Is Your Antivirus Software Spying on You? - Restore Privacy

3

37507

Thread author
1549430089606.png


It goes without saying that reliable antivirus software plays a crucial role in IT security. As malware continues to become more sophisticated and prolific (more than 350,000 malware samples are released every single day), home users and business owners alike need to have protection in place to stop these modern digital threats.

However, antivirus products are not immune to privacy problems. While the antivirus industry is ostensibly on the side of good, many antivirus products behave in a way that infringes on users’ privacy. Whether they intercept web traffic, sell browser history data, or allow backdoor access to government agencies, many antivirus products are guilty of jeopardizing the very thing they are designed to protect: your data.

Here are four ways antivirus software may interfere with your privacy.

1. Selling your data to third-party advertisers

To provide you with the protection you need to keep your system safe, your antivirus software needs to know a lot about you. It keeps an eye on the programs you open to ensure you’re not accidentally executing malicious software, and it monitors your web traffic to stop you accessing dodgy websites that might try to steal your login credentials. It might even automatically take suspicious files it finds on your computer and upload them to a database for further analysis. This means your antivirus software could collect and process an awful lot of your personal data if it wanted to.

With great power comes great responsibility.

While some antivirus providers are quite conscientious with their users’ data and only use it when absolutely necessary, others are much less scrupulous.

1549430134534.png


AVG – A few years ago AVG came under fire when the company announced changes to its privacy policy that would allow it to sell its users’ search and browser history data to third parties (i.e. advertisers) in order to monetize its free antivirus software. Of course, AVG isn’t the only antivirus company to monetize its users’ data.

Avast – Avast’s popular free android app sends personally identifiable information such as your age, gender and other apps installed on your device to third-party advertisers. As an AVG spokesperson explained to Wired, “Many companies do this type of collection every day and do not tell their users.”

From free VPN services to free antivirus, the old adage rings true: if you’re not paying for the service, you’re probably the product.

2. Decrypting encrypted web traffic

Most modern antivirus products include some sort of browser protection that prevents you from accessing known phishing and malware-hosting websites. However, doing so is easier said than done due to the fact that so much data is now transferred via Hypertext Transfer Protocol Secure (HTTPS).

HTTPS is the protocol your web browser uses when communicating with websites. The “S” in HTTPS stands for “secure” and indicates that the data being sent over your connection is encrypted, which protects you against man-in-the-middle attacks and spoofing attempts. Today, 93 percent of all websites opened in Google Chrome are loaded over HTTPS, up from 65 percent in 2015. If you want to know if a website uses HTTPS, simply check the URL or look for a padlock icon in the address bar.

The rapid adoption of HTTPS has helped to make the web a more secure place, but it has also introduced an interesting problem for antivirus companies. Normally when you visit an HTTPS website, your browser checks the website’s SSL certificate to verify its authenticity. If everything checks out, a secure connection is established, your website loads, and you can browse away to your heart’s content, secure in the knowledge that the website is legitimate.

But there’s just one problem. Because the connection is encrypted, there’s ultimately no way for antivirus software to know if the website you are trying to visit is safe or malicious.

Most antivirus products use HTTPS interception to overcome this issue. This involves installing a local proxy server that creates fake SSL certificates. When you visit an HTTPS website, your connection is routed through your antivirus’ proxy server, which creates a new SSL certificate and checks the safety of the site you’re trying to access. If your antivirus software judges the website to be safe, the site loads as normal. If the website is unsafe, the proxy will display a warning in your browser.

By redirecting your data through a proxy, your antivirus is decrypting the data you send on encrypted connections – data that is only meant to be visible to you and the HTTPS website.

There are a few ramifications here:
  1. Because your antivirus is faking SSL certificates, there’s no way to be 100 percent certain that the website displayed in your browser is the real deal. In late 2017, Google Project Zero researcher Tavis Ormandy discovered a major bug in Kaspersky’s software. In order to decrypt traffic for inspection, Kaspersky was presenting its own security certificates as a trusted authority, despite the fact that the certificates were only protected with a 32-bit key and could be brute forced within seconds. This meant that all 400 million Kaspersky users were critically vulnerable to attack until the company patched the flaw.
  2. Most antivirus products query the safety of a URL server side, which means the company could potentially track your browsing habits if they wanted to.
  3. It increases the risk of phishing attacks and man-in-the-middle exploits.
A team of researchers even published a paper on the troubling security implications of HTTPS interception by popular antivirus companies, where they noted:
As a class, interception products [antivirus solutions that intercept HTTPS] drastically reduce connection security. Most concerningly, 62% of traffic that traverses a network middlebox has reduced security and 58% of middlebox connections have severe vulnerabilities. We investigated popular antivirus and corporate proxies, finding that nearly all reduce connection security and that many introduce vulnerabilities (e.g., fail to validate certificates). While the security community has long known that security products intercept connections, we have largely ignored the issue, believing that only a small fraction of connections are affected. However, we find that interception has become startlingly widespread and with worrying consequences.​
VPN.ac examined the issue as well and discovered that antivirus suites carrying out HTTPS interception also break HTTP Public Key Pinning (HPKP):
HPKP is a technology enabling website operators to “remember” the public keys of SSL certificates in browsers, enforcing the use of specific public keys for specific websites. This reduces the risk of MiTM attacks using rogue/non authorized SSL certificates. But HTTPS scanning and HPKP can’t work together, therefore if a website has HPKP enabled, when you access it the support for HPKP for that site will be disabled in the browser.​
VPN.ac found this to be the case with ESET, Kaspersky, and Bitdefender:

1549430191612.png


Tip: Avoid antivirus software that utilizes HTTPS interception/scanning, or just disable this “feature” within your antivirus.

3. Installing potentially unwanted programs on your computer

Even if your antivirus doesn’t pose a direct threat to your privacy, it may come bundled with software that does. As the name suggests, potentially unwanted programs, or PUPs for short, are applications that you may not want on your computer for various reasons.

While they’re technically not malicious, they usually change the user experience in some way that is undesirable, whether that’s displaying advertisements, switching your default search engine, or hogging system resources.

1549430212830.png


Many free antivirus products come with PUPs such as browser toolbars, adware, and plugins that you may inadvertently allow to be installed while quickly clicking through the installation process.

For example, free versions of Avast and Comodo try to install their own Chromium-based web browsers, which you may or may not want on your computer. Meanwhile, AVG AntiVirus Free automatically installs SafePrice, a browser extension that claims to be able to help you find the best prices while shopping online. Unfortunately, it can also read and change all your data on the websites you visit.

A few years back Emsisoft found that most free antivirus suites were bundled with PUPs. Here were the culprits:
  • Comodo AV Free
  • Avast Free
  • Panda AV Free
  • AdAware Free
  • Avira Free
  • ZoneAlarm Free Antivirus + Firewall
  • AVG Free
PUPs aren’t inherently malicious, but they can seriously encroach on your privacy. Some PUPs will track your search history or browser behavior and sell the data to third parties, while others may compromise your system’s security, affect system performance, and hinder productivity. Keep unwanted applications off of your computer by carefully reading installation options during the setup process and only install the software and features that you need.

4. Cooperating with governments

Last but not least, it’s theoretically possible that antivirus software could be leveraged to help government agencies collect information on users. Most security software has very high access privileges and can see everything that’s stored on a computer, which is necessary in order for the software to keep the system to safe. It’s easy to see how this power could be used by nefarious parties to spy on individuals, businesses, and governments.

Kaspersky Lab, a Russia-based cybersecurity company whose products account for about 5.5 percent of antivirus software products worldwide, was embroiled in a major privacy scandal a couple of years ago. According to the Washington Post, Kaspersky software used a tool that was primarily for protecting users’ computers, but also could be manipulated to collect information not related to malware. Kaspersky is the only major antivirus company that routes its data through Russian Internet service providers, which are subject to Russia’s surveillance system.

In September 2017, the U.S. government banned federal agencies from using Kaspersky Labs software following allegations about cooperation between Kaspersky and Russian intelligence agencies. Shortly after, the FBI began pressuring retailers in the private sector to stop selling Kaspersky products, and the British government issued a warning to government departments about the security risks of using Kaspersky software.

1549430246213.png


Of course, it would be naive to think this issue is limited to Russian software. The United States government, and many other foreign governments, have been caught cooperating with technology companies to further their mass surveillance agenda. Check out the PRISM program to learn about how Big Tech and Big Brother work together to spy on you.

“Antivirus is the ultimate back door,” explained Blake Darché, a former N.S.A. operator and co-founder of Area 1 Security, as quoted by The New York Times. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”

Choose your antivirus software wisely

In the best case scenario, antivirus companies use your data responsibly to refine their products and provide you with the best malware protection possible.

In the worst case scenario, they sell your data to third-party advertisers, install annoying software on your system, and cooperate with government agencies to spy on your personal information.

So, how do you sort the best from the rest?
  • Pay for your antivirus software. Most free antivirus products will be far more liberal with your data than premium software as the company ultimately needs to monetize their services in some way.
  • Read the end user license agreement. Know what you’re getting yourself into before you install the product. Take a moment to read the license agreement and/or the company’s privacy policy to find out what the organization intends to do with your data.
  • Read installation options: It’s easy to blindly click through “Next” when installing new software. This can result in the installation of browser toolbars, adware, and all sorts of other PUPs, which can encroach on your privacy in various ways.
  • Customize privacy settings. Some antivirus software will allow you to customize privacy settings such as usage statistics, browsing behavior, and whether to upload malicious files for analysis. Adjust these settings to maximize your privacy.
  • Read AV reports. Some independent analysts release reports on how antivirus companies handle your data. Take the time to read these reports and reviews to get a better understanding of a company’s reputation and how it handles privacy matters.
It’s important to note that this article isn’t a rallying call to abandon all antivirus software in the name of privacy, because there are some good players out there.

Antivirus software is an essential part of modern IT security and plays a critical role in protecting your data against malware, phishing, and a plethora of other digital attacks that pose a real threat to everyday users.

While some antivirus providers are invasive and should be avoided, there are still some companies that strive to protect their users’ privacy. Emsisoft, for example, has earned itself a reputation for providing reliable protection without compromising its users’ privacy.

So do your homework, weigh up your options carefully and remember that not all antivirus solutions are created equal when it comes to respecting your privacy.

Is Your Antivirus Software Spying On You? | Restore Privacy
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Well to be fair. I dont care if they collect data. Dont get me wrong i care about privacy but i use the internet there is no privacy when i boot up my laptop, i use windows and the internet.
Agree, everything is collecting data...you probably dont even know how much data off from you have been milked so far

Its not like im gonna have anymore of privacy by uninstalling avast, than keep using it...lol

For me privacy is and gonna be private social media accounts, not sharing location to stranger people and avoid social engineering by having such tool as antivirus, common sense

Any software im using, i always go throught settings and turn data-gathering off if possible, but still ... something is spying you now, then, and always:emoji_neutral_face: tldr; ufos:alien:
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
"I don't care if they collect data."
"Don't get me wrong I care about privacy..."

Those two sentences do not go together.
Perhaps one can argue it depends on who is getting the info. For example, it makes sense for the government to know your social security number but you wouldn't want a total stranger to know it.
 

Janl1992l

Level 14
Verified
Well-known
Feb 14, 2016
648
"I don't care if they collect data."
"Don't get me wrong I care about privacy..."

Those two sentences do not go together.
i mean by it. i care, but i cant do anything when i use the internet and windows. i simply learned to life with it. it is to usefull for me to not use the internet or windows. some years ago i used tons of extensions, vpn with doublehop and so on but its simply to much hussle for me. there are so much bad things going on in this world that i realy care much more than someone tracks me.
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Due to your problem with any Government!
you can choose which Government spy on you!
So if you are in Russia you may not USA govenment spy on you or blah blah :D
these days all companies save "..." This is your road if you Come you'll walk it alone :)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The worst thing you can do, is changing frequently your AV and using/changing several web browsers with many extensions. Furthermore, many users share their email addresses in software giveaways and crack/torrent forums. You can apply the privacy tools, but they cannot help you in those cases. I can see that many people do it constantly.
For example, if you stick with WD and Edge with Google search engine & Gmail, then there are only two vendors that collect your private data, by default. Who does it in this way?:giggle::unsure::emoji_innocent:
 
Last edited:

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
Antivirus softwares in 2019 is not needed if you have a brain! I feel bad for the people who pay for antivirus software in 2019.
To each his own. There are still MANY reasons to use good security suites in 2019 like Kaspersky, ESET, etc. The average Joe depends on a good AV for protection. Yes the brain is the first layer of defence I agree but many people with a brain still use a good AV even today but it's their surfing habits that keep them safe.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
You have to take into account the selling of data vs security. Personally I wouldn't mind, especially if using free products, you have to draw the line some where, they have to make some sort of revenue back for people using their service(s).

However the same argument can't be said for adblocking, this is where I care about privacy vs security. Malvertising is the bane of all individuals who do not use adblocking extensions. So this is the only aspect where I care about having data sold or being infected by ads.

Antivirus softwares in 2019 is not needed if you have a brain! I feel bad for the people who pay for antivirus software in 2019.
AVs are needed. The continuous evolution of malware & ransomware have even tricked IT Professionals to get infected. AVs are not a blank canvas of total protection yes, it's better to have one than not at all, so this opinion of yours has no factual basis in rhetoric debate.

Brave browser? Its base on chromium you help Goolag shape the web. Switch to firefox to make the web a better place.
Regardless of browser usage, factually the Chromium base of a browser is the most secured and the most up-to-date. I understand you hate the webs elite due to privacy reasons, however there's no reason to shoot people down to their software preferences.

~LDogg
 

Kubla

Level 8
Verified
Jan 22, 2017
355
Perhaps the investment into corporate level anti-virus and end point solutions would be better than retail home user based products as one would think that products designed for corporate environments would be less likely to spy on the users as they would be the most likely to get caught, be sued, lose their reputation, and ultimately their business.
 
  • Like
Reactions: notabot

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Antivirus softwares in 2019 is not needed if you have a brain! I feel bad for the people who pay for antivirus software in 2019.
I usually do not reply to this troll comments, but gosh you made me scream out loud here. The fact that you believe that using no security in 2019 makes you -somehow- superior than other users, just reflects how little you know about the attack vectors nowadays. Anyways, I will not cry about it. Thanks to these kind of comments is that many of us have a job :)
 

ChemicalB

Level 8
Verified
Sep 14, 2018
360
I think brain, common sense, or as we call it, is certainly important but let us not forget that the end user is the weak ring of the safety chain, and it was so yesterday, today and probably tomorrow too.
If we think that advanced security algorithms often fail against the most advanced pieces of malicious code and attacks, then we realize that common sense is not enough.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top