Monday 13 February 2017

Anti Virus and Privacy

It is common these days for software to be available for free. While this has made it easier to access software, vendors still need a business model that generates revenue for them to support the development and maintenance of these products. Anti virus products have followed this trend and there are now a number of free and paid products available. Most of these free products work on the basis that you get basic real time scanning protection with additional functionality available as paid options. Yet these products have deep access to the operating systems and as a result are capable of gathering a lot of information about your computer. The information they gather can be used for marketing purposes and this is of commercial value. Some vendors bundle 3rd party products into their installations to make the products commercially viable. So the question becomes how is your personal information used by these vendors?

AV comparative's performed analysis of 21 anti virus products and documented the results in their Data transmission in Internet security products report (http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf). To evaluate how well the products rated on information disclosure, they reviewed the privacy policy and the end user license agreements (EULA), monitored the information that was sent from the computer and sent a questionnaire to the vendors asking for details of the information that is captured by their products. The information was then collated and vendors were rated on the level of protection provided for user privacy. It should be noted that AV vendors do require some information in order to manage their product licenses and to improve virus detection rates. The main concern though is if that personal information is collated and sold on for marketing purposes. As an example, web sites can be tracked by AV software to ensure that known malicious sites are blocked. Yet it is also possible that this information can be kept and data mined by the vendor.

The AV products that were rated best with respect to personal information disclosure were:
  1. AhnLab
  2. Emsisoft
  3. eScan
  4. BullGuard
  5. Fortinet

Products rated the worst (or vendors did not disclose what information they kept):
  1. McAfee
  2. Microsoft
  3. Symantec
  4. Trend Micro
  5. Webroot
  6. AVG

There were many products that had a mixed rating for personal information disclosure. The products rated best for privacy considerations overall were:
  1. AhnLab
  2. Avira
  3. eScan
  4. Fortinet
  5. Panda

It should be noted that this report was release in 2014 so may be out of date with respect to the latest product versions. In general, it is worth reading through the EULA and privacy policies to understand how your information can and will be used by the vendors. Also be wary of any 3rd party software that is bundled with the free AV product as this may disclose your personal information too. It is usually best to untick the box for add-ons and other products when installing these products. While privacy seems to be a commodity we are happy to trade for free stuff, it is worth considering the implications of what is done with your information. If you are interested in how you can better safe guard your online information take a look at the EFF's surveillance self-defense site at https://ssd.eff.org/en.