I upgraded to Avast 7 and soon noticed a lag when I start up applications. So I ran a sniffer to see and got a shock! Avast was sending back whatever apps I start, here is a snippet:
Remote Host vl.ff.avast.com
Remote Port 80
Service Name http
Capture Time 3/6/2012 11:58:36 AM
POST /F/...............snipped............... HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Host: vl.ff.avast.com
Content-Length: 122
........snipped..........*;C:\Documents and Settings\Administrator\Desktop\h2testw.exe2.ign:...
This raises security and privacy concerns. My Windows account name, my folder structures, application name are all sent back to avast and it wasn’t even encrypted.
And I have disabled all cloud and community functions within avast’s settings beforehand.
The sending of such information seems consistent with one or more avast features, but you say you disabled those. Have you gone back through all the settings and carefully double checked things to make sure for example that the avast community, WebRep, and FileRep (file reputation) features are disabled?
Is this happening a) for files you just downloaded/ran, b) for files that have been on your machine for awhile, c) both?
I checked again, under Settings, everything is unchecked in Cloud Services and Community.
I don’t see Webrep or Filerep, maybe because I chose a minimal install of v7.0.1407.
It sends back to Avast, all programs, new or old, for every new session of Windows; meaning, if I restart my Windows, it will log and send back the same programs I run again.
To me, its behaving like a keylogger or in this case a What-App-I-Use-logger.
I can understand if it needs to send back suspected malware infected file info but NOT every apps I run. And it is not encrypted, if someone is sniffing my traffic, he will have a very nice and complete profile of what I am doing on my computer.
Asyn, what was the bug? Since jamesc mentioned not seeing web or file reputation service settings… was the community feature checkbox not being honored?