Avast snooping gets called out by Firefox

Topic

New Reply

And for good reason. Martin Brinkmann reports: If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results
[See the full post at: Avast snooping gets called out by Firefox]

3 users thanked author for this post.

lmacri, ve2mrx, jburk07

Reply | Quote

Replies

Avast extensions are available on the Chrome Web Store.

2 users thanked author for this post.

lanceboil, woody

Reply | Quote

That’s the worrisome thing about browser plugins. Many of them can gain access to your browsing habits. Do you trust them?

The other thing that has always worried me about the web scanning of AVs like Avast that can scan secure HTTPS sessions, is that they need to proxy your web security to do so, in effect, becoming a “trusted” man in the middle that has to decrypt your web session in order to scan it.

Some other AVs that can only scan in-secure HTTP are almost useless ifor this type of web scanning, as the majority of mainstream websites seem to have adopted HTTPS.

Windows 10 Pro 22H2

1 user thanked author for this post.

jburk07

Reply | Quote

Ok, but do you have any advice on how to stop Avast snooping on firefox while staying safe?

Please.

 

1 user thanked author for this post.

jburk07

Reply | Quote

Well at least avoid the browser plugins, and disable web shields.

Better yet, find another AV. If Avast wants to snoop, can you really trust them?

The big picture here is that we have to trust our operating system, and our security software.

With Windows, we have only one choice, Microsoft (use it or not). With browsers, we have a few options. With security there are many more options. The more companies that have complete access to your machine and browsing habits, the less secure you are from snooping.

Windows 10 Pro 22H2

1 user thanked author for this post.

jburk07

Reply | Quote

I say, well done Mozilla for taking the initiative and a step in the right direction.
This is just the tip of the iceberg without mentioning any internet octopi

Windows - commercial by definition and now function...

1 user thanked author for this post.

JohnW

Reply | Quote

Microfix wrote:

I say, well done Mozilla for taking the initiative and a step in the right direction.
This is just the tip of the iceberg without mentioning any internet octopi

I say they took over a year to do this, that is not making me feel secure. I will just keep blocking scripts and hope Windows Defender catches any baddies.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I have been using AVG Internet Security for several years now and am increasingly dissatisfied with the software. They have introduced numerous ad popups and the so-called web shield and email shield features regularly break Outlook email clients ability to receive email and Internet Explorer 11 ability to connect to HTTPS websites. The problems are clearly caused by AVG and involve throwing “trusted security certificate errors” in the browser and email server connections. Disabling the features in AVG always totally resolves the issues. This is subscription version of AVG, not free, and I can say the software is much worse since being acquired by Avast. I am looking at alternatives at this time.

1 user thanked author for this post.

woody

Reply | Quote

[KP]

I am using Microsoft Security Essentials  on Windows 7 and Windows Defender for Windows 8.1 and 10.

Here are the concerns. Microsoft Security Essentials works the best but Windows 7 is only good until Jan 2020.

Windows Defender’s right-click context menu does not work on Windows 8.1. I tried fixing it but it still needs another try to fix it.

Windows Defender on Windows 10 1803 Home maybe doing something in the background like allowing Microsoft Updates while I have Metered Connection on. I am suspicious.

Windows Defender on Windows 10 1803 Pro seems fine.

• This reply was modified 5 years, 5 months ago by KP.

Reply | Quote

KP wrote:

Windows Defender on Windows 10 1803 Pro seems fine.

Has Windows Defender stopped anything since you have used it ? A virus, faulty app, a malware ?

Reply | Quote

[KP]

My AV has not caught anything for years, maybe since the early 2000’s. Hopefully it is due to Defense-in-Depth concept of safe computing. [Always beware of suspicious activities that maybe occurring, while trying not to be paranoid.]

There is a harmless fake virus test file you can use called eicar.com (it goes back to the early days of PC’s). I just ran it and Windows Defender detected it: https://secure.eicar.org/eicar.com . Hence my AV should be active.

• This reply was modified 5 years, 5 months ago by KP.

Reply | Quote

I just assume that anyone and everyone with a profit motive is doing this now. (I’m usually proven right eventually.)

And as long as authorities get to query the collected data without a warrant or buy up all the data about me at a 30% discount, they don’t mind, and they won’t do anything to stop it.

Reply | Quote

Should I be pulling CCleaner (recently purchased by Avast) from all the computers I installed it on?

3 users thanked author for this post.

Ayjaydee, lanceboil, Alex5723

Reply | Quote

I used to be a huge Avast fanboy. I used it on everything. But I ditched it years ago after the AV had started slowing down my computer. Now hearing this makes me glad I ditched them.

Reply | Quote

anonymous wrote:

Should I be pulling CCleaner (recently purchased by Avast) from all the computers I installed it on?

I have CCleaner programs blocked at my firewall – no outbound network access. I feel comfortable that would prevent snooping. I will continue to use it with disabled network access, something that would not be realistic to do with an antivirus.

But I think any questionable behavior by a parent company should be greeted with skepticism for any of their portfolio of products!

I hope the added scrutiny brought on by this disclosure will make them re-assess their data collection policies.

Windows 10 Pro 22H2

2 users thanked author for this post.

Ayjaydee, Cybertooth

Reply | Quote

JohnW wrote

I have CCleaner programs blocked at my firewall – no outbound network access. I feel comfortable that would prevent snooping. I will continue to use it with disabled network access, something that would not be realistic to do with an antivirus.

How do we block access?
Over the last few days portable CCleaner kept offering me a Black Friday discount on an upgrade every time I opened CCleaner.

2 users thanked author for this post.

Ayjaydee, Carl D

Reply | Quote

Create a rule in your firewall to block outbound access for that application.

For example, in the Windows Firewall in Control Panel, you can click on “Advanced Settings”, then “Outbound Rules > New Rule”.

You will be presented with a “New Outbound Rule Wizard”. Make your selections here. I usually start with “Program” (rule that controls connections for a program). This method requires that you then browse to the program path that you launch the program from.

Windows Firewall works, but alternatively you may prefer a program that functions as a front end for it, as that usually eliminates the hands on approach to creating firewall rules.

 

Windows 10 Pro 22H2

Reply | Quote

[Carl D]

Have CCleaner/Avast been at it again with the Black Friday ‘flyout’ ads this year?

I would have thought that after all the flak they copped about this last year they wouldn’t have tried it again. Goes to prove they really don’t care about annoying people. Just like a lot of companies these days.

Anyway, what I do with CCleaner (like I do with Windows and a lot of programs and drivers, etc. these days) is install/update it with the computer disconnected from the Internet.

After the install or update, I disable and delete the 2 scheduled tasks CCleaner creates.

I then go to Program Files > CCleaner and delete the CCleanerUpdate executable and use a little program called OneClickFirewall to disable Internet access for the CCleaner and CCleaner64 executables (with OneClickFirewall you just right click on the executables and select “Block Internet Access”).

This, of course, stops CCleaner accessing the Internet. No flyout/popup ads or other shenanigans.

(Before I found out about OneClickFirewall I tried blocking CCleaner’s Internet access with Windows Firewall but it didn’t seem to work for some reason? This was during last year’s “premiere” of the Black Friday ads. Don’t know if I had Windows Firewall configured incorrectly or it was something more ‘sinister’ going on where Windows Firewall ignores certain firewall rules, I’ll just leave it at that but I’m sure everyone knows what I’m hinting at).

• This reply was modified 5 years, 5 months ago by Carl D.

2 users thanked author for this post.

Ayjaydee, Cybertooth

Reply | Quote

jabeattyauditor wrote:

Avast extensions are available on the Chrome Web Store.

Avast probably shares the stolen users data with Google /s

2 users thanked author for this post.

jabeattyauditor, Cybertooth

Reply | Quote

[Alex5723]

anonymous wrote:

Should I be pulling CCleaner (recently purchased by Avast) from all the computers I installed it on?

Yes. You should use instead the portable ccPortable : https://portableapps.com/apps/utilities/ccportable

https://www.askwoody.com/askwoody-newsletter-alerts/microsoft-finally-got-onedrive-right/#best-utilities-0

• This reply was modified 5 years, 5 months ago by Alex5723.

Reply | Quote

I also once used Avast or AVG (free versions) on all my computers. As one became more and more invasive, nagging or bloated, I would switch to the other. Went back and forth a couple times before just hating them both. Avast, AVG et. al. are long past any trust in my book.

Now I use Windows Security for realtime protection backed up by on-demand scanners Malwarebytes and SuperAntiSpyware. Nothing even remotely suspicious gets downloaded and ran until it passes all three scans.

For online protection I mostly use common sense ‘safe surfing’ coupled with a few Firefox add-ons: NoScript, uBlockOrigin, Privacy Badger and a few other anti-fingerprinting ones.

(I do use CCleaner portable with outgoing firewall blocks.)

So far, so good…

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

Reply | Quote

I was not aware that Avast or any Antivirus Program was available as a “Plug-In” to Firefox.  I’ve been using AVG for years and always downloaded the full program which runs on its own.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

Charlie wrote:

I was not aware that Avast or any Antivirus Program was available as a “Plug-In” to Firefox.  I’ve been using AVG for years and always downloaded the full program which runs on its own.

Charlie, the browser plugins typically add additional “features” to the AV package, like filtering/blocking websites, etc. They’re based on the concept that some of these operations are better handled at the browser level than by some other memory-resident program.

2 users thanked author for this post.

Charlie, JohnW

Reply | Quote

Right, the plug-ins function as “extensions” to the main app, and are optional.

Windows 10 Pro 22H2

1 user thanked author for this post.

Charlie

Reply | Quote

I have the plugin “ublock Origin” installed in my Firefox and it takes care of a lot of those things.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

I too use CCleaner on 10, in which case the security system as it is set up, continuously blocks the app from calling home. Used to use the Avast A-V until there were “Problems”, now use the Microsoft security system.

Also use 8.1 and have the security system, such as it is, configured to indicate any problems. Have read the EMET is no longer viable; any ideas on this matter?

Reply | Quote

UPDATE: Catalin Cimpanu reports on ZDNet that AVG has been tarred with the same brush.

I haven’t heard anything about CCleaner, though.

Reply | Quote

I have got the free versions of Avast and AVG on different Windows computers where Firefox was installed as the default browser.  Both of these AVs create management policies for Firefox, one effect of which is to disable the ability to uncheck “Always check if Firefox is your default browser” in the Firefox options.

Reply | Quote

[EP]

and note that certain older versions of Avast & AVG block/prevent upgrading to Win10 versions 1903 & 1909:

https://www.zdnet.com/article/microsoft-blocks-windows-10-upgrades-for-these-avast-and-avg-users/

either upgrade it or uninstall it altogether: the old “use it or lose it” advice

• This reply was modified 5 years, 5 months ago by EP.

Reply | Quote