There's a quandary for Windows users who want protection against viruses, but also have hardcore concerns about privacy. Given the current threat environment, it's become common for AV software to share user information with providers. That apparently includes URLs, executables, documents, and running processes.[0] At least some of that is arguably essential, and I don't mean to trigger debate. But let's say that a user wants AV protection, but also doesn't want to share anything with the provider. Which AV products can be configured for strict local operation? Based on the AV-Comparatives report, it seems that AhnLab V3 Internet Security transmits only file hashes to its servers. While that may be a defect, from the security perspective, it's good from the privacy perspective. And I wonder, can hash transmission be disabled? From the AV-Comparatives report, I get that users can opt out of transmitting files to the provider for most of the surveyed products: Avast, AVIRA, Emsisoft, eScan, ESET, Fortinet, F-Secure, G DATA, Kaspersky Lab, Microsoft, Panda, Sophos, Symantec and Vipre. But I wonder whether users can opt out of transmitting anything to the provider. Also, I wonder which of those AV products will work, as basic old-school signature and heuristics scanners, without any Internet connectivity. I'm going to ask on support forums. But if you can share likely possibilities, please do. I also get that users can't opt out of transmitting files for AVG, Bitdefender, BullGuard, McAfee, Trend Micro and Webroot products. If that's inaccurate, please share. 0) https://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf
The AV-C report referenced is almost 3 years old. Most AV products have options that can be set limiting data that can be send back to the vendor. Today cloud reputation scanning is a major protection feature. It can be optionally disabled but doing so greatly increased your risk of malware infection.
Yes, I get that. But I haven't found anything newer. Also, I doubt that data exfiltration has become less prevalent Yes, that's the information I seek Which ones have which options. Yes, I get that. Indeed, Sophos WebIntelligence apparently uploads and redownloads entire web streams![0] 0) https://community.sophos.com/produc...on/7722/home-version-for-mac-sending-out-data
Easy solution is outbound firewalling the AV. Windows Firewall Control will do it. Firewall rules can be set manually too, the default is to block unsolicited inbound traffic but allow all outbound traffic but that can be changed. I don't think most AVs would like that these days because they are continually updating definitions but they would still work with the loss of the cloud functionality. If that involved communicating with a IP or domain that was stable, an exception could be made. Definitions can be updated manually. I don't depend on an AV for security in Windows. Locking down the system and limiting privilege is far more effective. AVs, by necessity, operate at a high privilege level which means that any exploitable flaws in them would be serious. And I've found most of them to be bloated and intrusive so I just use Windows Defender/MSE for scanning for well known malware and that mostly happens when dealing someone else's computer or hard drive.
Hm i think all avs nowdays need internet connection. If u a worried about privacy almost the only vendor left is emsisoft, where u can opt out almost anything.
With Eset you can disable sending of samples and anonymous statistics and whole LiveGrid also (online reputation service). AV still needs to update to work correctly and it also checks licence information.
Do you necessarily need an AV? Have you thought about using any program like Sandboxie (http://www.sandboxie.com/), SSRP (http://iwrconsultancy.co.uk/ssrp/) etc? With the correct hadening of Windows (block unsigned elevation, set UAC to max, use SUA, use Chromium (use ungoogled chromium if you don't want Google BS...) it can be very hard to beat. Many people are already suspicious of the efficiency of AV against some types of malwares, without access to the internet makes it even harder for AV operating.
@mirimir don't use AV (because you need database updates or cloud) , don't use any licensed softwares (for obvious reasons). so what choices are left to you? Linux with Firejail ! Have a good day
No AV vendor offers an absolute, complete opt-out for an installed product. Your only real option is to use a portable scanner, update it on a system that cannot be connected to you personally in any way, and then run it periodically on your system. Before doing that you would have to create the required block firewall rules for the portable scanner on your system. I would assume, since you are hardcore about privacy, that you know not to use a single Microsoft product - especially Windows - and that you've done a complete audit of any OEM hardware\firmware network activity via SYSTEM that can be connected to you personally. Not all network activity is exposed through the filtering platforms; there's stuff going-on below the radar.
OK, I should have said that this is for an article that I'm writing I only use Windows VMs for testing stuff. @MisterB -- Yes, I'm going to recommend firewalling, in addition to disabling exfiltration. @NWOAbschaum & @Minimalist -- Thanks, I'll check out Emisoft and Eset. @ExtremeGamerBR -- This is for an article, and most of the audience probably uses Windows with AV. @guest -- Well, I use Linux, and for sure I'll recommend that instead of Windows or OSX with AV. @Lockdown -- That's good advice, but probably too much for my audience. But I'll recommend some of it.
Cool I like writing for them, but I've gone so far off the edge that it's hard to imagine what might be of general interest What would you like to see?
I use IVPN. Not for privacy or anonymity, but for reliable encryption, up-time and speed. Oh sure, I could get that from SecurityKISS or similar, but IVPN secures their servers better than average. You might want to write about server security. It's not something users consider at all when selecting a VPN\proxy service. If I can get my dirty little paws on a server via direct or indirect access, it doesn't matter - everybody's encrypted\obfuscated traffic is pwned.
Thanks That was one aspect of https://www.ivpn.net/privacy-guides/18-questions-to-ask-your-vpn-service-provider and I had thought of including answers from various providers. But there was just too much ambiguity. Some answers obviously came from clueless support staff. Others clearly came from technical staff. And there's no way for users to verify. We can test their client software for leaks. And we can test for messed-up port forwarding. But it's not workable for IVPN to publish about pentesting competitors' servers So anyway, I'm not sure what else to say about the issue.
I see your point. What I really meant was to cover it IVPN-centric. You're absolutely right - what can be found for most of the others is apt not to be accurate or simple, out-right disinformation. Ask most VPN\proxy services about their server security and you will get the runaround or the deer-in-the-headlights answer. If you're working on a comparative analysis it isn't a good topic. I agree. "Smoke-and-Mirrors."
OK, I've looked at some EULAs and privacy policies. And it seems impossible to tell which AVs will let users opt out of which sort(s) of exfiltration. So I've decided to install and test several. AhnLab was AV-Comaratives recommendation for privacy freaks,[0] but it's not even included in the 2016 Summary Report.[1] Not so good, then? Emisoft and ESET have been recommended by @NWOAbschaum and @Minimalist respectively, and they are both top-rated products. That's three, so far. But that leaves 12 more that, according to AV-Comaratives, permit opting out of at least some exfiltration: Avast, AVIRA, eScan, Fortinet, F-Secure, G DATA, Kaspersky Lab, Microsoft, Panda, Sophos, Symantec and Vipre. And that's too many! I'll include Microsoft, because it's arguably a "default". Plus AVIRA Anti-Virus Pro, Kaspersky Internet Security and ThreatTrack VIPRE, based on AV-Comaratives 2016 Summary Report.[1] But not Bitdefender Internet Security, because one can apparently not opt out of exfiltration. That makes six total to test. Anyone have an argument for two of these: Avast, eScan, Fortinet, F-Secure, G DATA, Panda, Sophos or Symantec? 0) https://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf 1) https://www.av-comparatives.org/wp-content/uploads/2017/02/avc_sum_201612_en.pdf
@mirimir Ikarus - a basic scanner Their privacy and data protection declaration - you have to read carefully because not all items apply to the PC; some apply to Enterprise (cloud) or mobile device. I've used Ikarus. You get personal, focused attention via support - something that a user can get from few vendors. Ikarus is about as good as Avira. It's a simple scanner - a lot like Windows Defender with a few additional features. https://www.ikarussecurity.com/solu...tection/ikarus-mobilesecurity/privacy-policy/ https://www.ikarussecurity.com/solu...s-mobilesecurity/data-protection-declaration/
Thanks But damn, I have enough to test already I doubt that I'll add one that AV-Comparitives hasn't rated.
Yes, I appreciate that they can't work as well. But there's a trade-off re security vs privacy. I'm just reporting about it.