Anti-Virus? Why?

Done some research on Microsoft Security Essentials. Potential problem that Spynet (part of MSE) reports any infections back to microsoft and this report might contain personal information by mistake. Personal information being sent to microsft is a potential security risk (especially if banking information is sent).

 

what personal information is sent back? It's not like windows has my full name, address, and ss number.

 

Agree.

Microsoft site only says personal information (sent by mistake). Does this mean any information contained on your pc? If banking information goes by mistake (in order to deal with the virus report) then this might also potentially breach the banks terms of use.

There own forum actually details a way to edit the registry to stop Spynet.

 

I think this is ok to post since it is from the Microsoft website. Their own moderators seen happy to discuss it over the internet.

http://social.answers.microsoft.com...t/thread/d33fcf36-39f4-40b2-adb4-2381c567a52a

If this is incorrect for notebookreview forum then please delete link.

 

Actually .. it's very easy to make your trojan, rat, virus, malware to be fully undetectable for at least 3 months by ALL (and I mean ALL) antivirus, antispyware, antimalware apps.

And even when your crypted trojan or whatever DOES get detected, the chance of getting detected by most of the common anti-stuff is still very low, so it will take around 6-8 months to uncover a trojan by most of the anti-stuff I would crypt today.

By that time I have spreaded already hundreds of newly crypted trojans, have your computer in my bot-net and possibly have your CC details or other personal information.

 

You're absolutely right. Otherwise there wouldn't be so many of them around. And I hope everyone remembers that. Still, the one thing you cannot do is cross the threshold without being let in.

 

omg it sends information to be able to help you better, NEWS AT 11!!

no, it's no big problem, no they don't abuse the data (imagine how they would get sued.. someone would have found out by now).

and i like them to get my usage data, my possible malware data, etc, to make MY user experience best. because that's what they got money for: for delivering me a stable, save os.



edit: in the end, it's about weighting: what you want more: microsoft accidentally get some information about you, and they told you that they wouldn't abuse it (and you know you could sue them if they do), or the malware developers being able to get the data?

in my case, microsoft can have all my data. if they can guarantee me, that they can make sure nobody CRIMINAL can get it, i'm fine with that.

 

With all due respect, it's a tad naive to suggest that they wouldn't abuse the data - it's happened before. Privacy issues are one of the biggest issues on the internet right now, and something that people don't take seriously enough - people place far too much faith in companies and businesses, and should really be taking responsibility into their own hands and consider these issues. A little bit of awareness instead of blind faith would do the average net user a world of good.

But it is true that maintaining something like an anti-virus database will require some kind of feedback of information that can be used to identify trends and create proactive counter-measures. The controversy is because of the suggestion that some of the data being obtained falls beyond this requirement, which has both legal and privacy implications. In the case if Microsoft Security Essentials however, I don't know enough about the kind of information obtained to comment.

 

no it's not naive. it's a) better to have THEM have the data, if at all, than some spyware manufacturer. and b) it's VERY unlikely for them to have or care about such data. they WOULD get sued badly for it. everyone always looks at microsoft. every tiny wrong step they do get sued.


they don't collect data in any form that could be used or abused. it's what they state, and document. and you can check what data they use. but it's more likely that some spyware that you send them collected some data in itself, and so they get hands on to some private data BECAUSE of the evil spyware.

anyone who ever considers an AV vendor to be the bigger danger for your private data than actual virus writers is very far away from reality, and most likely dreaming up some illuminati world or something..

and yeah, in case of support i often see private data i could abuse. from on family pc's that could kill partnerships to information about how much each of the workers at a company gets payed. which is why i signed papers that i would never abuse such data, and only care about them from a support perspective.

it's just normal. paranoya, sadly, is, too..

 

I like your view. That is something I agree with.

 

I do not believe it is Paranoia.

Reviewing all the posts hightlight some useful information being given. People will make their own decision as to what they consider useful. It was suggested that research was done into the products being used. That is what has been done. Research. Only the results have been reported back. How individuals react to the facts is their own personal choice. Potential Security Risk, is what has been stated. Potential.

I use an Internet Security Suite as an added layer of protection. Just not MSE. I still use common sense and safe web habits as well. A range of mesures works best for my house hold.

 

it is paranoia. if you don't trust the vendors of the products you use (and, if you consider MSE, you're on windows, so it's the same vendor you trust in to deliver an os that works for anything you do on it), then you have a big problem.

do you not trust the one who build your home. the one you got the car from. etc?

it IS paranoia. not trusting an AV developer because he likes to collect data about possible viruses to be able to find out if they need to fight that unknown virus, too, is just stupid.

and yes, it is paranoia, and it is stupid.

and as stated before, an ISS is just marketing blabla to make people buy into to feel save, while it's mostly just selling stuff your system does itself very well without it.

 

I only reported the facts of my research obtained from the Microsoft website. How you interpret and use them is up to you alone.

 

that is true. but not chosing the product based on the paranoia of possible abuse of possible transferred personal data by microsoft is paranoia.

 

Antivirus is more of a "better be safe than sorry". If the "sorryness" doesn't affect you very much, antivirus is pretty much ueslses and reduce the performance of your computer.

 

Indeed, You could take off all the safety equipment on your car and it would be more economical but who would want to be in a car like that? Some things are just an accepted part of the world we live in.

 

I do not see anything wrong with people not wanting microsoft (or any other company) to have access to private information. Maybe people just like (and are more comfortable with) having certain details kept private. I personally have not given my reason for not using mse. I was just the messenger reporting details about mse.

 

it's not like they can go to your pc and grab all your and stuff.

it can just be that some possible malware they find and want to analyze further might happen to access some private data, as the malware might have accessed it.

and what i say what is better? having the data at microsoft to fight malware? or have the data at the malware creator for all abuse they could do with it?

and yeah, you're always just the messenger, always innocent and such.

so what is your reason, then?

and i still say that this reason you documented is not a reason to not use the product. if one considers this, then he's paranoid over nothing.

 

That viewpoint could be quite easily spun on it's head - what is the basis for unfounded trust in people or businesses with personal information that has no direct implication on the quality of the product? The fact that a person uses a product by a company shouldn't necessarily imply a boundless trust in that company's procedures - only in the ability to provide the product you have invested in.

Nobody is contesting that certain amounts of information needs to be 'fed back' to help improve a product. Indeed, people are all too happy to provide information that would help prevent malware, as previous posts have pointed out. What people are contesting is why this should be taken to extremes, and frivolously allowing access to any kind of information regardless. The fact that this information may not have more sinister uses is somewhat irrelevent - it's about people being aware of what information they are making available. And so many people aren't, in spite of the fact that we know nothing about most company's procedures or their own internal security policies.

It's not paranoia, it's caution and just being responsible. Paranoia would be to outright accuse a company of abusing information with no evidence - and nobody is doing that. At most, we're suggesting that people take a little more responsibility over what they are using, take an active interest in the kind of information they are making available, rather than passively allowing access to information that doesn't necessarily have any legitimate usefulness for the improvement of the application. That's proactive caution.

We seem to be viewing things from different standpoints. We both agree that information should be fed back for the proactive prevention of malware etc. We only differ in that I have suggested that people be a little more aware of what kind of information they are providing.

 

I do not have a reason other than to discuss products on a forum.

I have not gievn my reason for choosing my particular internet security product. I have no affiliation with microsoft or any security company. Nor do I have the need to 'label' people paranoid based on the software they choose to use. I believe people are free to choose and use whatever product they want.

 

my MAIN point is i prefer to trust the vendor of the SECURITY product than the criminals that make the security product NEEDED.

anyone thinking otherwise is paranoid. believing criminals are less of an evil than some funky illuminati controlled world state.

not on what they chose. on WHY they chose.

 

Very good points. Excellent post.

It is always good to have some knowledge on how a product functions.

 

understand what my points are. i never said anything against those points.

 

But you do not know 'why' with me and you have 'labelled' me paranoid. I have not given any reason why. I have been using internet security before I had even heard of mse.

I have only provided/highlighted information on the function of a product. People are free to use the information how they like.

I find the 'paranoid' line of discussion pointless. All the good information being presented on the anti-virus topic is being lost because of this line. I am done/finished with that line of discussion.

 

i was not pointing out you're paranoid. i pointed out people chosing that as a point for not using MSE as paranoid. as i chose anyone trusting criminals more than the police as paranoid. which makes sende.


and i find it's a very important line of security software. the question how far do you want to go to prevent anything can happen on your system. AND the actual knowledge if it really is true, or is it blind faight into something because it tells you it's great, and you can trust it then.

most people have about 0 clue on how viruses act on pcs, and thus buy anything that "saves them from killing their pc". the security software industry makes more money, the more paranoid people get about their savety. except for MSE. it makes no money, it makes money from actually securing windows, as this makes windows save, and thus most likely sells more windows licensees.

so the reason i trust personally MSE over any other security companys product is, they don't life from selling as much as possible. they life from making it as good as possible.

i have not pointed at you. i pointed at the situation in general. people can chose for wrong reasons, and should get that pointed out, if they do so.

 

I did consider the inability to [easily] opt out of MSE's reporting as a negative, but eventually decided to let it run. My logic is that the larger the base of reports MS has, the more accurate their filter will be. Seems like a small price for a free program. At least it's not like when they tried pushing updates without permission: they tell you what it's doing, and it is related to the function of the software. I do understand people choosing not to allow MSE to report, but I think it's a fair trade.

 

Maintaining 100% "updatedness" in programs is probably just as important,( if not more so ), as a good security prog. Not enough people regularly patch, other than Window's auto-update perhaps ? That's my opinion after much observation over a comparitively short period tho' ! There's not always a hole in an "arguement" ?!

 

Yep the intent is very important.
You rather trust those whose intent are trying to make things right than those who are trying to get at your money.
Same as new sources, heavily sponsored new channels are more likely to report news beneficial to their payers.

That is why I don't understand why people believe in Apple and their ads so much, aren't they trying to get you to buy as much of their overpriced items as possible?

In the first place I never trust a company who dare to use an English word, one of those first few learn by toddlers as their company name.

It is part of critical thinking.

 

Hmm... on my old laptop (XP) I didn't get a virus with a significantly outdated anti virus...
If you end up with plenty of malware then I have a suspicion you are doing something wrong.

Yes, not anti virus software is perfect - but it does offer some protection.

And the way you list those - I hope you didn't run them all at once.

Little analogy:
Imagine you are using a bicycle - you can wear a helmet or not - if you fall without one - you don't have to injure your head, but the probability is increased.
With a helmet its reduced.

Now assume a car or a lorry hits you - the helmet can only do so much and your neck would take a lot of strain too.

But do you get the idea?

 

At least we know the criminals is the bad guy. Besides, a little active paranoia can be a good thing in these days and times. Only an idiot would put all his trust in government with all the history to the contrary we have today. In fact, dare I say, that being suspicious of government should be..."common sense!"

Sorry, but again no. Paranoia is a psychological state in which there is an expectation of an unrealistic fear of events. In fact, we've been deceived by big business many times: God only know what Google intends to do with it's massive database of all your browsing habits it's been collecting over the years. Perhaps sell it to anyone who what to know more about you than you know about yourself, maybe?

On the other hand, maybe I'm being paranoid, and they're just collecting all that information for prosperity?

 

Why are we talking about paranoia concerning an AV? Even if MSE recorded some form of data from your computer they probably wrote it in their EULA(which most people don't read anyhow) so if that's the case it's not a "OMG hidden conspiracy" thing

I mean, even Facebook gathers some data according to their EULA yet people still use Facebook a lot >.>

 

The people I have talked to do not seem to like the MSE statement,

"In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you."

Looks like that statement could cover/mean any information/personal information from your hard disk being sent to microsoft by mistake.

 

Well, that statement is a failsafe.

They just make sure nobody gets the notion they can be taken to court because Microsoft knows they like NBR (that would be personal data).

The question is rather - why does Microsoft place this insurance in its disclaimer.

 

The keyword is "unintentionally".

Now, the explanation of how MS would "unintentionally" end up with personal data probably ties in with what kind of protocol MSE uses to collect data and send it back to MS.

I mean, the reason they put it is indeed a failsafe. Perhaps it'll never happen, but just in case it does(mistake in the code or whatnot), then they want to be safe in case they receive something not related to what MSE is supposed to gather(virus/malware info).

 

The statement appears to cover them.

I would like to know how often personal information is sent to microsoft by mistake (unintentionally) and if this information is permanently stored in their database or is it deleted? If banking information was sent in error, would microsoft delete it?

True and good question. How does MSE work to warrant such a statement? Or is it just cover. Or a way to spy and be covered?

You decide.

 

I doubt something something like banking information could be sent in error.
It must be something stored on the computer.

For things like banking information the programme would need to work like a keylogger which I seriously doubt.

 

Well as said before, if MS really did want to spy on you, it'd have been much more efficient and simpler to hide it in the OS itself rather than in a separate(and optional) AV "addon".

I think it's just a failsafe clause. I wouldn't be surprised if every program which collects data has a clause which in some way or form resembles it.

 

@OP: Go ahead, remove whatever anti-virus sw you have. I'll be laughing when your HDD gets formatted or you'll get your bios flashed with some garbage

 

I still get an occasional catch from my malware programs, makes the trouble worth it, but I never pay.

 

I think I saw it it is called "Customer Experience Improvement.
Go Task scheduler under Microsoft you should see 3 of such task.

 

And even that shouldn't collect personal data - yes, it does transmit some user patterns to MS - but won't send of personal data - e.g. contact details, banking information, etc.

 

AntiVirus, why? Because legitimate websites can become compromised and infected.

Although reformatting your hard disk on a regular basis could also form part of your security measure (as long as you have a good initial start backup). Providing your backup is virus free.

 

If it does something is wrong.
Just saying so people who are ultra sensitive to usage pattern collection may not like it and have it cancelled.