Which antivirus respect your privacy and allow you to send NO data to their cloud?

Cloud is no more of a buzzword than a Norton Sonar or Norton Insight. Or BitDefender B-HAVE or AVG's Identity Protection or avast!'s Auto Sandbox or FileRep. It's a technology word that covers a specific way of doing something.
So i really don't get it why you're shouting so much about cloud being some stupid buzzword. It's a tech word like any other.

 

hi
@ronjor
A part of a puzzle does not show what this puzzle means...
Then extracting a part of a sentence, especially from its context makes no sense.I do not come here to post Haikus or onomatopoeia.
"Forget antivirus, cloud based or not" is just one particular possible answer to a particular question. And if i have followed Confucius philosophy, i just would say "a question does not always justify an answer"...but as i need to practice my English...
Of course for the average user, an av is always recommended, with or without HIPS.

@Stefan
From my point of view, miracle in security means a solution that provides 100% protection against all threats.
I am convinced that the cloud community makes the blacklist/whitelist database much more accurate against zero day malwares, and polymorphism evasion method.No doubt for the impact on machine performances.
Regarding the privacy impact, there is-as far as i know-no documented study.
And AV tests organizations do not demonstrate with incontestable tests the advantage of cloud av.
I have used TrendMicro for a few days a few month ago after the gain of a free license.
As it was a test machine with a VM, i have not investigate for privacy issues, but i have been quite disappointed by its detection rate.
Now replaced by DrWeb.
I guess that cloud av editors should make some efforts to clearly show their privacy policy regarding their cloud network of users.
It it is quite clear for some editors like MST
http://www.microsoft.com/privacy/cloudcomputing.aspx
But if we do not take into consideration the EULA during AV install, the user is face to face with obscurity: the privacy impact must be clear on the av web site, which is rarely the case.

A friend who works for the number two after Wall Mart (Carrefour) has said to me that marketing department know a lot of things about their clients, only by studying the credit card datas...
Then except for the paranoids or those who have something illegal to hide, there is no big privacy risk when using a cloud based antivirus.

rgds

 

Isn't that mostly an assumption ?

What about vulnerabilities through the cloud ?
It was not that long ago that there was a problem with Windows Update.
That there have been no major breaches (yet), does not mean that there will not be any in the future.
Unauthorized access to the cloud could in theory lead to theft of data, changes to the cloud system, access to clients' computers and 'stuff' ending up on people's computers.

That this is not a problem at the moment does not mean it will not become one in the future.

What about future changes in security companies' policies and practices ?
Do you keep monitoring the situation ? For me, it's easier to opt-out.

It is conceivable that at some time in the future data, 'private' or not, will be shared or sold to other companies or shared with government institutions. That's not unprecedented.

The whole 'privacy scene' has 'evolved' a lot in the past twenty years !

As far as the 'illegal' is concerned, everyone in every developed nation violates the law on occasion. By speeding, driving with a broken tail light, selling or buying raw milk, protesting outside a 'free speech zone', dissenting against political leadership, being late with filing your taxes, not providing Facebook with your real name (?), do DMCA complaints count ??
Dragnet surveillance ?

True, at the moment use of cloud based AVs will pose little to no risk even for most people who have something illegal to hide.

But it's not as if 'cloud' is a necessity, it's a choice.

 

As has already been said, much analysis is done via automated systems these days. Yes, some humans still do some research, but with the sheer volume of malware that exists, it's not practical to have current analysts to scrutinise them all.

I remember Kaspersky Lab used to call, and still do, their analysts as "woodpeckers". Eugene explains it well in his blog:

Source: http://eugene.kaspersky.com/2011/10/28/number-of-the-month-70k-per-day/

 

Nobody is talking about 100% protection, that can never be achieved.
Testing a cloud is not that easy, you never know the conditions that trigger the cloud to check events / files on your system. You most likely won't see any cloud benefits if you just scan a directory with new malware samples.

 

It seems you don't really understand what 'cloud' means, which is why you are so against it (you might fall into the large category of people (US resident or not) who took this survey- http://www.citrix.com/news/announce...by-cloud-computing-according-to-national.html ). Perhaps it would be good for you to do some research on what 'cloud computing' means before you gain such strong views which don't really seem to be based on any particular facts?

That way if you know what cloud computing is all about are really convinced it is a buzzword, you could share with us some of the reasons why the cloud is bad for us and all hype!

 

Oddly enough I have. Not common, but I have seen benefits to having cloud access enabled even for simple on-demand scans. Most frequently, however, I guess clouds are instrumental to reducing FP rates (in some products, at least).

 

Behavior blockers don't need any cloud. They didn't need to in the past and don't need to now. Av on the other hand access the "cloud" to check possible infection against other user opinions or whatever method they use to verify. Let's say my computer isn't infected and all my files are clean. Why do I need a connection all the time on ? To keep verifying what has been marked clean over and over ? Still the so called "cloud" technology don't help AV go against any rogues or big name spyware. Why they don't detect any toolbars installed ? Or when people download those video downloaders that come infected with "codecs"? But on the other hand most Avs are very good at detecting cracks lol. I think Cloud or not, they detect what they want to detect.How come security software gets bundled with toolbars and spyware browsers now ? How does "cloud" technology help get rid of those if they come bundled with the AV itself ? I think Avs now mostly detect old viruses that used to format the computer or so. But not programs that want to steal your data. Because they also want it.

 

It depends on the number of end-points the behavior blocker is looking at. If you consider that in one day of work with your PC you have several million of different events (accessing, saving, opening, modifying, etc) the power needed to analyze those end-points and correlate with similar events cannot be done locally, at least with state of the art behavior blockers. As already said in this thread, this type of analysis will simply absorb all your CPU and RAM capacity and you will not be able to do anything else with your PC then running your behavior blocker.

You don't need a connection all the time on, only when new "modifications" (in broader sense) are happening on the system.

 

Took me a wile to read everything on this forum thread

quick answer,not many it seems anymore sadly seeing as my self as well im looking for the same answer as the OP but this one will not spy on you.

clamWin
Clam Sentinel

Its a old school manual scanner AV as well theirs a add-on for real time scanning and it doesn't BS about things being a virus when their just a crack.exe

Clamwin unlike so many anti-virus apps out their that are not trying to push a political agenda with their product, and I do remember a test at one point done on this topic vs a big player anti-virus and the out come was very interesting, sadly I cant remember what the link was.
Not that im trying to promote piracy,but you all know what im saying

My self I use to use avira a lot back in the day.
They supported win98se longer then most and the anti virus in question did what was expected of it and it was free, the party stopped once they starting shipping Trojan spy-ware down-loaders with their anti virus {Askstub.exe} that installed regardless of it you wanted it or not.
Same Deal with AVG in my mind,they turned in to the malware them selfs to it was a right off.

My self im just like the OP on the AV topic,imho the installer should only install offline + all updates only offline + if and when its time to send the AV company in question something, i need to see everything that will be sent to them before clicking "ok" twice from the quarantine box.

Any attempt to hammer internal firewalls and or connect to the net with out permission or leave open ports flapping in the wind will be considered a network attack or just malware.

And I need no app that trys to block or mess\spy on my surfing habitats.
My user anent is changed to something bogus + Geo-location is gone and 99% of the time I run with out adobe cRapPlayEr or javashits enabled meaning im more or less good to go and bullet prof vs script garbage “no html5 as well” though I do hope one day it takes over from flash player.
No cookies etc etc, and ya shore the man can still track my IP.
Whatever its not like I have the avast botcloud software installed spying\recording everything I use my pc for and uploading it to the command and control server at avast HQ

And ya OP avast can go suck a lump out of my arise
That app is a aggressive data miner.

We all know what flash player is and its total garbage.
even if you disable everything in it that has to do with privacy it will still store LSO to the max and still ships that crap to anyone that wants to know.

And make no mistake when were talking about cloud or as some are starting to call em botclouds or White Botclouds vs Black Botclouds {botnet} its all the same to me seeing as its all botnets in my mind no mater how you try and embellish it.
The cloud setup in many ways is just a different spin on the botnet topic and once your computer data gets sucked in to the cloud it gone my fiend.
Shoure it ablity to react in real time is faster but thats the only thing its got going for it ,if my privacy means having to wait 3 hours for a update that done 3 times per day with auto update “ip > download only” or “full maual only” then so be it.

Anything with "free" on the side of it imho more often then not theirs a catch, unless were talking about the GPL free software foundation topic.

Additional reading.
Botnet Detection Based on Network Behavior
botnet info wiki
Office of the Privacy Commissioner of Canada topic Botcloud
BotCloud: Detecting Botnets Using MapReduce


No disrespect people but i listed one AV that doesn't try and botspy on you,any other AV anyone can think of that doesn't need to connect to the net in real time ?

Very good debate btw over all, sadly no one listed so much as one AV that the OP was looking for.

 

Hi
When i recommend an antivirus to friends, Clam vever comes in my mind...and i have much respect for Open Souce world.
The CONTESTABLE test mentioned by the previous post refers to Untangle who has acquired this Open Source AV http://virus.untangle.com/
In this case why not PCMav https://pcmavdownload.wordpress.com/2012/10/18/pcmav-8-3-raptor-with-clamav-0-97-6/
But i believe more on the open source european antivirus project DAVFI
https://www.wilderssecurity.com/showthread.php?t=328729&highlight=DAVFI

As suggested on a previous post, migrate all the computing habits to open source if you really take care of privacy.
And again there is more to be afraid about Google, Facebook, MST, cloud storage centers, marketing databases than cloud antivirus.

Rgds

 

Sorry, but I definitely disagree with you. If a cost of penetration through protection will be higher then all the benefits for cybercriminal, here we are, 100% protection comes true.

 

I think Stefan's right..
And not all the people are the same. there are always "Good, bad , ugly".
Don't forget some Cybercriminals suffer from Sadism they like to make trouble for others, and they won't change this pleasure for nothing.
and the 100% protection never will be achieved.

Sincerely,
Amin

 

This assumes a 0% malicious intent only malware ecosystem. Sure most malware is designed on some level to make $ but there are still plenty of morons out there that make system defacing/destroying malware for no reason at all other than it amuses them.

 

Plenty of morons can waste all their time and effort in order to discover kernel-level vulnerabiity to penetrate end-point's protection? I can believe in few of them, but not in "plenty of them". Anyway, this returns the situation with malicious codes back in mid-90'th with about hundreds new samples per an year. Nowadays there are about 70 000 new malicious samples per day because cybercriminals are financially motivated, kill this motivation and current situation will getting much better.

 

that's why you send the file to the anti-virus headquarters servers were they check out the file on their dedicated computers with 256gigs ram 48 cpus cores duhhhhh

http://www.servethehome.com/wp-content/uploads/2011/05/TYAN-S8812-48-Cores-in-Action.jpg

hears a nice little example of what cloud means to me botcloud bandwidth lecher
On the topic of to cloud or not to cloud, ill pass on the privacy invasion topic.
everything was just fine the way things were not all that long ago, imho the hold botcloud topic is just a way to data mine people computers and offload server work to other peoples computers.
ill pass all the way around on that topic

As for malware, someone mumbled about Alvira a feu posts ago, so i tested the newest version of that free version AV for all of 15 min or so .

God can you say format "Alvira:\fail\Y -spy" and yes the apnstub.exe "ask.com crap"
Its still is part of the AV and still try to steal.

edit:fixed typos

 

I do not understand attacks on Avira and Stephan...member since years like me, i thinks that he is an honnest developper, who has permitted to add Avira on a Multiscan engine av tool, and unlike another member of cloud scanner of this board, has not steal the code and work of another guy (Fyyre)...
More AV heresia here http://securityerrata.org/errata/autofail/
http://vmyths.com/
http://www.softpanorama.info/Malwar...iew/brief_history_of_antivirus_industry.shtml

An AV can not archieve 100% protection and detection because black list detection is a mathematical dead end/NP Complete problem
https://en.wikipedia.org/wiki/NP-complete
Demonstarted by Fred Cohen and Diomidis Spinellis years and years ago.
http://www.dmst.aueb.gr/dds/pubs/jrnl/2002-ieeetit-npvirus/html/npvirus.html
I guess that i feel alone to talk about that on this area...maybe i might be a morron
Cloud architecture will not solve the problem, but for interest conflicts reasons, av designers never tell the truth, and since years play with end users like marionnettes with the help of corrupted antivirus tests (all those that archive 100%, mostly VB100 marketing logo).
Even if there is some rare antivirus guy to admit that the av industry has failed (Sophos head dev. after the Flame buzz).
And to illustrate the previous post of Ilya about the number of malware nowadays, i can not forguet to link this famous IKARUS image
http://techbuddha.files.wordpress.com/2008/07/antivirus_industry_10years.gif
http://gustmees.files.wordpress.com/2012/05/ikarus-comic_malwareevolution.jpg
http://blogs.msdn.com/b/tzink/archive/2012/06/08/evolution-of-the-antivirus-industry.aspx
Migration to the cloud is not only motivated by technical criteria but also by business strategy...in a competitive market, it is better to follow the head of the wagon...as summarized by this old article
http://www.businessweek.com/technology/content/oct2010/tc20101021_425496.htm
Personally i am agree with the Cambridge study, which focus on malwares writers fight
http://www.bcs.org/content/conWebDoc/45778
http://weis2012.econinfosec.org/program.html

And to come back again to the first post, i would say that the original question is corrupted: does it matter if the cloud av center knows that the user lambda often plays poker games (poker.exe hash) and has recently downloaded a porn file (RebeccaLinaresunsensored.avi) if Microsoft already knows that, and if marketing databases know everything about you.
Your data belong to us...in the cloud or not.

rgds
Edit. added another Ikarus image link

 

And yet, there are still tons of people nowadays that "likes" the old approach of "just av definition files without real-time protection"...

 

kareldjag,

Would you mind sharing your IT/security (?) background ?

 

Completly agree with you.

 

I respect your posts greatly sir and not to pick on you or anything.... but none the less to answer your question this is what i found out with the newest version of {avira free} downloaded right from their home page.

---------------------------------------------

1: try’s to send data to their master server with out me agreeing to any user end legal agreement in the initial install procedure.

2: askstub.exe trys to send data to ask.com with out me agreeing to any user end legal agreement
"tryed to connect 60 times"

3: Try's to recommend that I “scairware” uninstall 3 security related programs.
One of them was Winclam, plzzzz its a passive AV scanner it interferes with nothing and as for the firewall in question that it wanted me to uninstall I was like {lolz not} nice try.

4: ipmgui.exe trys to connect to the net with avira in house web browser.

5: update trys to connect to the net with out consent.

6: Trys to send me to a internet page with out consent using msn Web browser vs default browser.

7: In fault positives in house testing the following happened.
Default settings used for avira, heuristic disabled.
105 virus detected vs 8 on Winclam
Think a cd full of toolz if you know what I mean for testing just for the hell of it so from this i can determine
“A” avira is the better AV or
“B” avira has a political agenda vs toolz. Like most big player AV imho.
All your cracks are belong to us.
Ps not trying to promote piracy im just saying,a virus is a virus and a Trojan is a Trojan, try not to get em mixed up with what a port scanner is or what a crack.exe is etc etc

Ask.com with their Trojan.exe try's to connect to the net a piles more times and try's to data mine when uninstalling Avira as douse Avira and with out consent.
Try's to send all that back to master server HQ.
Firewall logs spam up to the max with hits 1000+ total in 15 min of testing.


Avira user end legal agreement is mostly about the following.
“A” touch our software and we send our lawyers after you and
“B” if our software kills your OS install that’s your problem by installing this software you agree that you have no rights.

Avira Privacy quote is the following.

Ya k right you only data mine all the rest and full web browsing habits and god knows. Whatever, the rest of the user end legal agreement is pure deal with it topic and don’t touch our software with de-compilers.
God forbid if you did you might be invading their privacy and find out just what it is their taking from your box with their software.

Lol clasic, tnx for the link, laffed my ass off that time.
You made my day.
Btw avira free version 9 is fine no ask as is the first version of 10 if I remember right, then its total crap.
ps avast is probably worse on the spy~data mining topic.

Btw you can still have real time protection and more with out being 100% pug-ed in to the master server, that just means the end user is still in control of their computers vs the reverse and what is allowed to leave the computer and in what fashion is 100% under the control of the computer owner.
in a nut shell the next AV update is only 4 hours away so chill.

intro to cloud computing lecture

edit:fixed typos,sorry about that

 

Examples, Mr.Paranoids? or are you talking about "cloud computing" in your video which is anything but didactic imo, I couldn't stand it for a couple minutes!

I'm curious on what's your approach-programs-configuration that you'd recommend us to follow

 

Beats me Macstorm, im still working on that topic my self and atm.
and for the time being its slower for me to test out AV or anything i might find of interest.

My test box is getting converted in to a Linux dedicated ISD firewall setup atm.

Ill setup a different old school box at some point with a 40 gig hdd and some old p4 cpu computer with a gig a ram to mess with things and to test out mystery software.

One things for shore the hole cloud topic is a privacy invasion nightmare.

And seeing as you didn't like the last video link maybe this one is more to your liking,lol the panda anti-virus people are going to love this reminds me of their intro to cloud vids

Clouds Gone Wild

grrr why douse the link show up like that , anyways....

 

That only works in theory. avast! has what, over 150 million users. Do you really think employees at avast! Software have time or any urge to look at your specific data feed? I highly doubt it... It's not practical, it would be way too time consuming and even if they do, they just know someone did those things you mentioned, but they don't really know who that person is.
And even if they do, i really don't care if they can see what pr0n i've downloaded. Show me one person who hasn't at one point downloaded a pair of digital boobs...