Use These Antivirus And Anti-Malware Apps Instead Of Avast

Screenshot: David Murphy

If something is free—especially if it’s a complicated something, or something you’d probably have to pay for otherwise—the familiar saying is often true: You’re the product. It’s one of the reasons you’re always being advertised to across the web. Search engines, email services, messaging platforms, or other apps and services you fancy cost money, and companies have to recoup that somehow (and profit).

This is why I think you should reconsider using Avast’s free antivirus product. As a collaborative report from Motherboard and PCMag found, an Avast subsidiary, Jumpshot, scoops up data from Avast antivirus users and sells it to advertisers, who can then combine it with other data they have on your activities to track you in great detail. According to Motherboard’s article:

“Avast collects data from users that opt-in and then provides that to Jumpshot, but multiple Avast users told Motherboard they were not aware Avast sold browsing data, raising questions about how informed that consent is.

The data obtained by Motherboard and PCMag includes Google searches, lookups of locations and GPS coordinates on Google Maps, people visiting companies’ LinkedIn pages, particular YouTube videos, and people visiting porn websites. It is possible to determine from the collected data what date and time the anonymised user visited YouPorn and PornHub, and in some cases what search term they entered into the porn site and which specific video they watched.

Although the data does not include personal information such as users’ names, it still contains a wealth of specific browsing data, and experts say it could be possible to deanonymise certain users.”

Avast got nailed last year after security researcher Wladimir Palant found the company’s browser extensions were sending your browser’s web history straight to Avast. As a result, Google, Mozilla, and Opera all removed a number of Avast’s extensions from their add-on directories until Avast cut out the offending behaviour. As Avast recently told PCMag:

“We completely discontinued the practice of using any data from the browser extensions for any other purpose than the core security engine, including sharing with Jumpshot.”

Screenshot: David Murphy

To Avast’s (slight) credit, the company does provide users a pretty obvious splash screen when asking users to share their data. However, as PCMag correctly notes, this screen doesn’t detail that companies could combine this data with other information they have about you to create a pretty accurate profile of who you are and what you do. Nor are users given any instructions on how to delete any data you’ve already shared with Avast/Jumpshot (if that’s even possible).

Similarly, Avast spells out just which services collect and submit your data in its tiny-font privacy policy, which most people likely don’t read. That includes:

  • Browser Cleanup is a module inside Antivirus for Desktop (Windows) which inspects the browser extensions of most browsers, tries to identify malicious extensions and offers to remove them. Browser Cleanup is on by default. You may opt-in for processing of cookie data (internal identifier (GUID), product version, time information, source browser, cookie domain, cookie name, cookie value) for trend analytics purposes, Avast consequently provides this data set from a free version of this product to enable Jumpshot to build products and services. For more information please see our Consent Policy.”

  • Web Shield scans data that is transferred when you browse the internet in real-time to prevent malware from being downloaded and run on your computer. By default, Web Shield is configured to provide optimal protection when switched on. If Web Shield function is active and you opt-in for processing of data (internal identifier (GUID), product version, time information, stripped URLs (unless cached), carefully selected aspects of certain pages without identifiers, selected requests) for trend analytics purposes, Avast consequently provides this data set in a stripped and de-identified form from a free version of this product to enable Jumpshot to build products and services. For more information please see our Consent Policy.”

I’ve already installed Avast. Now what?

If you do nothing else, I recommend pulling up Avast’s settings (via Menu > Settings) and visiting the “Personal Privacy” section. Within there, uncheck every option Avast offers:

Screenshot: David Murphy

Honestly, I’d go ahead and uninstall Avast entirely, because you don’t really need a third-party virus scanner on your desktop or laptop—at least, not on Windows 10. The free antivirus app baked into your operating system, Windows Defender, is plenty potent and isn’t packaging up data on everything you do to and selling that to third-party companies.

If you need a little more firepower, you could also install a separate anti-malware app like Malwarebytes (whose privacy policy you can read here). Stay on top of it, though, in case any future policy changes push Malwarebytes more into “tracking and selling” territory than “useful antimalware application.” It never hurts to be sceptical. (I’m also a fan of Malwarebytes’ Adwcleaner, if you need a little extra help to clean a crap-filled system.)

Otherwise, you can also check out an open-source virus and malware scanner like ClamAV. I can make no promises about its privacy, but as an open-source project, it’s at least more transparent about what it’s doing than other third-party apps.

As for Mac users, the common convention is to shrug your shoulders and smile at your Windows brethren—Macs don’t get viruses, after all. Right? Not quite. Macs can get hit with viruses and malware; it’s just rarer. Less rare, possibly, if you have no common sense whatsoever and click on or download anything and everything you see on the web.

If you’re reasonable and don’t try to install things that sound strange, or grant system permissions to everything that asks for it out of the blue, you should be fine. Keep your system updated with the latest security patches, grab Malwarebytes, and run a strong ad blocker in your browser. Fire up Malwarebytes it every now and then to give yourself a quick check-up against malware and other crap, but you probably don’t need a more comprehensive virus-scanning setup than that.

This article has been updated since its original publication.


Comments

    I would still give Avast a vote of confidence for it's results and it's cpu/ram footprint...as long as you use it right. The main issue here I think was the extension, which was always a terrible idea to install. And of course the privacy options you mentioned. If you disable it's data sharing abilities it's a great and unobtrusive tool.

    This year there's already been two viruses that slipped by my Windows defended main PC that my Avast PC caught instantly when I recreated the same scenario.

    I have been running ClamWin on both Desktop and Laptop. It updates on a regular basis and I feel secure enough. For Browser protection I use Cliqz, it has anti-tracking and ad-blocking technology and all my emails are encrypted through Proton-mail.

    These kinds of programs start off well and you begin to trust them - THEN they start getting cocky and change things without making it obvious. Just discovered a similar situation with Comodo Firewall. It's been great for years and all of a sudden it starts chewing up my SSD with a file called CMDDATA eating up 97GB and growing. Can't trust anyone these days.

      I tried Comodo years ago and uninstalled it because of the reasons you mentioned above.

    Just checked ClamAV out and like many open source programs, the installation is a cludge that most windows users won't be up for. Even on the exe installer you have to run some CLI commands (according to the instruction html file, I didn't test it) - why? This could have included a script to do this automatically. It's as if many open source programmers like making installation harder to prove some sort of point.

    There is simply no excuse for any install package to require CLI commands, we are 20 years into the 21st century, people. If massive app packages like Adobe CS, Office etc can install with one or two clicks, a simple AV should be able to as well. I appreciate the effort the OS community goes to for the software they create, by why mess it up in the final stages with a cludgy installation system? This will stop most users from using it, so what's the point?

Join the discussion!

Trending Stories Right Now