Anti-virus privacy

Is your antivirus software monitoring you?

Anti-virus privacy

There is no doubt that reliable anti-virus software plays a vital role in IT security. As malware becomes more complex and productive ( more than 350,000 malware samples are released every day ), both home users and business owners need appropriate safeguards to stop these modern digital threats.

However, anti-virus products are not immune to privacy issues. While the antivirus industry looks good on the surface, the behavior of many antivirus products infringes on the privacy of users. Whether it’s intercepting network traffic, selling browser historical data, or allowing backdoor access to government agencies, many antivirus products endanger the content they design to protect: your data.

The following are four ways in which anti-virus software can interfere with your privacy.

1. Sell your data to third-party advertisers

In order to provide you with the protection you need to protect your system, your antivirus software needs to know a lot about you. It keeps a close eye on the programs you open to ensure that you don’t accidentally execute malware and monitor your network traffic to prevent you from accessing websites that may try to steal your login credentials. It can even automatically retrieve the suspicious files it finds on your computer and upload them to the database for further analysis. This means your antivirus software can collect and process large amounts of personal data as needed.

The possession of rights is also given a major responsibility.

While some antivirus providers are very serious about the user’s data and only use it when absolutely necessary, others are less cautious.

Antivirus spyware

AVG  – AVG was attacked a few years ago   when it announced changes to its privacy policy to allow users to sell their search and browser history data to third parties (ie advertisers) in order to monetize their free anti-virus software. . Of course, AVG is not the only anti-virus company that monetizes its user data.

Avast  – Avast’s popular free Android app sends personally identifiable information such as your age, gender and other apps installed on your device to third-party advertisers. As the AVG spokesperson explained to Wired ,  “Many companies do this kind of collection every day, not telling users.”

From free VPN services to free anti-virus, the old saying goes: If you don’t pay for the service, you might be the product.

2. Decrypt encrypted network traffic

Most modern antivirus products include some kind of browser protection that prevents you from accessing known phishing and malware hosting sites. However, this is easier said than done because it now transfers so much data through the Secure Hypertext Transfer Protocol ( HTTPS ).

HTTPS is a protocol used by web browsers to communicate with websites. The “S” in HTTPS stands for “Security”, meaning that the data sent over the connection is encrypted, protecting you from man-in-the-middle attacks and spoofing attempts. Today, 93% of all websites opened in Google Chrome are loaded via HTTPS , compared to 65% in 2015. If you want to know if your site uses HTTPS, just check the URL or look for the padlock icon in the address bar.

The rapid spread of HTTPS has helped make the network more secure, but it has also created an interesting problem for antivirus companies. Usually, when you visit an HTTPS website, your browser checks the website’s SSL certificate to verify its authenticity. If everything is over, a secure connection is established and your website is loaded, you can browse your content and make sure the website is legitimate.

But there is only one problem. Because the connection is encrypted, antivirus software ultimately cannot know if the site you are trying to access is secure or malicious.

Most antivirus products use HTTPS interception to overcome this problem. This involves installing a local proxy server that creates a fake SSL certificate. When you visit the HTTPS website, your connection is routed through your anti-virus proxy server, which creates a new SSL certificate and checks the security of the website you are trying to access. If your anti-virus software determines that the site is secure, the site loads normally. If the site is not secure, the agent will display a warning in your browser.

By redirecting data through the proxy, your antivirus software decrypts the data you send on the encrypted connection – it’s only visible to you and the HTTPS website.

Here are some differences:

  1. Because your antivirus software forges SSL certificates, it is not 100% sure that the website displayed in the browser is a real transaction. At the end of 2017, Google Project Zero researcher Tavis Ormandy discovered a major bug in Kaspersky software. In order to decrypt the traffic for inspection, Kaspersky presents its own security certificate as a trusted authority , although the certificate is only protected with a 32-bit key and can be enforced in a matter of seconds. This means that all 400 million Kaspersky users are extremely vulnerable before the company fixes the vulnerability.
  2. Most anti-virus products query the security of the URL server, which means the company may track your browsing habits as needed.
  3. It increases the risk of phishing attacks and man-in-the-middle attacks.

A group of researchers even published a paper discussing the disturbing security implications of popular anti-virus companies for HTTPS interception, pointing out:

As a class, intercepting products [anti-virus solutions that block HTTPS] greatly reduces connection security. Most notably, 62% of traffic through network middleware reduces security, and 58% of middleware connections have serious vulnerabilities. We investigated popular antivirus and enterprise agents and found that almost all agents reduced connection security, and many introduced vulnerabilities (for example, unable to verify certificates). Although the security community has long known that security products intercept connections, we have largely ignored this issue and believe that only a small number of connections are affected. However, we have found that interception has become very common and has worrisome consequences.

VPN.ac also checked this issue and found that anti-virus suites that perform HTTPS interception also break HTTP public key lock (HPKP):

HPKP is a technology that enables website operators to “remember” the public key of an SSL certificate in a browser, forcing the use of a specific public key for a particular website. This reduces the risk of using a rogue/unauthorized SSL certificate for a MiTM attack. However, HTTPS scanning and HPKP do not work together, so if a website has HPKP enabled, HPKP support for that website will be disabled in the browser when you visit the website.

VPN.ac found this to be the case for ESET, Kaspersky and Bitdefender:

Hpkp antivirus software

Tip : Avoid using anti-virus software that HTTPS intercepts/scans, or just disable this feature in your anti-virus software.

3. Install potentially unwanted programs on your computer

Even if your antivirus software does not pose a direct threat to your privacy, it may be bundled with the software. As the name suggests, potentially unwanted programs (PUPs) are applications that you might not want to use on your computer for a variety of reasons.

Although they are not technically malicious, they often change the user experience in some unwelcome way, whether it’s displaying ads, switching the default search engine or taking up system resources.

PUP: Harmful to your privacy and harmful to your system resources.

Many free antivirus products come with PUPs, such as browser toolbars, adware, and plugins, which you may inadvertently allow for installation during a quick click on the installation process.

For example, the free versions of Avast and Comodo try to install their own Chromium-based web browsers, and you may or may not want to use them on your computer. At the same time, AVG  AntiVirus Free automatically installs SafePrice, a browser extension that claims to help you find the best deals when shopping online. Unfortunately, it can also read and change all the data on the websites you visit.

A few years ago, Emsisoft found that most free anti-virus kits were bundled with PUP . Here are the culprit:

  • Comodo AV Free
  • Avast Free
  • Panda AV Free
  • AdAware Free Edition
  • Avira Free Edition
  • ZoneAlarm free antivirus + firewall
  • AVG free

PUPs are not malicious in nature, but they can seriously violate your privacy. Some PUPs track your search history or browser behavior and sell data to third parties, while other PUPs can compromise your system’s security, affect system performance and hinder productivity. By carefully reading the installation options during the installation process, only the unwanted applications are retained and only the required software and features are installed.

4. Cooperate with the government

Last but not least, in theory, anti-virus software can be used to help government agencies collect user information. Most security software has very high access rights and can view everything stored on the computer, which is necessary for the software to keep the system secure. It is easy to see how evil parties use this power to monitor individuals, businesses and governments.

Kaspersky Lab is a Russian-based network security company that accounts for about 5.5% of global anti-virus software products and was involved in a major privacy scandal a few years ago. According to the Washington Post , Kaspersky software uses tools primarily to protect users’ computers, but it can also manipulate the collection of information that is not related to malware. Kaspersky is the only major anti-virus company that routes its data through Russian Internet service providers, which are subject to Russian surveillance systems.

In September 2017, the US government banned federal agencies from using Kaspersky Lab software after allegations of cooperation between Kaspersky and Russian intelligence agencies. Soon after, the FBI began to pressure private-sector retailers to stop selling Kaspersky products, and the British government issued a warning to government agencies asking them to use Kaspersky software security risks.

Anti-virus government cooperation

Of course, it is naive to think that this issue is limited to Russian software. The US government and many other foreign governments have been captured to work with technology companies to advance their large-scale surveillance agenda. Check out the PRISM program to see how Big Tech and Big Brother can monitor you together.

“Antivirus software is the ultimate back door,”  explains Blake Darché, a former National Security Agency operator and co-founder of Area 1 Security, quoted by the New York Times . “It provides consistent, reliable and remote access for any purpose, from launching destructive attacks to espionage against thousands or even millions of users.”

Choose your antivirus software wisely

In the best case, antivirus companies use your data responsibly to optimize their products and provide you with the best malware protection.

In the worst case, they will sell your data to third-party advertisers, install annoying software on your system, and work with government agencies to monitor your personal information.

So how do you get the best classification from other people?

  • Pay for your antivirus software. Most free antivirus products are more free of your data than advanced software because the company ultimately needs to profit from its services in some way.
  • Read the End User License Agreement. Know what you are up to before installing the product. Take the time to read the license agreement and/or the company’s privacy policy to understand how the organization intends to process your data.
  • Read the installation options: When installing new software, you can easily click “Next”. This may lead to the installation of browser toolbars, adware and various other PUPs that may infringe on your privacy in various ways.
  • Customize your privacy settings. Some anti-virus software allows you to customize your privacy settings, such as usage statistics, browsing behavior, and whether to upload malicious files for analysis. Adjust these settings to maximize your privacy.
  • Read the AV report. Some independent analysts have published reports on how antivirus companies handle your data. Take the time to read these reports and comments to better understand the company’s reputation and how to deal with privacy issues.

It’s worth noting that this article is not a call for giving up all anti-virus software in the name of privacy, because there are some excellent players.

Antivirus software is an important part of modern IT security and plays a vital role in protecting your data from malware, phishing, and a host of other digital attacks that pose a real threat to everyday users.

While some antivirus providers are intrusive and should be avoided, there are still companies that work to protect the privacy of their users. For example, Emsisoft has earned a reputation for providing reliable protection without compromising user privacy .

Do your homework, carefully measure your choices and remember that not all antivirus solutions are equal in respecting your privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *