AV-Comparatives Data transmission in consumer security products

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
We have conducted a study on data transmission in consumer security products, addressing the concerns of Internet users regarding the access and usage of their personal information. While computer security software has a legitimate need to send certain system information to its manufacturers, such as details of malware for effective user protection, it is crucial that programs do not indiscriminately transmit personal data without the explicit knowledge and consent of the system’s owner. This report provides valuable insights into the data-sending practices of popular consumer security programs.
We are delighted to announce that more exclusive information in addition to this report will be published in an extensive report by PC Magazin, PCgo, Connect-Living.de. Once the report is live and available for reading on their website, a corresponding link will be provided promptly.
https://www.av-comparatives.org/wp-content/uploads/2023/07/avc_data_sending_2023.pdf

Ensuring User Privacy: Insights from the Recent Data Collection and Sharing Practices Analysis of Consumer Anti-Virus Products

In an age of increasing concerns about data security and privacy, Internet users are becoming more cautious about who has access to their personal information and how it is utilized. These concerns extend to computer security software, which often requires some level of data sharing to effectively protect users from malware. However, this does not mean that users should surrender all their personal information to software manufacturers without their knowledge and consent.

Recently, a comprehensive analysis was conducted on the data collection and data sharing practices of 20 market-leading consumer Anti-Virus (AV) products. This report aimed to evaluate vendors based on their data collection practices, data sharing policies, accessibility, control of software and processes, and transparency. The objective was to promote user awareness and encourage transparency in data-sharing practices.

Vendor Performance

Each vendor was assigned a score ranging from one (lowest) to five (highest), with higher scores indicating better practices. Notably, Bitdefender, ESET, F-Secure, G Data, K7, Kaspersky, and VIPRE emerged as the top-performing vendors, receiving scores of four stars or more.

Importance of Data Sending

The report emphasizes the significance of considering data sending practices when selecting a security solution that aligns with individual needs. It highlights the need for user privacy, the importance of user consent for specific data transfers, the establishment of trust between users and vendors, and the transparency demonstrated by vendors.

Contextualizing Data Security Concerns

In the past year, there have been a lot of concerns about data security and privacy risks raised in general, but in special against companies in the IT security market. Even the BSI (German Federal Office for Information Security) issued a warning against the use of Kaspersky (which was later revealed that it might have been politically motivated), countries banning the use of TikTok on government devices, or the recent congressional hearing of Shou Chew, the CEO of TikTok.

However, it is crucial to note that such scenarios are theoretically possible with software from any company. It is equally important to distinguish between threat scenarios encountered by government employees and those faced by private individuals. For instance, military personnel using fitness trackers may inadvertently expose military bases, creating security risks, but this is not a concern for the average user.

Considerations of Trust and Discretion

Antivirus manufacturers, like any other company, must comply with local and international data protection laws. These laws provide a legal framework for companies to handle user data. However, the ultimate discretion lies with the receiver and their data handling policies. Therefore, users should exercise caution in providing data to companies and be mindful of what information may be collected from their behavior or metadata.

Continued Focus on User Privacy

The report concludes by reiterating the importance of data sending practices when selecting a security solution. It underscores the significance of user privacy, user consent for data transfers, trust between users and vendors, and vendor transparency. However, it is essential to note that this report solely concentrates on consumer software and does not encompass enterprise security solutions, which typically involve deeper access to user behavior.

Looking Ahead

This report represents an updated analysis since the last study conducted in 2014, which coincided with the revelations of extensive eavesdropping by the NSA. Since then, privacy issues and laws have become increasingly prominent, including the implementation of GDPR and the Schrems II ruling, which highlighted the violation of European privacy rights in data transfers to the US. Users now have questionnaires and prepared forms to facilitate data inquiries and requests from companies.

As the digital landscape evolves, it is crucial for users to remain vigilant about their data privacy and seek solutions that prioritize transparency and user consent. By staying informed and engaged, individuals can make empowered choices to protect their personal information in an increasingly interconnected world.
PDF of this test with all the results:
 

Jonny Quest

Level 21
Verified
Top Poster
Well-known
Mar 2, 2023
1,081
That information being sent is obviously going above and beyond the simple product setting reports in our AV's.
transparency.jpg


Just an aside on Bitdefender's end of data collected etc.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,861
I haven't checked the whole thing yet. There are so many data points, but one thing that caught my eyes is this one,
"Is the content of cookies transmitted?"-- Many products don't disclose this, many others don't collect this, but Kaspersky is one that said they collect this info.
What does this mean? By cookies, does it mean cookies of every site that I visit? Including sites where I'm logged in? I never log out of some websites.
If that's the type of cookie they are talking about, then what are AV products gonna do with my cookies? I don't understand, and this does not look good. It could be dangerous to collect the contents of cookies. A clarification of this would be better.
Correct me if this is different from what I'm thinking.
 

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,547
examine the table. Vipre is very good at important topics
AV-C prints summary scores for people who have more important things to do, meanwhile, I assume all parameters have some importance, and that is what AV-C used to generate its scores. It seems on skimming surface to be a comprehensive test of course taken with a grain of salt.
 

Harputlu

Level 5
Verified
Well-known
Dec 26, 2016
224
AV-C prints summary scores for people who have more important things to do, meanwhile, I assume all parameters have some importance, and that is what AV-C used to generate its scores. It seems on skimming surface to be a comprehensive test of course taken with a grain of salt.
I don't understand why you commented without looking at the table. You should have looked at the table instead of writing an answer saying I don't have time. Not all parameters are that important
 

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,547
I don't understand why you commented without looking at the table. You should have looked at the table instead of writing an answer saying I don't have time. Not all parameters are that important
I downloaded the pdf and quickly read thru it, I did not "examine" it -- apparently you did, good, so please elaborate or rank the parameters in order of importance, we might find that more helpful as it would help explain what you think is important & why? | I commented that vipre was not scored by AV-C as high as 5 other vendors. IIRC, that was accurate.
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
We are delighted to announce that more information in addition to this report will be published in a report by PC Magazin, PCgo, Connect-Living.de. The article (in German) can now be found here.
Conclusion

You should always choose an antivirus product that offers a high level of security and meets your needs and preferences. However, if you also value transparency and want to know how the products handle your data, you should take a look at the programs from test winner GData as well as Eset, Kaspersky, Bitedefender or F-Secure.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top