AV spying. Surprised?

In message , David
writes:
On 29/01/2020 00:08, Mayayana wrote:
"David" wrote

| It has total control. It's routinely allowed to call
| home for large updates. And it's assumed to be
| in the role of protecting you from intrusion.
|
| That's a VERY interesting and telling comment, Mayayana! ;-)
|
| Would you care to elaborate?
?? It's just fact. AV needs full control in order to
protect. It's typical these days to issue several
large updates per day. And the point of AV is to
protect your system, no?

What if the developer has 'gone rogue' and invited you to download
and install a 'free trial' of AV software which is NOT designed to
protect you?

How would a layman ever know that such a programme was actually working
*against* the users best interests?

He wouldn't.

Can't say I've ever seen an example, but I imagine there _is_ a class of
malware that could be described as fake AV. (AVE? Awira? Malwarebites?
[With apologies if any of those exist and are innocuous (-:!])
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Science isn't about being right every time, or even most of the time. It is
about being more right over time and fixing what it got wrong.
- Scott Adams, 2015-2-2

On Tue, 28 Jan 2020 09:12:12 -0500, Mayayana wrote:

"mechanic" wrote

| On Mon, 27 Jan 2020 18:39:28 -0500, Mayayana wrote:
|
| Even car companies are now claiming their customers have given
| them permission to spy on their driving.
|
| Cite please?

If you're actually interested you could have found out
plenty with just a 5 minute search, rather than just
demanding proof. Two links:

Instead of this offensive bluster with some obscure references, you
might care to peruse the GDPR which those of us unfortunate enough
to not being born in the USA live by. Then you might understand that
'informed consent' is what we like to see before our data is used by
others, after that they can do what they will with it. Your claim
that car makers say 'customers have given permission' seems to apply
to a whole class of people, not just individuals. Consent is an
individual contract. If you really know what you're talking about,
you could respond to my polite request for information with some
relevant links.

On Wed, 29 Jan 2020 10:50:20 +0000, J. P. Gilliver (John) wrote:

In message , David
writes:
On 29/01/2020 00:08, Mayayana wrote:
"David" wrote

| It has total control. It's routinely allowed to call
| home for large updates. And it's assumed to be
| in the role of protecting you from intrusion.
|
| That's a VERY interesting and telling comment, Mayayana! ;-)
|
| Would you care to elaborate?
?? It's just fact. AV needs full control in order to
protect. It's typical these days to issue several
large updates per day. And the point of AV is to
protect your system, no?

What if the developer has 'gone rogue' and invited you to download
and install a 'free trial' of AV software which is NOT designed to
protect you?

How would a layman ever know that such a programme was actually working
*against* the users best interests?

He wouldn't.

Can't say I've ever seen an example, but I imagine there _is_ a class of
malware that could be described as fake AV. (AVE? Awira? Malwarebites?
[With apologies if any of those exist and are innocuous (-:!])

It's common for predators to fool and lure their prey and make it feel
comfortable before they perform their main intent.

"J. P. Gilliver (John)" wrote

| What if the developer has 'gone rogue' and invited you to download
| and install a 'free trial' of AV software which is NOT designed to
| protect you?
|
| How would a layman ever know that such a programme was actually working
| *against* the users best interests?
|
| He wouldn't.
|
As the old saying goes, with friends like this, who
needs enemies? This has nothing to do with malware
or "going rogue". It's mainstream.

According to this site it's been going on for at
least 4 years:

https://www.cmswire.com/digital-mark...ing-searching/

We only know because someone came across a
data trove from Jumpshot, the Avast spyware
company. Another such spyware company is
SimilarWeb:

https://www.similarweb.com/corp/ourdata/

"We have a dedicated product team at SimilarWeb that is responsible for
building and partnering with hundreds of high value consumer products that
make up the panel.
What makes our Global Panel so robust?
1. The products are highly valuable to consumers which makes the panel
sticky with high user retention."

In plain English: We've developed software, or made deals
with sleazy software developers, that provide us with hundreds
of tracking programs!! And many of those also do something useful!!
So the chance of our crap being on any given device is very
high!! Now do you want to buy our data?!

I guess a lot of this is already known about cellphones.
It may not even be possible to stop spyware on cellphones.
The kings of sleaze, Apple and Google, are running that show.
I guess what the Avast info shows is that the same kind of
spyware has been gradually moving to desktops as well,
where it can be more easily removed but performs some
kind of useful service and depends on secrecy to do its work.

It's interesting reading the marketing sites. They're the
best place to find out about spyware, script tricks, etc.
A whole industry is online drooling over where they might
get the ultimate spyware, to get a step ahead of
competitors. Crazy stuff.

On Wed, 29 Jan 2020 08:30:27 -0500, "Mayayana"
wrote:

"J. P. Gilliver (John)" wrote

| What if the developer has 'gone rogue' and invited you to download
| and install a 'free trial' of AV software which is NOT designed to
| protect you?
|
| How would a layman ever know that such a programme was actually working
| *against* the users best interests?
|
| He wouldn't.
|
As the old saying goes, with friends like this, who
needs enemies? This has nothing to do with malware
or "going rogue". It's mainstream.

According to this site it's been going on for at
least 4 years:

https://www.cmswire.com/digital-mark...ing-searching/

We only know because someone came across a
data trove from Jumpshot, the Avast spyware
company. Another such spyware company is
SimilarWeb:

https://www.similarweb.com/corp/ourdata/

"We have a dedicated product team at SimilarWeb that is responsible for
building and partnering with hundreds of high value consumer products that
make up the panel.
What makes our Global Panel so robust?
1. The products are highly valuable to consumers which makes the panel
sticky with high user retention."

In plain English: We've developed software, or made deals
with sleazy software developers, that provide us with hundreds
of tracking programs!! And many of those also do something useful!!
So the chance of our crap being on any given device is very
high!! Now do you want to buy our data?!

I guess a lot of this is already known about cellphones.
It may not even be possible to stop spyware on cellphones.
The kings of sleaze, Apple and Google, are running that show.
I guess what the Avast info shows is that the same kind of
spyware has been gradually moving to desktops as well,
where it can be more easily removed but performs some
kind of useful service and depends on secrecy to do its work.

It's interesting reading the marketing sites. They're the
best place to find out about spyware, script tricks, etc.
A whole industry is online drooling over where they might
get the ultimate spyware, to get a step ahead of
competitors. Crazy stuff.


You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY web
access at all. Example, a USB or CD booted AV.
The Kaspersky Rescue CD comes with the latest defs, and the
CLAMAV series of AVs allow you to download the defs separately. You
can do that on another computer. Just pull the Ethernet plug on the
computer you are actually scanning
Booting from a USB/CD also renders rootkits harmless. A big
plus.
It's the "cloud enhanced" and "link checking" and "internet
security" AVs that are the real malware. (Avast, Sophos, Avira,
McAfee, etc).
Not sure about the M$ offering.
Unfortunately, they are the most popular.
One born every millisecond....
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On 29/01/2020 14:21, Shadow wrote:
On Wed, 29 Jan 2020 08:30:27 -0500, "Mayayana"
wrote:

"J. P. Gilliver (John)" wrote

| What if the developer has 'gone rogue' and invited you to download
| and install a 'free trial' of AV software which is NOT designed to
| protect you?
|
| How would a layman ever know that such a programme was actually working
| *against* the users best interests?
|
| He wouldn't.
|
As the old saying goes, with friends like this, who
needs enemies? This has nothing to do with malware
or "going rogue". It's mainstream.

According to this site it's been going on for at
least 4 years:

https://www.cmswire.com/digital-mark...ing-searching/

We only know because someone came across a
data trove from Jumpshot, the Avast spyware
company. Another such spyware company is
SimilarWeb:

https://www.similarweb.com/corp/ourdata/

"We have a dedicated product team at SimilarWeb that is responsible for
building and partnering with hundreds of high value consumer products that
make up the panel.
What makes our Global Panel so robust?
1. The products are highly valuable to consumers which makes the panel
sticky with high user retention."

In plain English: We've developed software, or made deals
with sleazy software developers, that provide us with hundreds
of tracking programs!! And many of those also do something useful!!
So the chance of our crap being on any given device is very
high!! Now do you want to buy our data?!

I guess a lot of this is already known about cellphones.
It may not even be possible to stop spyware on cellphones.
The kings of sleaze, Apple and Google, are running that show.
I guess what the Avast info shows is that the same kind of
spyware has been gradually moving to desktops as well,
where it can be more easily removed but performs some
kind of useful service and depends on secrecy to do its work.

It's interesting reading the marketing sites. They're the
best place to find out about spyware, script tricks, etc.
A whole industry is online drooling over where they might
get the ultimate spyware, to get a step ahead of
competitors. Crazy stuff.


You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY web
access at all. Example, a USB or CD booted AV.
The Kaspersky Rescue CD comes with the latest defs, and the
CLAMAV series of AVs allow you to download the defs separately. You
can do that on another computer. Just pull the Ethernet plug on the
computer you are actually scanning
Booting from a USB/CD also renders rootkits harmless. A big
plus.
It's the "cloud enhanced" and "link checking" and "internet
security" AVs that are the real malware. (Avast, Sophos, Avira,
McAfee, etc).
Not sure about the M$ offering.
Unfortunately, they are the most popular.
One born every millisecond....
[]'s


There will be readers on these groups who may well agree with you!

Will you please explain how one can boot up an Apple computer from a
USB/CD and scan for malware in the manner which you have suggested?

TIA

(acw reinstated - uk mac group added)

"David" wrote

| Will you please explain how one can boot up an Apple computer from a
| USB/CD and scan for malware in the manner which you have suggested?
|

Everyone knows Macs don't have malware. To
use a Mac:

Press the cute iBoot button with the smiley face.

Click on the adorable iDonate link.

Use your iApplePay, iCheckbook, iCashola, or
iLayaway to send imoney to the Apple iChurch.
In that iwindow you can choose how much you
want apportioned to the Lord Jobs Memorial
Upkeep iFund and how much you want Timmy Cook
to hide ioffshore as part of his tax evasion ischeme.

Once your idonation is complete you'll probably
want to buy more iStuff. Are your icomputer, iphone,
iearbuds, icharging cords, or other Very Pretty White
iStuff more than 18 months old? Then it's time to
ireplace them. Again, you can use your iPayment
method of choice to send more imoney to the Apple
iChurch.

Once complete, unless you want to look at your
cute iphotos, it's probably time to shut idown. To
do that, click the cute-as-a-button ibutton marked
"Switch me back to my iPhone".

And you're done! No malware as far as the eye can
see! And since Apple has all your data backed up online,
besides tracking your movements via your iPhone, you'll
never have to worry about spyware. As with other
products, Apple has their own high quality versions
of special Apple ispyware and imalware that are guaranteed
isafe to use. We never sell you out to data companies
because we want all those profits for ourselves.

Happy Appleing and Have a Great iDay!

David wrote:


There will be readers on these groups who may well agree with you!

Will you please explain how one can boot up an Apple computer from a
USB/CD and scan for malware in the manner which you have suggested?

TIA

(acw reinstated - uk mac group added)

It's well known that the best iApple experts hang
out in the WinXP/Win7/Win10 group.

"Press and hold down the C key immediately, and keep it pressed until
your Mac either boots from the DVD or doesn't."

I take it, that if it doesn't boot as desired, you emit an iApple Expletive.

https://www.acronis.com/en-us/articles/usb-boot/

"When you hear the startup chime, press and hold the Option key.
Holding that key gives you access to OS X’s Startup Manager.
Once the Startup Manager screen appears, release the Option key.
The utility will look for any available drives that include bootable content."

There must be an iManual somewhere about your place, right ?

Paul

On 2020-01-29 9:10 a.m., Mayayana wrote:
"David" wrote

| Will you please explain how one can boot up an Apple computer from a
| USB/CD and scan for malware in the manner which you have suggested?
|

Everyone knows Macs don't have malware. To
use a Mac:

Press the cute iBoot button with the smiley face.

Click on the adorable iDonate link.

Use your iApplePay, iCheckbook, iCashola, or
iLayaway to send imoney to the Apple iChurch.
In that iwindow you can choose how much you
want apportioned to the Lord Jobs Memorial
Upkeep iFund and how much you want Timmy Cook
to hide ioffshore as part of his tax evasion ischeme.

Once your idonation is complete you'll probably
want to buy more iStuff. Are your icomputer, iphone,
iearbuds, icharging cords, or other Very Pretty White
iStuff more than 18 months old? Then it's time to
ireplace them. Again, you can use your iPayment
method of choice to send more imoney to the Apple
iChurch.

Once complete, unless you want to look at your
cute iphotos, it's probably time to shut idown. To
do that, click the cute-as-a-button ibutton marked
"Switch me back to my iPhone".

And you're done! No malware as far as the eye can
see! And since Apple has all your data backed up online,
besides tracking your movements via your iPhone, you'll
never have to worry about spyware. As with other
products, Apple has their own high quality versions
of special Apple ispyware and imalware that are guaranteed
isafe to use. We never sell you out to data companies
because we want all those profits for ourselves.

Happy Appleing and Have a Great iDay!


Priceless, Mayayana. :-) :-) :-)

On Wed, 29 Jan 2020 10:32:25 -0500, Paul
wrote:

David wrote:


There will be readers on these groups who may well agree with you!

Will you please explain how one can boot up an Apple computer from a
USB/CD and scan for malware in the manner which you have suggested?

TIA

(acw reinstated - uk mac group added)

It's well known that the best iApple experts hang
out in the WinXP/Win7/Win10 group.

"Press and hold down the C key immediately, and keep it pressed until
your Mac either boots from the DVD or doesn't."

I take it, that if it doesn't boot as desired, you emit an iApple Expletive.

https://www.acronis.com/en-us/articles/usb-boot/

"When you hear the startup chime, press and hold the Option key.
Holding that key gives you access to OS X’s Startup Manager.
Once the Startup Manager screen appears, release the Option key.
The utility will look for any available drives that include bootable content."

There must be an iManual somewhere about your place, right ?

Paul

I told him to iGoogle it, but didn't "trust" the site because
there was nowhere to enter his credit card details.
It was one of the first hits on regular Google search, but he
doesn't "trust" that either(he might have something there). Amazing
the amount of people/companies he thinks are *bad guys*.
No pleasing some people.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

Shadow,

You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY
web access at all. Example, a USB or CD booted AV.
....
Just pull the Ethernet plug on the computer you are actually scanning

Lol ? Thats like ye olde days with its bootsector viri: There is
/absolutily nothing/ stopping such an offline AV product from sneakily
installing whatever they want on your 'puter - only to wait till you plug
the Ethernet cable back in.

If you want to be paranoid about it than you have to go all the way,
otherwise it doesn't work. :-)

Regards,
Rudy Wieser

In message , Mayayana
writes:
[]
Everyone knows Macs don't have malware. To
use a Mac:

Press the cute iBoot button with the smiley face.

Click on the adorable iDonate link.

Use your iApplePay, iCheckbook, iCashola, or
iLayaway to send imoney to the Apple iChurch.
In that iwindow you can choose how much you
want apportioned to the Lord Jobs Memorial
Upkeep iFund and how much you want Timmy Cook
to hide ioffshore as part of his tax evasion ischeme.
[and much more in the same ivein.]

Beautifully done! It must really ipi$$ Apple off that the BBC call their
streaming software the iPlayer (and it works on lots of platforms -
certainly Windows and Android).
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

I use science as my model here. We will crawl toward the truth without ever
knowing if we are all the way there. - Scott Adams, 2015-3-20

On 29/01/2020 18:55, R.Wieser wrote:
Shadow,

You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY
web access at all. Example, a USB or CD booted AV.
...
Just pull the Ethernet plug on the computer you are actually scanning

Lol ? Thats like ye olde days with its bootsector viri: There is
/absolutily nothing/ stopping such an offline AV product from sneakily
installing whatever they want on your 'puter - only to wait till you plug
the Ethernet cable back in.

If you want to be paranoid about it than you have to go all the way,
otherwise it doesn't work. :-)

Regards,
Rudy Wieser


How much further CAN one go, Rudy?

On Wed, 29 Jan 2020 19:55:50 +0100, "R.Wieser"
wrote:

Shadow,

You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY
web access at all. Example, a USB or CD booted AV.
...
Just pull the Ethernet plug on the computer you are actually scanning

Lol ? Thats like ye olde days with its bootsector viri: There is
/absolutily nothing/ stopping such an offline AV product from sneakily
installing whatever they want on your 'puter - only to wait till you plug
the Ethernet cable back in.

A simple compare before/after will detect any dropped files. A
forensic before/after to detect anything more elusive.
All the main AVs are monitored by competitors.

Sure it could happen with scamware...
But few trust an AV that's been on the market for a "full 10
days".

If you want to be paranoid about it than you have to go all the way,
otherwise it doesn't work. :-)

It's better than allowing complete access to the Internet to
company that sells your private data to the highest bidder . Which is
what most people do. Install an AV once and trust it to keep them
safe, secure and "private" forever.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

On Wed, 29 Jan 2020 19:36:43 +0000, David
wrote:

On 29/01/2020 18:55, R.Wieser wrote:
Shadow,

You can avoid much of the nastiness by downloading the def
files separately, and not allowing the AV program to have ANY
web access at all. Example, a USB or CD booted AV.
...
Just pull the Ethernet plug on the computer you are actually scanning

Lol ? Thats like ye olde days with its bootsector viri: There is
/absolutily nothing/ stopping such an offline AV product from sneakily
installing whatever they want on your 'puter - only to wait till you plug
the Ethernet cable back in.

If you want to be paranoid about it than you have to go all the way,
otherwise it doesn't work. :-)

Regards,
Rudy Wieser


How much further CAN one go, Rudy?

Thread-jacking detected. OT group(s) removed(again).
Try iGoogling "Air Gapped" computers. Pay over US$ 50 and
you'll get a usable reply.
HTH
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012