Antivirus software: protecting your files at the price of your privacy

Antivirus software: protecting your files at the price of your privacy

blog_main_privacy

“Privacy” is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. [Wikipedia]

We have to make a statement here: Privacy is important. Period.

Large companies and governments unfortunately tend to disagree with us these days. They want to make us believe that security and comfort always come at the price of privacy. We think that the risks for potential misuse of collected mass data always outweighs any argument for the advantages of gained functionality that is based on big data analysis.

Only a few people are aware that one of the biggest threats to their privacy is actually a piece of software running on almost all computers. A software they have bought believing it would actually protect their data: antivirus software.

Antivirus features that rely on techniques which affect your privacy

There are a couple of highly questionable features in everyday’s protection software that we’d like to analyze a bit more in detail:

1) Scanning and blocking of dangerous URLs

Almost all internet security products claim to prevent you from accessing dangerous and fraudulent websites to keep you safe from malware downloads and fraud attempts. To do that, they typically forward all website addresses you visit to a centralized server which scans the domain names and paths against a massive database of dangerous URLs.

You may ask why these scans can’t be done on your local computer. The reason behind this requires a bit of technical knowledge: to check addresses locally would require the whole database to be constantly transferred and synchronized via online updates onto your computer. The problem with that approach is that there are literally millions of known bad website addresses that change very frequently. Online updates of protection software would become far too heavy for most users and every day hundreds of megabytes of data would need to be updated, which is simply impractical. That’s why it is more efficient to send each visited address to a server who does all the work and just returns a “safe” or “dangerous” flag.

The bad thing about this technology is that the antivirus vendor can track ALL your visited websites. Even worse: some vendors can read encrypted data that you enter on online banking websites or other private communication channels. These massive database servers are of course protected at the highest level, but history shows us that data is never 100% safe. Just think for a second about what would happen if that antivirus vendor lost control over their servers for any reason, and what would happen if your surfing habits were shared with criminals.

2) Cloud based file scanning

A few years ago, any software company who didn’t join the “cloud” hype was considered lame and old-school. There is no doubt that cloud computing—which means shifting heavy computing jobs from the local PC to a server ‘somewhere’—can be a very useful thing to speed things up. Since the early days of antivirus software, file scanning is typically done on the local computer. Antivirus vendors create a database of fingerprints/signatures of viruses and other threats, then send that collection of unique markers to the antivirus software on your computer where it compares all local files with each of those signatures.

blog_content_breaker_privacy
Cloud scanning sort of reverses that process. It creates signatures of all potentially suspicious files on your hard disk and uploads them to cloud servers where these signatures are scanned against a large database of known threats. Signatures are typically short sequences of letters and numbers, so they don’t allow any antivirus vendor to restore your file content. Though they know which programs you run on your PC if the same pattern was seen before and other meta data can be linked to the data set.

Many antivirus vendors go one step further: They don’t just upload a unique file identifier, they upload the whole file so it can be analyzed on a cloud server. For program files that typically doesn’t mean any danger, but has any antivirus vendor ever published their rules for selecting files that are to be uploaded? You are forced to blindly trust that they don’t send any of your private data files.

3) Collecting the computer’s meta data

Sometimes, collecting meta data about a computer can even be more helpful than collecting data files. Meta data describes all sorts of information such as computer name, user logon name, IP address, country, operating system, running programs, their version numbers, hardware components or similar. Collecting and combining these data points allows someone to sketch a quite precise picture of each computer and derive a certain level of exposure to online threats.

But that data also reveals a lot about the person sitting in front of the PC. Combining data can tell which software you have used for how long. Where you live, what your areas of interest are, your age group, how much you spend on hardware, etc.

AV-Comparatives, a well respected security software testing organization, conducted an analysis of Data Transmission in Internet Security Products in 2014. A quick overview of their findings:

  • 8 out of 21 antivirus submit hardware information, and 5 didn’t disclose that information.
  • 6 out of 21 submit information about running programs, and 4 didn’t disclose that.
  • 18 out of 21 submit website addresses (malicious and non-malicious).
  • 5 out of 21 submit “suspicious” non-executable files (such as documents), and 7 didn’t disclose that.
  • 6 out of 21 don’t allow their users to opt-out of sending files.

AV-Comparatives recommends reading the privacy policy and EULA of vendors carefully, so that users can make an informed decision. They state: “Users should also avoid being lured into using free products that require submitting personal data (data mining is a business model too, as well as the inclusion of third-party toolbars which collect information on their own).”

Antivirus vendors that trade user data

9203452_sUsers who run Avast’s security software should be aware that their surfing habits are tracked by a company called Jumpshot who creates statistics based on visited websites, as Avast recently announced. These might be impressive and interesting statistics, but keep in mind that once data is sent to countries with different legislation, there is little control left on what really happens with all the information. Avast’s installer also preserves the right to submit usage data without specifying further what that means.

Alternative ways to protect that don’t compromise privacy

Some good news for all of you who have been told that there are no alternatives to collect data in order to keep you safe from malware: there are alternatives. They may require a bit more effort in programming and may be a little less convenient for software vendors, but they are proven to be just as efficient as methods that impact your privacy.

Blocking website domains instead of website addresses

Instead of blocking individual website addresses, Emsisoft Anti-Malware and Emsisoft Internet Security use a locally stored blacklist with bad domain names. Most malware today is spread by hacked web servers. If a specific server is hacked, we don’t trust any website on that server anymore until it is clean again. So we simply block access to the whole server, which reduces the amount of data to be stored in a blacklist-file significantly, effectively allowing us to avoid cloud based scanning and do the checks locally on your computer only. Updates of that file are provided every 15 minutes. Tests confirm that this approach often beats cloud based scans.

Avoiding file uploads for cloud scanning

Emsisoft products never upload any files to our servers without asking you first. Any scans that require information to be obtained from a server rely on a minimum amount of data. In most cases, only a file hash (32-40 letter checksum sequence) is required to verify if a program is safe or not. User documents are never uploaded at all.

Minimizing meta data collection

AV-Comparatives confirmed in their report that Emsisoft is one of the most privacy conscious antivirus vendors around. Our products avoid sending any information that may be used to create detailed user profiles.

Privacy options we provide our users

With the recent release of our version 10 protection product series, we are once again one step ahead of our competitors in terms of privacy. You can find all settings that may have an impact on your privacy in a newly formed Privacy settings dialog. There you can choose whether you want to allow us to create statistics based on detected malware, or configure your participation in the Emsisoft Anti-Malware Network, which helps to improve the malware detection quality for all users. Options for disabling SSL in server communication and creating crash reports are included too.

150427-version-10-privacy

Emsisoft Anti-Malware Privacy Settings

During installation of our software you are asked whether you are fine with sharing some of your data or not. We don’t force you to participate at all and we don’t even set a default option for these things— it’s totally up to you.

Conclusion: Privacy doesn’t need to be given up on

Emsisoft is the living proof that privacy doesn’t need to be traded for security. There are ways to provide the same, if not a better level of protection, without harming your privacy.

 

Have a nice, private day!

  • whyer63

    Quote from the article: ‘You are forced to blindly trust that they don’t send any of your private data files.’
    In my view all those ‘nsa like services’ are not criminals of course, but occasionally and more and more they behaving like them and what are they then actually? There is a huge lot of abuse of all kind: intruding houses (including really stealing things and papers) and cars, intruding your internet accounts, changing passwords, intruding e-mail and even changing text’s etc (list not complete..). Looks all like plain sadistic harrassing, surely nothing ‘security’. For example it’s known they can see and read what you are doing on your pc even offline, by satellite of course – beware, they even can rape by satellite laser beams…And so they got a really extreme dangerous potential of blind and agressive arrogance. Years ago they summoned and asked the politicians (…) to give them unlimited search powers and they got them, believe it or not. It’s a bit like putting a cat close to a cup of milk! They simply cannot and will not handle and control decently all their vicious powers they should not have in the first place. There is also a huge amount of so called ‘job creation’ like stasi did or must we say gestapo? Actually there is less and less real work and more and more civilians ‘work’ without any conscience problem now as provo and or informant also and very important too the social life gets really undermined and put at level zero. A most ‘famous’ oneliner of a ‘politician’ over here was: ‘Who pays, decides also…’. Paranoia? not really.

  • Philip

    Too much information it will scare people off who have no need to worry as such. Do you think I spend too much money on Internet shopping. Do you think my lack of interest in pornographic websites is unhealthy? Do you think my endless abusive emails to health and safety is too much? Do you think the triple passwords and the pictures is far too paranoid of my bank provider.

    I have all my passwords in my documents can you read them? I think you should have just written we have you covered.. And that they have privacy options in your product and this is how you set them. Lots of people on the Internet are not who they say they are and they are paranoid just because they don’t wish to share their real self with others because they are pretending to be bigger and better than they really are. you make it read like you can see what Freddie Facebook, user is really like.

    I suppose I’m saying most people are irritatingly stupid and you must live with that. Yesterday I was watching a bunch of grown men laughing about a program called Malwarebytes because the program had little messages like “you can’t hide from us malware we are going to find you”. they loved all those messages and wanted to buy the “pro version”.

    When I use KDE, some distributions offer you the option to opt out of sending information to the programmers about “your use” of their programs but most other distributions do not. Microsoft’s Windows built in voice recognition sends your corrections back to Microsoft, likewise with the Dragon equivalent. Fraud protection and malware protection in your web browser like the Opera web browser is collecting information about websites you visit. And so do all the other web browsers on all the other operating systems that offer fraud protection.

    You have them covered you collect as little information as possible and thus you don’t have it for the likes of NSA and GCHQ and their equivalent around the world. People like me who don’t understand what you are going on about get worried because you make it read like you are looking over my shoulder and you have too much of my information. in reality I’m sure you are trying to look after my computer and not interfere in my life too much. I know when I give you my money that you are trying your best to take care of my privacy my computer my programs. sorry if there’s any spelling mistakes I have a chronic headache we have very hot weather and I don’t have an air-conditioner.

    • bonbonboi

      I understood that you want to say that “it looks like a blackmail” everyone wants your money, they would tell you that “You give us money or we go uncover your secrets?” , you choose.

  • Charlie Knight

    emisoft seems to be trying to disclose exactly what they do. It is refreshing to have someone be honest, or seem to be honest, about what they will do for you and what they will not do. I do not consider it to much information, I consider it trying to be forthright about what they do do.

  • TheSeeker11

    Thoroughly impressed with Emsisoft Anti-Malware so far; its stance on privacy is most welcome in this age of seemingly ubiquitous surveillance.

  • Harshit Gupta

    There are various fake antivirus software which said to be free but actually are spyware which gets installed in your system and increases the risk of confidential data theft. That’s why I always prefer to buy antivirus online. Recently I have bought Protegent antivirus which surprisingly came with inbuilt data recovery software as well.