I think the name “reputation services” doesn’t describe the underlying functionality anymore. These services provide not only file reputation (which the local program may then use as part of some heuristic rule to allow the file to run or to block it), but they also provide strict detections (i.e. say “this file is malware”).
Simply said, more and more detections are moved online - first because of the size (you wouldn’t want to have gigabytes or terabytes of virus definitions on your disk), second because it’s faster (when a system or analyst decides that a specific file is malicious, it takes a few seconds to push this information online - and if you encounter this file the next second, it will get detected. If you wait for streaming updates instead, it takes a few more minutes. If you disable even streaming updates and wait for a “big” update of virus definitions, it can be hours later and the definition may be quite useless by then because the particular malware has been replaced with a different one in between).
So by disabling the “reputation services”, you significantly reduce the protection - and it’s reasonable to assume that this trend will continue (i.e. at some point either disabling these reputation services would basically disable the antivirus protection altogether, or that setting will just disappear from the program and it won’t be possible anymore). Not saying it will happen tomorrow, but the day will come I guess.
If the choice is between gigabytes of definitions on my disk, or sending information about the contents of my disk to some server, I choose the first. If an AV only does online detection, I will drop that AV. Have done it before. Will do it again.
I can’t remember which one. Years ago I was looking for a ultra light AV for an old PIII laptop with very little memory. Found one. After installation I noticed it didn’t have an option to disable the online cloud scanning. So it got uninstalled. I get that that is why it was so light, but that is not an acceptable trade-off for me.
Even today on my main machine I still scan files offline regularly. Precisely because even full installers these days often want online connectivity, and they won’t get it.
I find this thread very interesting because I share most of the OP’s concerns. It isn’t about cutting yourself off from everything, but about mitigating exposure. A kind of ‘need to know’ mindset to giving up information. Pick and choose. In the case of AV I am of the firm belief all scanning should be (able to be) done locally. I understand the benefits of moving that to the cloud, but I’m not comfortable with the implications that has.
Then I guess it is also quite important if a person chooses to remain “sharing” to find an AV program doesn’t sell data to third parties, even after removing personally identifiable information. It can be quite easy to “re-personalise” the data. It doesn’t take very much, especially with social media.
Another reason I do not like to transmit the data in the first place is because it ends up in places it shouldn’t be, such as on the deep web.
I’d still like to know what is sent when choosing to opt out. The alternative is to block all network traffic from the app and download updates manually, which I don’t really want to do unless I have to. If any of the data is sent unencrypted then it must be blocked.
An alternative would be to offer a prompt to ask if a suspicious file (perhaps identified by heuristics) can be sent for analysis. Once again, the user can define what they choose to do. I am perfectly fine with storing the signatures.
Indeed. This whole idea of anonimized and depersonalized data is pretty dubious. It sounds great. And if it actually worked that way, you might be OK with that. But in reality often the vast majority of depersonalized data can be reconstructed. And since there is value to be had by doing so, it is reasonable to assume some parties wil indeed try to do so, and succeed. The prudent thing to do is to not collect and transmit anything that is non-essential for basic operation of the AV. And what that constitutes depends on what trade-off an end user makes. It is pointless to debate this because it is a personal choice. You might opt for the best protection at a cost of some privacy, and I might choose a bit less protection but in the knowledge some personal information is not out there to be used or abused. And then it is up to me to make sure I have taken precautions for a worst case scenario.
I couldn’t agree more.
All I am after is the power to choose for myself and the information I require to effectively do so.
I don’t know who Avast sells the data to, I don’t know what other data has been purchased. I don’t know who they are or what their goal is. I know Avast is a business and if someone is going to pay, Avast will do precisely what they detail in the EULA and sell the data they have.
That tells me I need to keep my data to myself. I know the saying very well, “If you are not paying for the product, you are the product”. I am looking to purchase an AV product, I don’t expect and will not tolerate my data being sold if I am paying for the product.
While I support the way how avast! has evolved and improved, I’d also appreciate if they specified more clearly what exactly is being sent to avast! and that presented on a dedicated page. Like “www.avast.com/privacy”. The EULA is quite frankly VERY vague in this regard. I’ve gone through the stuff several times and it didn’t really tell me what feature does what, if it can be disabled and what exactly is being transmitted. So, I kinda understand the concerns of this user.
Nobody has confirmed what is sent when sharing is disabled. That’s why I wanted Avast to confirm or deny that information (aside from license/version info) is being sent. It’s not safe to assume when a company profits on the sale of the data, it’s best to ask.
This kind of thing should be public and known. The information should have been available, concise and clear.
That is why I didn’t ask question the legal department instead.