
AVG can sell your browsing and search history to advertisers - SimplyUseless
http://www.wired.co.uk/news/archive/2015-09/17/avg-privacy-policy-browser-search-data
======
Stratoscope
I hate antivirus software with a passion. I've wasted too many weeks of my
life hacking around bugs that antivirus programs introduced into my customers'
systems.

A couple I've dealt with in the last six months:

McAfee Antivirus causes applications built with Unity 4 to fail when they call
WWW.LoadFromCacheOrDownload() on a large asset bundle. This API call downloads
a temp file and then renames the file to move it into the cache. But McAfee
also opens the file for a virus scan. For a large file, the virus scan may not
complete before Unity tries to rename the file, so the rename fails and you
never get the asset bundle.

For one client I fixed this by patching Unity's .exe file to add a retry loop
on the rename call. Unity 5 also works around this issue with the same retry
loop.

AVG Antivirus causes updates to fail for applications that use wyUpdate.
wyUpdate calls the CreateMutex() function in the Windows API to make sure
another updater instance isn't already running. Bizarrely, when AVG is
installed, CreateMutex() returns the wrong value, so wyUpdate thinks another
instance is running and bails out. No updates for you!

Going back a few years, I tried NOD32 after some friends recommended it. It
seemed fine, except the Alt+Tab key no longer worked. It was a known bug,
unfixed for some time.

About 5-6 years ago, McAfee had a known bug - unfixed for nearly a year - than
under some circumstances it would erase the entire hard drive. This was the
ultimate in virus protection!

~~~
userbinator
False positives are the other dark side of AV; here's AVG detecting completely
innocuous "Hello World" programs as potential threats:

[http://www.cplusplus.com/forum/beginner/67634/](http://www.cplusplus.com/forum/beginner/67634/)

[https://groups.google.com/d/topic/mingwusers/kFrCqECTY_Y](https://groups.google.com/d/topic/mingwusers/kFrCqECTY_Y)

Along the same lines, it's rather common that keygens/cracks/patches are
detected as false positives too:

[http://underlore.com/anti-virus-community-creates-false-
posi...](http://underlore.com/anti-virus-community-creates-false-positives-
for-fun-and-profit/)

~~~
kbenson
Maybe the Ken Thompson Hack[1] is alive in the wild, or AVG just believes it
is. ;)

1: Reflections on Trusting Trust:
[https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html](https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html)

~~~
mattkrea
That's exactly what XcodeGhost is/was

------
forcer
AVG has a long history of doing scammy things. Starting from pushing toolbars
heavily, flagging software that is harmless but poses competition etc. They
will never change. Unfortunately, most of the public is not knowledgeable
enough to understand this. In Czech Republic many people see this company as a
national pride. I have been dealing with that company for a while and
certainly do not agree with my fellow countrymen.

~~~
x0x0
The thing that befuddles me is if someone came up to you on the street and
handed you $100, you'd most likely refuse until you could figure out what the
catch is. If someone offered you free movies or music on the internet, you'd
either assume they were stolen or there was a catch. But when people download
software that was both complex to build and intricate and expensive to
maintain, they assume that there isn't a catch. I don't understand.

~~~
cm2187
linux is free. What is the catch?

~~~
x0x0
Significant expertise is required to install, configure (sound, sleep, 3d
accelerators, multiple monitors, printers, scanners, projectors), and maintain
the os.

~~~
vetinari
> Significant expertise is required to install, configure (sound, sleep, 3d
> accelerators, multiple monitors, printers, scanners, projectors), and
> maintain the os.

Worked out of the box for me (sound autoconfigured, sleep via thinkpad acpi
autoconfigured, intel gpu autoconfigured, external monitor via thunderbolt
autodetected, one network printer/scanner autodetected via bonjour, other
network printer/scanner had driver package from the vendor on the web, were
projectors ever a problem?).

Did I do something the wrong way?

~~~
ygjb
Linux does work out of the box if you buy hardware from a company that has a
very large corporate install base (Dell, Lenovo, etc).

Linux also works really well if your hardware isn't bleeding edge.

The part where Linux becomes hard to use and requires expertise is learning
the new UX, understanding what software and tools are no longer available and
figuring out how to live and work with the alternatives that exist.

The degree of technical proficiency that you have is probably relevant to your
"out of the box" experience - you are reading and posting on HN, which means
that your level of technical knowledge is probably higher than most users
given the typical audience of this site.

------
TAM_cmlx
As a possible note of interest, I had to disable AVG in order to read this
article.

~~~
blumkvist
How come?

~~~
TAM_cmlx
Original link was to slashdot, I think. AVG said "Could be a Trojan Horse
Host" and then gave me a cheerful green bar and said, "Threat has been
successfully removed."

------
ndesaulniers
A few Mozilla execs have left and gone there.

* Gary Kovacs: Former Mozilla CEO: [https://www.linkedin.com/in/garykovacs](https://www.linkedin.com/in/garykovacs)

* Harvey Anderson: Former Mozilla Chief Legal Counsel: [https://www.linkedin.com/in/harveyanderson](https://www.linkedin.com/in/harveyanderson)

* Todd Simpson: Former Mozilla CIO: [https://www.linkedin.com/in/tgsimpson](https://www.linkedin.com/in/tgsimpson)

* Rick Fant: Former Mozilla VP of Marketplace: [https://www.linkedin.com/in/rickfant](https://www.linkedin.com/in/rickfant)

~~~
hvis
It would be a lot more suspicious if you showed the reverse flow of personnel.

The above just indicates that some people might start to prefer, over time, a
cushier job at a less-scrupulous corporation.

------
tempestn
AVG is clearly circling the drain at this point and doing anything and
everything to squeeze out as much revenue as possible before the music stops.
Another example is AVG Secure Search, which is effectively malware snuck in
with AVG installs. I recently spent a good many hours trying to get it off of
my wife's computer, since it doesn't have an uninstaller and the removal tool
they provide on their website doesn't work (or at least didn't on her
machine). In fact, in researching the issue I came across multiple cases where
it not only didn't work, it also deleted people's bookmarks. The program also
appears to use common malware techniques to prevent manual removal. And of
course, this kind of thing has been going on for years, and the company gives
no impression of caring. It really seems like they're now using their
experience with malware to... create malware.

------
bedhead
There is no shortage of scammy software companies like AVG, but what always
cracked me up about AVG was their logo. Do you think it's a coincidence that
it bears a strong resemblance to the Windows logo?? Why might that be, hmmmm?
Maybe so a bunch of unsophisticated users get the impression it's a real
product somehow related to Microsoft?

The company is a joke like all the other toolbar companies. I wrote to a
number of financial journalists at the WSJ a few years ago begging them to
write an expose on these firms and Google's compliance in allowing them to
exist. No one ever wrote me back.

------
nadams
When AVG was first launched it was a great AV product. Now, like most services
have gone the evil direction. It became pretty obvious they went downhill
after directing people who want the free version to buy their other products.

I've been uninstalling AVG and replacing it with Microsoft Security
Essentials. I know a lot people will be upset over that because [their
favorite AV] catches X% more viruses and malware than MSE. But you know what -
MSE is light, made by the same company who made the OS, and catches most of
the common viruses.

~~~
mattmanser
Last time I looked MSE had fallen way behind everyone else. I could be
completely wrong now.

~~~
imglorp
This may be an unpopular theory, but I believe an insecure system was in MS's
best interest. This would explain their weak tools and poor security.

------
Kenji
Who the hell uses an anti-virus in 2015? Those things slow down your PC by
like 20% for almost no benefit at all. Just don't open suspicious executables
(e.g. from torrents), keep your OS and tools up to date and lock your browser
down when it comes to plugins and JS execution.

~~~
Asbostos
Exactly. It's amazing how many people don't realize that this is all you need
to do. Antivirus is only for people who don't follow those two rules.

Well JS is fine as long as the browser is up to date. Normal people aren't
going to be hit by zero-days.

~~~
Kenji
Well, a couple of years ago I was hit by a drive-by virus. Just opening a
website in (up to date) Firefox literally opened .exe files on my PC and
infected the entire OS. I burnt my hands once - not again. This might be an
anecdote to you but boy that scarred me - the idea that clicking a link could
compromise my entire system like that.

Even then - an antivirus program is unlikely to stop such an intrusion. It's
just utterly ineffective, and I got viruses before despite having an anti-
virus. Also, my anti-virus always deleted my hacktools and own programs which
was a nuisance. Hence I don't use it anymore.

------
DinkyG
Just finished uninstalling AVG...

~~~
g0v
I recently switched from Bitdefender to AVG, and like you just uninstalled
AVG.

I'm not sure where to go from here.

~~~
newjersey
(Assuming you're using Windows)

Are you using a recent version of Windows (8, 8.1, or 10)?

Do you have automatic updates enabled?

Do you have standard Windows features such as User Access Control enabled?

Do you use the computer with a standard user account as opposed to an
administrator (root access) user account?

If the answers to all these questions are yes, I'd say you don't need an
antivirus solution. Don't listen to the scaremongers. Microsoft has got you
covered.

~~~
mtgx
Depends what you're doing. If you like to play with a lot of risky torrents,
then Windows Defender may not suffice. I also don't think Windows Defender
does a great job at protecting you against infected removable media either.
Avira seems to be pretty good at all of that and light weight.

For risky websites, a combination of Chrome, WOT, ublock origin, HTTPS
Everywhere and Sandboxie and/or Malwarebytes Anti-Exploit (zero-day
protection) should suffice.

Using a Standard (non-Admin) Windows account and being up to date goes without
saying.

~~~
cortesoft
Risky torrents are what VMs are for.

------
hakzer
And PCI compliance still requires antivirus ;(. What a crock.

~~~
sokoloff
Or a compensating control.

------
kuyan
Is there any "good" antivirus? I personally don't use any antivirus software,
but I usually install Microsoft Security Essentials for not-quite-tech-savvy
family members.

------
belorn
It used to be that government would go after those for deceived people for
money. Bait-and-switch is one of the oldest form of fraud there is and its
fairly easy to do with 40 pages "policy" written in legalize.

~~~
grrowl
Well, the government isn't being effective against the true criminals here
(the virus developers), and anti-virus isn't free, and government isn't
subsidising AV software. Something's gotta give.

------
ddmf
Went to look at the story with my AVG 'protected' laptop and couldn't view it
because the website may be a trojan!

------
dang
Url changed from
[http://slashdot.org/story/299691](http://slashdot.org/story/299691), which
points to [http://news.softpedia.com/news/avg-proudly-announces-it-
will...](http://news.softpedia.com/news/avg-proudly-announces-it-will-sell-
your-browsing-history-to-online-advertisers-492146.shtml), neither of which
are very informative.

I found the Wired article by using the 'web' link we added last week to search
on the title (which I had to modify a bit). If anyone can suggest a better
URL, we'll change it again.

------
zero-rated
Hasn't most free software been doing this all along? I assumed they already
were.

------
outside1234
If you aren't paying, you are the product.

~~~
tzmudzin
So how much did you pay for your GPL software? Or for posting your comment? Do
you expect to pay with your privacy for those?

For sure there's no free lunch, but I believe you're making it too easy for
AVG. An antivirus is a piece of software one normally trusts. It's a shame if
this trust is misused. And let's not deceive ourselves that users will attempt
to understand fully the technical stuff behind the data privacy statement they
put out. While trivial for an IT person, the jargon will not be understood by
non-techies.

~~~
foolrush
Indeed.

The “If you aren't paying you are the product” is an anachronistic and
ignorant trope leveraged in fanfolk wars. It excuses those things that are
paid for and are further monetised. Take for example your music purchases and
a “You might like...” suggestion list; you have paid for the system, purchased
music, and surprisingly your purchases are being tracked and further
monetisation is attempted. Vast troves of interaction data is accumulated and
analysed ad infinitum[1].

Free lunches _do_ exist as well, as anyone with a good friend or child will
attest to.

The slogans of hypercapitalism are rampant, none of which do justice to the
complexities of context.

[1] Yes Apple is included in this, as we know from the extensive market
research revealed via the Samsung lawsuit and the fact that Ping no longer
exists.

~~~
CamperBob2
"If you aren't paying, you're the product" is exactly correct when dealing
with commercial software, GPL and otherwise. That's the idea behind the word
"commercial." Commerce is taking place and somebody is making money, whether
by offering paid support for GPL software at one end of the spectrum or by
selling you out to advertisers at the other end.

I distinctly remember opting in to Apple's music suggestion service. Was that
true for AVG's customers?

~~~
AnthonyMouse
> Commerce is taking place and somebody is making money, whether by offering
> paid support for GPL software at one end of the spectrum or by selling you
> out to advertisers at the other end.

RedHat is a commercial operation that makes money by selling support contracts
for GPL software they produce. But I haven't bought a support contract even
though I use some of their software without paying anything, so am I the
customer or the product?

~~~
CamperBob2
You're neither. You're not a part of their business model at all.

Your relationship with Red Hat is very different from your relationship with
Apple, Microsoft, Google, or AVG. That _should_ go without saying, but
apparently it doesn't.

~~~
AnthonyMouse
> You're neither. You're not a part of their business model at all.

Sure you are. Platforms have network effects. They're better off if you use
their software than if you use Windows, even if you don't buy a support
contract.

So the exchange is that you get free software and they get network effects.
It's not an adversarial relationship where you have conflicting interests
regarding how much they'll be paid or how much privacy they'll take from you,
because network effects don't hurt you (as long as the vendor is not a
monopoly) -- if you're using the software then they help you.

Sometimes there _is_ a free lunch.

> Your relationship with Red Hat is very different from your relationship with
> Apple, Microsoft, Google, or AVG. That _should_ go without saying, but
> apparently it doesn't.

That's the point. "If you're not paying you're the product" is thereby
disproved. You can have a relationship with a commercial entity in which
neither is true.

Worse, the implied alternative is also wrong. You can be paying _and_ be the
product, as you are with Windows 10.

If you want something to take home, it's this: _Stop patronizing companies
that convert your privacy into their money._

------
silveira
Antivirus was one of the main original reasons I left Windows and started to
lean to Free Software. In one hand I had the virus, in the other I had the
antivirus, both options were terrible.

------
ryanschneider
Personally, I think if they a) are very upfront about this (clearly stated
during install) and b) offer a paid alternative then I'd be fine with this.
There's actually some synergy if they do things right: you were most likely
infected by a site you visited (most likely a malicious ad), so if they also
use this data to track sources (which isn't clear) then it could even make for
a better product.

Of course if they aren't being clear about the data-for-product swap then I'm
not in favor.

~~~
rhizome
_Personally, I think if they a) are very upfront about this (clearly stated
during install) and b) offer a paid alternative then I 'd be fine with this._

To be sure, you don't really know if you'd be fine with this because it's
never been tried, and probably won't, because no company dealing user
information out the back door has ever given any indication that they are open
to giving up even a shred of this business line.

------
jupiter2
The irony... a product that is suppose to protect you from malware becomes the
very tool that engages in illegal and unconstitutional data-mining.

There used to be a distinction between services offered on the web and apps
running on the desktop (spyware, illegal). Windows 10 changed all that (along
with lots of help from mobile OSes). It's (constitutional) criminal behavior
(eula or not) and should be classified as such.

~~~
pixl97
>There used to be a distinction between services offered on the web and apps
running on the desktop (spyware, illegal). Windows 10 changed all that

I don't think you've paid much attention, but that had changed long before
Windows 10. This is just _Microsofts_ big foray into that dark market. For
years other companies have done the same thing.

~~~
jupiter2
"I don't think you've paid much attention, but that had changed long before
Windows 10."

You basically repeated everything I just said. You see... I do pay attention.
Along with "lots of help from mobile OSes", Microsoft's big push into
embedding spyware into a __Desktop __OS has completely changed the game. It
has given applications - __running on user local machines __\- license to
install spyware (which is still considered illegal under the law).

