Prevx and Privacy

Hello,
We never send up any data about documents - only about executable files and executable, binary code. McAfee's Artemis is a very primitive implementation of what we have: we also send up MD5/SHA-1, but this is very ineffective for a real proactive protection. We send up signatures which include behavioral analysis of the programs as well as pieces of code from sections of the programs and other contextual/characteristic analysis from the programs and their surroundings.

We normalize out any personal data from filenames, so, for instance, C:\Users\UserName\Desktop\subfolder\file.exe is sent up as %desktop%\subfolder\file.exe, holding no actual personal identifiable information and we never upload non-executables, and we rarely upload entire executables as the upload process introduces a large overhead which is largely unnecessary.

Hope that helps

 

Pleonasm, you raise good points, especially with regards to say an excel spreadsheet with confidential data.

I would be confident however, that those controlling the flow of information at Prevx or McAfee would be in that position because they are reputable.

What I'm trying to say, if Prevx had some financial data of mine, I'm certain nothing would be done with it.

For example, it'd be like leaving my credit card with the bank employee by mistake. I'd be receiving a call that it will be returned.

But leaving my credit card at dodgy convenience store, I'm pretty sure, in some way, my information will be abused.

 

It does help, but unfortunately with this info and your later answer, I do not agree about the AV and .exe files. Even with this, the false positives of the program are too high. I uninstalled Prevx.

 

PrevxHelp, in the privacy policy, “attack data” is simply and broadly defined as information about “attempted intrusion events.” The text of the actual privacy policy does not limit the upload of information to executable files, nor does the privacy policy prohibit Prevx from uploading documents or spreadsheets. Please note: I am not saying that Prevx actually performs these undesirable actions—rather, I am only highlighting the fact the privacy policy does not prohibit them from occurring.

While your comments, PrevxHelp, are most appreciated and informative, I must respectfully point out that your viewpoint about what information is uploaded from a user’s PC constitutes “opinion”—i.e., it is the privacy policy itself that “rules” and protects the user’s information. Thus, if the privacy policy per se does not explicitly state that “attack data” is limited to executables within its text, then “attack data” may contain other file types. Do you see the problem? The solution, of course, is to narrowly and precisely define "attack data" in the privacy policy, a step that I hope you will initiate with haste.

PrevxHelp, once again, may I ask that you post a complete enumeration of all information that is (or could) be collected through Prevx? I think this should be easy to fulfill, and hopefully you’ll agree that it is a reasonable request. This insight will assist readers of the thread in making their own informed decision about the privacy question. (Thank you!)

Saraceno, this is a good point. PrevxHelp, does your company have a Chief Privacy Officer? If so, who is she or he? Could you kindly invite that individual to participate in this discussion?

P.S.: PrevxHelp, please note that there remain several unanswered questions in this thread, which would benefit from your input.

 

I applaud Prevx for taking this stand. If the data provided is reduced to the lowest common denominator acceptable to all possible users it will be much less effective than if there is free access to the data necessary to provide protection. There are plenty of other programs out there if one doesn't like their conditions, and users who want to support their model should have that opportunity, just like those who don't trust this type of interaction should be free so select another tool.

 

I personally don't consider Prevx more effective than the other security I use. I really had Prevx as an extra, and because I don't even know exactly what is being sent, I chose to not use it.

 

I would personally want PREVX to collect full information if this is going to protect me or improve my protection and would dislike the idea that PREXV functions are limited just because of privacy issues.

At the end of the day its all about trust, if you have minimal doubts then I would simply stay away from it, no enumeration will make your mind at rest.

Moreover I would not like a full enumeration been published since this will help malware writers rather than the users.

Cheers,
Fax

 

We couldn't be more opposite in our thoughts. Oh well, to each his own.

 

Protection and privacy shouldn’t be at odds with one another—i.e., it should not be an “either/or” situation. The interesting question posed in this thread is a “both/and” condition: how can you obtain the benefits of a cloud-based anti-virus solution while simultaneously ensuring that privacy is protected? It will be fascinating to see how other vendors wrestle with this same issue in the months to come. Their answers may be no better than those offered by Pevex—we’ll need to wait and see.

One (obvious) solution that Prevx should consider: allow users the choice of not having their “attack data” stored within the community database. This would allow the Prevx tool to function exactly as it presently does from the user’s perspective, with the exception that the user’s uploaded “attack data”—once the anti-virus scan is complete—would be discarded. It is clear that such an approach is disadvantageous to the interests of Prevx, in so far as it reduces the quantity of contributions to the community database and thereby lessens the competitive marketplace effectiveness of their tool, which may ultimately impact sales. Nonetheless, if Prevx is sincerely interested in its customers’ concerns, it is a solution worthy of serious consideration, in my opinion.

In the spirit of being “fair & balanced,” it is also worthwhile to note that the Prevx privacy policy does state: “Attack Data and program information is anonymous and cannot be traced to you or your PC. We do not receive or record any personal data that can or will be used to identify you or your computer.” That’s a succinct and clear statement. However, when we hear in this thread that Prevx also collects the user’s IP address, then one begins to wonder: what else is being collected? What precisely is (or isn’t) “personal data”—and, who decides? That’s why a full enumeration of the types of information collected by Prevx would be so useful.

 

I have spent the better part of today looking at the Eulas of about 25 products. Some I honestly dont understand. A few are very vague. In the end, Prevx is about in the middle of what they all state.

So, the bottom line is, if you are a perspective customer for any product, read it and see how you feel, ask questions, and make the choice if you are or are not comfortable with it.

Larger known vendors would not be here long, if they wanted to know what size of underwear you have on.

 

Something really interesting would be a comparison of EULAs between enterprise and home product for each company. I don't know if they use different EULA for the home and the enterprise product. But in case they do, I would like to see the differences.

 

Thanks Pleonasm for start this issue.
I have a question, PrevxHelp.

This can be done without user permission ??

You can really without permission ??

 

The simple fact is that we would never find any use for non-executable files. We already collect information about more than 250,000 new executable programs every day - documents are FAR more fast than this and it would simply be an overload of information. We are looking to secure your computer, not to look at your document information - there simply is no need for it.

I will forward the request on, however our privacy policy has been this same way for many years and we have never had a problem. As mentioned previously, we simply don't care about documents and really have no need to send them up - they can't contain "attack data" so the threat of us uploading the data is non-existent. Macro viruses are essentially dead and we use behavioral monitoring to look at the entire "winword.exe" application instead of the document: we do not look at the open document at all.

The information collected includes the OS version, active antivirus software product name, signatures generated from executable code on the system, behaviors observed from executables running on the system, and normalized filenames (removing private characteristics from the filenames). In some cases, depending on the product, information about installed hotfixes may be submitted and information about the installed browser may be submitted.

We don't, but I act as a proxy to the management team and believe I have answered all of the questions fully.

I will be responding as soon as possible - we've been presenting extensively at RSA so I have had limited time to catch up on Wilders this past week.

 

No, this is during cleanup if your system is infected. We provide this as a service behind cleanup to replace, say, an infected kernel32.dll with a clean one from the original installation. The user is of course told at each stage of this process and it is a crucial feature to correctly clean today's threats.

 

We don't collect the IP address, it is merely an artifact of the internet itself. There is no way to get from Point A to Point B without including an IP address - it is inherent in every internet protocol (hence the name ). If you would like to re-engineer the internet from the ground up, then feel free, but until then, every company needs to include the line that we have access to the IP address in the privacy policy

 

Yes, nice wishful thinking..

I would rather prefer malware researcher investing resources on malware eradication and security rather than finding the right balance between security and privacy. There is little privacy on the net and less with modern security tools including your OS... you have to internalise this reality

Cheers,
Fax

 

Rubbish. It could be stretched, but even then the underlined part would be vastly exagerated, and in reality, plain wrong.

Neo, you make the mistake in this quote of thinking that you are the customers. That's incorrect, you are A customer among millions.

Your posts seem to have the best interest of privacy at heart...or at least, what is today considered privacy...however, to say that the company should do this, in reality just because you say so, and make yourself into 'the customers' is disingenous.

That said, privacy as it is viewed today by many, is of great concern to those many.

 

I've left credit card information at supposedly trustworthy businesses. However, it was stolen and someone (single or plural) went on a shopping spree. Fortunately, my bank protected me and it didn't cost me any money.

The only way to be sure that information will not be abused, is to not have it stored in the first place.

 

Trjam, you might wish to take a look at EULA Analyzer, a free tool that claims to “assist people in better understanding the contracts they enter into while using software.”

Trjam, that is wise advice. Too few users, in my opinion, think about the privacy considerations when contemplating the purchase of a software application.

PrevxHelp, thank you for considering this request. Concerning the issue of non-executable files, incorporating their exclusion from Prevx inspection into the privacy statement would make it policy. I see no disadvantage to doing so, and it enhances the privacy protection afforded to users.

PrevxHelp, yes, I understand that fundamental fact. The unanswered question, however, is (1) whether you associate the IP address with other information uploaded from a user’s PC and (2) whether you retain the IP address, in whole or in part, directly or indirectly, in the Malware Center database.

PrevxHelp, a quick search of the web reveals that many of your anti-virus competitors do have an individual whose job it is to ensure the privacy of the company’s customers. If privacy isn’t actually someone’s job, then it is a secondary consideration—no one person in the company can be held accountable for adherence to the privacy policy. I strongly encourage Prevx to consider appointing a CPO.

On a larger note, one suggestion for Prevx to consider is the adoption of an aggressively strong customer privacy stance—not only because it is “right,” but also because it could serve as point of marketing differentiation among the competition. It is clear that the “edge” that Prevx may have in the cloud-based anti-virus market will soon be reduced with the introduction of other major players (e.g., Symantec) into this realm. Therefore, Prevx needs some unique positioning to set it apart from the pack. Why not use privacy as a marketing tool?

PrevxHelp, what is your perspective on this suggestion?

Vikorr, you may have missed my point. My intention was to recommend the incorporation of customer choice into the way in which Prevx operates, so that each single customer among the millions has the opportunity to make their own individual decision. I am not suggesting that I know the collective “customers” or can speak for the group. In the absence of “customer choice,” however, Prevx itself has chosen to force its own decision upon all customers in a uniform manner. The only “choice” Prevx gives it customers is to adhere to the company’s own perspective—or, to forgo Prevx and to buy the competition’s product.

Fly, strictly speaking, you’re right, of course. But another key tool to ensure that “information will not be abused” is a strong privacy policy.

 

Great post and very fair-minded! Yes, someone in charge of privacy is very important in this setup.

I have a question as to what kind of .exe files are included in the data. Security .exes? Even weather program or Abobe .exes?

 

Hi Pleo,

I didn't miss your point (which is a point of concern to many people)...I was just making you aware of the language you were using in outlining your case (which was making use of exagerations). On the whole, I've found your posts thoughtful, insightful and challenging (for Prevx at least). I don't hold the same concerns as you, but you state your concerns very well (mind you, so have the Prevx people).

That said, I recall way back in the Prevx Home / Prevx Pro days (I've had it since then) that in the Pro version (ie the paid version) you could opt out of sharing information.

...yet I also understand the desire of Prevx to have everyone 'opt in'. Not the smartest move in my opinion, because the vast majority would opt in if the choice were voluntary...and they lose customers who worry (overly in my opinion, but that's just me) about privacy.

 

We generally don't upload the entire program as that would be a large drain on bandwidth - we include information on every program which can be a threat to your system, which includes active programs, ones referenced by registry data, and ones which are in system areas.

 

An "opt-in" approach is very damaging to the quality of the database, which is what we experienced with Prevx Home - a vast majority actually did NOT opt in, and this significantly damaged the accuracy and strength of our database.

It is possible to operate without storing the information, but then that prevents us from performing any heuristics on the data after it was scanned the first time. For instance, if you scan a new file which was not detected on the first sight and then we identify a variant of the file as malicious, we automatically update the first file's entry to say that it is malicious - immediately protecting all users against it. If the data isn't stored, we would have to re-scan every file every time and send up all of the data associated with it, dramatically increasing overhead and introducing a significant drag on the user's experience and system performance.

 

Umm, I see your point about being damaging to accuracy...and talking of accuracy, if I remember accurately, in Prevx, Home data sharing was compulsory. If you wanted the option not to send the data, you had to purchase the Pro version.

 

PrevxHelp, I had not realized that Prevx had already explored an “opt-in” approach, and I am surprised that a “vast majority” chose not to participate in building the community threat database. This may be an indication of the growing concern of privacy for many users.

In the spirit of helpfulness, here are some ideas for Prevx to consider that may strengthen its support of users’ privacy.

1. Allow users to opt-out of participation in the community threat database. However, charge an additional fee for those users selecting this option. Since these users are contributing less value by withholding information, perhaps they should pay more? There is precedent. Users are accustomed to paying extra for privacy—e.g., fees for an anonymous VPN service or for having an unlisted telephone number. This isn’t an ideal solution, of course, but it may allow the subset of users who are sincerely interested in privacy to opt-out while lessening the negative impact upon the overall efficacy of the anti-virus solution.

2. Create a “privacy log” on each user’s PC. I know that Symantec allows users who participate in their Norton Community Water (with 20 million opt-in members) to view a log containing all information that has been transmitted to the community database. Does Prevx create a similar log for users to inspect?

3. Modify the Prevx privacy policy. At the risk of being repetitive, readers of this thread should note that the Prevx EULA states: “This Agreement constitutes the entire understanding between us in connection with the licensing of the Prevx Software and supersedes and extinguishes all prior agreements, negotiations and discussions in relation to it.” Note the overt denial of augmenting the privacy policy through “discussions.” This is why, PrevxHelp, your comments in this thread about the complete enumeration of what information is collected by Prevx—plus the explicit statement that only executables are uploaded—need to be included within the privacy policy statement. Otherwise, your explanations and clarifications simply have no bearing on the privacy of a Prevx user, unfortunately.

4. Demonstrate that Prevx is serious about privacy. Hire a Chief Privacy Officer, create an internal privacy council, and join and become active in the International Association of Privacy Professionals and other similar organizations.

5. Become a privacy leader. Create a point of differentiation from your anti-virus competition through leadership in the privacy realm. Rather than “typical” levels of privacy—make yours outstanding, make it a priority, and highlight that fact on the home page of your website.​

I trust that other users will have many more good ideas about how the privacy of the Prevx product could be enhanced. Why not ask them?