Which antivirus respect your privacy and allow you to send NO data to their cloud?

Discussion in 'other anti-virus software' started by Aimi, Oct 3, 2012.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Wow, I can't believe the ~ Snipped as per TOS ~ match this created. As with all things, it comes down to whether you trust it or not. It really is that simple.

    I personally wouldn't feel comfortable having one running real-time. But I've deployed a measure to auto-scan only new downloads that I find very convenient.

    I think some of the stuff Fuzz has said was blown out of context though. Relying on measures built into your OS is hardly "primitive". Here on ancient ol' XP, via LUA with folder permissions, and a default deny SRP with proper whitelisting, I have a very functional & secure setup that leaves very little need for 3'rd party software. This is where my approach starts, from the kernel up, so to speak. I consider the approach an oldie, but goodie, I suppose.

    I'd also have to say I consider HIPS & Sandboxie as whitelisting approaches, not blacklisting, but I suppose it depends on how you deploy it. I personally set everything in D+ to "Ask" to start out. Then allow my known safe apps whatever access they "need" to function properly as the popups come. The first couple weeks on a freshly installed OS can be frustrating... but you'll thank yourself for it later. Now I never hear a peep out of D+, and that's on Safe Mode with no trusted vendor list.
     
    Last edited by a moderator: Oct 5, 2012
  2. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Wonderful thread/topic. Lots to learn.:D:thumb:
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    That was a good one, Ilya! :D
    Really awesome! :thumb:
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    Hey Stefan,
    does the avira bootable rescue disc make use of this new cloud technology and if not will it in the future?
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I wonder how the OP is doing. If, for whatever reason, a privacy oriented person has an abrupt exposure to the new cloud AV landscape it can be mighty difficult. Almost like a Twilight Zone episode where the main character wakes up to find everyone doing strange unpleasant things and they are expected to do them as well. The dismissive replies, and the ones meant to be very insulting, wouldn't have helped with that. Hopefully Aimi is a tough cookie. Are you still reading?
     
  6. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    hi

    Quite sad to see Avira is going in the Cloud, as it was in the past my av on my malware test platform.
    When Prevx has deployed its in the cloud technology a few years ago, i have linked this paper about some cloud security issues
    http://www.hitcon.org/hit2008/download/HIT2008-Cloud_inSecurity-tt.pdf
    But more than security issues, privacy impact of the stored data appears very important.
    That is why a serious AV SaaS must satisfy to common criteria and standard like FIPS 140.2/140.3 http://en.wikipedia.org/wiki/FIPS_140-2

    Unlike Ilya i have not the talent of Nicolas Gogol to point out the Absurde of things, but if we refer to security and intrusion/detection, i would say:
    that which is not detected by blacklisting should be prevented by whitelisting, that which is not detected by whitelisting should be prevented by blacklisting.

    I have no answer for the original question, as even using Windows, especially Win 8, exposes any user privacy...and as even escape to the Moon exposes us to the sattelites eyes of the NSA and military agencies...

    rgds from Earth
     
  7. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    The rescue disc is being reworked at the moment because it is not really usable at the moment. At the moment, we only connect the Premium and Internet Security users to the cloud, there is no specific rescue disc for those two products - at the moment. But I would think that making the APC available for the free edition has higher priority.

    BTW, the APC is not meant to work like a regular scanner, where you scan your hard disc entirely. It's task is to check executables which are suspicious because some preconditions are met.
     
    Last edited: Oct 5, 2012
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Was there supposed to be a "where" in there, as in "...like a regular scanner, where you scan your hard disc entirely"? Not picking, just trying to be clear on how to parse that.
     
    Last edited: Oct 5, 2012
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    By the very nature of any cloud based application the transmitting of data is going to happen,if there is none how would some of the features actually work?most AVs nowadays use a type of system that builds up a data base of the reputation(problems/activity etc)of files on the PCs of users of their products,with no data transmission how would such knowledge be learned?
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    On the subject of AV companies acquiring information about threats, I would offer this:
    1. From Source Other Than Their End Users
      • Using their own bots, actually or appearing to be geographically dispersed, appearing as different types of platforms, pulling from well known distributions sites, pulling from spammed links to honey pot email addresses, collecting malware attachments in spam, etc
      • Submissions directly from software developers (that want their software in the system)
      • Submissions directly from distribution sites (that screen the programs they offer for download)
      • Samples and info acquired from other companies and/or exchanges
      • Manual submissions from non-users via web interface
      • Their own, other testing
    2. From Their End Users
      • Manual submissions via client side interface
      • Manual submissions via web interface
      • User authorized submissions where the user has the opportunity to review each submission (assess the sensitivity of what would be communicated) and deny/allow allow
      • Automated submissions that the user can disable
      • Automated submissions that the user cannot disable in the free version(s)
      • Automated submissions that the user cannot disable in the paid version(s)
    I think, depending on one's perspective, it would be the last one or last two approaches that cross the line because there is where there is compulsory sharing of information that would or certainly could be sensitive.

    As for how certain features would work without transmitting of data, I would offer this as food for thought:
    1. It isn't transmitting of data per se that would be of concern, it is the transmitting of sensitive information.
    2. I don't think all the features have to work unless the user wants them all to work. There are pros, cons, and trade-offs that only the user can weigh for their usage scenario. Entirely disabling certain features may be a perfectly reasonable decision for them depending on the specific context.
    3. Features can be implemented in various ways and there is considerable potential for adjustment to achieve different balance points. We know that URLs and pathnames can/do contain sensitive and even personally identifiable information. When checking for malicious URLs, a hash based approach can be used to avoid sending the actual URL. When checking local program files where file location is important to the equation, the cloud lookup can contain hash+KnownFolderId rather than hash+FullPathName. Malicious URL and File lookups can be sent without the machine/user GUID. Etc.
    Obviously, it would take quite a bit more discussion to adequate explore those and other answers to your good questions. Hopefully though, it is enough to make someone question the need for a "one-size-fits-all, mandatory participation in sensitive information sharing" approach to even cloud AV software.
     
    Last edited: Oct 6, 2012
  11. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    what would you class as sensitive data?If you have things you don't want the vendor to be able to have knowledge of just exclude those or that category from all scans/real time monitoring,but don't expect malware to be so controllable as to what data gets scanned/relayed if you do happen to get infected:-you have to weigh up your privacy and balance it against security in the long term and if the best AV's are going to be cloud based(seems so at mo) then I'm afraid that data transmission to and from the vendor is going to be the norm
     
  12. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    177
    What I don't like about this "cloud security" is that it maintains a connection at all times which I think is intrusive and unnecessary. It should only connect home when it detects a suspicious behavior and asks you to send the file for further analysis if you want to. That is reasonable. But having a connection open all the time shouldn't be the norm. Why keep the connection open all the time ? I think this so called "cloud" is just a fancy name to attract people to send all their info over to many companies. And in exchange for what ? Security ? What kind of security ? When spyware and other threats go undetected if it comes from big companies -_- Ya what a great deal.
     
  13. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Some of you just don't understand the concept of cloud systems in AV's. Cloud isn't just send the pattern to it and match it against existing ones. There are mechanisms that just need connection all the time to work, there is no "send just when something suspicious is detected" if the reason to flag something as suspicious in the first place needs the cloud...
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Probably another misunderstanding around cloud systems. They do not connect all the time. Actually they consume much less bandswitch than a standard AV. :)
     
  15. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    but to work correctly the do need to have a connection available at all times!
     
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yes, as you would need a connection if you want to know the latest web news ?
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    do you really think that is only reason or are you being sarcastic?
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Translated: Depending on the specific security tool used you may not need a connection available all the time but only if something "new" is happening on the system. Sorry if my previous post was a bit cryptic :)
     
  19. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,051
    I personally do not have any "sensitive" data on my computer at all.If cloud Av,s are such an issue for some people then remove any data you are concerned about.
    I dont have any bank details or credit card information etc on the computer and i never will have.i dont do online banking and i do not purchase anything online at all i just do it the old fashioned way and purchase in person.
    Even if every single piece of data on my pc was stolen it would benefit nobody .
    Its up to the user what data is stored.;) ;) ;)
     
  20. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I have thought of leaving details of my gas and electricity bills on my PC hoping info would be stolen by some charitable hacker who would then go out of his way to pay them for me:-no luck so far!!:D
     

  21. Cloud is just marketing FUD. It's just a cheap way of delivering signatures. There really is no benefit except saving money on malware analysts.
     
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Probably you missed this, few post above: ;)

     
  23. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Sure, if you say so. If you ppl think that running a cloud infrastructure is cheaper than regular update servers you're greatly mistaken. Any vendor that runs one will acknowledge this... I really don't know where ppl get this FUD nonsense idea. Bloated this, bloated that, now ppl say FUD for every damn thing. It's just stupid. And for god sake, do you ppl live in 1985 when signatures were actually used. These days hardly anyone uses strict signatures only and thus it's not as simple as you say it's suppose to be. Meaning that you clearly don't understand the technology...
     
  24. Yeah what ever... My advice if you want to be safe download Google Chrome and disable JAVA that will save you a lot of worries. No need for this "CLOUD"FUD.
     
  25. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    I'll add a quote that I think applies to some of the PhD computer scientists/industry experts that have single handedly discredited 'cloud' computing. ;)

    Stephen W. Hawking - "The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge."
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.