0these days. They want to make us believe that security and comfort always come at the price of privacy. We think that the risks for potential misuse of collected mass data always outweighs any argument for the advantages of gained functionality that is based on big data analysis.<\/p>\n

Only a few\u00a0people are aware that one of the biggest threats to their privacy is actually a piece of software running on almost all computers. A software they have bought believing it would actually protect their data: antivirus software.<\/p>\n

Antivirus features that rely on techniques which affect your privacy<\/h2>\n

There are a couple of highly questionable features in everyday\u2019s protection software that we\u2019d like to analyze a bit more in detail:<\/p>\n

1)\u00a0Scanning and blocking of dangerous\u00a0URLs<\/h3>\n

Almost all internet security products claim to prevent you from accessing\u00a0dangerous and fraudulent websites to keep you safe from malware downloads and fraud attempts. To do that, they typically forward all website addresses you visit\u00a0to a centralized server which scans the domain names\u00a0and paths against a massive database of dangerous URLs.<\/p>\n

You may ask why these scans can\u2019t be done on your local computer. The reason behind this requires a bit of technical knowledge: to check\u00a0addresses locally would require the whole database to be\u00a0constantly transferred and synchronized via online updates onto your computer. The problem with that approach is that there are literally millions of known bad website addresses that\u00a0change very frequently.\u00a0Online updates of protection software would become far too heavy for most users and every day hundreds of megabytes of data would need to be updated, which is simply impractical. That\u2019s why it is more efficient to send each visited address to a server who does all the work and just returns a \u201csafe\u201d or \u201cdangerous\u201d flag.<\/p>\n

The bad thing about this technology is that the antivirus vendor can track ALL your visited websites<\/strong>. Even worse: some vendors can read encrypted data\u00a0that you enter on\u00a0online banking websites or other private communication\u00a0channels. These massive database servers are of course protected at the highest level, but history shows us that data is never 100% safe. Just think for a second about what would happen if that antivirus vendor lost control over their servers for any reason, and what would happen if your surfing habits were shared with criminals.<\/p>\n

2) Cloud based\u00a0file scanning<\/h3>\n

A few years ago, any software company who didn\u2019t join the \u201ccloud\u201d hype was considered lame and old-school. There is no doubt that cloud computing\u2014which means shifting heavy computing jobs from the local PC to a server \u2018somewhere\u2019\u2014can be a very useful thing to speed things up. Since the early days of antivirus software, file scanning\u00a0is typically done on the local computer. Antivirus vendors create a database of fingerprints\/signatures of viruses and other threats, then send that collection of unique markers to the antivirus software on your computer where it compares all local files with each of those signatures.<\/p>\n

\"11863156_s\"<\/a>Cloud scanning sort of reverses that process. It creates signatures of all potentially suspicious files on your hard disk and uploads them to cloud servers where these signatures are scanned against a large database of known threats. Signatures\u00a0are typically short sequences of letters and numbers, so they don\u2019t allow any antivirus vendor to restore your file content. Though they know which programs you run on your PC if the same pattern was seen before and other meta data can be linked to the data set.<\/p>\n

Many antivirus vendors go one step further: They don\u2019t just upload a unique file identifier, they upload the whole file so it can be analyzed on a cloud server. For program files that typically doesn\u2019t mean any danger, but has any antivirus vendor ever published their rules for selecting files that are to be uploaded? You are forced to blindly trust that\u00a0they don\u2019t send any of your private data files.<\/p>\n

3) Collecting the computer\u2019s meta data<\/h3>\n

Sometimes, collecting meta data about a computer can even be more helpful\u00a0than collecting data files. Meta data describes all sorts of information such as\u00a0computer name, user logon name, IP address, country, operating system, running programs, their version numbers, hardware components or similar. Collecting and combining\u00a0these data points allows someone to sketch a quite precise picture of each computer and derive a certain level\u00a0of exposure to online threats.<\/p>\n

But that data also reveals a lot about the person sitting in front of the PC. Combining data\u00a0can tell which software you have\u00a0used for how long. Where you live, what your areas of interest are, your age group, how much you spend on hardware, etc.<\/p>\n

AV-Comparatives<\/a>, a well respected security software testing organization, conducted an analysis of Data Transmission in Internet Security Products<\/a> in 2014. A quick overview of their findings:<\/p>\n