Wednesday, October 22, 2014

Avast Antivirus Was Spying On You with Adware (Until This Week)

We warned you at the beginning of the year that many of your browser extensions are spying on you, tracking what you are visiting, and even inserting ads into pages. These aren’t just no-name developers either: even Avast, one of the most trusted antivirus vendors was in on the game.
Before we go even one step further, it’s important to note that they recently disabled the spying “shopping” feature in their browser extension. So if you are running the latest Chrome with extensions updated, you are fine. For now.
So Avast has stopped integrating the spying extension, but this is about the principle: you should be able to trust your antivirus provider. Why are they adding a feature that spies on your browsing, inserts ads… and all without properly notifying you?
And why, at the same time, are they claiming to stop spyware, even uninstalling other shopping extensions from other vendors, while they were doing the same thing they are supposed to stop?
Avast removes other Shopping extensions while leaving theirs enabled
On our test system, the only spyware and crapware that Avast actually detected and removed were the ones that competed with their own shopping extension.

Avast Online Security Extension Added a “Shopping” Component

No, the install process didn’t tell us about this.
About a week ago, we were playing around with installing a lot of nonsense from crapware sites, so we loaded up trusty Avast antivirus to see how much of the malware it would actually catch during the process. We were shocked to find out that some of the adware wasn’t from a third-party, but from Avast itself.
The problem lies in the SafePrice component of their Online Security extension, which adds shopping recommendations (ads) as you are browsing around the web.
Here’s the thing: many people actually want shopping extensions that help them find better prices — in fact, one of the HTG staff writers recently asked me what was the best way to find better prices. As a standalone product, if you  specifically and deliberately choose to install something like this, there’s nothing wrong with it.
The problem is that Avast snuck this component in to their browser extensions that have at least 10 million users for the Chrome version alone. And then they enabled it by default.