wiki:AntiVirus

Version 4 (modified by spirillen, 6 days ago) ( diff )

--

Anti Virus

Anti Virus program is a piece of software that shall protect you against viruses, malware, Trojans, worms, bots, potentially unwanted apps (PUAs), ransomware, and more no more and no less. Despite these very clear definitions they all lack one very very important feature - Protecting your privacy against.... SpyWare, MalWare and trackware install by the biggest players out there like Google, Apple, Microsoft and Facebook. To top it up it looks like the Anti Virus producers over the fast years have started to track you too.

It have become more and more difficult to find a Software vendor who is not doing a lot of effort to figure out a way to track you and your online activities and since this include those who claims to sell you products that should protect you from the very same thing, make it hard to trust any of the security software vendors.

Telemetry as tracker

Over the years it have been more and more common to use Telemetry as trackware to spy on you. The vendors claims they can't track you down by the way data is collected, if that so, why are they spending the $ to make the dollar doing it? and why are you also opt-in on telemetry collection by default then? shouldn't it be the individuals choice to make the opt-in to sharing there privacy?

Telemetry collection example

To give you a clue on what and how your privay is collected and stored, we can use the SafeGuard Enterprise 8.x: FAQs on telemetry data collection from Sophos.

Can you use this data to find specific details of a customer?

No. All data is anonymized before sending. We do use a unique identifier to distinguish between different installations, so we can see what data belongs together. But we cannot see who has been sending that information.

Can you see the originators IP address?

No, we cannot even see the IP addresses from which the information comes from. We use a third party data collecting tool that hides that information from us.

ok, who is the "third party" and how much of the data did they get for free? what kind of information do they sell and to whom?

How let's see what Sophos shares without your consent:

Sent on Properties/Metrics Description
Device Booted Device Vendor
  Device Model
  Firmware Interface
  OS Architecture
  Operating System
  BitLocker Capable
  FDE on Boot Volume
  Boot Authentication Method
 
SafeGuard Installed/Updated SGN Version Installed SGN version
  Modules Installed List of installed modules
 
Policies Received Policies Enrolled List of enrolled policies on the client
 
User Log On Authentication Method Used authentication method at OS logon
  Cloud Providers List of installed cloud storage providers on the machine
  Encryption rules1 # of locations with a specific key if the key is available in the key-ring
  Keys1 # of different keys used in an encryption policy
  Ignore rules1
# of encryption ignore rules
  Exclude rules1
# of encryption exclude rules
Transparent Encryption/Decryption Encrypted Local Drive

# of files that got encrypted on local drive
Sent when a new encrypted file gets created.

  Decrypted Local Drive # of files that got decrypted on local drive
Sent when an encrypted file is read as plain
(e.g. by an IN application).
  Encrypted Removable # of files that got encrypted on removable media
Sent when a new encrypted file gets created.
  Decrypted Removable # of files that got decrypted on removable media
  Encrypted Cloud Storage # of files that got encrypted on cloud storage
  Decrypted Cloud Storage # of files that got decrypted on cloud storage
  Encrypted Network Share # of files that got encrypted on network share
  Encrypted Network Share # of files that got encrypted on network share
  Key Missing # of times encrypted files have been accessed by user w/o having access to the proper key
     
User Enforced Encryption/Decryption  Encrypted # of files pro-actively encrypted by the user via the shell extension (Windows) or system menu (OS X)
   Decrypted # of files pro-actively decrypted by the user via the shell extension (Windows) or system menu (OS X)
   Key Missing # of times encrypted files should have been decrypted by user without having access to the proper key
NOTE: Not reported from Windows Client
     
Outlook Plugin usage
(Windows Only) 
Encrypted # of files sent encrypted via email using the Outlook plugin
  Decrypted # of files sent decrypted via email using the Outlook plugin
  Encrypted Self-Decrypting HTML # of files sent HTML5 wrapped via email using the Outlook plugin
  Key Missing # of times encrypted files have been accessed by user without having access to the proper key
     
Sharing Volume
(OS X only)
Decrypted # of files shared via the sharing volume
  Key Missing # of times encrypted files have been accessed by user without having access to the proper key
     
Initial Encryption  Encrypted # of files encrypted within a running initial encryption task
     
Self-Decrypting HTML Wrapper usage Encrypted Self-Decrypting HTML # of files encrypted via HTMLv5 wrapper 
     
Health Status changes  Red Health Status # of 'red health' status notification from endpoint where the red health status changes
   Keys removed # of times keys have been removed
   Keys restored # of times keys have been (re-)loaded 

This is an ugly amount of identifying data......

So you need to do a lot of homework before choosing who you would trust with your privacy.


See also: ticket:57, ticket:61 and ticket:63

Note: See TracWiki for help on using the wiki.