What do infomation do Online AV scanners keep?

Discussion in 'other anti-virus software' started by T772, Sep 29, 2005.

Thread Status:
Not open for further replies.
  1. T772

    T772 Guest

    Hey there, I have started trying to use online scanners to see what they are link and if they find any Thing that Nod or McAfee have failed to find. So i figured that i might as well start off with McAfee and when I read there T&Cs I was a bit concered after reading this;

    15. Privacy. By entering into this Agreement, you agree that NAI may collect, retain and use your personal information, including your name, address, e-mail address, and payment details. Your personal information will be used primarily to provide services and product functionality to you. NAI may also use your personal information for additional communication with you, subject to your decision not to accept such communication from NAI and subject to applicable laws.

    Is this standard ,and is it ok to trust the online scanners with any info they rertain for use of there services?

    T
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I think all of them collects: OS (XP, 98 etc.), Country and of course the infected file(s). They may also look for installed antivirus programs on your computer, however I have never seen any online scanner that collects personal information like your name, payment details and so on. Although I have never really looked for it either...

    Think I'll have a closer look on all of them and report back if I find anything ;)
    Panda, Kaspersky, Trend Micro, BitDefender, McAfee, Symantec, eTrust, F-Secure & Ewido.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Panda is good
    Kaspersky is good
    Trend Micro does not say anything about collecting or not collecting information.
    They are collecting country and infected file/malware names though.

    BitDefender does not say anything about collecting or not collecting information.
    They are collecting country and infected file/malware names though.


    Symantec ... Not really sure
    eTrust .. No idea if it is for the scanner or something else
    F-Secure does not say anything about collecting or not collecting information.
    They are collecting country and infected file/malware names though.

    Ewido does not say anything about collecting or not collecting information (only web access, ip address etc.).
    They are maybe collecting country and infected file/malware names though.

    -------------------------------------

    That's what I could find - I'm sure someone else will do better ;)
     
  4. Tom772

    Tom772 Guest

    Re: What infomation do Online AV scanners keep?

    Wow ,thanks Brian N for checking all those T&Cs!! To be honest I never really read T&Cs most of the time, like alot of people I know. I guess if you already use a product by a AV company its fairly safe if they have your details, but I wouldn't wont any AV taking my personnal details and using them for what ever perpose.

    Tom
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
  7. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    The online-scanner does not collect anything :)
     
    Last edited: Dec 25, 2005
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    At the time of reading, you stated that ip adresses were recorded upon entry on your web page.
    This could very well have changed, but not at the time this "test" was conducted :)

    And you still do actually.
     
  9. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    -> webserver logfile, we can't turn that off :)
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Oh, thought it were your own servers.
    Maybe put that in your privacy statement that a hosting company is collecting ip adresses?
     
  11. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    It's our own server farm... We are collecting and storing them for security reasons for a short time, that's all and absolutely not uncommon :)
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm.. I may be the underdog here, but all of my 9 servers has no ip loggin, unless I spot something unusual.
    Then I start to record ip & web access + other stuff.

    Sorry, I can't see how this would improve your security by collecting someones ip.
    Not to mention the work to filter out the normal entries on your servers.
     
  13. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    I've edited my inital post from "we do not collect" to "the online scanner does not collect" because that's what I really meant...
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Panda requires a name and email address. You will later get email advertisements from them.
     
  15. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Not by using their online scan.
     
  16. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    There we go, all I wanted to know :)
     
  17. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Just a note no anyone interested: Ewido is logging your ip, date and ref.
    You may wonder what they use this information for, because I don't know.
     
  18. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I assume "ref" is referrer... But anyway, this doesn't look problematic to me. Any software that does statistical analysis of the visitors for a web sites does that.
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Stats are not done by Ip's. It is a very poor way to do it or lack of coding.
     
  20. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Sorry, yes, they are done by IPs, too. And there is no reliable way to know exactly how many users visit your website, no matter how much code you put in it. IPs is just another way to give you some idea. Usually web traffic softwares log (at least) IPs, referrer, user agent and (their own) cookie information.
     
    Last edited: Dec 25, 2005
  21. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Ip's change on a daily basis, you cannot do anything with it.
    Ip's can be broken - Just like anything else, and with the right coding in asp/php you can override the proxy and get the true ip of the visitor, even if they are indeed looking at your page through a proxy/free proxy.

    "but this is only possible in C++" Err no. It's not, it's easy.
     
  22. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, you can. You can know statistics by Country and by ISP.
    Not really. It depends on the kind of proxy. Can you give me an example of a site able to "override" anonymizer.com or the-cloak.com?

    And multiple visitors can all be behind a router/firewall, and you wouldn't be able to distinguish one from the other at all if they use the same user agent and/or they don't accept cookies. Or if they know how to hide/change the user agent information.
     
  23. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    "Officially it's not possible, but it can be done"... interesting. You know, breaking AES 256 and read mail encrypted with PGP can be done but the point is how hard it is.

    But to go back to the topic, this is what you claim:

    1) IP statistics are not usually used by web traffic analysis software (simply not true for any software I've seen), and

    2) you claim they are unreliable (true but it's just as true as any other statistic based on cookies, user agent or referrer), and

    3) you claim IP statistics mean nothing whatsoever (wrong, as they ARE the ones used for a by-Country, by-ISP and by-domain visitor analysis).

    I'm still waiting for you to back up your claims with some evidence.
     
    Last edited: Dec 25, 2005
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Yes they want your country, State/province, and email address. Although you only have to provide it once.
     
  25. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
Loading...
Thread Status:
Not open for further replies.