Google Analytics code in Avast GUI?

system · November 20, 2013, 2:03pm

So, you want to know how to suppress it?

system · November 20, 2013, 4:23pm

This is the Avast support forum. I’d like to receive some official directions and information from the Avast Team about the tracking module present in their security software.

system · November 24, 2013, 12:26pm

Besides this thread, ten days ago I submitted a Ticket to the Avast! support, but I’ve received no reply.

system · November 24, 2013, 8:26pm

Sorry DavidR, But I have conclusive proof in the form of a screen cap where Comodo shows that avast emergency update is trying to access google with no internet browser running what-so-ever. It does this during bootup!

DavidR · November 24, 2013, 9:48pm

There is absolutely nowhere I mention anything about comodo or other sources, simply that the avast statistics have insufficient information to determine what made the connection if it is being routed through the web shield. It might possibly give more information in the AIS firewall logs (or other such sources) , but the avast statistics are sadly lacking in detailed information.

system · November 24, 2013, 9:58pm

It doesn’t matter what source is more reliable than another, just the fact that it’s true!

system · November 24, 2013, 10:00pm

Maybe this is why Avast holds my computer hostage for a few minutes after every reboot. It has done this every version after version 4. I have tried everything but I simply can not do anything with my computer for 2 to 3 minutes until Avast releases it.
So yes I would like instructions on how to disable analytics. please.

midnight · November 24, 2013, 10:12pm

??? ???

DavidR · November 24, 2013, 10:13pm

I’m not arguing if it is true or not, just that those looking in the avast statistics are looking in the wrong place as the information isn’t detailed enough.

DavidR · November 24, 2013, 10:17pm

Yes, but that doesn’t give the originator, browse the web and you are going to get hundreds of scans by the web shield as all page requests in the browser get routed through the localhost proxy. But it doesn’t say what originated the connection.

Which is the very thing I have been banging on about in this topic, the avast statistics are sadly lacking in detail.

midnight · November 24, 2013, 10:20pm

Sorry. :-[

system · November 24, 2013, 10:27pm

Well in this case the OP’s, that you addressed, indication was correct, so I guess he got lucky, huh?

system · November 25, 2013, 12:59am

Since my last posts here, the other day, when I unchecked analytics in HOSTS file to permit connections, there was a successful connection to google during definitions/emergency update.
See log extracts and a screen shot from the firewall. That qg…1e100.net server is google. The firewall log with all avast apps logged (except service) is for the benefit of DavidR who, seems, so far, hasn’t been convinced that google is in the picture - ie100.net is google’s connection with markmonitor.

I’m glad Avast logs things, and hope they never stop doing so even if complaints come in.

From Setup.log[Quote]
20.11.2013 20:55:55.000 1384998955 system Executing:AvastEmUpdate.exe /updater
20.11.2013 20:55:55.000 1384998955 system Executed:AvastEmUpdate.exe /updater
20.11.2013 20:55:55.000 1384998955 general Return code: 0x20000000 [Something done]
20.11.2013 20:55:55.000 1384998955 general Stopped: 20.11.2013, 20:55:55
[/quote]
From eventlog.log [Quote]
11/20/2013 8:55:59 PM The virus definitions have been automatically updated to version 131120-0
[/quote]
From HtmlRemoteContent.log[Quote]
11/20/2013, 20:56:04 WinHttpReadData returned 200 for: http://s.program.avast.com/api/?action=1&p_aas=0&p_adc=0&p_adi=-1&p_adp=0000&p_age=109&p_cid=1&p_cpu=-1.0&p_cpv=134219225&p_elm=80&p_fib=-1&p_fsh=11.7&p_hid=cf722c1c-b7e2-43d4-a6ab-9efa5dd4bd42&p_idw=0&p_iid=0&p_inf=2&p_lan=1033&p_lci=1033&p_let=24&p_lex=285&p_lic=0&p_lid=en-us&p_lng=en&p_lqa=0&p_lqe=0&p_lst=0&p_lsu=24&p_man=0&p_mdc=0&p_osv=5.1&p_pro=0&p_ram=894&p_reh=800&p_rew=1280&p_vbd=1497&p_vep=8&p_ves=0&p_wdc=0&p_wei=-1.0&p_wnf=0
11/20/2013, 20:56:05 WinHttpReadData returned 200 for: http://static.avast.com/program/api/images/mkt/toaster-mobile/bg.png
11/20/2013, 20:56:05 WinHttpReadData returned 200 for: http://static.avast.com/program/api/images/button_blue_36.png
11/20/2013, 20:56:05 WinHttpReadData returned 200 for: http://static.avast.com/program/api/images/mkt/toaster-mobile/fms.png
11/20/2013, 20:56:05 WinHttpReadData returned 200 for: http://www.google-analytics.com/__utm.gif?utmn=8163700247&utmac=MO-1405551-20&utmwv=4.4sh&utmp=%2Ffa-80%2Fen-us%2F30%2Ftoaster-virus-update_t5_70_mkt-mobile2.html&utmcc=__utma%3D999.999.999.999.999.1%3B&utmvid=0x41c509ad94987168&utmr=-
11/20/2013, 20:56:05 WinHttpReadData returned 200 for: http://www.google-analytics.com/__utm.gif?utmn=0127462121&utmac=MO-1405551-13&utmwv=4.4sh&utmp=%2Ffa-80%2Fen-us%2F0%2Fother%2Ftoaster-virus-update_t5_70_mkt-mobile2_AV.html&utmcc=__utma%3D999.999.999.999.999.1%3B&utmvid=0xc84e17efafea67c9&utmr=-
[/quote]
From my firewall - can’t insert here, see screenshot below

That said,

Avast is free and wonderful. If this was a paid product I might be annoyed, somewhat. Somewhat because the quoted vlk explanation suffices for me.
If you don’t trust a security product, even one of the 3 best in the world, ditch it and get another. It’s no brainer.

Edit: corrected where the quotes are

DavidR · November 25, 2013, 2:03am

Wrong, I know that if you are using google-analytics (as many sites do) be that for collation of website traffic stats or other traffic the data has to be stored on the google-analytics.com to be able to access the data.

In this case the collation of how users navigate through the avastUI so that it can be analysed by avast to improve the avastUI.

My only issue is that people were trying to use the avastUI statistics to find access to google-analytics, the problem being that traffic could come from multiple sources, not just the avastUI.exe if it even records connections/traffic from avastUI.exe as these may not go through the web shield proxy. So it is the statistics as a source of information for this which I’m saying is not good.

Other sources firewall logs if the firewall is capable of recording the parent process (some can’t) and not just recording the web shield proxy as the parent process (if the avastUI traffic is redirected through the proxy). There are a number of sniffer packages that are equally as good at detecting this.

system · November 25, 2013, 4:56am

Thanks for the clarification. Now I got it

system · November 25, 2013, 2:40pm

hahahaha

Well, I checked it with Online Armor and HostsServer - among the others. I’m not a programmer and I only wanted to receive an official reply from the Avast Team - not arguing with Avast fanboys. Also, I could recall some other user asked the same question months ago.

These are the main reasons why initially I preferred to mention only the Statistics and HostsServer: I was expecting an official reply from Avast team, they should know how their program works, I guess.
My first though was: "no reasons to give Avast evidences, if I should be right they already know. Just be polite and humble.

So I wrote:

I suspect there’s some Google Analytics code in the GUI (or something like that, I’m not a programmer).
Should I be right, could you please tell me how to disable it?

When DavidR at some point said there is no confirmation that Avast 9 like Avast 8 has also a tracking module, I simply suggested to check the statistics or use something like HostsServer - just because I was not interested in giving evidences to other users or arguing with them: that was not the point of my thread - wrong move, I know. Avast fanboys always lie in wait, hijacking the main questions, justifying everything.

P.S., sorry for my poor English

EDIT: typo

system · November 26, 2013, 12:05am

So once again in plain English. Is there a way to disable Google Analytics? I DO NOT want my AV to spy on me. I don’t care what the info is used for.

midnight · November 26, 2013, 12:29am

You can block it with Ghostery.

DavidR · November 26, 2013, 12:36am

That won’t work for what is being requested. Ghostery is a browser add-on and only works with browser traffic. The use of google-analytics to monitor the avastUI (for usability, etc.) is totally different.

google-analytics.com can be blocked in a users firewall or the HOSTS file. This should work in all instances browser or otherwise, including its use by avast to monitor the avastUI usability.

system · November 26, 2013, 8:43pm

ank91 post:6:

avast 9.0.2008 free x86.
I have also noticed some spy activity here-

I have noticed that once you open avast interface it begins to connect google (1e100.net) servers. :o

I just run netstat -b command and got this–>


  Proto  Local Address          Foreign Address        State           PID
  TCP    win-pc:1618            a118-214.142-13.deploy.akamaitechnologies.com:https  ESTABLISHED     2860
  [AvastUI.exe]

  TCP    win-pc:1619            bom03s01-in-f30.1e100.net:https  ESTABLISHED     2860
  [AvastUI.exe]

  TCP    win-pc:1620            bom03s01-in-f30.1e100.net:https  ESTABLISHED     2860
  [AvastUI.exe]

  TCP    win-pc:1621            a118-214.142-13.deploy.akamaitechnologies.com:https  ESTABLISHED     2860
  [AvastUI.exe]

  TCP    win-pc:1622            a118-214.142-13.deploy.akamaitechnologies.com:https  ESTABLISHED     2860
  [AvastUI.exe]

  TCP    win-pc:1623            bom03s02-in-f0.1e100.net:http  ESTABLISHED     2860
  [AvastUI.exe]

But when i add these lines in my host file (c:\windows\system32\drivers\etc\host), avastui.exe stopped its activity. 8)


# block Google Analytics via host file#
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 adservices.google.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 www.google-analytics.com
127.0.0.1 imageads.googleadservices.com
127.0.0.1 imageads1.googleadservices.com
127.0.0.1 imageads2.googleadservices.com
127.0.0.1 imageads3.googleadservices.com
127.0.0.1 imageads4.googleadservices.com
127.0.0.1 imageads5.googleadservices.com
127.0.0.1 imageads6.googleadservices.com
127.0.0.1 imageads7.googleadservices.com
127.0.0.1 imageads8.googleadservices.com
127.0.0.1 imageads9.googleadservices.com
127.0.0.1 partner.googleadservices.com
127.0.0.1 www.googleadservices.com
127.0.0.1 apps5.oingo.com
127.0.0.1 www.appliedsemantics.com
127.0.0.1 service.urchin.com

strange! :o
I think avast downloads ads from somewhere and then shows them in its UI. :

I’m sure you’re aware, but in firefox, when the two check boxes shown Here are checked, it phones that domain of Googles, that’s circled, and checks their list of bad sites. If one turns them off, or blocks them, then they don’t afford the protection they supposedly offer, the question is, does one truly require such protection, some maybe, I can only speak for myself. And I advice that no one allows me to speak for them, always know for yourself! The only way one can be sure!

Google Analytics code in Avast GUI?

Announcements