Pinterest Stumbleupon Whatsapp
Ads by Google

Your antivirus software is watching you. A recent study shows that popular antivirus applications like Avast assign your computer a unique identifier and send a list of all web addresses you visit to the manufacturer. If the antivirus finds a suspicious document, it will send the document to the antivirus company. Yes, your antivirus company might have a list of web pages you’ve visited along with your sensitive personal documents!

AV-Comparatives’ Data Transmission Report

We’re getting this information from AV-Comparative’s Data transmission in Internet security products report, released on May 8, 2014. AV-Comparatives is an antivirus testing and comparison organization.

The study was performed by analyzing antivirus products running in a virtual machine to see what they sent to the antivirus company, reading each antivirus product’s end user license agreement (EULA) 10 Ridiculous EULA Clauses That You May Have Already Agreed To 10 Ridiculous EULA Clauses That You May Have Already Agreed To Let’s be honest, no one reads EULA's (End User Licensing Agreement) - we all just scroll down to the bottom and click "I Accept". EULAs are full of confusing legalese to make them incomprehensible to... Read More , and sending a detailed questionnaire to each antivirus company so they could explain what their products do.

The study says “We gave higher weighting to our own measurements and the EULA (as we understand it) than to the replies to our questionnaire.” In other words, some antivirus companies responded with incorrect answers that contradicted what their products actually did!

We encourage you to check the study and consult the table on page 3 for yourself. You’ll be able to see exactly what your current antivirus product does. The study includes antivirus products by AhnLab, Avast, AVG, AVIRA, Bitdefender, BullGuard, Emsisoft, eScan, ESET, Fortinet, F-Secure, G DATA, Kaspersky Lab, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, Vipre, and Webroot.

av-comparatives questions

Ads by Google

A Unique Identifier And Web Addresses You Visit

All of the antivirus products in question — aside from products by eScan and Fortinet — assign your system a unique identification number and transmit this number.

Many products also transmit a list of visited URLs, or web addresses — both malicious and non-malicious ones. All of the products aside from AhnLab, Emsisoft, and Vipre transmit these URLs to the company. It’s unclear which types of addresses each product transmits. Some products may only transmit a malicious address you find to the company, while some products may transmit all addresses you visit to the company. Tied to a unique identifier, this means an antivirus company could have access to your browsing history.

Some products also transmit your computer’s name, local IP address, language, running processes, and Windows user name to the antivirus company.


Non-Executable Files, Including Documents

When an antivirus finds a “suspicious” file, it wants to send that file to the antivirus manufacturer so it can be examined for malware. The antivirus company can analyze the file and produce a virus definition to defend against the malware. This doesn’t just apply to executable files. Your antivirus may also send your personal documents to the antivirus company. For example, if you have a business document in Word format and the antivirus thinks the document is suspicious, it may send that document to the antivirus company. This means your antivirus company may be getting its hands on your sensitive documents.

Avast, Fortinet, Kaspersky Lab, Symantec, and Vipre all will transmit documents and other non-executable files. AVG, ESET, McAfee, Microsoft, Sophos, Trend Micro, and Webroot all won’t tell us if they transmit documents. It’s probably best to assume these products transmit documents, too. AVG, McAfee, Trend Micro, and Webroot won’t even allow you to opt out of sending these non-executable files.


Why All the Data Collection?

Antivirus companies want all the data they can get. However, we users don’t have an easy way of knowing and choosing what types of data we share with the antivirus company. The idea that the web pages we visit and our personal documents could be getting sent in the background is scary. We didn’t even think of this and didn’t have the option to make an informed decision. If this data is sent unencrypted, it’s also possible for people on the same local network — or intelligence agencies like the NSA tapping the internet backbone What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More — to capture this information.

According to the study, antivirus companies at least say they aren’t linking this information together to track you:

“Vendors tell us that the data gathered and transmitted by each product does not go to a single collection centre; rather, specific elements are transmitted separately to different isolated end points, without any connection between them. Thus e.g. licence-management data is sent separately from product-usage statistics. They say that as there is no connection between these systems, the data collected by one cannot be linked with the data collected by another. Consequently the privacy of the user should be safeguarded. “


The Most Privacy-Conscious Antiviruses

AhnLab sends the least amount of data according to this test. It won’t send URLs you visit, personal documents, or even executable files and other personal information to the antivirus company. It will transmit information about the antivirus product, a unique identifier for your computer, your operating system version, and hashes of files. A hash will let the antivirus company detect whether the file matches another file they know about, but it won’t actually let them view any of the contents.

Emsisoft also comes out looking good. They send a bit more information when you encounter malicious files — for example, they’ll send suspicious executable files to the antivirus company — but they’ll never send a list of websites you visit or your documents over the Internet

Both of these products are paid antivirus products. They’re the only antiviruses in the study that don’t send the most sensitive types of data to an antivirus company.


There’s no one free antivirus product that stands out from all the others in offering the best privacy features. Your best bet is consulting the table for more information when choosing an antivirus product. Along with checking antivirus test results The 3 Best Sites for Reliable Anti-Virus Software Reviews The 3 Best Sites for Reliable Anti-Virus Software Reviews Read More , this information can help you make an informed decision.

Image Credit: Cristiano Betta on Flickr

  1. T-bone
    May 19, 2015 at 8:59 am

    NOW we know why the powers that be invented viruses - so we would have to install antivirus programs that track our every move!

    Thanks for the heads up.

  2. faruque
    July 12, 2014 at 5:57 am

    Start using linux everyone ..........

  3. Chiron
    June 30, 2014 at 9:54 am

    Well, I guess that sooner or later they'll end up installing a webcam in every toilet (with the full blessing of Governments, Authorities, Polices, Secret Services and Holy Inquisition, of course) presumably quoting the old refrain "the one who has nothing to conceal has nothing to fear".
    In the world I was born in, reading other people's mail without their explicit consent was considered a felony and a court order was needed to search one's private documents, but that's history now.

    I was sent here by Emsisoft, which suggests that they are more correct than the others, thus I shall switch to their software in no time.
    Yet the best protection is still to say good bye to the social media, unplug the internet cable and work stand-alone on a freshly installed OS, the way we used to do a few decades ago. Pretty sad, isn't it?

  4. klb3317
    June 27, 2014 at 5:32 pm

    Using Emsisoft already, such a relief.

  5. dave
    June 18, 2014 at 12:39 am

    sending visited urls to home base...!!!?
    i am so fv<ked off about this i have uninstalled AVG who the fv<k do these companies think they are?
    i looked at eset and they do it too!! i thought they were good!

  6. rric117
    June 6, 2014 at 10:27 pm

    Are European users better or worse with antivirus software? I want to know how to stop this intrusion!!!

  7. sobic
    June 6, 2014 at 4:24 pm

    btw, EFF Privacy Badger sez these sites are tracking us on YOUR page:
    Detected trackers from these sites:
    main. makeuseoflimited....
    www. google. com
    0.gravatar. com com
    platform.twitter. com
    themes. googleuserconte... com
    ssl.gstatic. com com
    oauth. googleuserconten...
    t0.gstatic. com
    t1.gstatic. com
    t3.gstatic. com
    cdn.syndication. twimg....
    s.ytimg. com
    http://www.gstatic. com
    fbstatic-a. akamaihd. ne
    cute, no? (No.)

    • G Farkas
      June 10, 2014 at 8:52 pm

      Excellent comment!!

  8. Anonymous
    June 5, 2014 at 10:51 pm

    why am i not surprised...

  9. ShorePatrol
    June 4, 2014 at 10:42 pm

    I do not see that you ran any tests for Norton which comes bundled, if you want it, with Comcast. I can only assume that they are at least as FUBAR as all the rest. Anyone know how they operate?

  10. Vananovion
    June 4, 2014 at 3:00 pm

    "AVG, McAfee, Trend Micro, and Webroot won’t even allow you to opt out of sending these non-executable files."

    This is not true at least for AVG. It is possible to opt-out either at the end of the installation or through Advanced Settings -> Privacy Preferences.

  11. OnClogs
    June 4, 2014 at 9:47 am

    In Sophos it is a simple setting whether or not you want samples of suspect files, which can be both executables and documents containing scripts (Office, PDF, etc) sent to the SophosLabs.

    • Guy M
      June 8, 2014 at 1:24 am

      Assuming the setting actually does anything, or just makes you feel better about it.

    • Alexandre Froger
      September 24, 2016 at 4:21 pm

      Check your connexion and you'll see all the nice data sent by SophosWebIntelligence - with the feature enabled or not.
      "or just makes you feel better about it." => spot on.

  12. MadAsAWetOldChicken
    May 31, 2014 at 8:12 pm

    I use SandBoxie, Mozilla and never had virus infection. I am uninstalling AVG from wife's lappy soon as I get home tonight. To hell with these corporations.

  13. paul.b
    May 31, 2014 at 8:25 am

    I know for a fact that AVG Antivirus (different than Avast, but also very popular) has a team team that analyzes the data their antivirus collects from their customers (what websites they visit, what software they have on their computer) in order to use it for marketing purposes. They justify that it's ok for them to do it since Google does it too. Go figure.

    • Joses L
      May 31, 2014 at 9:23 am

      They do that? Can I have a link please? I would like to read deeper into that...

    • Vananovion
      June 4, 2014 at 3:04 pm

      In AVG it is possible to disable this from Advanced Settings -> Privacy Preferences. If you are performing a new installation, it is possible to opt-out at the of setup wizard.

  14. CJ Cotter
    May 31, 2014 at 1:43 am

    You wrote, "The idea that the web pages we visit and our personal documents could be getting sent in the background is scary. We didn’t even think of this......." Are you serious? That’s very naïve… a clueless sheep walking through a field of wolves. I use McAfee Site Advisor. I have never needed a study to tell me that when McAfee throws a warning flag on my screen, their servers know WHERE I am, and WHO (me) has just triggered their tripwire. (This is true even when I always UNcheck the "participate" option.)

    C’mon people, WAKE UP!

  15. Renard Moreau
    May 30, 2014 at 8:54 pm

    [ Smiles ] My goodness! I never thought that my own antivirus would be performing data mining.

    Thank you for brining this to my attention!

  16. LinuxMage
    May 30, 2014 at 5:06 pm

    I am a Linux User...No such worries ...I suppose people could encrypt their Document Folder and prevent their data from being compromised or save all sensitive files to a flash drive either way I am happy that this is at least one less headache I have to be concerned about.

  17. justme
    May 30, 2014 at 8:39 am

    Also from the report:

    "We asked whether special updates are delivered to users with specific IDs. This could theoretically allow authorities with a suitable court order to monitor e.g. specific terror suspects without the monitoring software being detected by the antivirus product. All updates would however be supplied to all other users, ensuring that their PCs were still fully protected. Most of the vendors responded that they do not do this, although a few (mostly from the USA and UK) did not reply to this question. "

    Anglo AV companies: we protect against root-kits, etc . . . . . unless it's government root-kits, then we'll look the other way.

  18. Josemon M
    May 30, 2014 at 5:41 am

    Yea, that's correct ..privacy is the top factor..That increases the priority of the migration to opensource operating systems like Linux for office works

  19. Noer W
    May 30, 2014 at 3:40 am

    Iiii....ngeri dach, ga pake AV aja kalee

  20. Jerick
    May 30, 2014 at 3:31 am

    This definitely bothers me... But what could be the course of action? I don't plan to change my AV

    Considering most of them actually traces the "website", does that mean they're sent what is written on it as well? Then I'm scared for life :(

    Thanks for this!

  21. Barry
    May 29, 2014 at 10:24 pm

    My anti-virus is names Linux.
    It does exactly what I tell it to.

    • Derek
      June 2, 2014 at 11:24 pm

      Puppy Linux for me. Great OS, and it's never yet melted to a virus.

  22. Michael Dowling
    May 29, 2014 at 9:55 pm

    I'm using the free version of Avast!,along with Sandboxie.I have be tempted to ditch my antivirus program,as I always run my browser and email client sandboxed.

  23. T
    May 29, 2014 at 9:09 pm

    Software with source code that isn't available for inspection is likley to have hidden undesirable "features".

  24. Bud
    May 29, 2014 at 6:34 pm

    Interesting article, but the Orwellian doom is 30 years late and will be, until Armageddon and these bastards are sent to Hell !!!!!!!!!!!

  25. Tony
    May 29, 2014 at 5:09 pm

    I am uninstalling aVast now. It is terrible !

  26. Wasp S
    May 29, 2014 at 9:14 am

    Ive got a laptop i decided to use for a test. I scan once weekly with MBAM to see if its clean i use the extra tool like the root kit scanner too, other than that it has had no Anti-Virus installed since 2011. The only time it got an infection was after plugging an external hard drive in that had made the rounds in India. I think with sensible browsing , common sense with regard to email attachments and making sure security patches are applied straight away it seems to me alot of these products are making money for nothing.
    I think it funny we are trying to protect ourselves from the hackers but who is protecting us from the companies we freely invite into our devices to do the protecting?

    • SGKris
      May 29, 2014 at 2:11 pm

      I totally agree with you and do exactly what you have said - Regular MBAM sacanning besides using firefox with NoScript and AdBlaock addons and no auto image loading as default in emails while using Windows. I too got infected once by plugging a USB falsh drive, but recovered without any problem by restoring a drive image. . I mostly use Linux for web surfing.

      Sensible browsing and common sense constiture the best defense.

  27. Mega
    May 29, 2014 at 1:20 am

    I use no Antivirus on my PC, since I started using Windows 7.

    • dragonmouth
      May 29, 2014 at 11:21 am

      Then Redmond is tracking you. :-)

  28. Adrian
    May 29, 2014 at 12:22 am

    Wow...this is scary. I'm gonna give Emsisoft a try. Thanks for the article.

Leave a Reply

Your email address will not be published. Required fields are marked *