Geeks for your information
Your data is *your* data: Our approach to creating privacy-conscious antivirus softwa - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: EmsiSoft (https://www.geeks.fyi/forumdisplay.php?fid=89)
+----- Forum: Emsisoft Blog Articles (https://www.geeks.fyi/forumdisplay.php?fid=140)
+----- Thread: Your data is *your* data: Our approach to creating privacy-conscious antivirus softwa (/showthread.php?tid=11522)



Your data is *your* data: Our approach to creating privacy-conscious antivirus softwa - harlan4096 - 20 May 20

Quote:
[Image: logo.svg]

We’ve said it before and we’ll say it again: privacy is important. Emsisoft is a security company. We make money by selling great security products, not by snooping on our customers, selling your data to advertisers or bundling our software with products you’d rather avoid.

This isn’t just feel-good marketing talk. We’ve gone to great lengths to develop technologies that allow us to deliver excellent protection while respecting the privacy of our customers.

In this post, we’d like to give you some insight into these technologies and how they enable you to maintain a high level of privacy.

Web Protection

Web Protection is one of Emsisoft’s essential protection components. It stops you from accessing malicious websites by blocking your connection to dangerous hosts.

From a technical perspective, there are a few ways of achieving this. Some antivirus products forward the websites you visit to a centralized server, where the URL can be scanned against an enormous database of malicious URLs and determined to be either “safe” or “dangerous”.

It’s impossible to do this locally on your computer as there are millions of malicious website addresses that are constantly changing. Keeping a local blacklist up to date would require hundreds of megabytes of data to be updated every single day, which is simply not feasible. Therefore, forwarding visited website addresses to a verification server is the most efficient approach.

Unfortunately, this comes with a major downside: an antivirus company could potentially view and record all the websites you visit.

We decided to take a different approach. Instead of blocking individual website addresses, Emsisoft Anti-Malware blocks access to whole servers that are known to be malicious or fraudulent.

This significantly reduces the amount of data involved and allows us to check the safety of visited websites locally on your computer via a locally stored blacklist that is updated every 15 minutes.

This means there is no impact on your privacy whatsoever. No information about accessed hosts is sent to us by our Web Protection component, making it impossible for us to view the websites you’ve visited and the data you’ve entered on them.

Emsisoft Browser Security

Emsisoft Browser Security is a browser extension that blocks websites that distribute malware and phishing attacks.

Most browser extensions that are designed to block access to harmful websites work by sending the visited website to a cloud server, where it’s verified by matching the URL against a database of known malicious sites. The issue is that the creators of these extensions can potentially see and track all of your online web browsing activity.

We designed Emsisoft Browser Security with privacy in mind. Instead of sending full URLs to the cloud, our extension only sends hash checksums of the components of the domain name. If all hashes are found in the database, the cloud returns detailed matching patterns for known malicious URLs on that domain. At no point does the Emsisoft cloud know where any of these patterns will match or not, as the matching is only done by the extension on the user’s side. Therefore, it’s impossible for us (even if we wanted to) to create profiles of our users.

Minimizing data collection

Free antivirus products have to come up with “creative” ways to monetize their services, which typically involves harvesting your data and selling it to third-party advertisers, or encouraging you to install potentially unwanted programs.

Because Emsisoft Anti-Malware is a premium, paid product, we don’t need to participate in this sort of unethical behavior. Your subscription pays for top-notch malware protection and a high level of data privacy.

We collect no more data than is minimally necessary to provide you with our products and services. That means we don’t collect:
  • Internal IP addresses, visited URLs and other information that could be connected to your identity.
  • Non-executable personal documents. We’re only interested in submissions of malicious executables, which allows us to study their behavior and improve our product. You can opt-out of this at any time.
  • Data harvested by malware. If you submit a malicious file that has harvested your information, we do not collect the affected data.
We provide our users with a high level of control over the type of data that is submitted. These settings can be changed at any time by navigating to Settings > Advanced. Please see this help guide for more information.

Conclusion

Antivirus companies have a critical responsibility to protect their customers’ data.

To us, that doesn’t just mean securing your data against external threats. It also means ensuring your data is respected, minimally collected and used only when absolutely necessary.

We’re not in the business of data collection. We make antivirus software, plain and simple. We’re showing the industry that it’s possible to provide world-class protection software without infringing on the privacy of our users.

And as the old adage says, “if you’re not paying for the product, you are the product.”

Our Privacy Policy can be read in full here.
...
Continue Reading