AVs Spying on People - Conspiracies

Discussion in 'privacy problems' started by Brandonn2010, Oct 8, 2013.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    So someone on Maximum PC was commenting on AVs spying on people, such as AVG and Avast! and that it clearly says so if you read their EULAs. Is there any truth to this? I never read those things, but I wonder if anyone has, or if there is any truth to what he said:

    http://www.maximumpc.com/avg_avira_among_websites_defaced_palestinian_hackers2013

    ~ Removed Magazine Comments - Read Their Comments Via The Above Link ~
     
    Last edited by a moderator: Oct 9, 2013
  2. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Brandonn, your inserted text says it all, and NOTHING would surprise me about AV's, but so the story goes Im pretty paranoid ;) so you might want to see when others chime in to see what they say....

    Meantime, I would encourage you to read those damned EULAs. Oh and since you dont read them, you might want to hi-light and paste into a word processor for a MUCH better viewing experience since they typically give you a small viewing window with squashed up boring fonts to make you scroll and scroooollllll ad infinitum. (Bottom line, they want to make it as difficult as possible for you to read..... but that could be paranoia speaking o_O :) )
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Where privacy matters, I would never use any product that uploaded local information without explicit permission and oversight.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    It's been a while since I last used Eulalyzer, maybe that will change.
     
  5. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    Remember the Zone-Alarm scandal ?
    https://www.wilderssecurity.com/showthread.php?t=116345

    Check Point Software Technologies Ltd, who owns/develops Zone Alarm,
    is an 'international company' with head-quarters in Tel Aviv, Occupied Palestine .
    http://en.wikipedia.org/wiki/Check_Point

    They are also a major employer of 'ex-' 'Unit 8200' members,
    even the founder of the company, Gil Shwed, served in 'The Unit'
    http://www.forbes.com/2007/02/07/israel-military-unit-ventures-biz-cx_gk_0208israel.html

    This is how the military-industrial complex operates, there is no
    'conspiracy-theory' here, because it is not theoretical !
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    One thing is statistical collection of information and another actual spying. In the end it all boils down to trust.

    For example, at work, for the purpose of what i do, i have to collect customers name, surname, home address and phone number. Good business practice says i should not abuse that information and i don't, but still, one could question this. It's no different with antiviruses. They collect the same data (sensitivity wise) and we trust them to handle this data with care. And they do that.

    If you feel like you don't trust them, then don't use their program. It's quite simple as that. But frankly i see no point for them to run some secret agenda. Their main concern is the product itself, not your personal info beyond what they need to provide you with better malware protection. Besides, once you work with a company so closely as some of us do and you get to know them, you start to think differently.
     
  7. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    This discussion sort of puts all cloud technology under suspicion.
    We have cloud storage etc.

    Best way is simply not to use cloud technology at all.It rather boils down to what information you have on your computer.

    The security vendors need to check your files against their cloud database in case of present malware.
    Its perfectly reasonable that they do this.
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Exactly. :thumb:
     
  9. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    A tutorial on exactly how to observe any such leaks of phoning home would be a great thing for those of who are not so proficient in locking our systems down and/or still learning.
     
  10. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    It is entirely possible that these AV programs can be doing as alleged. The AVs have unlimited access to our computers, and everything contained therein. They also have virtual unrestricted internet rights as they go about their function(s). Who knows what they may be sending back along with anonymous usage, and other collected security info. It does come down to trust. Who do you trust to do the right thing for their customer?
     
  11. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Scams and people have been partners since the beginning. Aside from those who say the only thing you can be sure of is that nothing is sure.... I offer this: Trust is knowing, knowing 100% that you can believe what it is you're supposed to be trusting. Its a black and white thing. Unless youre 100% sure about something then youre really only hoping on the balance of probabilities. You hope and presume that peoples word is good. Generally you only have an AV's EULA to go on to believe or not what they say. Worse, they can be so full of in clauses and out clauses your head is spinning after youve finished reading it all. But wait theres more.... you still have to make sure you read these frequently which may be updated at any time. o_O

    ... trust no one (especially on the internet )
     
  12. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Cloud augmented applications are as much of a security/privacy threat as any application that has been granted internet access on your system. Not to mention this concern can be easily managed by limiting application and system permissions and by not storing information locally on the machine. Nothing wrong with cloud storage, presuming you limit what content you back-up and store off-site. It really comes down to one simple thing: if you are worried about your data being access. Don't allow third parties to access it remotely and don't allow third parties to store it for you. Probably the biggest concern that I foresee is companies like Microsoft and Google integrating cloud back-up services directly into the operating system. Not sure I'm going to trust my privacy a toggle on/off menu option. I expect cloud integration to expand. Companies have a vested interest.
     
  13. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    As everyone else has said. Anything cloud cannot be trusted. But if I had to use a cloud AV I would go with the one in Russia or China for better privacy protection (since Im based in U.S. --> opposite for Russian/Chinese users).
     
  14. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    That's what I recently said to a user who did disable over 50% of essential features in ESET NOD32 AV "for privacy reasons" I said you're not making it easy for the AV to do it's job when you disable all that. He disabled automatic updates and so forth...

    So my advice to him was to use an on-demand AV ONLY if he was that concerned about privacy, I also said that I am concerned too, but not to the extent that I am willing to disable essential functionality of my AV and make it hard for the AV to do it's job. Uninstalling it all together is a better solution in cases like that.
     
  15. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    So the question is then, if they are leeching info off of your Computer how do you know? If you don't know then you're simply guessing and more often than not it comes down to a trade off between what constitutes the bigger risk.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    There's no tradeoff if you use Linux. Once you opt out of stuff like error reporting and online search extensions, which are all at least somewhat documented, there's no leeching. If there were, it would be major news (in the Linux community, anyway).
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Is Linux, or the right package at least, easy to install and get to know? For years Ive wondered about using it . The closest I got was divvying up my HDD with one partition hidden with the intention I would install it when I got around to it...oh that and using a knoppix CD. All that was years ago :( and even before a got my Peecee I toyed with redhat in the shop.

    As far as things phoning home, if I'm aware of it I'll do what I can to screw it down. Windoze search will try and do that.

    FOr a long time I have wondered about AV's as they are one of the apps you HAVE to allow or you might as well not have it.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I recommend starting with Ubuntu or Debian. I'll probably get flamed for that ;)

    Linux doesn't (yet) need anti-malware. It can be compromised, of course, but I'm not aware of viruses like Windows gets. As long as you don't open ports for servers, and don't have someone skilled after you, you'll be safe.
     
  19. Snoop3

    Snoop3 Registered Member

    Joined:
    Jan 2, 2011
    Posts:
    474
    one easy and small program to try is SmartSniff by Nirsoft - don't even have to install it.

    otherwise i think you have to use a firewall with settings as default deny any new program and default report any programs that you think are suspicious or you want to monitor any time they try to to connect to the internet. also, once you find the domains and IPs the suspect programs are connecting to you can block them with hosts file additions or thru an IP blocking program like PeerBlock.

    i think if a person blocked their AV access to the internet and then just downloaded the definitions manually they could avoid this problem of (especially FREE) AV's snooping on them. i don't doubt for a minute that when they have millions of users (and iirc Avast Free supposedly has TENS OF MILLIONS OF USERS) that this metadata, which might be worth only 10 or 50 cents per user per year may be collected and monetized. Their revenues on this data would be in the millions of dollars per year - are they really going to pass that up or are they looking for ways to cut corner on their privacy policies?
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I keep all my information of importance in a large TrueCrypt volume on a separate partition from the C: partition. It's become routine for me to mount my TC volume after I boot-up. I tell you this to explain that I dismount my TC volume (with all my important data) before I run anything that's scanning my files. Sometimes filenames alone can be private. I don't want my filenames going to some AV company to cross index with their database. So I've thought of this long ago and prevented even the possibility. Just a thought that others might consider. I also know people who keep all of their data on a USB drive or even a large 64gb SD card. Easy to pull before running an AV.
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    So you're using on-demand AV's only and maybe outbound firewall control? There is a slight trade-off in security though, especially for removable drives.
     
  22. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Thanks Snoop for your advice. :thumb:

    Nirsoft have some great utilities and I love the ones you don't have to install. I will go and get Smartsniff. I've been looking for the best site to do ip lookups but a quick check on their privacy settings reveals the same old same old.... logs etc etc :( Ive just been over to GRC and theres one there, a tiny 18ks or something but its pretty dated.

    Well even at this late stage, still on XP, I'm still keen to get to know my Kerio2 FW much better. It's served me well for years but unfortunately that's not through a sound working knowledge on my part, but more likely "I mustve done something right". Anyway Ive just been in there setting it to throw up warnings when typical M$ programs try to go out on the net when they ain't got any business to.

    I never thought about the sheer numbers so I bet you're right about AVs utilizing the metadata and turning into cash. What a crazy world. :(

    I never thought they'd siphon the names of your files :blink: but of course they would and thats just crazy.
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    IMO, one or both of the following apply:
    The AVs intrusiveness is the result of collaberation with or coercion by "official snoops".
    The intrusive behaviors are acts of desperation, digging through everything and hoping to find something in an attempt to stay relevant.

    The parallel between real world (official) spying and how current AVs behave is too close to ignore. Both want too much access to data and files that they have no legitimate need for. The last I knew, software that sends your personal files to someone else was called a trojan. Just because their EULA states they're going to doesn't change that fact or make it right.
    I see that you're using XP and Kerio. That makes it a bit easier. There's 2 separate but overlapping problems.
    1, Capturing all of the AVs outbound connections.
    2, Determining what data each connection is sending.

    Kerio will alert you to any connection attempts made by the AVs own executables. Catching those is easy. Connections made by an AVs service level components is more complicated. These often use svchost.exe. The default rules for Kerio (and most other firewalls) whitelist svchost.exe by default. If your ruleset contains the default rules that Kerio starts with, that traffic is already permitted. Have you read the Kerio learning thread? There's quite a bit in it regarding service traffic.

    The other part of the problem is going to be reading the traffic. If the AV isn't sending everything as plain text, it will be very difficult to detect if it's sending your files or their actual names. I'd bet that most of the traffic you intercept will be unreadable.
     
  24. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Thankyou noone for your great post! :thumb:
    I agree and certainly the collaboration. For a long time Ive suspected they are legalized trojans. That being the case, do we really need an AV if we learn to lock down our systems?
    :thumb:
    More than once Id come across people who said they hadn't had AVs for years. Can't remember details about other security measures but I remember them saying as long as you had your firewall set up properly and you used common sense you were good to go. When I was on dialup I had soooo much trouble with Avira and it wanting to DL a humungous file every time there was an update, the whole scene became unworkable. AVG became so bloated my system started staggering under it's weight. So I ditched them. I never got a virus and my system is pretty responsive after trimming those off and the fat of windows bloatware eyecandy. Boots are pretty fast and shutdowns are OK.

    A little while ago Id looked through the "other firewall" subforum and I didn't see that info in your link. A long time ago I went to DSLreports and I think it was gwions default ruleset that I started with. I knew NOTHING about firewalls and Kerio drove me insane with all it's pop ups, but I had enough sense to put up with it and somewhat train it. As I did, the notices got less and less, but I didn't understand what was going on under the hood and I still have a long way to go. Yes theres a lot of info. Thats said, is Kerio still the best (free) Firewall for XP providing one is able to grasp what it's doing?

    OK, so I see Ive got 6 of these running in taskmanager. Havent had time to finish looking on blackvipers tutorial which says theres a couple of these one can safely weed out.

    Ive just downloaded a utility for viewing Kerios logs. I've found trying to view Kerios one through its own interface is very glitchy.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's several ways to approach security on a PC, aka different security policies. Each policy has its own strengths and weaknesses. Security apps such as AVs, firewalls, HIPS, sandboxes, etc can be regarded as policy enforcement tools, each best suited to a different policy. What ultimately protects you is the security policy you choose and how well the apps you're using can enforce that policy. While this might sound like a word game, it's not. Many people install what they consider to be the best AV or firewall, HIPS, etc, then configure their system around it. This is the exact opposite of what they should be doing. The user should start with the security policy that best matches their system, skills, and how their PC is used, then pick the apps that are best able to enforce that policy. There's several basic or core security policies:
    1. Default-permit
    2. Default-deny
    3. Containment and/or Virtualization
    4. Reboot to restore
    AVs are designed for default-permit based policies. They can't enforce a default-deny or containment based policies.
    Classic HIPS are best with default-deny policies. They're not strong with containment based policies and are incapable of detecting malware.
    Sandboxes and virtual systems are ideal for containment based policies. They can confine malware but they don't directly detect it. They can't enforce a default-deny policy.

    Most of us who don't run an AV are relying on policies that are not based on default-permit.
     
Thread Status:
Not open for further replies.