I have used Windows Security (formerly Windows Defender) as my only real-time anti-malware and firewall protection for years on all my PCs. Coupled with some common sense about which websites I visit and which emails I click on, it has yet to fail me. Occasionally, I will double check my system with a scan by Malwarebytes but so far it has not found any threats missed by Windows Security. Over the years, Windows Security has improved and the version shipped with the latest versions of Windows 10 is excellent.
Here’s one more reason to avoid third-party options.
Avast antivirus caught spying on user data
by AshishMohta, TheWindowsClub.com
January 28, 2020
Avast antivirus is one of the popular antiviruses for Windows 10, which has been offering its services for free for many Home users. Shockingly, they had been caught spying on user data. A joint investigation by PCMag and Motherboard reports some scary findings. It turns out they had not been offering their service for free, but trading by first collecting sensitive user data, and then selling it. All through subsidiaries, but it is happening. If you are using Avast Antivirus, we highly recommend you to switch to Windows Security for complete security.
The report from PCMag and Motherboard comes via leaked documents. These documents talk about how they use the user data is collected, and confidentially sold to some of the biggest tech giants in the industry. The leaked data came from Jumpshot, a subsidiary of Avast. It is responsible for making the data presentable and available to clients, including Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Condé Nast, Intuit, and many others. The data includes information about user movement across the internet, what they click, and more.
The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person’s name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.
It uses the sneaky method where it gets user’s consent into an agreement. Post this, Jumpshot tracks user data in various ways.
- It tracks keywords and the results that were clicked.
- Track which videos users is watching on YouTube, Facebook, and Instagram.
- All Clicks Feed which offers device IDs attached to each click
- Data points like URL string referring URL, timestamps, suspected age, the gender of the user, etc.
Avast extensions for Chrome and Firefox were temporarily removed until Avast implemented new privacy protections. And as of January 30, 2020, Avast has shut down Jumpshot.
Looking at these reports, one thing is clear; it is getting tough to trust anything free. I would highly recommend not to use an extension unless it is necessary. If you only use an extension once in a while, keep it disabled or install it only when you need it.