sign of the times
And to think we used to have actual data protection laws.
Changes in the privacy policy of AVG's free antivirus doodad will allow it to collect your web browsing and search history – and sell it to advertisers to bankroll its freemium security software products. The changes will come into play on 15 October, according to the Czech-based biz in a blog post. The revised privacy policy …
Digression!
With all this data slurping going on, those on mobile broadband will be looking out for a data slurp upload blocker, because on mobile broadband the user pays for download and upload...
Oh forgot! that's what your security software is supposed to do...
@ Alan W. Rateliff, II
"... Of course, there is always Microsoft's Security Essentials for free anti-virus."
Heeeeheeeheehehehehe! (but you forgot the joke icon - fixed that for you!)
For your further entertainment:-
In 2013:
http://www.ibtimes.com/microsoft-security-essentials-fails-antivirus-certification-test-second-time-row-microsoft-disputes
In 2015:
https://redmondmag.com/articles/2015/01/27/security-essentials-fails-antivirus-test.aspx
The sad news is that I actually pay for AVG and there is no confirmation that my computer will not get included in that data slurping experiment. However even if it isn't the case I will definitely switch to another paying AV software before the deadline. Bye bye AVG...
Cheesy sarcasm fail. And don't even try and apply RAH quotes here; the free AV model has been for many years to a) push ads or b) attract paying customers by dangling bells & whistles in the form of toast ads every month or so. Both methods are perfectly acceptable.
Selling on your browser history? Much less so. What AVG are doing is making a paradigm shift to adopt the same business model as, say, gmail. If you are fine with this then great, but I will be forcibly prying this excrescence off as many of my clients' machines as possible from now on.
>And to think we used to have actual data protection laws.
We still do, however they are only concerned with the registration of those who hold and process personal data and their failure to protect such data. So expect AVG to be fully compliant: They will have declared the 'personal' data they will be collecting and processing, they will have explicitly asked for your consent for them to collect and retain such data. They have provided a means for you to exercise your rights. Hence the only additional obligation they have is to keep such data secure...
To be honest I haven't recommended AVG to anyone for quite a few years now. It used to be lean and effective but started to suffer from all Antivirus companies' standard bloating problem where they try to make their software do lots of vaguely-security-related things and none of them particularly well.
We collect non-personal data to make money
I wish companies would get over trying to pass off with this obvious bullshit. "Personal data" does not need to mean your name and phone number (etc). If you can be repeatedly identified from a crowd, then personal data has been collected. Furthermore, depending on the degree of data access, it is entirely possible to determine exactly who a person is by indirectly looking at their behaviours. Browsing history and metadata? Well, that's every GET form exposed, everything you look at, every link you follow. Metadata? That could include cookies that may reveal sign-in or username information. Does AVG ask for location information too, I wonder?
But, hey, why stop there - why not just throw in collection of metrics on installed apps and their usage for the win?
What is this? Is AVG really asking their users to pwn themselves?
How much are they gathering which isn't already collected by Google?
They may just be looking at the money Google makes selling information which also passes through their product and deciding that if the information is already on the open market they might as well cream off some of the revenue. Undercut Google a bit, perhaps.
Which begs the question of how many people will get all indignant about AVG but continue to use Google as their browser. Then again the majority of people just buy an Internet and use a Google to access it so what will they care?
If the baseline PC configuration is W10 using Google as a search engine how much privacy is there left to lose?
"If the baseline PC configuration is W10 using Google as a search engine how much privacy is there left to lose?"
That's like saying if Tim and Frank kick you in the 'nads everyday, it's OK if John does it too.
Nope, better to keep John's boot away from the family jewels, and raise Hell about it with Tim and Frank as well.
I suppose the difference between AVG and Google is that AVG is in a position to process system scans and compile a list of software (and versions) that you use. Could that data be intercepted and analysed for security holes that can be exploited?
Sure I am concerned that google has linked my work search history to my home and phone search history, but they do not get to scan my harddrive for the information.
"Your privacy is important to us" is a bit of misnomer really.
Remember the flap over 650,000 user's search history being released for "research" purposes?
If not, go to https://en.wikipedia.org/wiki/AOL_search_data_leak and read about it.
Then stroll over to http://search-id.com/ and play around.
I have used it as an example for years when I teach security to users at NGOs, and is why I use https://ixquick.com, https://startpage.com and https://duckduckgo.com for my searches. Ixquick has the only EU privacy seal. Startpage is a privacy protecting proxy for Google by the Ixquick people. Plus I get better results that I could get from Google direct. See http://dontbubble.us/ for one of the reasons and take a peak at http://donttrack.us/ for what they do with your search queries.
On another note, the Ixquick/Startpage people have a privacy protected e-mail system that is PGP encrypted called Startmail. End to end encryption and auto expire.
==================
This e-mail may, and probably does, contain factual errors as well as errors of logic, organization, grammar, and spelling. They are included at no charge, unless, of course, you'd care to make a donation.
This post has been deleted by its author
They've been happy offering it for free for what, like 10 years. To think one of their add-ons was a browser privacy tool.
I can't see how they can justify seeing my other programs and telling people about it. Oh wait, now it knows I run my browser through the Tor network and it'll now sell my whistle-blower network/history to the spooks. Nice one AVG. You can record this....uninstall.
Also, they'll now lose money because SME customers who I get to pay for AVG including server and email server licenses are about to move to other vendors since it doesn't seem to say business users will be exempt from this data rape.
Why not spare us the ads, the tracking, the BS, and just ask for some? In the case of AVG, I'd pay something not to be tracked. Same with Google. How much do they get from us, per person, per year?
Then again, there's cookie blocking, AdBlock, and HOSTS.... <sigh>
Why not spare us the ads, the tracking, the BS, and just ask for some? In the case of AVG, I'd pay something not to be tracked. Same with Google. How much do they get from us, per person, per year?
They have asked for some yet people prefer not to pay. I have paid, not much considering, two years, all the doodads, unlimited devices. I've only two devices covered out of two dozen of mine. I bought it for the people around me even though we hardly share a network (only two Internet facing devices mine) . They like the automagical handling. Come to think of it, so do I. Never a bobble here.
I expect others to (sadly) follow.
"Free" AV. It's becoming a thing of the past. First Avast, which used to be an excellent product, sold out and became nearly as bad with their constant pop-ups as the adware that they're supposed to block, now AVG abusing your privacy that they're supposed to help protect. I'd rather a company just discontinue their free offerings if they're going to do this. It's insulting and makes the world just a little worse place to be in, while actually free AV did the public a service and earned a lot of goodwill IMHO, though I understand that goodwill doesn't keep the lights on.
At least Linux is still truly free... at least until MS releases their distro.
At least Linux is still truly free... at least until MS releases their distro.
So? No-one forces you to use a particular distro, so even if MS is going to release theirs (which I doubt will happen; it's something that fills a particular internal need) and it's payware, why would you switch to Xenix ME?
"So? No-one forces you to use a particular distro, so even if MS is going to release theirs (which I doubt will happen; it's something that fills a particular internal need) and it's payware, why would you switch to Xenix ME?"
True. No one forces you to use systemd. Its just increasingly hard not to choose so. The real danger is MS might produce something useful ;-)
"At least Linux is still truly free... at least until MS releases their distro."
And using Linux reduces the usability of your PC; running Windows enables a PC to be a fully functional general purpose machine. Gaming, entertainment, email, internet and multiple other uses; switch to Linux and you've instantly lost gaming as one of the things your PC is capable of, not to mention ease of use of course
Wow, still lost in the Dark Ages of computing, are you? Gaming is alive and well and in increasingly good health on Linux As for ease of use, Linux overtook Windows years ago. Despite all their coders, MS aren't merely falling further behind Linux on ease of use, they;ve been deliberately making their own products worse. I know, I have to use MS at work, and it's a pain in the wotsits compared to Linux at home.
Thanks for the warning El Reg. When I ran into people who didn't want to or couldn't pay for antivirus I always used to recommend AVG for it's excellent protection. It's gotten rather bad the past two years with frequent popups advertising AVG products, but they were still a good product, but with this they've become malware. Why would I put antivirus software on my computer that preforms the same functions as malware.
"When I ran into people who didn't want to or couldn't pay for antivirus I always used to recommend AVG"
Ditto. I raised this question on Twitter at the weekend - but I only got one reply: Avast.
This might be an opportune time for El Reg to do a round-up of AV products - free and premium.
This post has been deleted by its author
Part of the problem, I think, is the amount that companies are asking for their software. What might not seem very much to someone earning north of £20K p.a. may be a huge amount to somone only bringing in minimum wages. When I was unemployed and still using Windows, I'd've found a fiver for a reasonable AV product. What I couldnt; have done is found much more. So if teh price is too high, the AV creator gets no money, rather than set it low and get some from many people.
Bit of a moot point, anyway, given that most folk I know seem to be looking at moving to Linux if they aren't already on it. How things have changed in just a few months!
I pushed for an antivirus on every device when I started. They relented but gave me zero budget.
My boss suggested Free AVG, and I have been dealing with the increased pester announcements which confused my users.
the benefit for AVG was my users started to install it on their personal devices, partly because my encouragement but largely as it was a brand they recognised from work.
I have just been asked by my boss whether we can opt out of the metadata sharing. The policy change affected our trust. We cannot allow unspecified data about our computing systems to leave our business.
Ironically the constant pestering has raised awareness amongst our staff so that management are now willing to pay but they want something that wont pop up all the time causing user confusion.
AVG 8 "free" agreement says it is for personal use only, not for commercial or business use. Just email that link to your boss and get him to sign something to clear yourself. That should get you either a budget or a nice pass should you get audited.
Avast, although you'll be diving into Avast's settings fighting popups
Umm... no you won't. The only popups I see are when my virus definitions get updated, and even then that's usually only when I have just booted my machine. Technically, though, it *is* wise to actually configure software after you install it. If that's too much of a hassle, I'm sorry, but I can't help you.
As another AVAST! user suggested, Gaming Mode can help with that, too.
> Eset, just get Eset nod32, not the cheapest but its worth it..
Please no. Thankfully getting rid of it here.
Lots of random "ESET needs attention" popups without any information about what triggered the pop-up. Log full of "Could not download updates" but no error message.
Its detection might by good, but its UI and error handling is crap.
if it does that and doesn't sort itself straight away, just clear the client download cache... if you have a remote admin server setup you can just do it as a task straight away to as many of the clients as you want. compared to the other AV's I've had to use, I really do love ESET as being fast, light and reliable.
management are now willing to pay but they want something that wont pop up all the time causing user confusion.
You'll find that the majority of paid for business security tools don't constantly pop-up and will only pop-up when they need to communicate something important to the user. For a small business (greater than 5~10 people) you probably should be looking at tools such as Trend Micro Worry-Free and Panda Cloud Office Protection.
You should have let the business get pwned. There is no reason at all a business shouldn't pay for security. System security is one of the costs of doing business.
They could probably save vast sums by doing away with premises and networks in the first place and just getting all the staff to meet up at starbucks and use public wi-fi, but they won't.
By not paying at least the cost value for that required business resource (AV) they risk that resource only being available at a much higher price by the time they realise it really is necessary.
We cannot allow unspecified data about our computing systems to leave our business.
In which case you probably should be relying on more than just Free AV software on each user machine!
"My boss suggested Free AVG" ... "We cannot allow ... to leave our business"
So, you admit that you have been using the "free" version of AVG in your business.
Did you ever consider that it was, at least in part, arsewipes like you/your company, illegally using the "free" version which is specifically NOT licensed for "commercial" use, that may have contributed to the lower revenues at AVG that presumably contributed to AVG's decision to further monetize the free version of the software?
"I have just been asked by my boss whether we can opt out of the metadata sharing".
Sure - pay for the commercially licensed version, as you should have been from day one...
I admit my company is solely responsible for AVG monetizing the free version. Hang me. Hang me now. My god man get laid and soon.
My low position in a smallish business, meant that I did not have the leverage with the management to get the budget I needed. I could have just let it go unprotected and then you would have bitched if my network turned into a botnet that brought down your ivory tower.
My initial step has resulted in the education and leverage that I needed to make it better and legit. It also compelled my boss to put a priority upon it. Sometimes you have to play the long game.
I recommend Windows Defender, Microsoft Security Essentials and Firefox with NoScript and AdBlocker.
Firefox is an oldie, no need to explain here, but since Win7 I have to admit having found no reason to use anything else but MS products for PC defense. I have repeatedly had friends' and acquaintances hardware in my hands with AV products from all over the map to scrub. Every time I removed the installed AV product, installed MSE and lo and behold, it found malware that the others had blissfully ignored.
I'm not saying MSE is perfect, it is a Microsoft product after all, but as far as AV/anti-malware goes, it does a good job.
And it's free.
An will likely never get any popups for a pay version, or for ads.
>Microsoft Security Essentials
MSE is used as the baseline for all of the tests on av-comparatives, i.e. it offers the worst real-time protection of all of the tested antivirus products. In the august test Bitdefender and Avira come out on top. I have used avast in the past but I've switched to Bitdefender free now for a nag-free experience.
http://www.av-comparatives.org/dynamic-tests/
https://www.av-test.org/en/antivirus/home-windows/
MSE is Microsoft's way of showing that it is "doing something" to avoid being tagged a risk, like banks implement the absolute minimum security they can get away with to mitigate liability (which is far from enough to protect their customers, but they're not interested in that - that's just excessive spend).
MSE is the sticker on your bumper that says "if you can read this you're too close". It leaves it up to the rest of the industry to mount airbags and ABS. Sometimes MS doesn't even bother to fit the brakes.
I've been using BitDefender on my two W7 lappies though a recent scan with Malwarebytes showed that BD isn't as thorough as it might be with some types of unwanted dross including PUPs. My main desktop W7 system has been using Kaspersky for a number of years now.
My own arsenal tends to include Malwarebytes including the rootkit scanner, AdwCleaner and CCleaner, with occasional HiJack This if the above doesn't find everything and, on one occasion, I stretched to a copy of Hitman Pro.
I did, however, notice that there's a Windows version of ClamAV. Not sure how good that works but I use it on my Linux systems.
McAfee ... stay 2,000,000 miles away. It couldn't find water standing knee deep in the ocean, much less malware and viruses. And to make it worse, it really slows a computer down.
Norton ... it has improved over the years, but one problem still remains. If your Norton product lasts a year without requiring a reinstall, you are lucky. But the ultimate problem is Norton doesn't tell you it isn't working, you just click on toolbar icon and nothing happens.
Eset ... very efficient and excellent detection. But it does tend to bug you over unnecessary stuff, like optional Windows updates. It also has a nasty habit of trying to download updates immediately after a computer wakes up before the network adapter has come back on, fails, and instead of trying again in a few minutes, waits another 3 hours. Older versions could never remove boot sector viruses on your boot drive, I haven't seen a boot sector virus in a while so I don't know if it still holds true.
Kaspersky ... excellent detection but it will slow your computer down, but not as much as McAfee. Also, it has a nasty habit of turning on debugging mode. When this happens, Kaspersky generates log files but never deletes older ones. When this happens, you'll quickly run out of disk space until you turn off debugging and delete the several hundred thousand log files.
Trend Micro ... they became fat and lazy. The new versions aren't that great on protection and the product is slow. Not Kaspersky or McAfee slow, but close.
Avast ... I haven't used this one too much. What I like is sandbox mode, what I don't like is how it doesn't ask me if I want a new program to run sandboxed.
Panda, Vipre, Bulldog, ... I don't have any experience with them.
Of course there are more. But these are the only ones I've used.
Kaspersky ... excellent detection but it will slow your computer down, but not as much as McAfee. Also, it has a nasty habit of turning on debugging mode. When this happens, Kaspersky generates log files but never deletes older ones. When this happens, you'll quickly run out of disk space until you turn off debugging and delete the several hundred thousand log files.
I would make one additional comment to this as a Kaspersky user both at home at at a place of prior employment.
I've only ever had one big fault with the home version, and that was a pretty long time ago now. I generally find that the home anti-virus package works pretty well. I tend to stay away from teh full-on "Internet Security" thing for the same reason why I don't use crud like Norton or McAfee - I want anti-virus packages to do anti-virus things. It's why I have liked Linux in the past; each package doing one thing well rather than doing lots of things poorly (yeah, then systemd came along...)
The business version of Kaspersky, on the other hand, has the capacity to be a royal pain in the butt. Installation can be a pain and compatibility with some applications (or lack thereof) used to give my colleagues and myself regular headaches to the point where removal and replacement were the only solutions. And that wasn't too easy either.
At work, its the IT departments choice.
At home, Security Essentials and Ghost drive (then entire PC gets a reset every month).
Plus no Java; no Silverlight; NoScript; AdBlocker; a big old ad-farm blacklist, and block all URLs that ain't uk; western Europe or USA (they're not better than the rest, just the ones I really use - I can't read Russian so .ru is of no interest).
Barebones avg. None of the link protection / email scanner modules activated and I don't get pop-ups*.
Which leads me to ask, if the link protection / web privacy no track thingy plug-in isn't used will they still collect browsing data. I know it's possible but the logical method is to use these modules.
*At least not unwanted ones, got my first last night when I donwloaded Ammyy. I'm really glad AVG told me it could potentially allow remote access otherwise I'd never have known.
Let's hope Avast learns the right lesson from this and user reaction curbs any temptation to follow AVG.
Avast isn't particularly intrusive, popups have been getting bigger and more frequent but they're easy to brush away. Annual renewal of the free product is actually simpler than it used to be.
I won't be switching to Gaming Mode just yet as I find it reassuring when Avast occasionally issues hazard warnings.
I suspect most of us here are professionals, and AVG Free is solely for home/private use.
I started using the paid for version on my work machines some years ago. As AVG isn't perfect (no AV is) I also have the paid version of Malwarebytes, and I also use a paid-for Zonealarm. Touch wood, I've been safe so far. And having spent hours de-malwareing other peoples machines I appreciate having something that seems to work.
Spending a hundred quid or so a year on protection for my work computers doesn't seem that unreasonable.
Having said that...data grabbing at the level proposed by AVG is pretty shitty!
...seems more and more vendors are at it now. Even if one pays top dollar for the product, that's not enough (in some cases) to get excluded from this nonsense.
Yes, it'll bring a little hassle* to move entirely over to Linux, and yes yes yes dear, I know it isn't perfect. But I just can't be arsed with monitoring the information-sharing landscape of a dozen products - I'd rather zap my box (oo-er) with Ubuntu or Debian or some such and just be done with it.
*I do wonder how much nonsense, though. Really - my most-needed app is now available from the vendor as a Linux version, and bloody good it is too. I could be very easily swayed at this point, for data-sharing exhaustion.
It amuses me that AVG get pilloried for actually GASP wanting some actual INCOME for their work. How dare they! Heresy! If that is why you're upset you're just a freeloader.
But, I would agree with anyone who is annoyed because they chose the "we will now grab all your data because we can" route instead of just discontinuing the free version, because that's actually not even legally possible unless they include a separate tick box that states so explicitly (given the likelihood that search histories will contain data classed as "sensitive"), and at that point I too would say "f*ck you AVG", if not for one small point:
I stopped using Windows long ago :).
@AC, play nicely, now! ;)
We have not used MS ourselves since 2007, but my posse of friends/rellies took a while to move to Linux, which is fair enough, after all. The original posse has now converted to Linux and loves it, but..
Two new (Windows-based) posse members have arrived recently, and I have been using AVG and/or ClamWin in preference to the pretty appalling MSE ...
https://redmondmag.com/articles/2015/01/27/security-essentials-fails-antivirus-test.aspx
...plus Adaware, SpyBot and others as well as installing FireFox with uBlock, Flash blocked, Privacy Badger and anonymised search - DuckDuckGo, IxQuick etc.
This has seemingly done the job (verified via online scans & offline scan CDs), but it's pretty messy.
Looks like AVG is no longer an option.
I am no Windows guru, not any more, so I've felt the need to update my skills and bought a new Lenovo desktop from eBuyer for £120 with 'Win8 for Bing' installed.
Came with a couple of viruses pre-installed, before connecting to the web!
(Verified carefully, not FPs)
Running Clam from (eg) a Linux USB boot stick can be swifter and less hassle than running inside Windows - I do it overnight, usually - but can I trust my n00bs to do this? Hell no!
So my sympathy goes out to all those still stuck with MS, as I was for many years.
I'd appreciate pointers to the best solutions for Win 10 - we've successfully upgraded the Lenovo.
This post has been deleted by its author
It amuses me that AVG get pilloried for actually GASP wanting some actual INCOME for their work. How dare they! Heresy! If that is why you're upset you're just a freeloader.
Ok, I'm going to pillory them for being Way Behind The Curve on selling user data.
I mean, come on, if you haven't been selling user data for years, why would I think yours is a modern product?
@ Lars - Yes, and I feel it is only fair to contribute to any 'donation-ware' to the extent that one can - a few dollars to SpyBot and Adaware and others back in the days when I used them myself.
Nowadays I contribute irregularly to my Linux distro of choice, and send the odd dollar (or ten) to other software developers. It doesn't have to be a lot to make a real difference.
I'll give F-secure a go on the W10 Lenovo - thanks for that tip!
It is partly due to the paid software containing disclaimers like "If we let a virus through, not our fault","If an update stops your pc from booting, not our problem", "If our software trashes you data, Tough, you are on your own" (I`m looking at you Norton)
I think you missed the point completely.
The point is the underhanded way they changed what their "free" offering does. Sure, they tell us about it, but your average user wouldn't know what to do about it (if they even notice the change). Most users rely on clued up people to help them. What if no-one is around to help them when AVG pulls this little trick?
Like most people I don't particularly want yet more info collected and shared. As such I want to switch from AVG to some alternative that doesn't (yet) steal such data.
It would be good to hear thoughts on which free alternatives offer the same or better service compared with AVG Free. I'm aware of Avast!, Avira, Panda and others and know there are comparions out there (like http://uk.pcmag.com/security-reviews/142/guide/the-best-free-antivirus-for-2015) but it is always good to get El Reg user feedback.
The holier-than-thou "don't expect free software for free" squad might be interested to know KIS has been data slurping since the release of 2016 batch.
http://forum.kaspersky.com/index.php?showtopic=333166
I have not updated my paid KIS 2015 because of this.
Do any of these 'privacy protecting' packages actually protect your privacy from themselves?
When the antivirus programs (free, paid for etc) do more damage than the viruses, something is very wrong indeed.
20% performance hit on a quad core with 8GB RAM is annoying but bearable, on the other hand 40% on a netbook is intolerable.
If the machine noticeably slows down with AV running in the background then there is something amiss with the setup. Installing an SSD might help here but a polished turd is still a turd.
If nothing else this might be the nudge some people need to recycle their junk PC and get something which wasn't manufactured in the last decade.
Also scan-on-boot using 1/4 or 2/6 cores just to do that function is quite feasible, storing known good CRC32 of every file and checking it against a protected archive isn't routinely done yet.
I stopped using AVG when the idiots started to bloat it massively by version 8.
BTW, stop trying to get cracked software, and virused movie zips, and stop signing up and giving your Thunderbirded email to random shops and sites. Then use Microsoft Security. I've not had any problems for years and years now that I've all grown up and actually started to buy software. Imagine that!
(voted down by guilty people lashing out :) )
these guys are too small for domains,
1)so set users as, you know, standard user accounts. (every single user on every machine i ever see is an admin). simply doing this decreases the attack surface of an out of the box windows machine massively.
2) set up an admin account on the machine with a password. write the password on the pc on a label so they dont forget if they look like they are particulalrly dim. educate them aboujt what to do when the enter admin password box pops up. so if it pops up for no apparant reason, read the box. look at what is trying to install. if any doubt, say no.
3) install cryptoprevent. this sets up group policies to prevent lots of nasties from launching. it does have issues with some legit progrmas, notably spotify, due to the way they run their installer.
4) install chrome with adblock plus.
5) install trend WFBS
6) get rid of flash and java
i have nearly 700 customer machines set up like this, with very few problems, usually down to the nature of the sites that they are looking at and then ignoring my advice in point 2)