Can anti-virus programmes read your personal files & data?

[jko]

It stands to reason that if a virus scanner like AVG or Avast can examine all the files on a hard disk they must also in theory be able to read the content....?

If so, this would represent a total collapse of privacy.

Does anybody know more?

[dave_boo]

No.

To understand why, think of all the different file formats there are. In order for the anti-virus software to open every possible file and examine it for any possible malware, the antivirus install would have to be huge. Would have to support Office, multimedia, imaging, etc. all of which would then have to be opened every time and checked.

Instead, anti-virus software uses 'signatures' that it compares the files to. Obviously this has issues in regards to it only catches the viruses that are known.

The best defense is to never install programmes that come from unknown sources, disable macros everywhere, don't let Java run willy-nilly, and delete/block somebody from your email account if they send an unrequested attachment.

Or just run Linux.

[innerspace]

Would disagree.

Can they: yes.

Do they: yes.

Do they pay attention to data: no, unless matching previously mentioned signatures.

Do they understand your data: no, those porn pics are just ones and zeros, but hopefully safe

Sent from my GT-N7100 using Thaivisa Connect Thailand mobile app

[Chicog]

Of course they can. But it would be really bad for business if they did.

And to be honest they are mostly useless nowadays anyway.

[rhythmworx]

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

[wolf5370]

Most AV software can be told to ignore folders and file types - many ignore text documents anyway and hit executables and binary files only (unless told to examine all files). If you are worried, simply use an encrypted folder (Truecrypt is free), AV's cannot open encrypted folders and will ignore them - or log a warning. As said above the files are not read, but are compared against signatures of known viruses (heuristics in modern AVs will allow for fuzzy compares for near matches too). There are often millions of files checked, it would take ages to read each one and scan for salient details to steal - would be very unlikely to be very successful even if it did - and would not be able to read every file type anyway (although many are text based these days - XML - which makes reading easier). Word etc has the option to encrypt files when saving.

AV companies rely on reputation - unless you are using some unknown AV, then there is no chance they would risk doing something with so little value - they would need to be the NSA to cope with the load!

[falang07]

and I would say NSA has their backdoors long time ago implemented into antivirus programs, same as they did with TrueCrypt and I am sure with Windows, too

[falang07]

No.

To understand why, think of all the different file formats there are. In order for the anti-virus software to open every possible file and examine it for any possible malware, the antivirus install would have to be huge. Would have to support Office, multimedia, imaging, etc. all of which would then have to be opened every time and checked.

You are wrong. Office readers. PDF readers, or image viewers can be incredibly small, much smaller than the antivirus install package is nowadays.

[KittenKong]

Any installed programme can read all your files and data, and do anything it wants with them including (but not limited to) altering them, encrypting them, deleting them, copying them or (the most dangerous) uploading them to some other computer or server or even sites like YouTube. This is why viruses/trojans are such bad news, and a programme that just uploads your files could be tiny.

All installed programmes can also track your keystrokes and mouse movements, and any other activity, and take screen captures as it wants. If you have a mic/webcam the programmes can also record video and audio without you knowing.

The hope is always that they wont do any of the above.

Edited July 18, 2014 by KittenKong

[HUAHIN62]

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

Please send me all your email addresses and passwords that I can look at everything you do, think and say. If you have nothing to hide you have nothing to fear.

[manarak]

don't be worried about well-known anti virus programs.

yes, they can read everything on your computer.

privacy problems would almost with certainty by quickly discovered by third parties and reported.

the best way to protect your computer is to use system access protection with sandbox (example: comodo) and also a firewall (comodo) in addition to an antivirus.

unfortunately, it takes quite some skill to achieve good security

[stronzza]

Most AV software can be told to ignore folders and file types - many ignore text documents anyway and hit executables and binary files only (unless told to examine all files). If you are worried, simply use an encrypted folder (Truecrypt is free), AV's cannot open encrypted folders and will ignore them - or log a warning. As said above the files are not read, but are compared against signatures of known viruses (heuristics in modern AVs will allow for fuzzy compares for near matches too). There are often millions of files checked, it would take ages to read each one and scan for salient details to steal - would be very unlikely to be very successful even if it did - and would not be able to read every file type anyway (although many are text based these days - XML - which makes reading easier). Word etc has the option to encrypt files when saving.

AV companies rely on reputation - unless you are using some unknown AV, then there is no chance they would risk doing something with so little value - they would need to be the NSA to cope with the load!

OT

Wasn't Truecrypt compromised?

https://isc.sans.edu/forums/diary/True+Crypt+Compromised+Removed+/18177

[cup-O-coffee]

If you are that paranoid, use Sandboxie. Its user configurations and settings removes the possibilities of anything suggested here.

Edited July 18, 2014 by cup-O-coffee

[belg]

are you james bond or julian assange ? that you have so many secrets, wealth, that hackers want to steal ?

[SpaceKadet]

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

Unfortunately, it is not you who decides if you have something to hide!

A fair dose of paranoia is a healthy thing in the interconnected world.

[MrBrad]

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

Unfortunately, it is not you who decides if you have something to hide!

A fair dose of paranoia is a healthy thing in the interconnected world.

Furthermore, this is an egocentric if not self-indulgent stance, thinking "I have nothing to hide, so why worry?" The same is often heard when it comes to law enforcement authorities in other areas of our lives.

Certainly we have family members and friends who may get caught up in spying or entrapment. Undoubtedly our lives would be affected if someone else whom we know were to be imprisoned. It's not just ourselves that we should be concerned about. In reality we should worry even if we, ourselves, have nothing to hide.

[hercdogules]

I worked for an anti virus company for one month in LAX. Answer is, they can hold your computer hostage. This was the try now, pay later variety. And they left files/footprint on the computer embedded in the system which communicated back to the central server farm and sent messages back and forth. I left - It was the most scandolous thing I've ever seen. I yelled at the Armenian guy managing it and told him he should be in jail. Arrogant prick too.

I've also worked for another company who embedded files into Windows so that it could go to a "safe" backup before booting. Literally underneath the OS.

Yes they can. Yes they do. Yes they will. And you don't think the NSA is involved or whatever gov't agnecy of choice?? LOL. If you have software on your computer that has any sort of client/server connection, you are vulnerable. You need to decide what you are willing to risk. There are ways of storing files on external drives and observing only when disconnected from internet.

I am looking into this right now: http://makezine.com/projects/make-36-boards/how-to-bake-an-onion-pi/ as well for autonomous browsing

I have a 25+ year computer career. I was a mainframe system programmer. Before there were PC's, I was the guy trying to describe to you what my job was - if you've ever been involved in that conversation. I saw the internet before there where pretty pictures - worked for gov't/education hospital on the .edu network.

Please due diligence. But... if you are doing something dastardly, I honestly hope you get caught. There should be no protection for child molestors, thieves, or the like, period. If you are simply wanting to remain private - as your right, I wish you the best of luck!

Best solution is the TOR browser with anonomous IP. Can set this up for beans. If anyone is interested, would love to have a PI group in Thailand to consult with! Can be bought on Ebay and sent here. I have the links!

[hercdogules]

http://www.ebay.com/itm/Raspberry-Pi-Tor-WiFi-Access-Point-for-Easy-Anonymous-Internet-/251483535883?pt=US_Wireless_Access_Points&hash=item3a8d963a0b

[Rorri]

Thais would say the OP "thinks" too much. In this case they are right, if he worries so much he should be online....geez.

[Rorri]

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

Unfortunately, it is not you who decides if you have something to hide!

A fair dose of paranoia is a healthy thing in the interconnected world.

Anyone who is that paranoid should either not be online or should be using an external HDD to store their "sensitive" files.

[Thomas Hannah]

YES,,Do you notice,,your computer,,starts to run slow..then you get,,we can sell you registery to speed it up..All anti virus companys,,have gateways in to your computer,,I know a few lads in the past,,They are honest lads,Computer wiz kids,,,There is no computer,,that you cannot get into,,Read the news..How many times do you see goverment data hacked,,My brother argued this once,,and his mate came up to him,and gave him £20..He had taken it from his bank..But this guy,,did all the police work..for them..A tip..if your computer breaks,,Be carefull who fixes it,,Never give it to a charity,,smash it up,,and burn it,,Try to find a wiz kid,,you will be amazed,,at how many hidden files,,are already on your computer..Ive also heard of the chinese putting viruses ,,on new computers,,Scary ,,

[wolf5370]

Most AV software can be told to ignore folders and file types - many ignore text documents anyway and hit executables and binary files only (unless told to examine all files). If you are worried, simply use an encrypted folder (Truecrypt is free), AV's cannot open encrypted folders and will ignore them - or log a warning. As said above the files are not read, but are compared against signatures of known viruses (heuristics in modern AVs will allow for fuzzy compares for near matches too). There are often millions of files checked, it would take ages to read each one and scan for salient details to steal - would be very unlikely to be very successful even if it did - and would not be able to read every file type anyway (although many are text based these days - XML - which makes reading easier). Word etc has the option to encrypt files when saving.

AV companies rely on reputation - unless you are using some unknown AV, then there is no chance they would risk doing something with so little value - they would need to be the NSA to cope with the load!

OT

Wasn't Truecrypt compromised?

https://isc.sans.edu/forums/diary/True+Crypt+Compromised+Removed+/18177

I don't think it was compromised - it uses up to 3 levels of encryption overlaid which would take a long time and a l,ot of processessing to crack. The owners (anonymous) suddenly closed shop - no one knows who they are, and no one knoews why, mostly reports were speculation - but they did not own the algorithms they use, just the code that performs the encryption. No reports of either the code (which is signed - and thus cannot be overridden from an external DLL without such key being compromised, which seems to not be the case) or the algorythms beinf cracked or back-doored (they even had independent security experts and community hackers trying - and never found a way in). Safest thing "on the market", no one knows why it was taken from SourceForge, it's a mystery - but does not seem to be the code at all. Rumours are that the coders have had a falling out and one was pissed off and put up the message on SourceForge - SourceForge themselves have confirmed they were not hacked, all hashes and codes are safe and no untoward access to the code. I use it and trust it, even with a backdoor (to the algorithms) they would need the keyfiles to run the decrypts - a decent secure trace remover can double the security by removing all MRU and recent file activity too (such as Wise Care Pro 365).

[wolf5370]

Any installed programme can read all your files and data, and do anything it wants with them including (but not limited to) altering them, encrypting them, deleting them, copying them or (the most dangerous) uploading them to some other computer or server or even sites like YouTube. This is why viruses/trojans are such bad news, and a programme that just uploads your files could be tiny.

All installed programmes can also track your keystrokes and mouse movements, and any other activity, and take screen captures as it wants. If you have a mic/webcam the programmes can also record video and audio without you knowing.

The hope is always that they wont do any of the above.

Well sort of. In modern OS's or any 3rd party firewall, you would have to give the program access to upload or download anything through the firewall. Many files would also need higher access security than a normal program runs under, requiring it to prompt the user (UAC) to allow it. Folder access is limited by security - and also can be further protected with permissions and policies (depending on OS) and 3rd party apps. So, in theory what you say is true, but it would be due to a user breakdown too.

Most virus software also pickup on any key loggers (very old news - easy signature) and user would be alerted to it. I could write a key logger in less than a hour all told, they are very easy to write, but they all rely on listeners which are easy to spot by the AV software - most of the ones people get installed maliciously have been around a very long time (in computer terms) and are well known.

Access to Mic and Web Cam on the desktop, sure - but to upload would require firewall rule to be set, which requires user acceptance. Some security packages will also alert on this. If the web cam has a light, they are usually hardwired these days and come on with the camera - and can not be turned off with application software (some can be with driver overrides, but that would need admin installation - again alerted user).

Companies like Microsoft have had decades now of hackers and exploiters carving holes for their own uses in the OS - so they have made it as hard as possible for software writer to do dangerous things without the user's acquiescence.

Of course this is no reason to take chances, and every reason to have a good AV, good Anti-Malware package, good Firewall (not just the HW Router firewall!), a good trace cleaner and a good encryption package.

[wolf5370]

I worked for an anti virus company for one month in LAX. Answer is, they can hold your computer hostage. This was the try now, pay later variety. And they left files/footprint on the computer embedded in the system which communicated back to the central server farm and sent messages back and forth. I left - It was the most scandolous thing I've ever seen. I yelled at the Armenian guy managing it and told him he should be in jail. Arrogant prick too.

I've also worked for another company who embedded files into Windows so that it could go to a "safe" backup before booting. Literally underneath the OS.

Yes they can. Yes they do. Yes they will. And you don't think the NSA is involved or whatever gov't agnecy of choice?? LOL. If you have software on your computer that has any sort of client/server connection, you are vulnerable. You need to decide what you are willing to risk. There are ways of storing files on external drives and observing only when disconnected from internet.

I am looking into this right now: http://makezine.com/projects/make-36-boards/how-to-bake-an-onion-pi/ as well for autonomous browsing

I have a 25+ year computer career. I was a mainframe system programmer. Before there were PC's, I was the guy trying to describe to you what my job was - if you've ever been involved in that conversation. I saw the internet before there where pretty pictures - worked for gov't/education hospital on the .edu network.

Please due diligence. But... if you are doing something dastardly, I honestly hope you get caught. There should be no protection for child molestors, thieves, or the like, period. If you are simply wanting to remain private - as your right, I wish you the best of luck!

Best solution is the TOR browser with anonomous IP. Can set this up for beans. If anyone is interested, would love to have a PI group in Thailand to consult with! Can be bought on Ebay and sent here. I have the links!

Eeee - I was a MF Prog too (also showing my age lol!) - IBM 370 through 3090E/Armdale/Tandem NS/etc (back in the PL/I, COBOL, 370 Assm, IMS DB/DC days) - also used Internet before WWW came along (days of IBM Mail and Prestel) - also 25+ years (nearly 30).

I use TOR on occasion (especially when Darknetting) but it is very slow from here in Thailand for general use and has JS off by default (for good reason) - meaning many sites will not work. Many onion sites were taken down on the dark net (TOR) when servers were taken by the US Feds (mostly these were edge servers - crossing between WWW and DN so traceable) - this was to kill off CP sites (Child Porn) and drug/weapon/hitman stores, but also took other normal sites out too. No one has yet successfully traced onion servers back to source (TOR network), but the edges are vulnerable, not to the user, but to those edge servers.

Most people not doing things "dastardly" (including regular type porn - no one cares, hundreds of millions of people are looking at regular porn from time to time), really do not need more than switching on Private Browsing and at best using a proxy (many free proxies - FF has several tools that give free proxies too).

[wolf5370]

YES,,Do you notice,,your computer,,starts to run slow..then you get,,we can sell you registery to speed it up..All anti virus companys,,have gateways in to your computer,,I know a few lads in the past,,They are honest lads,Computer wiz kids,,,There is no computer,,that you cannot get into,,Read the news..How many times do you see goverment data hacked,,My brother argued this once,,and his mate came up to him,and gave him £20..He had taken it from his bank..But this guy,,did all the police work..for them..A tip..if your computer breaks,,Be carefull who fixes it,,Never give it to a charity,,smash it up,,and burn it,,Try to find a wiz kid,,you will be amazed,,at how many hidden files,,are already on your computer..Ive also heard of the chinese putting viruses ,,on new computers,,Scary ,,

No need to smash it up - remove the HDD and burn that (open it, remove the metal disk, blowtorch it and dump in the bin). Software like Wise 365 has MOD strength delete, which will remove all the data completely. OS's never delete files, the de-index them - this is how thy are recovered. Ten years or so ago, even securely deleted data could be returned with hardware devices that look for minute magnetic differences in the free space to rebuild files (usually only partially) - ignore what you saw on TV! - this was yesteryear. HDDs now are so high density and so fast that they have to be much more exact. There are no magnetic fringes left for these HW devices to work anymore. Modern HDD drives, once securely deleted cannot be reclaimed unless they were not working properly. It is still generally believed all data can be got back no matter how cleansed, this simply is not true anymore. Once overwritten just two times (MOD overwrites 7 times in various patterns) it is impossible to reclaim (note some people rely on defrag - this is less secure the emptier the disk is!).

When I take my machines in for repair (which is rare as I tend to do it myself unless under warranty) I remove the HDD. They rarely need it, and can often just use another for testing. Easy to do and to put back in after.

Banks use SSL. SSL has never been broken - ever - by anyone. People have their bank accounts hacked because they leave emails and documents about with passcodes on them - the only other way is to have an inside man to do it (generally this is unsafe too as bank access to live data is audit trailed closely - all transactions are recorded down to the machine and user doing the access - this was true 20 years ago, it is even more so now (I contracted to one of Europe's biggest banks for almost 10 years - I wrote their audit trail software back then - it was very secure and very detailed, it had it own offline database and even audited itself - code access was very restricted, just 2 people (one dev, me, and one support person on 24 hr call) ). Banks in the west generally have to cover any and all losses from their accounts through fraud that is not down to customer negligence ( e.g. giving someone a password) - they deal in many billions of pounds - they have the best security available, always).

America is well known to have weak security on their government systems - this is due in part to the sheer numbers of people with high level security access (incredible amounts of people actually). They rely quite heavily of powerful laws to deter, and relentless pursuit of offenders across the globe. Generally when system are hacked, and hits the news, it is secondary system that are hacked - stuff that is low level. Secret data is highly encrypted and secure. That doesn't stop NSA Ops handing out the data though of course! UK government security is pretty tough - usual leaks are due to idiot MPs etc leaving secure laptops about - servers cannot still be accessed but data on the laptop can be retrieved if not secured properly - this is true now of phones too!

Systems are in place that make hacking into some systems almost impossible. For example, the PNC (Police National Computer) knows every terminal connected and every 50th of a second does a roll call of machines - any new machines are not allowed access to the network until validated - this means a hacker has to get into the network (private network, not internet), connect the terminal and hack the validation routine within 50th of a second even before hacking in to log in. It is only possible with inside help - or by gaining access to a valid terminal.

[hercdogules]

I worked for an anti virus company for one month in LAX. Answer is, they can hold your computer hostage. This was the try now, pay later variety. And they left files/footprint on the computer embedded in the system which communicated back to the central server farm and sent messages back and forth. I left - It was the most scandolous thing I've ever seen. I yelled at the Armenian guy managing it and told him he should be in jail. Arrogant prick too.

I've also worked for another company who embedded files into Windows so that it could go to a "safe" backup before booting. Literally underneath the OS.

Yes they can. Yes they do. Yes they will. And you don't think the NSA is involved or whatever gov't agnecy of choice?? LOL. If you have software on your computer that has any sort of client/server connection, you are vulnerable. You need to decide what you are willing to risk. There are ways of storing files on external drives and observing only when disconnected from internet.

I am looking into this right now: http://makezine.com/projects/make-36-boards/how-to-bake-an-onion-pi/ as well for autonomous browsing

I have a 25+ year computer career. I was a mainframe system programmer. Before there were PC's, I was the guy trying to describe to you what my job was - if you've ever been involved in that conversation. I saw the internet before there where pretty pictures - worked for gov't/education hospital on the .edu network.

Please due diligence. But... if you are doing something dastardly, I honestly hope you get caught. There should be no protection for child molestors, thieves, or the like, period. If you are simply wanting to remain private - as your right, I wish you the best of luck!

Best solution is the TOR browser with anonomous IP. Can set this up for beans. If anyone is interested, would love to have a PI group in Thailand to consult with! Can be bought on Ebay and sent here. I have the links!

Eeee - I was a MF Prog too (also showing my age lol!) - IBM 370 through 3090E/Armdale/Tandem NS/etc (back in the PL/I, COBOL, 370 Assm, IMS DB/DC days) - also used Internet before WWW came along (days of IBM Mail and Prestel) - also 25+ years (nearly 30).

I use TOR on occasion (especially when Darknetting) but it is very slow from here in Thailand for general use and has JS off by default (for good reason) - meaning many sites will not work. Many onion sites were taken down on the dark net (TOR) when servers were taken by the US Feds (mostly these were edge servers - crossing between WWW and DN so traceable) - this was to kill off CP sites (Child Porn) and drug/weapon/hitman stores, but also took other normal sites out too. No one has yet successfully traced onion servers back to source (TOR network), but the edges are vulnerable, not to the user, but to those edge servers.

Most people not doing things "dastardly" (including regular type porn - no one cares, hundreds of millions of people are looking at regular porn from time to time), really do not need more than switching on Private Browsing and at best using a proxy (many free proxies - FF has several tools that give free proxies too).

Hi Wolf! thanks for that info. Have you looked into the pi option at all, besides problems with the tor hosting option? i have built xmbc and rasputan pi cards. i am looking for a group to share ideas with if you are interested? definately off topic... oops! i added you!

[GOLDBUGGY]

<script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script>

Don't worry about your AV software, the NSA are reading your stuff and that includes your SMS messages.

If you have nothing to hide nothing to worry about.

I WONDER IF THIS ACTUALLY EXISTS?

I mean a person beyond the age of 5 years who has nothing to hide in all his lifetime?

Nope! This doesn't exist! Everyone everywhere has something to hide from someone else.