AV-Comparatives - Data transmission in Internet security products

I run Eset Smart Security, and I did see that option, but that is only a few of the "old" doc's, not the 2007 and later .docx .xlsx etc, and is only limited to a few document formats they list there. Now, maybe those are the document formats where viruses can reside in, but then I still miss the more recent ones. Or templates, etc.

Really, I have quite a lot of applications installed, and would be hard to establish a full list of all those different personal data files. I'd agree on those that cannot contain macro's or scripts or w/e do not have to be excluded. But I do want that all those that can, will be excluded for sending. That can only mean that there can not be a automated upload, it ends up to be a user's choice to upload something. Also, as filenames may be in the "stats" data they send back, that might include those same documents names... some I'd not want either.

 

When I check my default settings there are those new filetypes listed: .doc?, .dot?, .xls?, .xlt?, .pps?, .ppt? (? can be replaced by any letter so docx and others are included). I know that there are many files in different format so that's why they let you set your filter. You can also disable upload of files entirely by checking "Do not submit files" option.

 

Hi xxJackxx

Where did you find out about Kaspersky using vulnerable OpenSSL components and do you know if this has been fixed?

Was Kaspersky still using these components in 2014? I follow the KIS Forum regularly and don't recall ever seeing any mention of it. It would seem rather irresponsible if a security software company with prouducts used by hundreds of millions of users to not have made a public statement about this.

Does this mean that if a devious mind knew about Kaspersky using these components he could scan all Kaspersky users and snoop around their PC's? What other damage could they have done"

Has Kaspersky made any public statement about this?

 

http://support.kaspersky.com/10235#block0

And: http://www.vistaone.com/amx/wp-content/uploads/2014/04/Kaspersky-OpenSSL-Vulnerability-Info.pdf

 

What 3x0gR13N said... These things tend to get posted in the beta section of their forum as they are testing them for release.
Norton's info was found in a google search.
ESET never did respond to my question.

 

Have a look here at Webroot's stance on this: https://www.wilderssecurity.com/thre...-failing-webroot-webinar.360332/#post-2369063

Thanks,

TH

 

Webroot is pretty vague there, offering up 'more discussion'.

 

We use Avira in a business environment, 600 or so machines. I'd love to know exactly all the in's and out's of how the Protection Cloud feature works and think it would be really useful if they did a full technical "deep dive" paper.

They do have a FAQ but if you'r a business dealing with IP and business data it's easy to think of a whole heap of questions.

 

I´m normally not really into long posts, but I must say that I enjoyed reading your informative posts.
I also think that some of this stuff is making AV companies looking quite bad.

But what do you think about cloud services, I know you´re quite a big fan of Immunet, don´t you think it can be a risk too?

 

The report does not really contain any surprises, people would know most of those things if they would actually read the EULAs/privacy statements or think about how security software works nowadays.

 

The EULA may not necessarily reflect the actual data transmitted by the software but it is more fine tuned to safeguard the interest of the company in case of legal claims. I would therefore take any report using the EULA as a proxy for assessing data trasmission with extreme caution....

 

ill assume with something like webroot it has to collect more data due to the nature of its detection methods. however i am a bit turned off by just how much they are collecting. i knew they collected some for sure but why everything? ill have to give a good hard thought to if ill continue to use it on my own personal machines. i would also like to know more of what eset collects personally. many of these i assumed the results before i read the report but some did surprise me.

 

Also note: when I approached this topic a month or two ago, I was told it 'isn't in their capacity' to determine individual machines, or data on those machines. Remember? Dig up the thread and see. Clearly that statement was NOT accurate.

 

Nor is yours I am afraid. From the moment you connect to the internet you are identified as individual machine otherwise you will not be able to connect. Something else is been able to link specific data to an individual... Important distinction to make

 

Avira have it's own white paper of Protection cloud for those business users
Take a look
http://www.avira.com/files/for-business/Whitepaper_ProtectionCloud_EN.pdf

 

Thanks for test. Looking more closely at it now.

 

this test seems designed to invoke a certain amount of paranoia among users,its pretty obvious to me that most of the info "collected" is either needed in the event of a problem with the product on that PC,or to ensure problems don't occur in the 1st place or needed to be sure if it's a paid for option it isn't pirated copy,I for 1 am not concerned about this as it's been "common knowledge" for years!

 

Seeing where your from, I can understand why it's no big deal to you. Info collected for certain things like piracy or troubleshooting is common knowledge to many. Other things in the test are not common knowledge unless you work for the AV company, which I doubt you do. Therefore I don't care what you think Steve.

 

It's hard to tell which info that AV vendors collect is truly needed for troubleshooting and protection. Computer name, username, local IP address and OS language are IMO not necessary for AV to collect. It looks like some providers collect all data that they can. I hope that some of them will rethink their data collecting policy.

 

This is probably just a silly CT* but, thinking about it, most big-named AV vendors are Europe-based companies. And we have the EU's data retention law. Sure that AV companies are not ISPs but I can't help but correlating these two points.

*CT= conspiracy theory

 

Norton has option to disable it in the following form;

1) Disable all data collection.
2) Disable SOME data collection (send only randomized data regarding specific threats)
3) Leave all data collection on, and extensive.

 

Mayahana, is this option available in Norton Security 2015?

 

It is.

 

I can't seem to find it, but then again, my wife always tells me I'm not good at finding things!

 

Settings->Admin Settings, Data Collection Slider.