How Much Do You Trust Your Antivirus Company?

Published by Ryan Miller on

Rainbow and Waterfall

Do you know which data your antivirus collects during scans? Antivirus has kernel level access to the operating, meaning there isn’t a file on your computer hard drive that it can’t touch. Antivirus scans data that is being read from and written to the hard drive, and depending on which antivirus company you choose, data in memory could be examined giving you greater protection.

Here is an excerpt from the Sophos Privacy Policy General section:

What personal data do we collect?

We may collect personal data such as your name, company position, address, telephone number, mobile number, fax number, email address, credit card details, age, IP address, and account usernames.

That’s fairly common. If you’re doing business with a company, they need relevant details to conduct business with you.

Here is an excerpt from the Sophos Privacy Policy Cloud Products section that also applies to Sophos Home:

You acknowledge and agree that it may be necessary for us to collect and process certain information relating to individuals in order to provide the Cloud products, and that such information may include proprietary, confidential and/or personal data, including without limitation (i) names, email addresses, telephone numbers and other contact details; (ii) account usernames; (iii) IP addresses; (iv) usage information; (v) lists of all software, files, paths and applications installed on the device, (vi) details of changes or attempted changes to executable files, pathnames and scripts, (vii) logs of websites visited; (viii) infection logs; and (ix) files suspected of being infected with malware.

Documents with sensitive information are where trust in your antivirus company comes into play. Antivirus can read document text and send it in for analysis aside from calculating a hash value of the file.

How does antivirus determine if you have malware? Signatures. Signatures are the hash representation of a file, so when an antivirus scans a file, it converts the file into a hash and compares that file hash against the known bad hash set it has locally and in the cloud. The SHA256 hash of an empty text file is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. There are other hash algorithms, for example, MD5 and SHA. If the antivirus finds a “suspicious” file (suspicious is poorly define in a lot of cases), it will send a copy of the file, that could have social security numbers, birthdates, addresses, and names to the antivirus company to be analyzed. If the file is found to be malicious then a definition, see hash, will be created. If the file is found not to be malicious, then the file is supposed to be deleted.

Do you think you can trust the antivirus company you use? It’s hard to tell. Reporting of mistakes by these corporations is rare if reported on at all and trying to determine if your antivirus company is good at stopping hackers trying to get into their systems is impossible. Your best bet at establishing trust is to speak with an IT or cybersecurity professional(s) to get real-world experience, and certainly don’t believe the marketing hype.

Recommended antivirus:

Sophos Home – High malware signature detection rate, excellent behavior analysis for malware that doesn’t have a signature, read/write and memory scanning, web control (block categories and specific websites), potentially unwanted application protection (free software that includes toolbars and various other third-party software), no bloatware such as a password vault and PC cleaner, and works quickly to fix vulnerabilities found in the software.

Price: free and will not ask you to purchase a paid version

Avira Antivirus 2018 – Good malware signature detection rate, average behavior analysis for malware that doesn’t have a signature, fast full system scans, scans memory, no bloatware.

Price: free

Bitdefender – One of the highest malware detection rates, phishing email protection, excellent behavior analysis for malware that doesn’t have a signature, quickly fixes vulnerabilities in the software and fraud website protection.

Price: free but will ask you to upgrade to unlock additional features.


Ryan Miller

Ryan Miller

A husband, a father of 3, my daughter's sounding board, writes on all topics of cybersecurity, an expert at dad humor, a security engineer, an analyst, a network administrator, and Desktop Support Tier I-III.