I have been using a wide variety of security products over the years and this year I was so impressed with the latest free version of Avast I very nearly purchased the paid for version. I am now having second thoughts though as I have read the report linked above that, worryingly, found a number of popular products send the following information and files to the company (either encrypted or unencrypted, it is not clear):
- The computer name
- The Windows username
- The local IP address
- Information about third party applications
- Information about running processes
- Operating System event logs
- A list of all visited URL's
- The name and path of files
- Documents that may be classified as suspicious
I don't understand why, if the product sends a unique identifier for the user and machine on which it is installed, things like Windows username and computer name are required.
I have highlighted documents in the list as this is potentially the one most troublesome. It is entirely possible your sensitive documents could end up stored somewhere in EU/Russia/Korea/USA just because your antivirus product classified it a certain way.
There is a longer list of what information is sent, but some of this information, such as version numbers and operating systems, is obviously essential for updates and so forth.
AhnLab and Emisoft are two paid for products that won't send URL's or documents over the internet.
Making the choice between which product to use/buy should not have to be a choice that involves how much privacy you are willing to give-up, but rather how good it is at keeping you secure. At the moment though it seems to be both.