
Mozilla and Opera remove Avast extensions from their add-on stores - robin_reala
https://palant.de/2019/12/03/mozilla-removes-avast-extensions-from-their-add-on-store-what-will-google-do/
======
hirako2000
Avast even does some browser trickery to then be able to inspect tls/ssl
packets. Not sure how I noticed that on a windows machine, but the owner was
glad to uninstall it. As said on other comments, the built-in windows 10
defender AV is the least evil software to have enabled for somewhat a
protected endpoint.

The situation is desperate for AV publishers, they treat customers like
sheeps, the parallel with mafia ain't too far possible to make.

It sorts of reminds me 20 years back when it was common discussion to have on
how AV publishers first deployed a number of viruses to create a market.

The war for a decent form of cyber security and privacy is being lost. It's
getting worse every year. More money (billions) is poured into it. To no
avail.

I think we got to seriously show the example and reject closed source
solutions all together, stay away from centralized providers, question
everything we consume. The crowed will eventually follow.

~~~
joobus
I was forced to install this by my company on my mac. Avast breaks ssl/tls
certification, and in a browser with avast, every website is reported as
having an Avast cert. They basically mitm all browser traffic.

~~~
52-6F-62
I see your Avast and raise you McAfee protection on _everything_. Thankfully
we were able to remove it. It was literally destroying the machine (do
anything it considers a risky process and it would crank the CPU to 99% and
start to melt the thing) and rendering it unusable.

------
aba_cz
Jumpshot ([https://www.jumpshot.com/](https://www.jumpshot.com/)) is created,
owned and operated by Avast (same people sitting in the same offices using
same data/servers). 100% of data use for the analytics is provided by that
browser plugin. Nothing is anonymized. They (Jumpshot) have unique
user/hardware id, url, referrer, IP all browser information and others so they
can create their reports. I'm surprised that it surprises anyone after the
years of them doing that. They (Avast) are not a nice company.

~~~
gaspoda
Avast already sold Jumpshot.

~~~
palant
Since I'm currently looking through Avast investor reports: no, Avast didn't
sell Jumpshot. In fact, Jumpshot is one of their biggest growth areas. So they
closed a strategic partnership with Ascential who should help Jumpshot's
business grow even further. In return, Ascential was given the right to buy
35% of Jumpshot. The remaining 65% stay with Avast and Avast is continuing to
supply them with data.

~~~
aba_cz
And they are still hiring (Czech only)
[https://www.jobs.cz/prace/?company%5B%5D=1702000731](https://www.jobs.cz/prace/?company%5B%5D=1702000731)
(data detective is quite funny) if anyone wants to look into the private data
about your neighbor for example.

------
bad_user
I don't even understand why people use antivirus software. Sure, if you're on
an ancient version of your OS, like Windows XP, then it might serve some
purpose, but assuming modern versions of these operating systems, antivirus
software does more harm than good.

Worried about browser extensions?

Another problem is that popular antivirus software are also installing their
own root certificate so they can MITM secure HTTPS connections.

For example Bitdefender is able to inspect and modify your Google search
result without installing a browser extension. And this is a common practice.
See for example:

[https://blog.hboeck.de/archives/869-How-Kaspersky-makes-
you-...](https://blog.hboeck.de/archives/869-How-Kaspersky-makes-you-
vulnerable-to-the-FREAK-attack-and-other-ways-Antivirus-software-lowers-your-
HTTPS-security.html)

~~~
degenerate
If you are computer savvy, you understand the danger of opening "
_free_netflix.exe_ " from an ad you clicked, but the majority of people do
not. There are still good 3rd party antivirus that stay out of the way, as an
example I have been running Panda Antivirus (free edition) for a few years and
often forget it's installed until I pop in an infected USB or try to open a
questionable exe (such as a game mod patcher). If you have lots of click-happy
family members, 3rd party antivirus is a must. Just stay away from the big
names (Norton, Kaspersky, Avast, AVG, McAfee, etc). I used to run NOD32 but it
started becoming a memory hog in ~2015.

~~~
jermaustin1
> If you have lots of click-happy family members, 3rd party antivirus is a
> must.

I HAD lots of click-happy family members, but as soon as I stopped fixing
their computers and just formatting them, they stopped being so click happy.

~~~
carlhjerpe
I'd lie suggesting that a Linux Desktop is more secure than a Windows Desktop,
but my solution with my father's just been installing a Linux distro and
helping him there instead, considering there's no market to make consumer
viruses for Linux.

I've recently started looking at "Neverware CloudReady" (ChromeOS for regular
machines), i think that'd be the perfect OS for my father, considering almost
everything he does is done through the browser, but still has a few
applications that needs local execution. (And they seem to support the
Crostini Linux app beta thingy that Google is working so hard on for
ChromeOS).

------
jefft255
Modern antivirus software, to me, feels like a virus. Norton and McAffee are
especially guilty of this. They install browsers toolbar, do search engine
hijacking, constant nagging. They became the software they were supposed to
protect us against. I finally convinced my dad not to renew his Norton
subscription.

~~~
dessant
Windows Defender is a performant alternative to all the junk antivirus
companies put out. At this point it's fairly well documented that having a
third-party antivirus product running on your Windows device often exposes you
to security issues, even if the antivirus doesn't spy on you.

[https://www.zdnet.com/article/ex-top-mozilla-dev-to-
windows-...](https://www.zdnet.com/article/ex-top-mozilla-dev-to-windows-
users-ditch-all-antivirus-except-microsofts-defender/)

~~~
alibert
"Windows Defender is a performant alternative ..."

No it's not really [1]. You can check by yourself running `npm install` of any
medium sized project or if you are a gamer, launch Steam with/out Defender.

Even IntelliJ warns you about Defender performance impact in the IDE.

[1] [https://www.av-comparatives.org/tests/performance-test-
octob...](https://www.av-comparatives.org/tests/performance-test-
october-2019/)

~~~
Steltek
How does Defender compare against other antivirus options? Perhaps it's the
least bad? Obviously running more software will have a performance hit over
not running software. Especially when it almost requires constantly inspecting
the system.

~~~
basch
From a performance impact standpoint, based on just one test suite, it is the
worst on the market. [https://www.av-comparatives.org/tests/performance-test-
octob...](https://www.av-comparatives.org/tests/performance-test-
october-2019/) (and I linked to the same article in your parents comment...)

Avira and Bitdefender manage to rank in the top tier of performance impact and
protection every time I check. Both offer free products, and Bitdefender Free
is considerably less annoying, in my past experiences. Free antivirus is
actually one of the places where market competition forced a bunch of them to
clean up their acts and offer a good non invasive product. Avira still has
ads, but if you wanted one product on your pc and one on a home server, it
might make sense to use two vendors products.
[https://www.bitdefender.com/solutions/free.html](https://www.bitdefender.com/solutions/free.html)
[https://www.avira.com/en/free-antivirus-
windows](https://www.avira.com/en/free-antivirus-windows)

For one off system scans, besides the two mentioned above; ESET, F-Secure,
Kaspersky, Panda (and Emsisoft which has Avira and Bitdefender built in) all
offer great spot check products. ADWCleaner is indispensable.

It's interesting that "anti-virus" has now become the free component in
suites. You pay for things like VPN, password management, and home network
security. Kaspersky goes a step further and offers VPN and password management
in a free tier. [https://usa.kaspersky.com/free-
antivirus](https://usa.kaspersky.com/free-antivirus)

~~~
hrez
The reason I no longer use Bitdefender is because they forced MITM httpS in
the browser. It wasn't optional in free product and I don't know if it is in
paid. Has that changed?

~~~
basch
My understanding was that web attack prevention could be disabled, but then
the program icon showed you as "unprotected." It wasnt so much forced MITM as
misleading representation of your current state. If the user doesnt want web
protection, dont keep scolding them for it.

~~~
hrez
AFAIK free version didn't allow any granularity to disable web protection.

------
lousken
How did we end up here? Antimalware companies turning into spyware ones? And
how is this even legal? Just the fact that they add privacy policy makes it
legal?

~~~
Zelphyr
Everybody (except, unfortunately for the moment, our government it seems) has
realized just how valuable personal data is. That's turning not only
antimalware companies into spyware companies but also search engines, TV
manufactuers, etc... I don't think it's really going to change much until we
as consumers really start to push back.

Sadly, I don't see that happening anytime soon because anytime I mention it to
non-techical family and friends the reply I get back is a near unanimous shrug
and some mumbling about their not having anything to hide. Of course,
inevitably this evolves into them complaining incredulously about their phone
listening to them "because so and so talked about such and such product the
other day and I NEVER talk about that but when I got home all I saw were ads
for that product and how dare they?!" My forehead hurts from frustratedly
banging it against the wall.

------
aarongray
What does a virus do? Makes your computer run slow, spies on you, and asks you
for money

What do most antiviruses do? Makes your computer run slow, spies on you, and
asks you for money

------
gregjw
What's with all of these unethical antivirus companies infringing privacy for
a profit? Surely they're becoming exactly what they're trying to combat..

~~~
skocznymroczny
It's possible that they're trying to reach new markets. The environment
nowadays is much safer than it was 10 years ago. Java applets are dead, Flash
is dying, and adblocks are common. Outside of few specific security holes,
Javascript sandbox is working well and protecting users from drive-by attacks.

USB/CDs are not as common as in the past, so people don't spread viruses from
one machine to another. P2P networks and torrents are also less popular
because of the wide availability of legal content at low prices.

------
AznHisoka
SimilarWeb have similar extensions doing essentially the same thing. this
stuff has been going on for well over 5 years but Google has done nothing
about it.

~~~
a3n
Professional courtesy.

~~~
AznHisoka
Is something similarweb doesn’t have. I know.

------
takeda
Avast got from the best (free) AV solution to join the scum AV that is
malware.

~~~
wruza
Free cheese is always a part of a mouse trap.

------
IvanK_net
I wonder, that many people are scared of websites doing something they don't
want them to do, but nobody is scared of extensions.

Extensions have much bigger permissions than websites. I never used any
extension in my browser. I think it is already enough, that each website knows
what I do on it, what I click etc. I don't need some third party to know, what
I do on all websites.

------
s1k3b8
Many years ago, I remember that avast was one of the antivirus software
recommended over norton/mcafee/etc. Seems like all the idealistic and "good"
tech/software eventually goes bad. Is it money that ultimately corrupts? From
google to avast, they all seem to go from saints to sinners. Maybe I was just
naive back then and they weren't saints to begin with.

------
ndesaulniers
Didn't a bunch of Mozilla execs leave for Avast? Ironic, if so.

(Looks the they went to AVG which got acquired by Avast)?

------
obenn
At this point I think the only options are using the built in OS security for
personal use, and endpoint protection like fieldeffect.com or crowdstrike.com
for businesses.

------
Ceezy
Farewell!!! How this stuff is even possible?

------
badness
Seeing so much talk on various AVs being bad, how does bitdefender stack up in
vileness?

~~~
Nextgrid
I had an incident at a client recently where their employees' (macOS) machines
would have issues connecting to services on Localhost. The client's request
would arrive to the server just fine, but the client would immediately get a
connection reset ("empty reply from server" in curl) without getting the
response from the server. Eventually we tracked it down to a BitDefender
update.

------
pragnesh
why gdpr law does not apply to them ?

~~~
dessant
It does, but people rarely take the time to report illegal behavior that they
encounter online.

~~~
allendoerfer
Mozilla's mission is to build a better internet. In my opinion, they should
totally use legal measures to do that. I would take part in crowdfunding it.

~~~
iicc
Check out [https://noyb.eu/support/](https://noyb.eu/support/)

>[https://noyb.eu/privacy-kickstarter-first-100k-for-
noyb/](https://noyb.eu/privacy-kickstarter-first-100k-for-noyb/) Mozilla
supported them with €10,000 when they were starting out.

~~~
literallycancer
This is great. There's some interesting info about progress of ongoing
projects in the projects section:

 _When relying on consent as a legal basis to process personal data, companies
need to comply with the stringent requirements contained in the GDPR. In May
2018, noyb filed four complaints; in France against Google, in Austria against
Facebook, in Belgium against Instagram and in Germany against Whatsapp. The
reason was that these major companies adopted a “take it or leave it”
approach, forcing their users to consent to both their privacy policies and
terms in full in order to keep using their services.

In January 2019, following our complaint the French supervisory authority
(CNIL) imposed a 50 million euro fine on Google over the company’s invalid
consent mechanisms. The sanction was appealed and a hearing date before the
French Conseil d’Etat is yet to be set. All three other complaints (Facebook,
Instagram and WhatsApp) triggered the European cooperation mechanism and are
still being investigated today. We are carefully monitoring the cooperation
between the Irish DPC and its counterparts and are hoping to hear back from
our latest submissions in the near future._

