Privacy concern about Nitro

[REDACTED]

I have for years recommended Avast to my customers and friends but lately people have been voicing concern about the new Avast Nitro engine that it uploads files to the cloud and analyzes them there.  Just about everyone thinks this a privacy concern.  My questions are; is there a way to turn off this feature where files are not uploaded to the cloud and analyzed locally either on the users PC or is there a private hosted solution? Is there a way to answer y/n before the files gets sent for analysis?  Any other way this has been addressed?  (If not I think looking for another antivirus is in order).  Oh, also this question is regarding the stand alone version AS WELL AS the version loaded on a Windows server and deployed to workstations).

[RejZoR]

- You have agreed to this functionality with the EULA
- The system is called CyberCapture. You can disable it in Settings -> General -> CyberCapture checkbox.
- CyberCapture ONLY uploads EXE files. It does NOT upload PDF, DOC, JPG or any kind of other user documents which could potentially contain actual sensitive personal data.
- EXE files are submitted directly to avast! Virus lab processing cluster. They are not hosted on any 3rd party servers.
- CyberCapture is ONLY triggered on EXE files downloaded from the web, meaning, even if you are a programmer working on top secret program, CyberCapture won't be triggered on binaries compiled by you locally.
- CyberCapture currently doesn't offer option where user is asked about file submission for processing. No info is known yet how this will be designed in new version scheduled for early 2017.

Bottom line is, your personal data is not really at risk on any level if you're a casual user and it's not affected either even if you're a programmer and you don't want your compiled binaries to leave your computer. I frankly don't see any benefits disabling this feature over benefits of protection it gives to the user.

[Rednose]

If you are so concerned about CyberCapture and your privacy :

Avast - Settings - General - Privacy - and uncheck " Participate in the Avast community ".

This will disable CyberCapture too.

Greetz, Red.

[Eddy]

In addition to what RejZoR said,

CyberCapture sends the hash of a file to avast.
If it is already known, no further action is taken.
Only if it is a (till then) unknown file, the file is send for analyzing.

If people are concerned about their privacy, they shouldn't be using the Internet, physical mail and a lot of other things.
Gathering data about others is older than the human race.

[RejZoR]

I'm just wondering at this point, is it more harmful to disable CyberCapture as I suggested and you also lose DeepScreen scan or disabling CommunityIQ? Makes me wonder in which situation you lose more protection...

[stibi]

@ the staff guys here

There is another point of interest:
I read this pages frequently - and never heared about nitro or CyberCapture.

Maybe good new functions: but it would be helpful for us avast customers to be informed about new functions.
I cannot & will not check monthly whether menues or functions have changed. I'm not very suspicious but would like to be informed about changes in such a important tool on my computer.

Think about it.

stibi

[Eddy]

Perhaps you should read the more important threads like the release history and such.

[stibi]

".. and such" shows that we should read different threads. It would be easier to look at a special source for important informations, Eddy ;-)

[Eddy]

Well, there are the blogs from avast

[REDACTED]

If people are concerned about their privacy, they shouldn't be using the Internet, physical mail and a lot of other things.
Gathering data about others is older than the human race.

Using /whatever/ doesn't mean you have to give up your privacy in fact that is why users want to know what Avast is doing via Nitro so they can decide if they will keep Avast.  And as far as "Gathering data...", just because someone asks for your private info it doesn't mean you have to give it.

[RejZoR]

"Nitro" is just a name of a bigger avast! update which included the CyberCapture feature as well as other performance improvements. And I agree with him, it's perfectly reasonable to question things. It's a healthy way of making software better as far as privacy is concerned.

[REDACTED]

I would think that other files like PDF, and Microsoft Office docs for instance would also be uploaded and analysed. How do we know it only uploads exe files? Where can we read specifically what it does? 

[Eddy]

That is really easy to see.
After a file is analyzed, the result is send back to you.

You can also monitor your network traffic.

Where to read what it does ?
First hit when you search for it > https://blog.avast.com/cybercapture-protection-against-zero-second-attacks

Fact is that there never was full privacy and that there never will be.

The real question is if you want to protect your system(s) in the best possible way or not...

[DavidR]

I would think that other files like PDF, and Microsoft Office docs for instance would also be uploaded and analysed. How do we know it only uploads exe files? Where can we read specifically what it does? 

Because that is the scope of its task and it is only for downloaded .exe files as has been mentioned. This would be worth a read https://blog.avast.com/an-in-depth-look-at-the-technology-behind-cybercapture. It is a later avast blog than the link given by Eddy.

We have seen many CyberCapture reports/topics in the viruses and worms sub-forum and they have all been for .exe files.

[stibi]

Well, there are the blogs from avast

Searching fpr "blogs" shows 30 threads - which of them are important for this problems?