Avast! on Windows privacy configuration

March 3, 2013

Although avast! version 8 is an excellent antivirus product and is our recommended choice for those looking for a no-cost antivirus solution, the EULA for their free product has some interesting clauses that may surprise those who actually read through it.

Section 8, "Privacy; Processing of Personal Information" in the avast! Free products EULA has the following text (emphasis ours):

The Software automatically and from time to time may collect certain information,
which may include personally identifiable information, from the computer on which
it is installed, including:

8.1 URLs of visited websites that the Software identifies as potentially infected,
together with the information on the nature of identified threats (e.g. viruses,
Trojans, tracking cookies and any other forms of malware) and URLs of several
sites visited before the infection was identified to ascertain the source of the
infection;
[...]

8.3 Information about the sender and subject of emails identified by the Software
as potentially infected, together with the information on the nature of identified
threats;
[...]

8.5 Copies of the files identified by the Software as potentially infected or parts
thereof may be automatically sent to AVAST for further examination and analysis;
[...]

8.9 If your version of the Software includes the Website reputation function, which
provides information on reputati on of web sites as potential sources of malware,
and you set the Website reputation function to active, the Software may send AVAST
the URLs of all websites you want to visit and the results of your web searches
through search engines.
[...]

So in a nutshell, URLs of potentially infected web sites, URLs of several sites visited before the infection, sender and subject information of potentially infected emails, and copies of potentially infected files may be sent to AVAST for processing. The keyword here is "potentially infected". We realize that there is no ill-intent here, however the greatest concern that this raises would be for false positive detection of a file that contains personal data in which the entire file (not just its file name, file hash or metadata information) could be sent to AVAST for analysis. And although the individual computer user here or there may have never experienced a false positive detection in their lifetime of using antivirus software, collectively false positive detections occur all the time in the antivirus industry.

Likewise, if you use the avast! website reputation function, information related to the URLs of the web sites you may want to visit can be sent to AVAST. Mind you, if your system susceptibility to infection is high, providing this information to a security vendor in order to lower your chance of compromise may be well worth it, as opposed to allowing your system to become infected and having an attacker gain full access to your information. However if you are privacy conscious, you may rather not send this type of information to anybody including an organization that you trust regardless of the benefit.

We don't wish to single out AVAST on this as they are certainly not the only antivirus vendor whose EULA state that they can collect copies of the files identified as potentially infected, however one would wish that the EULA would clarify this important detail. For example in Avira's EULA they state that "Avira sends suspicious programs only (executable files) to its secure EU data centers [...] Files such as pdf, doc, xls as well other personal data, like pictures and videos are not being automatically sent." And it could very well be that avast! as well does not send back certain files (for example one would think that there is a file limit since they probably don't want to receive from its millions of users video files that are gigabytes in size) however with such an EULA one does not know what those limits are.

If the above scenarios do not concern you, then it is fine to simply install avast! with everything enabled and with most settings configured as per the default. However if you have some privacy concerns, below is our recommended configuration which shuts off certain functionality in order to balance privacy with security. We increase the security settings in other components in order to offset those changes that increase privacy at the cost of security. We also make a few "cosmetic" changes such as disabling certain notifications and sounds, and having the application prompt you instead of automatically trying to fix certain detections. One thing we wish to mention, we purposely keep the file reputation feature enabled even though those who want to minimize the amount of data sent back would likely turn this feature off (we keep it on because we believe the security benefit outweighs the privacy impact -- at the end of the day it boils down to: "I can turn this feature off to prevent this type of data from being sent back to a security vendor, however in doing so I increase the chance of my system being compromised and criminals having full control of my entire system").

Although avast! free edition is free, you need to register it within 30 days after installation, and re-register it every 12 months thereafter, but this is well worth it given all the features that this software includes (autosandboxing, network attack blocker, file reputation, real-time updates, pre-windows boot-time scanning, script and behavior shield, etc.). Avast! is free for non-commercial use only.

Part 1: Installation

  1. Begin by downloading avast! 8 Free Antivirus. If you currently have another real-time (on-access) antivirus software installed, then uninstall your existing antivirus software after having downloaded avast! and reboot your system.
  2. Proceed to execute the avast! installer
  3. When the setup begins, select "Install avast! Free Antivirus"
  4. Select the Custom Install radio button and uncheck the additional 3rd party software that is offered (Google Chrome, Google Toolbar, etc.)
  5. Accept the default installation directory
  6. When presented with the configuration options, click on custom and uncheck the following three components: Mail Shield, Browser protection, avast! Remote Assistance
  7. Proceed forward with the next screens until the software completes its instalation

Part 2: Change avast! settings

  1. Once installed open avast!
  2. Click on settings (top right)
  3. Click on Basic (left)
  4. Check "Show special scans in avast user interface"
  5. Click on Updates (left)
  6. Expand the Details section and Uncheck "show notification box after automatic update"
  7. For the auto-update interval change from 240 minutes to 120 minutes
  8. Click on Sounds (left)
  9. Uncheck "scan complete" and "automatic update"
  10. Click on Account (left)
  11. Uncheck "report program status to the avast account"
  12. Click on Community (left)
  13. Uncheck all 3 check boxes on this screen
  14. Click on OK button at bottom right to close this window

Part 3: Change shield settings

  1. In the avast! main window at the top left there are 4 tabs: Home, Security, Maintenance, Support. Click on Security
  2. Click the File System Shield icon
  3. Click the Settings button
  4. Click on Scan when opening (left)
  5. Check scan all files
  6. Click on Scan when writing (left)
  7. Check scan all files
  8. Click on AutoSandbox (left)
  9. Change the AutoSandbox mode from auto to ask
  10. Click on Actions (left)
  11. Click on PUP tab
  12. Set the actions in the following top-down order: ask, move to chest, delete
  13. Click on Sensitivity (left)
  14. Check "Scan for potentially unwanted programs"
  15. Click the OK button at bottom right
  16. Click on Web Shield (left)
  17. Click the Settings button
  18. Click on Exclusions (left)
  19. Uncheck "MIME types to exclude"
  20. Click Sensitivity (left)
  21. Increase heuristic sensitivity from normal to high
  22. Check "test whole files"
  23. Click on OK at bottom right
  24. Repeat the steps above to check "test whole files" for "P2P shield" and "IM Shield"

Congratulations, you are now done configuring avast! If for any reason you are worried that your system may already be infected with malware, you may wish to perform a boot-time scan (shown below) after having updated the antivirus databases to the latest version. In the avast! interface click on the Security tab, then on Antivirus (left), scroll down to Boot-time scan and click its Schedule Now button and restart your system for the scan to begin.

You may also wish to read our article on Protecting your Windows PC with Microsoft EMET 3.0 which complements avast! very nicely.

The following section is very much optional and is meant for those who are concerned about "advanced threats". It is not meant to simply be a configuration that blidly maximizes every single setting without thought, but rather is a configuration based on safeguarding against rare but very much real threats, such as malware that is digitally signed with a valid certificate. Note that these changes bring with them a noticeable performance impact.

Part X: Paranoid settings

  1. Click on Security | File System Shields | Settings
  2. Click on Exclusions
  3. Where possible, change all of the default exclusions so that they reference a fixed path (ex: change ?:\PageFile.sys to C:\PageFile.sys, change *.fon to C:\Windows\fonts\*.fon, etc.), or remove the exclusion altogether where possible (after testing).
  4. Click on Advanced
  5. Uncheck Use persistent caching
  6. Click on Packers
  7. Check Installer archive, and OLE archive
  8. Click on OK to exit the file system shield
  9. Click on Web Shield | Settings
  10. Click on Web Scanning
  11. Uncheck Do not unpack archives with valid digital signatures
  12. Click on OK to exit the web shield
  13. On the left under antivirus click on Scan now
  14. Click on Full system scan | settings
  15. Click on Packers and check All Packers
  16. Click on Schedule and schedule this scan to run at least once per week

Originally posted February 22, 2013