avast! Privacy Policy explanation

I'm not positive, but it is looking to me as though there are still enough settings in avast 7 to disable all the functions that send info to avast (cloud). That's assuming there are no bugs of course.

 

Re: avast! 7.0 released!

TheWinBringeth,

Both EULAs were embedded in the installer by which I mean that the last step before either going forward or cancelling the install was to read the EULA. For Avast 6, by the time I got to read the EULA it had already uninstalled (wait for it) Avast version 6. <wry grin>. Avast 7's installer was better behaved, although I did use Process Explorer to stop it out of an excess of caution because of the previous problem I had with the install and Chrome (and Google toolbar in IE).

I'll try and PM it... I copied them into an RTF file (both v6 and v7).

 

Something to think about...

Can't say I've read every post here but there's this alarm bell going off in my head with some. It's the apparent presupposition that a non-specific disclosure in a company's license agreement regarding the way a customer's uploaded data may or may not be used by them, indicates a lack of trustworthiness. At the very least I would argue that there is no direct relationship between the two, and if anything, the opposite may be true.

I mean, it's an easy thing for 'Vendor A' to write into a license agreement something like, "At no time will the information collected by the Software be correlated with any other personal information related to you." and then not comply with it.

Whereas the fact that 'Vendor B' writes, "Information collected by the Software is generally not correlated with any other personal information related to you", indicates to me that they are more likely deliberately leaving themselves room to move should the need arise rather than plotting an evil plan to steal my identity.

In my overall life experience, the less contentious the wording of such an agreement, the less likely I am to trust them.

 

I think most of the information gathering can be avoided by opting out of the Avast! community option. AFAIK that leaves only WebRep and AutoSandbox sending information, but as explained earlier they cannot work without the cloud. If you truly want no information send you could of course disable WebRep since Avast blocks malicious URL's anyway through the Network shield, though if you want to disable AutoSandbox as well then you'll decrease security.

 

Re: avast! 7.0 released!

Got the PM. Thank you for doing for doing that. I think I get what was happening with avast 6. As for avast 7, I just tried 7.0.1426. The license link on the main page still displays an abbreviated EULA (without privacy terms) unlike the one you sent me. Maybe if I went deeper into it I'd see more. I'll probably do a full test of avast 7 eventually, and if at that time I see any issues I'll report them to avast. Thanks again.

Indeed.

 

I don't see why AutoSandbox would have to send any information whatsoever. What I do see talk of is the decision of whether or not to AutoSandbox being affected by file reputation. The file reputation service does (practically speaking, if to be comprehensive) have to send file information to avast. The file reputation service is new for avast 7 and it is that alone that has some people taking a closer look at things.

 

Re: avast! 7.0 released!

What link was that?
This link: http://www.avast.com/eula contains the full EULAs.

Correct. FileRep definitely does queries to the cloud.
As about Autosandbox, it may report on the findings about the file back to the FileRep service, if you're part of the community. I.e. if the autosandbox identifies issues with the file running inside the sandbox, it may report those issues back to the server so that they're taken into account when another user runs the same EXE.

Thanks
Vlk

 

Re: avast! 7.0 released!

The attached snap shows three overlapping windows. One shows the version of the installer run, one shows the installer window with a red arrow pointing to the link I mentioned, the third is the EULA txt file that is opened when I click that link. Note I'm scrolled to the bottom and it doesn't contain as much as the version at the website.

 

Are you looking at the same EULA? There are different versions depending on what you are installing.

 

Hmmm. I just noticed something. As you can see in the eula.txt above, the eula.txt file that has been displayed to me by avast 7 various times (including by installers I've downloaded via http://www.avast.com/free-antivirus-download ) says:

5. Governing Law and General Provisions
This Agreement will be governed by the laws in the force in
the country within the European Union, Switzerland or Norway
in which you are located at the moment of entering into this Agreement.
If you are located outside the European Union, Switzerland or
Norway the laws of Czech Republic shall govern this Agreement.

whereas the one at http://files.avast.com/files/legal/eula-avast-free.pdf says:

11. Governing Law and Jurisdiction
The laws of the State of California, excluding its conflicts of law rules, govern this Agreement and your use of the Software and the Documentation. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. The courts located within the county of Santa Clara, California shall be the exclusive jurisdiction and venue for any dispute or legal matter arising out of or in connection with this Agreement or your use of the Software and the Documentation. Notwithstanding this, you agree that AVAST shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.

So strike my previous "doesn't contain as much information" and make that simply "is different". Edit: Maybe locale switching is coming into play with this? I'm in the US. Edit2: FWIW, I just checked XP Professional's Regional and Language Options. Standards and formats set to English (United States), Location set to United States, Language for non-Unicode programs set to English (United States).

 

Edit: I think I goofed an edit and created a dupe. Deleting this. Below is what I wanted to be here.

 

Lastly, unless something else is requested. I just checked with a different machine. On a Windows 7 Professional x64 system with US location settings, using IE (rather than the FF I use), I downloaded hxxp://files.avast.com/iavs5x/avast_free_antivirus_setup.exe (tt changed to xx). Clicking the same link previously shown, I get what appears to be the exact same different & shorter EULA. So this isn't browser, OS, or machine specific. Both computers are equipped with avast 6.0.1367.

 

Reading all the posts here and in the avast forum, I'd like to ask one simple question in relation to the EULA debate:
Why would a company based in the Czech Republic, a.k.a. a Member State of the EU, (or does need to) choose the laws of the State of California to govern the EULA and the use of its products, a.k.a. making (practically demanding) EU residents/ citizens to accept those foreign laws (which they probably know nth about them in the first place)?
I think everyone knows by now that the EU standards of data protection are way ahead of what other countries (including the USA) offer/ apply.
And if I'm not terribly mistaken, no EULA is above the law, a.k.a. "accepting" an EULA doesn't mean that you waive your, protected by law, rights - with that in mind, the first excerpt that TheWindBringeth posted two posts above makes more sence to be the applicable one than the second one.

So, why was it changed?

 

Re: avast! 7.0 released!

TheWIndBringeth,

In my experience, website privacy notices are less than thorough. Actual install EULAs, however, tend to talk directly about the product being installed. But, as Avast is brand new to this Cloud thing, perhaps the lawyers got carried away. Perhaps. It's too early to know one way or the other IMO.

As it would be my first time moving to the new cloud paradigm (with Avast) I would like to error on the side of caution.

 

If you question security companies ethics and privacy concerns to such degree, one begs to question why are you even trying to use their product?

 

Agree

Folks,if you do not like or trust a product,there are many others available. Dont sit around digging for the the smallest thing to worry about,because in the end,your worrying about nothing. If your worried about privacy online,then your better off not being online period. Your using the internet,is putting your details out regardless of what AV your using.

 

Can anyone else confirm or deny they are seeing the behavior I described? Where the avast 7 User License Agreement link in "By installing or using the product, you agree to its User License Agreement" displays an EULA that is different than the corresponding one at http://www.avast.com/eula ? Theoretically this could be an installer bug of some sort. Avast would probably want to fix that.

 

RejZor,

Why is that any concern of yours? For my tastes, when I decide to use a brand new version of anti-malware software, I like to be thorough in my understanding and analysis of exactly what it is that is being provided for my use. I expect to be challenged in my questioning and expect to be wrong in the pursuit of that knowledge, but the consequence of not asking the questions is to accept something whole hog and then the bad is on me for failing to perform due diligence and finding out the truth about a particular thing, in this case, Avast 7.

 

Winner!!

(By contrast, those peddling the "TRUST ME BLINDLY" line just dig the hole that much deeper for themselves.)

 

Dont use their product if your so worried? Wow,amazing concept,try it out.

 

TheWindBringeth,

Although I was able to save the install EULA from Avast 7 in an RTF file, I was unable to do the same with the website link EULA you provided, which is a PDF file. I am referring to the PDF file there called "avast! Free Products (PDF)" So I can't cut and paste to compare. That said, the two documents appear to be identical. The one I copied from the installer had weird line breaks, while the PDF file is well put together.

The privacy protection section 8 has the same 9 points though... and one hopes with VLK looking into things, the questions about the EULA are close to being answered, as those questions pertain to the actual operation of the software and the data that may or may not be collected and used.

Thinkpad, XP PRO SP3, DropMyRights, Avast 6, MalwareBytesPro, WinPatrol

 

Hi Nord1. It was because of you confirming something different than what I've seen that I asked if there was anyone else who can chime in. A tie-breaker, chuckle. I also, I will admit, hoped that it might serve as a tiny morsel for thought. A reminder, if you will, that there are legitimate things to investigate, discuss, and think about. I liked your subsequent post, and the fact that you are a thoughtful person who does what we all should do. A hat tip to you sir.

 

WebRep, AutoSandbox and FileRep seem to be the modeules under question.

As FlyingRobot asked (not yet answered) over in the Avast Forum:

http://forum.avast.com/index.php?topic=94957.30

"Regarding the avast 7 WebRep:
- What portion of the URL is sent to avast? Just hostname? Hostname and some path? Hostname, path, and query params?
- Will WebRep send such information to avast when the user is visiting a site via HTTPS? If so, is that only done when a user is using a search engine via HTTPS (to provide reputation info for sites listed in the results) or is it also done in some other cases?
Regarding the avast 7 FileRep:
- What is the metadata that is sent? Does it vary based on filetype?
- A wide range of filetypes can contain some kind of threat (executables, various "office" type files that support macros, at least some types of media files, some image files too IIRC). Will FileRep only send you information about traditional executable file types or will it also send information about such other filetypes?"



I think FlyingRobot's questions are pretty darn good and far better that any I could have come up as to how Avast 7 works.

 

Here's another amazing concept: discussing a security program's issues on a security forum. Try it out some time.

 

Sorry but i haven't read so much crap in one thread since, well i can't remember really when that was because this one surpasses them all.

You do this kind of analysis for a brand new program made by an yet unknown startup. It's a new program, no one really knows the company, but it might be good. You do such analysis in such cases, because the company might be legit or it might just as well be the one with questionable ethics and methods. We've seen that before.

But NO ONE (and i mean like NOOOOOOOOO ONEEEEE) has ever gone questioning a company with 30 years of clean and proven rep sheet. You just don't. Well except you maybe.

Why is this any concern of mine? You're not looking for the "truth". You're just talking nonsense and in such case i'd be happy to defend any antivirus here, be it avast!, AVG, AVIRA or any other. If you question a company or a program, then simply don't use it. It's as simple as that. You don't keep on hammering with your head through a wall despite the fact you've stated like billion times that you question it and apparently don't like either.

Lets put it in the example every noob will understand...

If you see a moldy sandwich, you question it's quality and you don't eat it.
But apparently in your case, you "think" you see a moldy sandwich but you're still insisting on eating it. LEAVE THE SANDWICH ALONE FOR CHRIST SAKE