Your AV Might Be Spying On You

Rengar

Level 17
Thread author
Verified
Top Poster
Well-known
Jan 6, 2017
835
Report shows why using a quality antivirus is vital.
The past year has seen hacking events and accusations of unheard of proportions, everything from possible interference in foreign elections to hacking the CIA. It was a year in which Kaspersky Lab came under a lot of attack, even to the point of being banned from more than one government’s computers due to ties to the Kremlin and aiding in spying.

While those accusations are plausible but still not entirely proven, a new report from the New York Times outlines exactly the software we think is protecting us from malicious outsiders may actually be opening the door. It’s also something, as the report indicates, that can be done with or without help from the software developer; all it takes is a hacker gaining access inside the developer’s network to step right over to your computer.


NYTimes report shows how AV software can be turned into spyware.

Former hacker
One former hacker turned security analyst demonstrated how it’s done. The researcher states he was less interested in who was behind the current allegations, and more simply, could it actually be done. Could AV software be manipulated in such a way that it would be “triggered” by keywords in classified documents, then latch onto those documents in much the same way that it seeks out and removes viruses and malware.

The answer appears to be yes. As Digita Security’s chief research officer Patrick Wardle demonstrated for the article, key phrases could be programmed into Kaspersky products–and presumably other titles, although Kaspersky AV products are at the heart of the allegations–in the same way that malicious code is sought.

Ultimate tool?
According to the Times, AV software could be the “ultimate” tool for cybercriminals.The very function of anti-virus software is to allow the developer to seek out items from customers’ computers and then upload it to their servers for further inspection. It’s literally how signatures for new threats are discovered, and without that process, eliminating a new virus from one customer’s computer won’t protect any other customers. But once the information is uploaded to the AV company’s servers, that’s when hackers can help themselves.
 
Last edited:

n0k0m3

Level 1
Verified
May 29, 2017
37
Extremely vague article, and the way it is phrasing causing people to lose trust in Kaspersky especially.

> Saw the NYT source => oh... US AVs companies is using the media...

Also the NYT articles is mostly bs-ing by backing up their claim with half-baked “facts”
 
D

Deleted member 65228

Who is this man and what does he do? oh that's right. I've never heard of him. Until now. Reading a silly article
 
  • Like
Reactions: harlan4096
F

ForgottenSeer 58943

Might? How about they do!

Many will remember, we documented Trend Micro being hijacked on one of my systems and being used to spy. Trend Micro Core Services was redirecting to a data mining firm. Very scary since Trend isn't going to detect Trend doing this or that because Trend thinks it is still Trend.

FortiClient has no telemetry or spying capabilities if you make a couple simple changes. Uncheck the Telemetry checkbox. Turn logging to 'emergency', then uncheck the logging parameter checkboxes. It then becomes a totally silent AV Suite that just updates itself. Fortinet has been keep to give these options, largely because it's deployed in organizations that require logging to be off or minimal. If you leave it all checked it's still 443, and sent to FortiGuard Labs and logging is limited in scope - that's if you leave it all on. But feel free to turn it all off if you choose and have a totally silent AV. Note, when AVC ran their survey to check on AV telemetry, FortiClient was the second least 'chatty' AV to home base, EAM was the least chatty. Since then however, Fortinet has further reduced that chatty aspect and has given you the option to completely disable ALL of it.

That aside, one could run Reboot Restore RX Freeware on systems and not even use an AV if they are that concerned.. Wipe on shutdown/reboot and be done with it. ;)
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
It's a threat model issue. Are you more fearful about bog-standard malware infecting your system or are you more fearful of nation-states breaking into your AV vendor's servers and extracting all the data said vendor has compiled? I'm pretty certain most people would fall into the former camp.

As for me, I usually read privacy policies and if I'm uncomfortable with the data they collect I simply don't use the service. I'm uncomfortable with AV vendors who upload non-executable files thus I refuse to use their products.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top