Data Transmissions of AVs

Sending information such as detection names, file hashes, names, paths and sizes of potentially malicious executable program files is obviously important in counteracting malware, and almost all respondents’ programs do this.

What is less easy to justify is sending personal data files (e.g. documents) or non-malicious executable program files. We feel that users should be able to decide on a file-by-file basis whether such files are sent. Several programs allow users to opt out of file-sending either completely or on a case-by-case basis, although a number send files without explicitly asking the user (there may be a warning in the EULA that this will happen).

If malware steals personal data, we do not feel there is justification for the AV program to send the same information to the manufacturer.

We asked whether special updates are delivered to users with specific IDs. This could theoretically allow authorities with a suitable court order to monitor e.g. specific terror suspects without the monitoring software being detected by the antivirus product.

All updates would however be supplied to all other users, ensuring that their PCs were still fully protected. Most of the vendors responded that they do not do this, although a few (mostly from the USA and UK) did not reply to this question.

He said that the trustworthiness of U.S.-based security and technology companies is quickly eroding, pointing to a letter recently sent to 20 of the world's largest antivirus companies by Bits of Freedom, a Netherlands-based organization focused on digital rights. In that letter, the group asked whether the vendors had whitelisted government-authored malware. Most of those companies gave a prompt response in the negative, but U.S-based AV giants McAfee Inc. and Symantec Corp. never replied.