Is Your Antivirus Tracking You? You’d Be Surprised At What It Sends

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
You/me don't know what information they are spying/tracking on us behind ESET Live Grid. I only disabled " Don submit statistic" since it's like invading my privacy & is unnecessary for me since my PC is likely to be infected also it basically useful for novice users who click on every link & surf careless/bad computing habit & mostly newly detected threat will knock their door not mine so why i disabled it :D plus I disabled" do not submit files" & only virus & suspicious file will be submitted which means i'm still helping ESET Team members. And i can manually send them undetectable malware to ESET via email or in their forum, no problem for me & is safer way to submit malicious file rather then let them track on my PC :)
 

Arakasi

Level 4
Verified
Jul 12, 2014
195
Manually sending them is still delayed. Nonetheless, who wants to rely on you to send an e-mail.( speaking in general here) What if you don't/can't find the payload file ?
Having do not submit files, and do not submit statistics, is the same thing as not using it at all.
No you will not be submitting new threats with your settings.

However its like this, you get all the benefits, but don't want to contribute. Its bull. ( Again in general, if everyone didn't use it.)
Same point.
What privacy of yours is it invading ? It only submits malicious files when it finds one.

Sorry, you don't have enough ESET product knowledge.
 
Last edited:

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
I have submitted to Avast, Avira and EmsiSoft and the unknown sample had been detected on the following date. idk about ESET because I don't use it. BTW I submitted the samples using my email, they don't know me but they did worked on my samples.

Generally speaking we don't know what user data these AV programs are polling unless you have disassembled it and with certainty discovered that they are only after some malicious files and not after user habits or other personal infos.
 
  • Like
Reactions: Terry Ganzi

Arakasi

Level 4
Verified
Jul 12, 2014
195
On the next day is unacceptable, do you know how many computers across the world could have also been infected with the same variant?
The quicker the better, and 30m-60m, is better for everyone, then the entire next day. Sorry this is logical thinking.

True for some companies, we don't know what is submitted, but more logical thinking (Its probably the threat being submitted).
As far as ESET goes, no personal identifiable information is being sent, to and from. ESET is a company you can trust.
I have met, shook hands, and ate, with some of the employees at the top of the hierarchy. They are not interested in stealing peoples data, and privacy is at the highest level.

Thanks for your responses ;) Keep them coming !
 
  • Like
Reactions: MrExplorer

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Manually sending them is still delayed. Nonetheless, who wants to rely on you to send an e-mail.( speaking in general here) What if you don't/can't find the payload file ?
Having do not submit files, and do not submit statistics, is the same thing as not using it at all.
No you will not be submitting new threats with your settings.

However its like this, you get all the benefits, but don't want to contribute. Its bull. ( Again in general, if everyone didn't use it.)
Same point.
What privacy of yours is it invading ? It only submits malicious files when it finds one.

Sorry, you don't have enough product knowledge.

First of all did u read my above comments clearly?? like i said there is less chance to get me infection since i'm very aware about surfing/safe computing habit , i don't download crack/keygen/patch files & even i do i know wut i'm doing. I didn't get infection after i joining MT since i learn many stuff here. I use layer URL filter protection with adguard ,sandboxie,lastpass ( for bookmarking online shopping/banking/social/email & important sites) & with my safe surfing there is no chance i can get url/malicious infection which i most worry. and about malicious file it won't even jump in my pc since i download from safe sites & stopped using crack & patches from past yr since i can get them from giveaway & i'm depending on freeware mostly & less paidware ( unless it needed). not even from usb/dvd drive.also i have a clean backup too. So there is likely 1% or less chances that i can get infected so i don't think my contribution is needed really.
Having do not submit files, and do not submit statistics, is the same thing as not using it at all.
No you will not be submitting new threats with your settings.
Sorry, you don't have enough product knowledge.
But ESET live grid is still enable in ESET settings, i think ESET team members need to grayed it out so users can't change ESET live Grid settings or simply give one option just enable or disable since it useless since disable "don not submit statistic" totally disable it all, as u said above.
However its like this, you get all the benefits, but don't want to contribute. Its bull. ( Again in general, if everyone didn't use it.)
Same point.
What privacy of yours is it invading ? It only submits malicious files when it finds one.
Since i liek to tweak AV in my mood so it's me who will prefer what i need to choose or what i don't. I don't want to depend in AV like in past to get's it "all benefits", plus i notice some days ago ESET live grid file reputation show risk on some safe programs in my system, that's another reason i don't trust it. and about Privacy any AV vendor will say that they will only submit malicious files which detect in system but i still trust no one. plus it's not only submit malicious files it also tracks "information about your computer's operating system version and Location settings. The statistics are normally delivered to ESET servers once or twice a day" & don't know wut it collects which they hiding imao.
Sorry, you don't have enough product knowledge.
ROLF, a guy just created a account to threatne me that i don't have enough product knowledge. I know how to tweak ESET plus already have knowledge about safe computing/surfing/downloading habits , so i think it's useless for me & since AV installed in MY PC , i'll decide how to tweak it & i prefer my choice, u can't force me t tell wut i need to do, u can have enable u ESET live grid, i don't need it. sorry to say, i have nuff knowledge to protect my self without an AV or with window built default security, i don't need to ask random people about my knowledge. Thnx :)
 

Kent

Level 10
Verified
Well-known
Nov 4, 2013
468
Source: http://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/

Your antivirus software is watching you. A recent study shows that popular antivirus applications like Avast assign your computer a unique identifier and send a list of all web addresses you visit to the manufacturer. If the antivirus finds a suspicious document, it will send the document to the antivirus company. Yes, your antivirus company might have a list of web pages you’ve visited along with your sensitive personal documents!

AV-Comparatives’ Data Transmission Report
We’re getting this information from AV-Comparative’s Data transmission in Internet security products report, released on May 8, 2014. AV-Comparatives is an antivirus testing and comparison organization.

The study was performed by analyzing antivirus products running in a virtual machine to see what they sent to the antivirus company, reading each antivirus product’s end user license agreement (EULA), and sending a detailed questionnaire to each antivirus company so they could explain what their products do.

The study says “We gave higher weighting to our own measurements and the EULA (as we understand it) than to the replies to our questionnaire.” In other words, some antivirus companies responded with incorrect answers that contradicted what their products actually did!

We encourage you to check the study and consult the table on page 3 for yourself. You’ll be able to see exactly what your current antivirus product does. The study includes antivirus products by AhnLab, Avast, AVG, AVIRA, Bitdefender, BullGuard, Emsisoft, eScan, ESET, Fortinet, F-Secure, G DATA, Kaspersky Lab, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, Vipre, and Webroot.

av-comparatives-questions.png





A Unique Identifier And Web Addresses You Visit
All of the antivirus products in question — aside from products by eScan and Fortinet — assign your system a unique identification number and transmit this number.

Many products also transmit a list of visited URLs, or web addresses — both malicious and non-malicious ones. All of the products aside from AhnLab, Emsisoft, and Vipre transmit these URLs to the company. It’s unclear which types of addresses each product transmits. Some products may only transmit a malicious address you find to the company, while some products may transmit all addresses you visit to the company. Tied to a unique identifier, this means an antivirus company could have access to your browsing history.

Some products also transmit your computer’s name, local IP address, language, running processes, and Windows user name to the antivirus company.

avast-security-statistics4.png


Non-Executable Files, Including Documents
When an antivirus finds a “suspicious” file, it wants to send that file to the antivirus manufacturer so it can be examined for malware. The antivirus company can analyze the file and produce a virus definition to defend against the malware. This doesn’t just apply to executable files. Your antivirus may also send your personal documents to the antivirus company. For example, if you have a business document in Word format and the antivirus thinks the document is suspicious, it may send that document to the antivirus company. This means your antivirus company may be getting its hands on your sensitive documents.

Avast, Fortinet, Kaspersky Lab, Symantec, and Vipre all will transmit documents and other non-executable files. AVG, ESET, McAfee, Microsoft, Sophos, Trend Micro, and Webroot all won’t tell us if they transmit documents. It’s probably best to assume these products transmit documents, too. AVG, McAfee, Trend Micro, and Webroot won’t even allow you to opt out of sending these non-executable files.

windows-defender-maps.png


Why All the Data Collection?
Antivirus companies want all the data they can get. However, we users don’t have an easy way of knowing and choosing what types of data we share with the antivirus company. The idea that the web pages we visit and our personal documents could be getting sent in the background is scary. We didn’t even think of this and didn’t have the option to make an informed decision. If this data is sent unencrypted, it’s also possible for people on the same local network — or intelligence agencies like the NSA tapping the internet backbone — to capture this information.

According to the study, antivirus companies at least say they aren’t linking this information together to track you:

“Vendors tell us that the data gathered and transmitted by each product does not go to a single collection centre; rather, specific elements are transmitted separately to different isolated end points, without any connection between them. Thus e.g. licence-management data is sent separately from product-usage statistics. They say that as there is no connection between these systems, the data collected by one cannot be linked with the data collected by another. Consequently the privacy of the user should be safeguarded. “

avast-community.png


The Most Privacy-Conscious Antiviruses
AhnLab sends the least amount of data according to this test. It won’t send URLs you visit, personal documents, or even executable files and other personal information to the antivirus company. It will transmit information about the antivirus product, a unique identifier for your computer, your operating system version, and hashes of files. A hash will let the antivirus company detect whether the file matches another file they know about, but it won’t actually let them view any of the contents.

Emsisoft also comes out looking good. They send a bit more information when you encounter malicious files — for example, they’ll send suspicious executable files to the antivirus company — but they’ll never send a list of websites you visit or your documents over the Internet

Both of these products are paid antivirus products. They’re the only antiviruses in the study that don’t send the most sensitive types of data to an antivirus company.

emsisoft-anti-malware-trial.png


There’s no one free antivirus product that stands out from all the others in offering the best privacy features. Your best bet is consulting the table for more information when choosing an antivirus product. Along with checking antivirus test results, this information can help you make an informed decision.

Image Credit: Cristiano Betta on Flickr

Source: http://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/

Always knew it but it is shocking indeed! :eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek::eek:
 
  • Like
Reactions: Terry Ganzi

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
On the next day is unacceptable, do you know how many computers across the world could have also been infected with the same variant?

I am talking here of circa 2009-2010 and not recent.

(Its probably the threat being submitted).

I don't use ESET because it has one of the poorest detection rate when it comes to locally written worms aside from many false positives. Until ESET fares better in our region, I'll never use or recommend it. I know a lot of ESET users here, looks like it's suspicious malware gathering is not that effective because until now I have a more than a year sample of worms that ESET can't detect and up to now infects a lot of ESET users.

Virustotal scan of a 2 year old worm
 
Last edited:
  • Like
Reactions: Koroke San

Terry Ganzi

Level 26
Thread author
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
On the next day is unacceptable, do you know how many computers across the world could have also been infected with the same variant?
The quicker the better, and 30m-60m, is better for everyone, then the entire next day. Sorry this is logical thinking.

True for some companies, we don't know what is submitted, but more logical thinking (Its probably the threat being submitted).
As far as ESET goes, no personal identifiable information is being sent, to and from. ESET is a company you can trust.
I have met, shook hands, and ate, with some of the employees at the top of the hierarchy. They are not interested in stealing peoples data, and privacy is at the highest level.

Thanks for your responses ;) Keep them coming !

What I find interesting is that many security-conscious users do not consider this. Some people do everything to make sure no personal data is being collected by applying the most complicated security settings (both in Windows and third-party applications), but they do not consider even for a moment what their AV might transmit.

On the other hand I find it sad to see that programs that are supposed to protect you, and that are trusted by the ones using (and often paying for) them, in fact collect so much personal data. In my opinion if you commit to protecting a computer you should apply the rules to your own product as well.

Ironically, many PUP products are accused of collecting personal data and they all do their best to convince us that they really don't do this. There are cases where security products actually collect more data than the PUP programs they detect.

By Elise van Dorp [Malware Research]
 

Arakasi

Level 4
Verified
Jul 12, 2014
195
Hello

Regarding your two year old worm.
Why can't you link an update consensus of the worm ? Why a 2 year old link ?
What does it say today ?

Send a sample to me please: ryan@sacdr.com
Archive it, password it, and also rename the vbs extension.
If you can't get it through mail, PM me here.

If no machine running ESET is detected by it right now. It will never show up through Livegrid.
If no one sends the sample to the threat lab, it will also not turn up.

If its not spreading in the wild right now ? Then who cares honestly, no one is getting infected.
If you send me a sample i will create a video of ESET detecting it through heuristics and behavioral components.
Don't make me gamble and put money down. Your response is noted.

If i never receive a reply or sample from you, i will laugh inside. ( Call this a friendly threat :) )

Also when did ESET products become a high false positive program ?
Its actually the lowest of most the vendors. This is a fact and has testing to back it up.
 
Last edited:

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
laugh all you want, one video of ESET detecting an old worm won't turn me into an ESET fan overnight.

I'm not saying ESET is bad on a global scope. I'm saying it that it's not good enough when it comes to locally written malwares
 

Arakasi

Level 4
Verified
Jul 12, 2014
195
Noted ;)
We can see if improvement can be made on heuristics and behavioral analysis.

Are you isolating it to vbscripts, or exe, bat, js, or any filetype for that matter ?
Does it fail under memory detections, or plain disk level activities and propagations ?
Boot sector infections, or similar ? Can you be more explicit than just local written malware?
What kinds ? :)
Just curious.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
mostly are vbs and some exe that can be transferred thru USB devices, take note that the environment here is different that what you have in your place. we have lots of download centers here. most infected samples i collect comes from download centers who's PCs are not well tuned up to be secure. even going to a photo print shop, you are likely to get infections.

FYI, the owner of the shop i maintain uses ESET in all his PCs including the branch where i am now. first thing i did when i arrived here is to replace all AVs but one. the one using ESET haven't got any infections, but it's me who've set it up and not an average technician. my point it, ESET should be able to protect you even with the default settings. while on our main branch about half of the PCs there are still infected.
 

Arakasi

Level 4
Verified
Jul 12, 2014
195
I would be interested in looking at the settings in place as well as any exclusions that have been added.
Default settings usually are enough for protection.
The issues i have seen with default are no weekly scan(has to be setup manually), and potentially unwanted has to be selected by the user, instead of automatically on, but that option has to remain a choice.
I am highly interested in what you have stated so far, and thus i may discuss this with staff and see if they might be interested in giving a reply as well. Good evening. :)
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
May be you can start a new thread and post some of your tests
 

Arakasi

Level 4
Verified
Jul 12, 2014
195
I would be delighted to, it sounds fun.
What kind of tests are we talking ? General detection tests ? New and existing malware ?
Thanks again for the chat. I have sent a message to one of the malware researchers. He may or may not chime in, but we will see.

Off topic, check out this new domain ESET has created for safe browsing and learning on the web: www.goexplore.net

Back on topic, check this out for your USB spreading malware:
http://www.eset.com/us/home/products/usb-antivirus/
Outside US: http://www.clevx.com/
 
Last edited:

Arakasi

Level 4
Verified
Jul 12, 2014
195
Not a bad idea, i already went to one review of ESET version 7 and watched a scan setup incorrectly.
They showed us all the right settings with a Smart, and then used a context which had completely different settings.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top