What Anti-Virus [Paid/free] do not collect all your data/information?

The information that's collected varies by AV provider, but that's the way I look at it too. The only way to keep up with fresh samples is just having their users automatically send in stuff, and it pays off if you are hit with something new.

But also,

You're far from wrong in questioning any proprietary software that has means to collect even "only metadata" in this age. You can't rely on people's good merits that they won't get somehow into your stuff. Considering though that AV providers supply products to workplaces and other environments that warrant a level of trust; then it'd be public image suicide for the company if ever, whenever, sloppy or shady tactics show up as the result of a third party audit or an employee gone whistle blower.

If that's what you're worried about (watching your back against the watchers), I think you're more looking at dumping any proprietary OS you have installed and switching to Linux or OpenBSD as well. And at that point, you're a lot more hardened from all the things the AVs were protecting you from too. (not that any OS is bulletproof, but I've yet to hear a strong argument AGAINST switching to open source OS)

 

I love Linux but unfortunately I play many games and ofc Linux doesn't have any really... If adobe suite and most games worked on Linux id switch right now but I can't. An the problem with many "open source" softwares is everyone assumes its been checked, and because everyone assumed such, no one has actually checked the source lol.

 

I thought that might be your concern, but your "log every...." language confused me. I suspect that most AV companies would assert that they don't log this or don't log that or don't retain logs more than a few days, etc.

I think the "can't reliably know what happens to our data" issue cuts both ways. We may not know that our data HAS been mishandled in some way... we may not know that our data HASN'T been mishandled in some way. So it basically boils down to how one prefers to (or is required to) deal with such uncertainty. Some would assume/believe the best (mishandling=no). Some would assume/believe the worst (mishandling=yes). Some would eliminate the uncertainty by eliminating the data exposure.

Edit: One possible approach to cutting off information flow would be to block the communications. Selectively (targeting query and upload servers, if they are unique) or broadly (which would prevent downloaded updates you would probably want, so you'd have to acquire and apply those separately). You'd want to be careful about interfering with license checks. You'd want to look for "dual-use" communications (upload data and download data over same connection). Corporate environments are more strict about locking down communications, so business versions might be more compatible with this approach.

 

Yes, that is the reason, why cloud AV has the best detection and the reaction time. It is like coming to a bakery and wanting to bake a cake for you, but you will refuse to tell anything, like what flavors you like, what shape or size and so on. If you want a good AV, you have to give up some of the privacy or you can just loose AV. Windows has enabled by default about 20-30 tasks reporting daily to Microsoft all kind of information about your computer and files, a customer experience thingy.

 

Since I'm already using Windows, I figure using MSE won't send much more information to Microsoft that it already gets, and it eliminates using a third party AV that would collect my data, as well.

 

On one side this makes sense, because it minimizes the numbers of party who can collect user's data. On other side, it doesn't help much since the data is still being collected. This is the region for trust, or in my book the region for comfort. The VPN might mishandle user's data as well as the AV. To put it simply, the knowledge one used for picking a VPN service can also be used for picking which AV product to pick.

 

Because all AVs uses the same engine, has the same features, and runs beautiful and light on our PCs?

 

Sorry, I don't get your point.

 

I don't pick wich AV to use based on my VPN knowledge. One should have some AV knowledge when you consider what AV to use IMO

 

Since we are talking about privacy concerns, emphasis should be put in these terms. The originating country of the product, the applied laws regarding the handling of customers' data in a product's originating country, the policies that tells users about what info the product collects if that makes the users comfortable, etc. Then again, if the user does not find a way to be comfortable with a service then it's better to not using the service since the first place. I'm not going to use Tor for a reason.

 

Same boat, games keep me on Windows. Games that will never be ported to Linux, and not because the engine they were made in wouldn't do it- the devs just don't want to invest the time and money (Like Cryengine 3). The best I could come up with is strictly using Windows only for games and Linux for everything else. But, duel booting can be a hassle unless you have SSDs that load everything up fast (once you have one OS loaded it's hard to want to reboot just to do something on another).

 

Yes, that way of thinking works fine before installing the AV, like country origin, how they handle the data etc etc...but there's no point in installing an AV if you will end up disabling 50% of the product and not use the product to its full potential, like if it has cloud detection and protection capabilities. Then you would do yourself a favor by not using the AV at all. I have heard too many stories of users that have disabled everything cloud connected in their products because they
"don't like it / don't need it" and then they wonder how this or that could happen when the local signature database was up to date.

Of course each to their own and all that, but don't blame the product incase something goes wrong if you have disabled essential features.

 

YEAP!

 

Thus far:

• References to "paranoia", "FUD", and/or "tin foil hat"? Check.
• If you don't allow all data collection/uses you'll be "helping the bad guys"? Check.
• You have no grounds for concern unless you have something bad to hide? Check.
• Inappropriate data handling would promptly become public? Check.
• The potential consequences of inappropriate data handling would be severe enough to prevent it in the first place? Check.
• Give in or pull the plug, there is nothing in between, you have no privacy anyway? Check.
• Why be concerned about this when there are other threats like X? Check.
• There is no point in using an AV if you aren't going to use all of its features? Check.

Some of those our downright pathetic, while the rest are simply very weak. It is important that people understand both the cons and pros of cloud-AV. In threads like these, there is rarely if ever anything substantial in terms of pros. None of the above points are pros. I don't think I've seen a solid example of a pro posted in this thread.

Why don't you provide a few? Point out several examples of detection that is impossible to accomplish without user X sending sensitive information to the cloud. Ordinary URL and file "reputation checking" can be accomplished using downloadable rules and a careful combination of allow, deny, and prompt actions. So don't just go there without some specifics. Don't go to the "cloud-AV has better detection because users are sharing info" argument either. That in no way justifies user X having to send sensitive information to the cloud. How the cloud-AV company collects its information is not user X's problem. User X wants to know of cases where they, specifically, MUST sacrifice infosec/privacy in order to accomplish a certain type of detection (and where no other type of design would do).

I think by doing so you'd be addressing the OP's "But does it need to log EVERY..." question earlier, so on topic.

 

Actually all the above was already discussed ad nauseam over wilders across several years.
We just summaries some of the conclusions of these long and often dispersive discussions.

If you have different conclusions to propose please do so. However, raising more questions or doubts will not really help the OP.

 

From the av comparative report, the top 3 best are as follows.

The best is escan with the least collection. The followed by Fortinet and then by emsisoft and ahnlab. SO if you want a free av then fortinet forticlient is for you. For paid escan.