AV-Comparatives - Data transmission in Internet security products

Discussion in 'other anti-virus software' started by Petrovic, Apr 29, 2014.

  1. MaJaRe

    MaJaRe Registered Member

    Joined:
    May 4, 2014
    Posts:
    5
    I run Eset Smart Security, and I did see that option, but that is only a few of the "old" doc's, not the 2007 and later .docx .xlsx etc, and is only limited to a few document formats they list there. Now, maybe those are the document formats where viruses can reside in, but then I still miss the more recent ones. Or templates, etc.

    Really, I have quite a lot of applications installed, and would be hard to establish a full list of all those different personal data files. I'd agree on those that cannot contain macro's or scripts or w/e do not have to be excluded. But I do want that all those that can, will be excluded for sending. That can only mean that there can not be a automated upload, it ends up to be a user's choice to upload something. Also, as filenames may be in the "stats" data they send back, that might include those same documents names... some I'd not want either.
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,439
    Location:
    Slovenia
    When I check my default settings there are those new filetypes listed: .doc?, .dot?, .xls?, .xlt?, .pps?, .ppt? (? can be replaced by any letter so docx and others are included). I know that there are many files in different format so that's why they let you set your filter. You can also disable upload of files entirely by checking "Do not submit files" option.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,630
    Location:
    DC Metro Area
    Hi xxJackxx :)

    Where did you find out about Kaspersky using vulnerable OpenSSL components and do you know if this has been fixed?

    Was Kaspersky still using these components in 2014? I follow the KIS Forum regularly and don't recall ever seeing any mention of it. It would seem rather irresponsible if a security software company with prouducts used by hundreds of millions of users to not have made a public statement about this.

    Does this mean that if a devious mind knew about Kaspersky using these components he could scan all Kaspersky users and snoop around their PC's? What other damage could they have done"

    Has Kaspersky made any public statement about this?
     
    Last edited: May 7, 2014
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    804
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    6,743
    Location:
    USA
    What 3x0gR13N said... These things tend to get posted in the beta section of their forum as they are testing them for release.
    Norton's info was found in a google search.
    ESET never did respond to my question.
     
    Last edited: May 7, 2014
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,053
    Location:
    Ontario, Canada
  7. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Webroot is pretty vague there, offering up 'more discussion'. o_O
     
  8. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    We use Avira in a business environment, 600 or so machines. I'd love to know exactly all the in's and out's of how the Protection Cloud feature works and think it would be really useful if they did a full technical "deep dive" paper.

    They do have a FAQ but if you'r a business dealing with IP and business data it's easy to think of a whole heap of questions.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    I´m normally not really into long posts, but I must say that I enjoyed reading your informative posts. :)
    I also think that some of this stuff is making AV companies looking quite bad.

    But what do you think about cloud services, I know you´re quite a big fan of Immunet, don´t you think it can be a risk too?
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,875
    Location:
    Innsbruck (Austria)
    The report does not really contain any surprises, people would know most of those things if they would actually read the EULAs/privacy statements or think about how security software works nowadays.
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    The EULA may not necessarily reflect the actual data transmitted by the software but it is more fine tuned to safeguard the interest of the company in case of legal claims. I would therefore take any report using the EULA as a proxy for assessing data trasmission with extreme caution.... :thumb:
     
  12. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,103
    Location:
    on my zx10-r
    ill assume with something like webroot it has to collect more data due to the nature of its detection methods. however i am a bit turned off by just how much they are collecting. i knew they collected some for sure but why everything? ill have to give a good hard thought to if ill continue to use it on my own personal machines. i would also like to know more of what eset collects personally. many of these i assumed the results before i read the report but some did surprise me.
     
  13. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Also note: when I approached this topic a month or two ago, I was told it 'isn't in their capacity' to determine individual machines, or data on those machines. Remember? Dig up the thread and see. Clearly that statement was NOT accurate.
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Nor is yours I am afraid. From the moment you connect to the internet you are identified as individual machine otherwise you will not be able to connect. Something else is been able to link specific data to an individual... Important distinction to make ;)
     
  15. aaa839

    aaa839 Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    253
    Location:
    Hong Kong
    Avira have it's own white paper of Protection cloud for those business users
    Take a look
    http://www.avira.com/files/for-business/Whitepaper_ProtectionCloud_EN.pdf
     
  16. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    Thanks for test. Looking more closely at it now.
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    this test seems designed to invoke a certain amount of paranoia among users,its pretty obvious to me that most of the info "collected" is either needed in the event of a problem with the product on that PC,or to ensure problems don't occur in the 1st place or needed to be sure if it's a paid for option it isn't pirated copy,I for 1 am not concerned about this as it's been "common knowledge" for years!
     
  18. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    Seeing where your from, I can understand why it's no big deal to you. Info collected for certain things like piracy or troubleshooting is common knowledge to many. Other things in the test are not common knowledge unless you work for the AV company, which I doubt you do. Therefore I don't care what you think Steve.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,439
    Location:
    Slovenia
    It's hard to tell which info that AV vendors collect is truly needed for troubleshooting and protection. Computer name, username, local IP address and OS language are IMO not necessary for AV to collect. It looks like some providers collect all data that they can. I hope that some of them will rethink their data collecting policy.
     
  20. guest

    guest Guest

    This is probably just a silly CT* but, thinking about it, most big-named AV vendors are Europe-based companies. And we have the EU's data retention law. Sure that AV companies are not ISPs but I can't help but correlating these two points.

    *CT= conspiracy theory
     
    Last edited by a moderator: Jan 11, 2015
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Norton has option to disable it in the following form;

    1) Disable all data collection.
    2) Disable SOME data collection (send only randomized data regarding specific threats)
    3) Leave all data collection on, and extensive.
     
  22. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    471
    Location:
    The Hill Country of Texas
    Mayahana, is this option available in Norton Security 2015?

     
  23. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It is.
     
  24. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    471
    Location:
    The Hill Country of Texas
    I can't seem to find it, but then again, my wife always tells me I'm not good at finding things!
     
  25. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Settings->Admin Settings, Data Collection Slider.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.