ESS collect personal information

Discussion in 'ESET Smart Security v3 Beta Forum' started by ASpace, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. ASpace

    ASpace Guest

  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    We need a clarification!

    Thanks Stem and HiTech_boy.
     
  3. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Very curious.
     
  4. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    you can disable threatsense if you do not want to send suspicious files and related data.
     
  5. ASpace

    ASpace Guest

    This is not ThreatSense , IBK . ThreatSense in NOD32 (according to NOD32's EULA) does not collect personal information . ThreatSense.NET collects only info about infected files/time ,etc . According to this EULA they can collect any information they want (it isn't written what the Software sends) . Written in that way , one can never be sure about their privacy . Written in that way it sounds like spyware , something that ESS shoud not be!
     
  6. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Is this not Threatsense.Net? Is this not just Eset covering themselves in case personal info happens to be included in the submitted data? On that assumption I have disabled Threatsense.Net but, as you say, Eset should clarify this.
     
  7. ASpace

    ASpace Guest

    Almost 12 hours have passed and still no reply . I am really concerned about this "not very well written EULA" and curious to have clarification about that "spy affair" . Thanks in advance.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You do not consider a temporary folder name with a user name personal data? It may be included in ThreatSense reports if an infected files is found in, for instance, "C:\Documents and Settings\Smith\Local Settings\Temp" folder.
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Looks like they are just covering their behind...
    It states "may contain" there's nothing that says "does contain".
    I guess that's ok when you submit samples - They need to know file versions etc. to see if you are up-to-date and whatnot.
    They also need to verify files that *may* be affected if you have some nasty installed...

    I don't see any problem currently.
     
    Last edited: Apr 9, 2007
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We in Slovakia are celebrating Easter, the most important feast for a majority of people, perhaps it's not so in Bulgaria if you want people from Eset to respond here immediately :eek:
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It's over in 1 hour over here in Denmark ;) Just to let everyone know! woohoo
     
  12. ASpace

    ASpace Guest

    So this is ThreatSense.NET (but more advanced) ? Thanks for your answer - as always , any word from ESET is much appreaciated! :thumb:

    Sorry , Happy Easters ! It's still the second day of Eastern here :D
     
  13. ASpace

    ASpace Guest

    Well , Brian , after all the posts here , it seems so . However , if it is really , I think they should change the EULA (add some more details) . On a first read it sounds differently , like I wrote "spy affair" . :thumb:
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Well, the underlined sentence actually means that Eset will also receive information about an application/process that created a malicious file that was subsequently submitted for analysis.
     
  15. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You have to read EULAS very carefully, most of the time they can be very tricky to understand - The company behind must also write the EULA carefully to comply with international laws (and some do not comply).

    So far it looks good to me. "Personal info" is their way of saying "Hey, if you submit a personal document that's infected, we can't do anything about it".

    Current NOD has the option to ignore certain types of documents so you don't submit them by mistake (if they should contain any secret data), and I'm sure some users already made that mistake, so by typing that in the EULA they are covered.

    My view on the matter, you may see it on another perspective.
     
  16. ASpace

    ASpace Guest

    Yes , my first tough was , after I install ESS , it automatically submits all the content of my "My documents" or "Program files" :D :D

    Generally I am really paranoid person and written in this way , it really worries me and that's why I posted (for some kind of clarification)
     
  17. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    Clarifications are good thing but what matters is document, and yes, it states that Eset can collect anything from the infected computer, where "infected" means they suspected (cannot be otherwise if we are talking about new infections).

    Actually, underlined sentence does not mean that. Maybe who wrote it did mean that, but failed to phrase it so. Sentence means - any files from the computer with ESS.

    So, it is very reasonable to think that theoretically, if Eset found you writing for example a patch to increase number of half opened connections (which at present it considers infiltration), it could start to review what actually you are doing and "legally" collect more files and information than necessary for analysis of suspected file.
    Different comments that they are not going to do so are useless until the document is changed to reflect that properly.
     
  18. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Basically, if you send any data to anyone from your machine there is a risk of some level of personal data being sent, even if it's just your user name. They have to cover themselves in that event, in the same way that good 'ol Microsoft did when they released Windows Defender. It was a similarly worded 'warning' from them...
     
  19. ASpace

    ASpace Guest

    and this is something that interferes with our privacy and something that I definitely don't like . As cerBer said , written in that way it can only mean that any files , not just the (name of the) application that created an infected file or infected files' path or infected document or ... If you meant something else , as you claim , this will only mean that the End User License Agreement needs changing . Otherwise... ... :( ...
     
  20. ASpace

    ASpace Guest

    Marcos , may we be given the whole EULA of ESET Smart Security Public beta 1 in the so called printable version , just like Aryeh posts the NOD32 2.51's EULA here
     
  21. extratime

    extratime Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    100
    I agree. This EULA is very badly written. If the intention is innocent there is no harm in expanding it so it is clear to the average reader.

    In all seriousness ESET should revise the wording in future releases if they want customers (like myself) to have any confidence in their business ethics.

     
  22. ASpace

    ASpace Guest

    Well , I reinstalled Eset Smart Security . The point was to be able to read and print the whole EULA . This is what I did .

    After that , I continued installation in Advanced mode where one is able to change settings . Then it came ThreatSense.NET settings . You read ... and then it comes , you'll be able to have more information after the installation is finished , in the help file.

    I temporary disabled ThreatSense.NET , installation finished .
    I first opened the help file and found info about ThreatSense.NET where everything is made clearer !


    Conclusion :
    Badly written End User License Agreement . I do think you should include more information about what the software is going to do , a lot more information before the installation is done ! Thanks !
     
  23. extratime

    extratime Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    100
    Not a peep from ESET after the last batch of comments. No reassuring the customer that the wording would be changed in future releases.
     
  24. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    You should pay attention to sentence "The Provider shall use the obtained Information and Infiltration only to review the the Infiltration and shall take reasonable measures to keep the obtained Information confidential."
     
  25. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    My 'pennyworth'...

    Firstly, anyone can get a full copy of the EULA by asking the Beta support team. They sent me a full copy by return e-mail. Personally I don't think they need to change anything. I've studied the wording and, on balance, I don't believe there's anything to cause real concern.

    I'm also surprised about the questions relating to Eset's business ethics. I've known Eset for about 7 years and never had a reason to question their 'ethics' at any level. It also would not make a lot of sense for them to take any risks - they are now a well known, well respected and closely observed security software vendor. It would be commercial suicide for them to be careless in the way they handle customer submitted data.

    For what it's worth (and I think it's quite cool...) you might like to try this: http://www.javacoolsoftware.com/eulalyzer.html This utility comes from the same stable as the well-respected 'SpywareBlaster'. If you run it and analyse the Eset EULA, you'll find that nothing much is flagged as 'interesting' (Javacool speak for suspicious). You can even submit the Eula for further analysis if you really want to, but I won't be going to those lengths.
     
    Last edited: Apr 12, 2007
Thread Status:
Not open for further replies.