Avast Antivirus Was Spying On You with Adware (Until This Week)

Fantastic advice, you don't even know the name of the AV you are recommending. FYI it's Qihoo.

http://www.theverge.com/2014/10/20/7013409/china-is-staging-a-nationwide-attack-on-icloud

"Because the attack is taking place at the level of the Great Firewall, it seems likely that this is an attack by Chinese authorities meant to harvest usernames and passwords.

...

If you're using Firefox or Chrome, you'll land on a warning page like the one above, but if you're using Qihoo, the most popular browser in China, you'll be routed straight to the dummy site with no indication that it's not being run by Apple. A similar attack is also being leveled against Microsoft's Login.live.com, the company's gateway for all account logins"

Obviously, Qihoo is the brand of choice for all those worried about their privacy.

 

I don't believe it's helpful here to compare the actions of Avast, to other companies. The prime motive for all companies is "profit", companies will try anything to make a buck. In Avast case, they tried, were outed, then corrected. It should be over! Howtogeek exposed, which brought about change. Great!

 

Yeah, pretty funny.

Edit: That Verge article was interesting. I think it's time to uninstall Qihoo 360TS. I have always been concerned, and this just adds to it.

 

Not to get political. But I will only say that we cannot deploy RU or CN products on any machines we touch as a company. There are good reasons behind these decisions, as noted above. Also, on a more personal note. I've tried several Chinese browsers, and always found exploits in them. I don't care to elaborate other than to say I use analysis tools that tend to reveal such things.

As much as people hate the NSA, some of these other agencies are far worse.

 

I don't use an antivirus to advise me where I should or shouldn't spend my money. I'm more than able to research and choose for myself thank you very much

 

It's not about politics, it's about online safety. I not used Kaspersky ever since reading about how the CEO, and how attached he is with the KGB/Government.

And China is not a democracy. That's just a fact.

 

Or you could install Kaspersky, a Chinese Browser, then use Norton and watch them all fight each other.

 

I looked at the avast! Online Security extension currently available from AMO. I saw evidence of SafePrice functionality being bundled in there, and it being enabled by default. So perhaps it won't be over until that extension is pulled and straightened out.

Given the nature of the data collection, combined with the possibility that users could acquire the extension from sources where Privacy Policy and EULA links aren't included, I would encourage Avast to make such cloud extensions display their own clear and unavoidable (click to accept) disclosure when installed and before any of the phone home functionality is activated.

If there was interest in real improvement, the ability to opt-out of the GUID passing and/or reset the GUID (manually or at each startup, genuinely disassociating said client from browsing history metadata stored in the cloud) would be extremely attractive options in theory. I'm sure potential users would want some more meaningful commentary on the potential reductions in coverage though, assuming there really are any.

 

Oh dear, how people still don't get it that submitted data is already stripped out on user end before it gets submitted to avast! servers. Then it's additionally stripped out of other potentially personal identifiable data (automated systems). The data that does go to 3rd parties mentioned in EULA is so stripped out no one will ever be able to match it back to you. Has no one of you ever heard of statistical data? It's the kind of data that tells info and trends, but doesn't go into personal specifics. And that's what 3rd parties get. Unique user numbers are used so that you are in fact counted as 1 person in statistics and not like 200 people if you browse over 200 different webpages/URL's. That's why. Besides, your IP sort of already does that and no one can block or strip that out since it's a very foundation of internet communication. Unique user ID is just a small extension of that.

As for the data that still reaches AVAST Software, they still work very carefully with it, just like bank employees do with your banking info, postal services with your home address and phone number required for delivery contact or the medical records when you go to the doctor. Why do you all react like AVAST Software is somehow working any different? In order to use their services you still have to entrust them with some of your personal information and they (per good business practice and policy) work with that data with great care. No less than those banks, postal services or doctors. But people apparently almost blindly trust those, but not AVAST Software. May I ask why? Doctors or bank's word is just as good as AVAST Software's. So, why all this fuss?

I feel like i'm repeating myself like a broken record and people still don't get it... which is weird, considering i'm trying to keep it down on a "dumb" level...

 

I've got bigger problems to worry about. An AV has basically access to every part of my system just by installing it.