How do the latest revelations about US gov spying affect your choice of AV ?

NSA, Google, Microsoft etc.

If you use the Windows platform like most of us it may be a moot point.

I'd be wary about companies like McAfee, Symantec.

Basically, there are two ways to buy an AV: anonymous and registered (box in shop vs. online).

Now, it seems unlikely that an AV like Kaspersky is eager to please the US government by cooperating.

What about other AVs/suites, like Eset, Avira, F-Prot ?

We don't know what/if there is really coorporation between the AV companies and the US gov. Although there have been reports about certain vendors not detecting certain government malware.

And 'metadata' is not always as anonymous as believed, I think there is a thread or post about that somewhere on this forum.

Thoughts, ideas, plans ?

 

Actually, I use my AV to check for infected files, but I will never expect it to find government rootkits/trojans/etc. So in my case, I didn't feel like changing my AV because of the NSA scandal.

 

Might as well ask how it affects your choice of underwear...

 

I was thinking about sharing of information and spying.

 

I know... I was just joking... At this point, I don't think there's any way of knowing, and I don't think there's anything that can be done anyhow... we'll probably never know what is and isn't gathered, looked at, shared and so on..

 

I don't believe there's any way to prevent government intrusion; if they want in, they will get in no matter what the user does.
I feel very sure intelligence agencies (domestic and foreign) have the capability to spy on anyone and to trace e-mails, browsing history, downloads- pretty much anything and everything one does via a computer/tablet or smart phone.

Forget about anonymity; we have none.

 

Only through leaks, and they always come too late. I wouldn't concern myself with which AV to avoid on a subject like this. I'd be much more worried about email services, services like DropBox/SkyDrive, social networks, VPN services and that sort of thing. These are the real danger areas.

 

Prior to these latest revelations, I was running Vba32 for a little while. During that time, the thought crossed my mind that Vba32 might do a better job at detecting this type of malware after reading that they were the first to detect Stuxnet. Realistically I don't think it will affect my choice of AV, but it is an interesting question. I think a good HIPS/firewall combination may be the best defense.

 

These recent revelations reinforce concerns that have been expressed, here and elsewhere, before. Namely, that the information (about a user's devices, OS, files they download, the software they run, the sites and URLs they visit, folder and filenames, account names, etc, etc, etc) flowing out of their device(s) and into AV companies could fall into the hands of others and/or be used in ways which are deemed unacceptable to those who would be affected. At this moment I'm not sure what more can be said about this except that I think it would be extremely helpful if all AV testing organizations also assessed products from the "information being sent to the AV company" POV.

Simply purchasing AV software with cash won't eliminate all the potential issues but it might be reasonable to award a product extra points if it is available in retail outlets and can be purchased with cash. It would certainly be reasonable to assign points based on how much information is required to get the product up and running (including registration, whether online accounts are mandatory, etc) and keep it active (online license checks that send info, metrics, etc). Then, of course, there is the extremely important issue of how much information... and what specific types of information... the product phones home during use, what configuration options there are to control that, and so forth.

 

I do think such issues that you bring up are worthy of discussion and thought over. I just think there are other issues such as what I outlined above that trump the concern over AV companies. Now, web shields and such things as MBAM's IP blocker are both something to look into more, as they basically have to know where you are visiting in order for them to do their jobs. They have to scan IPs, scan links, etc.

 

Doesn't affect me at all, it's been there all this time and nothing has happened with me or my computer (that I know of), and it doesn't affect me now after we have found out about it either, since I can't do much, or anything at all about it.

I have other things to worry about, it's just data, and even if they collect data about or from me there's nothing interesting in my data that they have any use for.

 

I'm not so sure vba32 was the first to discover Stuxnet. There is a post on this forum somewhere stating that Webroot discovered it earlier than that. It definitely could be a possibility since WSA is purely a cloud antivirus. Before Webroot obtained Prevx is was always known for discovering many threats before other AV's knew about them. It also comes at a cost though. It's hard not to have lots of false positives when the cloud is analyzing Millions to Billions of files per day. Webroot has gotten much better over the past several months. They don't have nearly as many false positives as last year when third party vendors began testing them. Their product just keeps getting better. As long as there are no compatibility issues I prefer using WSA along beside another AV on powerful Desktop computers. I prefer to run a lighter setup on my Laptop.

 

None, who can you trust anyways? If there's a good open-source AV by a reputable company from a pro-privacy foreign country that you can compile yourself, then that may be the best bet. Or you can just use none and have just one less software (including the OS) to be worrying about. Doubt it's worthwhile, seeing all the other ways they can track you.

 

I wasn't so sure either, but recalled hearing something about it - most likely right here in these forums. That is why I found a reference to link to before posting. It doesn't really matter though in the context of this thread. My point was that using AVs from companies located outside the influence of the empire might be a better choice to detect malware generated by said empire.

 

Hi

Yes i also remember a similar toppic
https://www.wilderssecurity.com/showthread.php?t=333380

Regarding AV and law enforcement trojans/policewares
http://news.cnet.com/Will-security-firms-detect-police-spyware/2100-7348_3-6197020.html
http://kevtownsend.wordpress.com/2011/05/04/fbi-cipav-spyware-and-the-anti-virus-companies/
http://it.slashdot.org/story/13/05/...-wont-co-operate-with-pc-hacking-dutch-police

Of course, most US based security campanies are known for their collaboration with Gvt agencies, and in our case, Norton/Symantec is-for my concern-the most untrusted AV editor.

As things are not always white, not always black, but often grey, then what and who should we trust?
Using technology with constant privacy cautions could tend to the paranoia, even by using a kind of Bible of privacy like the EFF SSD project
https://ssd.eff.org/bg/book/export/html/14

Rgds

 

Agreed. When you consider they have their "cloud" databases they must have a list of all of the files that exist on your pc.

 

Using an AV based in a country that's not aligned with your own might help with detecting older versions of official malware, but they're unlikely to help with the current stuff. Domestic AVs are in a no-win position when it comes to government malware. I'd be willing to bet that they've been given NSLs regarding government malware.

Unless you're being specifically targeted, it's unlikely that you'll ever see government malware outside of that which may already exist in Windows. Most of the time, they'd have no need to use it. They already have access to everything sent over the internet by your system. The exception to this would be if they don't know where you are and want to locate you.

If for some reason you believe that they are targeting you, don't count on any detection program to identify such malware. The typical malware writer knows how to make their code evade detection. The NSA definitely would know how. The only realistic defense would be based on a default-deny policy with only those executables needed for normal operations whitelisted, and very close attention paid to the details.

 

How is the choice of AV related to alleged NSA spying?
They supposedly copied data directly from inside data centers.
Nothing to do with your client protection, or lack thereof.
As to AV: none.
Mrk

 

Same here. I don't like that it's taking place, everyone values their privacy, but I understand why they're doing it. They're up against a group of people that do not care to set off a bomb that kills or maims innocent children, women, or men. These people are in our midst, and they play by no rules. If the NSA is collecting data on my family and scrutinizing it...well, they're in for a pretty boring time. They'll see my wife doing her Facebook thing, or talking to her Aunt Mae, or her sisters, or me visiting Wilders, or downloading some just released application, or me cussing out some telemarketer. But as long as it leads to our streets, homes, and lives being safer then so be it.

Later...

 

Unless of course one is using AV or some other "client protection" software or feature (URL checker, hostname checker, IP Address checker, whatever) that is sending information off their machine and into affected data centers, companies, etc.

The above may not apply to your machines, but it surely applies to huge and probably growing numbers of individuals and companies. So even if one's own machines are robustly secured against information leakage, said individual and/or company can still be affected if a company they do business with doesn't robustly secure their machines. It is these later points that we should draw attention to and encourage people to think about. Not simply because of government sector datamining/spying but also because of commercial sector datamining/spying.

 

My feelings.

 

Didn't read all, sorry.

But my AV, OS, browser, pgp etc. imo doesn't make any difference. My paranoid delusions from when I was a teenager have all been proven true. I have to add I don't have anything to hide from any of 3 letter agencies. One of my suspicions was that any effort to encrypt data that goes through the cloud just makes me seem more suspicious. Besides having nothing to hide being lazy helped me from implementing said such. Certainly an AV makes no difference.

 

Wait, so when I said I don't trust Chinese AVs, since their government is communist, has a history of hacking the US, and disregards intellectual property rights, I was called paranoid. Yet, you guys are paranoid about non-Chinese AVs? A little hypocritical.

 

Whoa there. I wouldn't put a Chinese AV on a pc either.

My point is if these home grown agencies want info they can get it.

 

Since when did the discussion about not trusting US AV's become non-Chinese AV's? I haven't even seen the word China or Chinese before Brandonn2010 just had to change the topic. At least link to whatever thread of relevance before those empty words.

Anyways, even though some governments are exposed to be anti-privacy, I wouldn't base my AV choices on simply those blacklists.