Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira privacy problem.


  • Please log in to reply
15 replies to this topic

#1 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 12 December 2016 - 02:47 PM

Avira Privacy policy is here https://www.avira.com/en/general-privacy

 

Settings for the newest version of avira free anti-virus are:

 

Check for updates "forced can't turn off" once per 22 days.

No cloud anything.

Ask me before sending a file to avira, all settings in the AV that have anything to do with sending data back to Avira are disabled, theirs none really though.

 

I can't seem to find anything anywhere that explains what the newest free version of Avira anti-virus douse in regards to privacy, their Privacy policy only talks about cloud.

 

So far i have 16 firewall rules just in one firewall to block it from phoning home and anytime you try and do anything with it for any reason it will try and connect to the net and send data back to home base, thing loves to spam connections, and of course it uses port 80 and 443 seeing as if you have a edge-firewall odds are the ports will be open.

 

avcenter.exe "exe one"

Tries to connect to 185.123.227.13 & 185.123.227.12 HTTP port 80

 

avnotify.exe "exe two"

Tries to connec to 62.146.210.31 & 62.146.210.33 HTTP port 80

 

avscan.exe "exe three"

Tries to connect to 185.123.227.13 & 185.123.227.12 HTTP port 80

 

avgnt.exe "exe four"

Tries to connect to 185.123.227.13 & 185.123.227.12 HTTP port 80

 

avconfig.exe "exe five"

Tries to connect to 185.123.227.13 & 185.123.227.12 HTTP port 80

 

avguard.exe "exe six"

Tries to connect to 52.28.222.112 & 52.58.212.35 TCP port 443

 

ipmGui.exe "exe seven"

Tries to connect to 185.123.227.13 & 185.123.227.12 HTTP port 80

 

update.exe "exe eight"

Tries to connect to 52.55.71.85 & 52.200.103.177 TCP port 443

 

No less then eight *.exe can use a network to phone home and that's with cloud disabled and ask me before sending anything to avira settings enabled.

 

Any one run wire-shark on a test computer or knows what going on on this topic ?

What kind of data is being sent ?



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:37 AM

Posted 12 December 2016 - 03:19 PM

I'm wondering if Spybot AntiBeacon might be all you need; I'm not sure if it will help with Avira.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 12 December 2016 - 04:00 PM

Spybot AntiBeacon seem to be just for Microsoft spying in their Os, doesn't have anything to do with Avira and in any case Spybot AntiBeacon seems to be just for win7 or newer, im still in winXP.

For winXP i like XP-antispy app. https://xp-antispy.org/en/screenshot/

Spybot AntiBeacon seems like a good app, ill take a copy for when i work with win7, thank you for info.

 

As well the Avira phone home topic is not going anywhere, its all blocked on a firewall level, but from their legal agreements im not reading anything that explain why a total of eight EXE are all trying to phone home or what data is being sent.

 

Did a test as well when doing a manual scan of a hdd with the AV, put something nasty on it just for fun "old school virus" and the min Avira scans the file it tries to send something back home base on the network, i should redo the test with more then one nasty EXE just to see if each time it scans a new file that it doesn't like if i can provoke it to send back data on the topic to home base.

 

Edit Typo fix


Edited by shadow_647, 12 December 2016 - 04:42 PM.


#4 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:37 AM

Posted 12 December 2016 - 04:33 PM

Thanks for that update Shadow!


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 12 December 2016 - 06:20 PM

Spybot Anti-Beacon

Spybot Anti-Beacon is a standalone tool which was designed to block and stop the various tracking (telemetry) issues present in Windows 10. It has since been modified to block similar tracking functionality in Windows 7, Windows 8 and Windows 8.1 operating systems.


While Spybot Anti-Beacon is simple, free and easy to use...these are the drawbacks (limitations) provided by various reviews of the product.

Spybot Anti-Beacon is very easy to use, but provides no explanation of what it's doing, and doesn't allow you to disable/ enable most settings individually. For experts only.

Spybot Anti-Beacon Review by PC Advisor

Unfortunately...there's no detail on what you're disabling, and no way to toggle individual settings: it's strictly all or nothing. The only detailed control you get is under the "Optional" tab, where youre able to tweak any or all of four features: Web Search Group Policy, Cortana Group Policy, OneDrive Service and Remote Registry Service.

Spybot Anti-Beacon Review by Betanews

The tool unfortunately does not give you the option to select the feature/s that you may want to disable.

Spybot Anti-Beacon Review by the WindowsClub

...there is still room for improvement to meet the users' requirements. At the moment, there are competitor applications that do more. For instance, it would be great to have the application disable the access of apps to wireless connections, block localization access and services, disable the automatic Windows updates or the feedback reminders.

Spybot Anti-Beacon Review by Softpedia
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:37 AM

Posted 13 December 2016 - 10:01 AM

Quietman7, you're absolutely great in posting detail information!  After I initially posted, I remembered SpyBot AntiBeacon was not designed to be aimed at anti-virus/anti-malware programs.  Reviews are spot-on!  There is very little control.


Edited by RolandJS, 13 December 2016 - 11:24 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 13 December 2016 - 10:41 AM

Indeed, good info quietman, read it all.

New hit this morning on powering up on one of the firewalls, seems the total now is not 8 EXE but 9 that can phone home.

 

Avira.OE.Setup.Bundle.exe:178.255.83.2 HTTP port 80



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 13 December 2016 - 03:01 PM

I always try to post more rather than less and give folks related links when available.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 14 December 2016 - 03:50 PM

And yes i doesn't stop their, the count is now 10 EXE that phone home.

 

avira_en____fm.exe 186.123.227.13 HTTP port 80

 

Found some good links on the topic as well.

 

http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf

 

http://www.makeuseof.com/tag/antivirus-tracking-youd-surprised-sends/

 

http://www.pcmag.com/article2/0,2817,2492599,00.asp



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:37 AM

Posted 14 December 2016 - 04:15 PM

Antivirus software: protecting your files at the price of your privacy
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 14 December 2016 - 05:58 PM

Good read as all ways quietman, one part a disagree with is.

 

Scanning and blocking of dangerous URLs:

 

Almost all internet security products claim to prevent you from accessing dangerous and fraudulent websites to keep you safe from malware downloads and fraud attempts. To do that, they typically forward all website addresses you visit to a centralized server which scans the domain names and paths against a massive database of dangerous URLs.

You may ask why these scans can’t be done on your local computer. The reason behind this requires a bit of technical knowledge: to check addresses locally would require the whole database to be constantly transferred and synchronized via online updates onto your computer. The problem with that approach is that there are literally millions of known bad website addresses that change very frequently. Online updates of protection software would become far too heavy for most users and every day hundreds of megabytes of data would need to be updated, which is simply impractical. That’s why it is more efficient to send each visited address to a server who does all the work and just returns a “safe” or “dangerous” flag.

The bad thing about this technology is that the antivirus vendor can track ALL your visited websites. Even worse: some vendors can read encrypted data that you enter on online banking websites or other private communication channels. These massive database servers are of course protected at the highest level, but history shows us that data is never 100% safe. Just think for a second about what would happen if that antivirus vendor lost control over their servers for any reason, and what would happen if your surfing habits were shared with criminals.

 

Its really not hard to setup, and updating lists its small download, though I-block wants $$$ now for their lists sadly, my self iv bin using this topic for years and it doesn't spy on me.

 

Atm my setup blocks 1,500,000,000 IP in max defense mode.

 

https://www.iblocklist.com/lists



#12 RolandJS

RolandJS

  • Members
  • 4,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:37 AM

Posted 14 December 2016 - 08:27 PM

shadow, how do we use blacklist's product/service?


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#13 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 14 December 2016 - 09:16 PM

shadow, how do we use blacklist's product/service?

 

 

Peerblock

 

http://filehippo.com/download_peerblock/

 

PeerGuardian

 

https://sourceforge.net/projects/peerguardian/

 

theirs Bot Revolt too.



#14 Itguy2016

Itguy2016

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 18 December 2016 - 05:26 PM

Avira uses MIXPANEL API's.. Which means I will never use Avira while they are in allegiance with Mixpanel.

 

Many products view Mixpanel as a security risk and some products (like Emsisoft) declare Mixpanel as malware in their blocker.



#15 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 AM

Posted 19 December 2016 - 11:20 PM

Sadly all the AV seem to be up to the same game, sadly they aren't protecting us vs spyware they have become the spyware.

why is this ?

 

The Corporation - Great Doc Film

https://www.youtube.com/watch?v=dLrRwT7oiCc






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users