Your antivirus software is watching you. A recent study shows that popular antivirus applications like Avast assign your computer a unique identifier and send a list of all web addresses you visit to the manufacturer. If the antivirus finds a suspicious document, it will send the document to the antivirus company. Yes, your antivirus company might have a list of web pages you’ve visited along with your sensitive personal documents!
AV-Comparatives’ Data Transmission Report
We’re getting this information from AV-Comparative’s Data transmission in Internet security products report, released on May 8, 2014. AV-Comparatives is an antivirus testing and comparison organization.
The study was performed by analyzing antivirus products running in a virtual machine to see what they sent to the antivirus company, reading each antivirus product’s end user license agreement (EULA), and sending a detailed questionnaire to each antivirus company so they could explain what their products do.
The study says “We gave higher weighting to our own measurements and the EULA (as we understand it) than to the replies to our questionnaire.” In other words, some antivirus companies responded with incorrect answers that contradicted what their products actually did!
We encourage you to check the study and consult the table on page 3 for yourself. You’ll be able to see exactly what your current antivirus product does. The study includes antivirus products by AhnLab, Avast, AVG, AVIRA, Bitdefender, BullGuard, Emsisoft, eScan, ESET, Fortinet, F-Secure, G DATA, Kaspersky Lab, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, Vipre, and Webroot.
A Unique Identifier And Web Addresses You Visit
All of the antivirus products in question — aside from products by eScan and Fortinet — assign your system a unique identification number and transmit this number.
Many products also transmit a list of visited URLs, or web addresses — both malicious and non-malicious ones. All of the products aside from AhnLab, Emsisoft, and Vipre transmit these URLs to the company. It’s unclear which types of addresses each product transmits. Some products may only transmit a malicious address you find to the company, while some products may transmit all addresses you visit to the company. Tied to a unique identifier, this means an antivirus company could have access to your browsing history.
Some products also transmit your computer’s name, local IP address, language, running processes, and Windows user name to the antivirus company.
Non-Executable Files, Including Documents
When an antivirus finds a “suspicious” file, it wants to send that file to the antivirus manufacturer so it can be examined for malware. The antivirus company can analyze the file and produce a virus definition to defend against the malware. This doesn’t just apply to executable files. Your antivirus may also send your personal documents to the antivirus company. For example, if you have a business document in Word format and the antivirus thinks the document is suspicious, it may send that document to the antivirus company. This means your antivirus company may be getting its hands on your sensitive documents.
Avast, Fortinet, Kaspersky Lab, Symantec, and Vipre all will transmit documents and other non-executable files. AVG, ESET, McAfee, Microsoft, Sophos, Trend Micro, and Webroot all won’t tell us if they transmit documents. It’s probably best to assume these products transmit documents, too. AVG, McAfee, Trend Micro, and Webroot won’t even allow you to opt out of sending these non-executable files.
Why All the Data Collection?
Antivirus companies want all the data they can get. However, we users don’t have an easy way of knowing and choosing what types of data we share with the antivirus company. The idea that the web pages we visit and our personal documents could be getting sent in the background is scary. We didn’t even think of this and didn’t have the option to make an informed decision. If this data is sent unencrypted, it’s also possible for people on the same local network — or intelligence agencies like the NSA tapping the internet backbone — to capture this information.
According to the study, antivirus companies at least say they aren’t linking this information together to track you:
“Vendors tell us that the data gathered and transmitted by each product does not go to a single collection centre; rather, specific elements are transmitted separately to different isolated end points, without any connection between them. Thus e.g. licence-management data is sent separately from product-usage statistics. They say that as there is no connection between these systems, the data collected by one cannot be linked with the data collected by another. Consequently the privacy of the user should be safeguarded. “
The Most Privacy-Conscious Antiviruses
AhnLab sends the least amount of data according to this test. It won’t send URLs you visit, personal documents, or even executable files and other personal information to the antivirus company. It will transmit information about the antivirus product, a unique identifier for your computer, your operating system version, and hashes of files. A hash will let the antivirus company detect whether the file matches another file they know about, but it won’t actually let them view any of the contents.
Emsisoft also comes out looking good. They send a bit more information when you encounter malicious files — for example, they’ll send suspicious executable files to the antivirus company — but they’ll never send a list of websites you visit or your documents over the Internet
Both of these products are paid antivirus products. They’re the only antiviruses in the study that don’t send the most sensitive types of data to an antivirus company.
There’s no one free antivirus product that stands out from all the others in offering the best privacy features. Your best bet is consulting the table for more information when choosing an antivirus product. Along with checking antivirus test results, this information can help you make an informed decision.
Image Credit: Cristiano Betta on Flickr