Security

Is Your Antivirus Tracking You? Here’s What You Need to Know

Simon Batt Updated 10-03-2020

An antivirus is the most trusted piece of software, as its primary goal is to protect you from malware. However, when it comes to antivirus privacy, your security program may be sending home more data than you would like.

Advertisement

Let’s explore the current state of antivirus privacy and how they handle your data.

3 Ways Your Antivirus Can Breach Your Privacy

The data behind this case comes from Restore Privacy, an organization dedicated to helping people protect their privacy. They published a report called “Is Your Antivirus Software Spying on You?” which collates information about how antiviruses track you.

1. Antiviruses Have Sold User Data in the Past

One of the biggest privacy shakeups in 2020 was when Avast was caught selling click information to third parties. Avast’s tracking data was anonymized, but companies that bought the data could compare the click logs to their own website’s activity logs. This allowed companies to identify who was who on the logs.

These kinds of scandals occur with antiviruses that offer a free version of their software. This is typically how these companies make their money—by selling user information to interested third parties.

2. Antiviruses Can Peek Inside HTTPS Data

Antivirus protects you from visiting malicious websites. To do this, it needs to see what you’re visiting. This becomes a problem when you visit an HTTPS website, as your computer will encrypt the data before your antivirus can get its mitts on it.

Advertisement

Antiviruses get around this by creating a proxy on your computer, capable of creating fake SSL certificates. When your computer connects to an HTTPS website, the proxy grabs it, checks the URL, then sends it onto the destination with a new certificate.

You can see this process happening on the certificate itself; click the padlock next to an HTTPS website, check the certificate, then see who it was “Issued by.” If it says your antivirus’s name, it means your security software is peeking into your traffic.

3. Antiviruses Can Contain Additional Programs Which Track You

Some antivirus programs come with additional tools that claim to help secure your browsing. These are potentially unwanted programs (PUPs), which can cause a breach of privacy.

The report above mentions AVG, which comes bundled with a PUP called SafePrice. Supposedly aimed at giving you the best prices for goods on the internet, with the downside that SafePrice tracks your spending habits.

Advertisement

As such, antiviruses can track you in more ways than one. Depending on the PUPs they install, and how you use them, you may be handing over data through multiple avenues.

Why Do Antiviruses Want to Collect Your Data?

These days, data is worth a lot to companies. When an online service offers its platform for free and without advertising, it doesn’t have many options for income. Therefore, it has to sell on the data it collects to third-parties interested in harvesting information.

These days, data harvesting is a commonplace occurrence. Facebook is the most famous example, harvesting personal information and using it for beneficial gain. It’s at the point where people model election wins using Facebook’s data How Your Data on Facebook Is Collected and Used to Win Elections Can Facebook influence elections? How can you stop your Facebook data being harvested and manipulated by political campaigns? Read More .

One of the main mantras with free software is “if you’re not paying for the product, you’re the product.” As such, some people aren’t surprised whatsoever that free antiviruses harvest information. After all, how else would the companies pay their employees?

Advertisement

Despite this, the idea of antivirus harvesting data worries people. A good antivirus should protect its users and prevent privacy breaches. Now, we’re discovering that even antiviruses are untrustworthy, especially the previously highly-recommended free solutions.

How to Avoid Handing Over Data to Antiviruses

Unfortunately, merely going antivirus-less isn’t the ideal choice. It’s always good to have a layer of defense against viruses and hackers. So, what can you do in the light of antiviruses tracking you?

Use Paid Antiviruses Over Free Ones

Using paid antiviruses feels like going back to square one. For years, people recommended free versions over paid ones, and now we’re going back to paying for our security. The truth is, however, free antiviruses grew to the point where they need to harvest data to stay afloat.

So, instead of paying for your antivirus with your data, pay with your money instead. We’ve recommended some paid options in our picks of the best antivirus software for Windows 10 The Best Antivirus Software for Windows 10 Want to tighten security on your PC? Here are the best antivirus software options for Windows 10. Read More , so give it a read if you’re unsure about your security.

Advertisement

Research and Customize Your Free Antivirus

Some people, however, won’t be able to pay what premium antiviruses want. In this case, you’re going to need to be pickier when choosing your antivirus.

When you like the look of free antivirus, do some reading through their terms of service and see what they’re logging. Don’t blindly click “Next” through the installation and uncheck everything that asks to harvest your data. Finally, check the options and get rid of any default settings that may breach your privacy, such as HTTPS URL checking.

Check For PUPs During Download and Installation

When you download and install an antivirus, do some reading to ensure you’re not installing any PUPs. Read the installer carefully and don’t mash the “Next” button until you do. By carelessly speeding through an installer, you may accidentally agree to install software you don’t want. This, in turn, can invade your privacy and track your activity.

The Most Privacy-Conscious Antiviruses

It’s a pain to have to navigate the minefield of antivirus privacy. Are there any antiviruses that protect your data without you needing to scan the installer and check every option? While they’re few and far between, they do exist.

A screenshot for Emsisoft antivirus

First, you have Emsisoft. Emsisoft does send home information about its license, the computer’s name, and details about the viruses it caught. However, it doesn’t send home anything else, which makes it an excellent choice if you don’t want your antivirus monitoring your actions.

The report also recommends ClamAV. ClamAV is a fascinating case, as the entire program is open source. This means you can trust the AV won’t track you—if you don’t, you can always look over the code and check for yourself!

ClamAV is also the rare case of an antivirus that’s both free and respectful of your privacy. As such, it’s a good option if you don’t want to pay for an antivirus, but you also don’t like the idea of surrendering your data.

Keeping Your Information Safe on the Internet

It’s easy to trust antiviruses as your digital guardian. After all, they keep our computers safe from viruses and keep themselves updated to repel attacks. However, it’s not all good; some antivirus software will harvest and sell on your data. Be careful with which antivirus you pick, and what options you enable on them.

If you want to defend your privacy on the internet further, be sure to try one of the free anonymous web browsers that hide your data 4 Free Anonymous Web Browsers That Are Completely Private Anonymous browsing of the web is one way to protect your online privacy. Here are the best anonymous web browsers to use. Read More .

Related topics: Antivirus, Norton Antivirus, Online Privacy, Online Security, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jonzone
    April 4, 2020 at 8:19 am

    Use the best, EMSISOFT, when will people wake up to the fact that 'freebies' are useless.
    People lock up their houses, cars, personnel possessions as if they were in a bank and use free, non-protective free anti-virus programmes to protect every item relating to their and families lives.

    • Sam C
      April 26, 2020 at 2:02 pm

      How do we know paid AVs are not double dipping?

    • Sam C
      April 26, 2020 at 2:05 pm

      I have HTTPS Everywhere and when I checked the lock on MUO it said Amazon was the issuer. Is there anything Amazon doesn't do?

  2. s holton
    April 3, 2020 at 5:17 pm

    A/V "snooping" your https traffic is a necessity, as it cannot protect you from threats that it does not see. So it needs to decrypt packets to inspect them, otherwise attackers could send anything to your machine w/o the A/V ever seeing it.

    So clicking the lock to see if your A/V issued a certificate is not a definitive test to see if the A/V is selling your info - it may be, or it may just be protecting you.

  3. dragonmouth
    March 11, 2020 at 3:42 pm

    "Use Paid Antiviruses Over Free Ones"
    ROTFLMAO! What a naive statement.

    Why would commercial, for-profit companies pass on such a lucrative source of income as selling harvested data?! They maximize their profits by selling you the AV and then selling the data that the AV collects. Double the profit.

  4. Bob
    August 31, 2018 at 6:50 pm

    This is in Sophos Home privacy policy: "File samples (optional) - if you have enabled the in-product sample sharing feature, then the software may send a copy of your suspicious or malicious file to our engineers automatically for further analysis."

    So, chatted with Sophos support about how to disable this feature as there appears to be no way to do it yourself in settings/prefs. Turns out that it is disabled by default, and when it wants to send a suspicious file, it prompts you to allow/deny on a case-by-case basis. That's what they say, anyway.

  5. Zach
    July 24, 2017 at 7:04 pm

    There is this thing called acceptable risk, and we all practice it
    personally and unless we are living in a bubble, we run on faith; faith
    that the next breaking security breach won't involve us, faith that "they"
    are keeping our data secure, faith that the software only does what it says
    on the tin and in the eula. That faith is shaken when say.. you go to a
    telehone number identification website and what happens next is a pop-up
    box from Avast kindly inquiring as to whether I am having a problem with
    spam phone calls and would I kindly like to upgrade my software
    subscription? First, I'm outraged, but as I think more about it, I've come
    to the conclusion that I just have to keep the faith because I don't live
    isolated on the top of a mountain, so what choice do I have? Submit or
    withdraw..or create my own ecosystem?

    Of course Avast knows what website I'm visiting! It used to be that it was
    compared to whitelists that resided on my computer and were updated along
    with the signatures of new threats, but that day is past. Like everything
    else, we are losing control and ceding it to our masters, as well as our
    servants. SAAS is replacing traditional software that you tweak to your
    heart's desire. Sure, you may still have an interface and install a
    program, but what is presented and what is possible is carefully curated on
    their end. This may help increase security and reliability and integration
    and maintain compatibility, but it does one other thing very well, and that
    is take control of the experience away from the end user. Windows 10 is a
    prime example. You no longer pick and choose from a list of updates,
    deciding on your own what is best to for you in your situation. Now it's
    decided for you and presented in one package. It's easy now. It either
    works or it doesn't. You can't keep the wheat and throw away the chaff.
    You just have to shut up and eat the bread. Undercooked, overcooked, it
    doesn't matter and your only choice is to wait for a hotfix resolution,
    delay the update and be vulnerable, create a workaround by hacking Windows,
    or switching your whole operation to some flavor of Linux. Now why should
    it have to be so hard? It used to be you could tailor it your unique
    needs, avoid the worst bugs, but we're all pegs now. Windows 10 is an
    Operating system as SAAS and you will obey. It's not the first OSaaS
    (Apple walled-garden comes to mind), but the most impactful when you
    consider the Win X upgrade-ready (Windows 7) user base and entrenched
    personal and business infrastructure. It's a shame that the Windows
    OS, rather than being the foundation on which to run everything else and
    then get out of the way (European legislation notwithstanding), has become
    an app in its own right.

    So no surprise here, really. We have been groomed for the time when we
    could not opt out, where nothing is free because you are the product, and
    where you could not control your software, rather it would attempt to
    control you. That time has arrived. Do not expect to be able to receive
    paper bank statements much longer. That little bit of local control is
    going away too and no clicking of a check box can stave it off for long.

  6. T-bone
    May 19, 2015 at 8:59 am

    NOW we know why the powers that be invented viruses - so we would have to install antivirus programs that track our every move!

    Thanks for the heads up.

  7. faruque
    July 12, 2014 at 5:57 am

    Start using linux everyone ..........

    http://www.ubuntu.com/

  8. Chiron
    June 30, 2014 at 9:54 am

    Well, I guess that sooner or later they'll end up installing a webcam in every toilet (with the full blessing of Governments, Authorities, Polices, Secret Services and Holy Inquisition, of course) presumably quoting the old refrain "the one who has nothing to conceal has nothing to fear".
    In the world I was born in, reading other people's mail without their explicit consent was considered a felony and a court order was needed to search one's private documents, but that's history now.

    I was sent here by Emsisoft, which suggests that they are more correct than the others, thus I shall switch to their software in no time.
    Yet the best protection is still to say good bye to the social media, unplug the internet cable and work stand-alone on a freshly installed OS, the way we used to do a few decades ago. Pretty sad, isn't it?

  9. klb3317
    June 27, 2014 at 5:32 pm

    Using Emsisoft already, such a relief.

  10. dave
    June 18, 2014 at 12:39 am

    sending visited urls to home base...!!!?
    i am so fv<ked off about this i have uninstalled AVG who the fv<k do these companies think they are?
    i looked at eset and they do it too!! i thought they were good!

  11. G Farkas
    June 10, 2014 at 8:52 pm

    Excellent comment!!

  12. rric117
    June 6, 2014 at 10:27 pm

    Are European users better or worse with antivirus software? I want to know how to stop this intrusion!!!
    rricmmanw@yandex.com

  13. Anonymous
    June 5, 2014 at 10:51 pm

    why am i not surprised...

  14. ShorePatrol
    June 4, 2014 at 10:42 pm

    I do not see that you ran any tests for Norton which comes bundled, if you want it, with Comcast. I can only assume that they are at least as FUBAR as all the rest. Anyone know how they operate?

  15. Vananovion
    June 4, 2014 at 3:00 pm

    "AVG, McAfee, Trend Micro, and Webroot won’t even allow you to opt out of sending these non-executable files."

    This is not true at least for AVG. It is possible to opt-out either at the end of the installation or through Advanced Settings -> Privacy Preferences.

    • Secure_1
      December 18, 2016 at 4:17 pm

      ...And everytime AVG does a minor or major update, at least one of the two checkboxes gets checkmarked again. So you constantly have to check it. AND, that doesn't stop them from still transmitting a lot of sensitive information, even if you have both boxes uncheckmarked.

  16. OnClogs
    June 4, 2014 at 9:47 am

    In Sophos it is a simple setting whether or not you want samples of suspect files, which can be both executables and documents containing scripts (Office, PDF, etc) sent to the SophosLabs.

    • Guy M
      June 8, 2014 at 1:24 am

      Assuming the setting actually does anything, or just makes you feel better about it.

    • Alexandre Froger
      September 24, 2016 at 4:21 pm

      Check your connexion and you'll see all the nice data sent by SophosWebIntelligence - with the feature enabled or not.
      "or just makes you feel better about it." => spot on.

  17. MadAsAWetOldChicken
    May 31, 2014 at 8:12 pm

    I use SandBoxie, Mozilla and never had virus infection. I am uninstalling AVG from wife's lappy soon as I get home tonight. To hell with these corporations.

  18. paul.b
    May 31, 2014 at 8:25 am

    I know for a fact that AVG Antivirus (different than Avast, but also very popular) has a team team that analyzes the data their antivirus collects from their customers (what websites they visit, what software they have on their computer) in order to use it for marketing purposes. They justify that it's ok for them to do it since Google does it too. Go figure.

    • Joses L
      May 31, 2014 at 9:23 am

      They do that? Can I have a link please? I would like to read deeper into that...

    • Vananovion
      June 4, 2014 at 3:04 pm

      In AVG it is possible to disable this from Advanced Settings -> Privacy Preferences. If you are performing a new installation, it is possible to opt-out at the of setup wizard.

  19. CJ Cotter
    May 31, 2014 at 1:43 am

    You wrote, "The idea that the web pages we visit and our personal documents could be getting sent in the background is scary. We didn’t even think of this......." Are you serious? That’s very naïve…..like a clueless sheep walking through a field of wolves. I use McAfee Site Advisor. I have never needed a study to tell me that when McAfee throws a warning flag on my screen, their servers know WHERE I am, and WHO (me) has just triggered their tripwire. (This is true even when I always UNcheck the "participate" option.)

    C’mon people, WAKE UP!

    • nonnie
      October 16, 2017 at 4:41 am

      Sure, I know my location and 'preferences' etc., are being tracked, but the problem NOW is that my antivirus is *somehow!* finding sensitive data on my hard drive - by sensitive I mean SS# sensitive, and alerting me that it is 'vulnerable'. How the #@! does my Antivirus (Avast) know the CONTENT of my private protected files to determine whether or not they are, in fact, sensitive??

  20. Renard Moreau
    May 30, 2014 at 8:54 pm

    [ Smiles ] My goodness! I never thought that my own antivirus would be performing data mining.

    Thank you for brining this to my attention!

  21. LinuxMage
    May 30, 2014 at 5:06 pm

    I am a Linux User...No such worries ...I suppose people could encrypt their Document Folder and prevent their data from being compromised or save all sensitive files to a flash drive either way I am happy that this is at least one less headache I have to be concerned about.

  22. justme
    May 30, 2014 at 8:39 am

    Also from the report:

    "We asked whether special updates are delivered to users with specific IDs. This could theoretically allow authorities with a suitable court order to monitor e.g. specific terror suspects without the monitoring software being detected by the antivirus product. All updates would however be supplied to all other users, ensuring that their PCs were still fully protected. Most of the vendors responded that they do not do this, although a few (mostly from the USA and UK) did not reply to this question. "

    Anglo AV companies: we protect against root-kits, etc . . . . . unless it's government root-kits, then we'll look the other way.

  23. Josemon M
    May 30, 2014 at 5:41 am

    Yea, that's correct ..privacy is the top factor..That increases the priority of the migration to opensource operating systems like Linux for office works

  24. Noer W
    May 30, 2014 at 3:40 am

    Iiii....ngeri dach, ga pake AV aja kalee

  25. Jerick
    May 30, 2014 at 3:31 am

    This definitely bothers me... But what could be the course of action? I don't plan to change my AV

    Considering most of them actually traces the "website", does that mean they're sent what is written on it as well? Then I'm scared for life :(

    Thanks for this!

  26. Barry
    May 29, 2014 at 10:24 pm

    My anti-virus is names Linux.
    It does exactly what I tell it to.

    • Derek
      June 2, 2014 at 11:24 pm

      Puppy Linux for me. Great OS, and it's never yet melted to a virus.

      • Zach
        July 24, 2017 at 6:57 pm

        It's not virus proof, it's just not virus worthy, what with such a small share of the user base and the higher level of technical understanding required to use it probably going hand-in-hand with better security awareness and practices. If a whole bunch of clueless teenagers started using Linux for posting social media, you would see more Linux viruses start popping up. As long as Linux remains obtuse for the casual user, it will remain a niche OS, and it's not worth the time to write a virus for such a small "audience" although it's been done for lulz, of course.

        It's disingenuous to claim that Linux is immune to viruses or similar statements and it would be irresponsible to run Linux without A-V software and without using best practices because no OS that isn't air-gapped and sealed in a vault is immune to active attacks and security flaws exist in all code that does something useful. Some of them haven't been found or exploited yet, is all. Even if your Linux fortress doesn't get taken down, your system may still allow the malware to propagate.

        • Maryon Jeane
          April 3, 2020 at 5:52 pm

          'abstruse'

  27. Michael Dowling
    May 29, 2014 at 9:55 pm

    I'm using the free version of Avast!,along with Sandboxie.I have be tempted to ditch my antivirus program,as I always run my browser and email client sandboxed.

  28. T
    May 29, 2014 at 9:09 pm

    Software with source code that isn't available for inspection is likley to have hidden undesirable "features".

  29. Bud
    May 29, 2014 at 6:34 pm

    Interesting article, but the Orwellian doom is 30 years late and will be, until Armageddon and these bastards are sent to Hell !!!!!!!!!!!

  30. Tony
    May 29, 2014 at 5:09 pm

    I am uninstalling aVast now. It is terrible !

  31. Wasp S
    May 29, 2014 at 9:14 am

    Ive got a laptop i decided to use for a test. I scan once weekly with MBAM to see if its clean i use the extra tool like the root kit scanner too, other than that it has had no Anti-Virus installed since 2011. The only time it got an infection was after plugging an external hard drive in that had made the rounds in India. I think with sensible browsing , common sense with regard to email attachments and making sure security patches are applied straight away it seems to me alot of these products are making money for nothing.
    I think it funny we are trying to protect ourselves from the hackers but who is protecting us from the companies we freely invite into our devices to do the protecting?

    • SGKris
      May 29, 2014 at 2:11 pm

      I totally agree with you and do exactly what you have said - Regular MBAM sacanning besides using firefox with NoScript and AdBlaock addons and no auto image loading as default in emails while using Windows. I too got infected once by plugging a USB falsh drive, but recovered without any problem by restoring a drive image. . I mostly use Linux for web surfing.

      Sensible browsing and common sense constiture the best defense.

  32. Mega
    May 29, 2014 at 1:20 am

    I use no Antivirus on my PC, since I started using Windows 7.

    • dragonmouth
      May 29, 2014 at 11:21 am

      Then Redmond is tracking you. :-)

  33. Adrian
    May 29, 2014 at 12:22 am

    Wow...this is scary. I'm gonna give Emsisoft a try. Thanks for the article.