Avast Privacy

[Pindakaas]

I have a question about how Avast handles your privacy.

I have read the privacy policy and it's rather short.


For example , if a federal trojan is released to spy on everybody for research , some AV vendors produce no signature for the trojan on purpose , to serve the federals , is Avast doing that too ?

And my information i give to Avast , to what third party's is that send too , and does Avast check the privacy policy of the third party's to see if it's safe ?

I am not a criminal but i do not want an AV to set a hole in its AV to serve federals or goverments.

A AV needs to protect your privacy in all times in my opinion , and does Avast send information about the user if federals ask for it ?


The same question is for Easypass.

[Pondus]

http://forum.avast.com/index.php?topic=87522.0
http://forum.avast.com/index.php?topic=86877.0

[Pindakaas]

ok i read it , but can a official say , is it detected or not


and i have more questions , not only about that particular trojan.

[Pondus]

well, that was the question i could answer..
and as you did see in one of the threads ( you did click the links) it does detect the tree i found..

[Pindakaas]

true , but Norton found it also in VT , while i heard that Norton excludes federal virusses

[Pondus]

true , but Norton found it also in VT , while i heard that Norton excludes federal virusses

heard and know are two different things         maybe they changed.....you should ask in Norton forum  

[Pindakaas]

i did , they dont give a clear answer , they say i have to keep my computer up to date and dont do risky things , and the best way to protect against trojans is to '' not '' internet.


yea thats a helpfull answer....so yea , i already knew that.

[Gargamel360]

I'm not official, but even if they do not work with authorities, there is a chance they will still not detect it sooner or later, even if the are flagging it now (the fact they ever detected it to begin with pretty much answers your concerns, though).  

Its a trojan, after all.  It tries to hide or obfuscate its intentions.  And provided the makers of the malware tweak it on the regular (or it changes itself), then Avast! will do what all vendors do....go from detecting it, to not, then detecting it again.  Same good old cat and mouse as always.  This of course allows a certain amount of plausible deniability to enter the equation    

One thing going for Avast!, they are not based in US or China, the biggest sources of this escalating cyber-espionage, so they are outside the scope of much of the strong-arm tactics those resident authorities might employ.

Ultimately, this is like chasing your tail, there is going to be precious little facts to go on, and plenty of FUD.  If you can't put it out of your mind (or at least to the back of it), adding aggressive security like a HIPS might be something for you to look into.

[Para-Noid]

does Avast send information about the user if federals ask for it ?

It depends upon the country. Here in the USA we have certain agencies which can and do look for certain behaviors. ie; sedition, treason, terrorism and other illegal activities. Our government can do "domestic" spying within certain parameters and they need to show reasonable cause. As far as avast giving information there has to be a good reason for them to disclose such information.  

[Pindakaas]

I'm not official, but even if they do not work with authorities, there is a chance they will still not detect it sooner or later, even if the are flagging it now (the fact they ever detected it to begin with pretty much answers your concerns, though).  

Its a trojan, after all.  It tries to hide or obfuscate its intentions.  And provided the makers of the malware tweak it on the regular (or it changes itself), then Avast! will do what all vendors do....go from detecting it, to not, then detecting it again.  Same good old cat and mouse as always.  This of course allows a certain amount of plausible deniability to enter the equation    

One thing going for Avast!, they are not based in US or China, the biggest sources of this escalating cyber-espionage, so they are outside the scope of much of the strong-arm tactics those resident authorities might employ.

Ultimately, this is like chasing your tail, there is going to be precious little facts to go on, and plenty of FUD.  If you can't put it out of your mind (or at least to the back of it), adding aggressive security like a HIPS might be something for you to look into.

Yea true

[FlyingRobot]

I think it is a great idea to inquire about a company's position WRT to cooperating with (domestic and/or foreign) government agencies and get that in the public record so to speak.  The simple act of asking... seeing if and how the company responds... may tell you something.  I believe Avast Software is based in the Czech Republic.  I am not familiar with the technical and practical legal climate in that country.  In general, though, many government agencies wield great power and are capable of "making things happen".  In many places there are national security, etc angles which they can use to legally prevent a company from disclosing anything about a government order.  Some companies will spend substantial sums of money to fight such actions.  Most surely would not.  So, although some companies truly make an effort to stick to angelic principles and do what is best for their customers, it is unwise to believe that they will (be able to do so) in all cases.  Sometimes, another party (be it government, organized crime, a lone blackmailer) has leverage and overwhelming advantage over you (be that company or individual employee, legal or illegal).

Nearly all privacy policies are worthless.  In general they are crafted so as to make the customer FEEL safe while still allowing the company to engage in privacy degrading practices.  Looking at the Privacy Policy at http://www.avast.com/en-us/privacy-policy for example, notice it says "When you register, or otherwise give us personal information, AVAST Software a.s. (formerly ALWIL Software a.s.) will not share that information with third parties without your permission...".  So far so good, but then comes: "other than for the limited exceptions already listed."  What are those exceptions?  I see two: "to help us create and provide content that is relevant to you" and "to alert you about product upgrades, special offers, and other information and services available from from AVAST Software a.s. (formerly ALWIL Software a.s.), in accordance with your requests".  That creates a loophole such that Avast Software CAN share your information with third parties as long as those third parties are involved in doing those two things.  Note: I'm just using this as an example.  I currently don't know precisely what Avast Software is or is not doing with respect to information sharing.  One important question would be whether Avast Software is using a third party CRM type firm to handle the client database, process purchases, communications, things like that.  A surprising number of even large/deep-pocketed companies (that COULD be doing and SHOULD be doing things in house) use such firms.

If you are concerned about privacy I would recommend you do NOT participate in the avast community, do NOT use WebRep, and do NOT use the CreditAlert thing.  Make every effort to PREVENT your personal identity and information from being linked/linkable to the software you have running on your machine. 

[Pindakaas]

Yea but i think almost every antivirus does some kind of third party activity , i am currently using Emsisoft Anti Malware and Online Armor Firewall , and those programs are not bad at handling privacy.

I think i will buy Easypass thats why the question

[FlyingRobot]

I'm not familiar with Avast EasyPass.  Does it store your (password) data on Avast servers or sync devices through Avast servers?

[Lisandro]

Does it store your (password) data on Avast servers or sync devices through Avast servers?

Both. It needs to store the info to allow syncing.

[FlyingRobot]

Based on a quick read of some descriptions it looks as if EasyPass stores data on the local device and synchronizes that with the Avast server(s).  Such a model simplifies implementation and certain usage patterns.  There are other approaches such as syncing with your own server, syncing to/from a portable device, and syncing in a peer to peer fashion.  While less friendly to the unsophisticated and/or more convenience oriented user, the later can offer better protection.  Note: I wouldn't call manually copying files to another device "syncing", but support for that is worth mentioning.