Other issues in this category (13)
The price of anti-virus security
Thursday, August 23, 2018
If we remove an application from our computer, we can rightly assume that all its components will be uninstalled. Of course, junk like registry keys, temporary files, and empty folders often remain in a system after a program has been removed, but sometimes real surprises can await you.
Once upon a time, a user decided to install a popular free anti-virus that was known to provide "reliable security". The program resided quietly in the system memory just like any normal anti-virus should and occasionally prompted the user to switch to a paid subscription. And this would have gone on indefinitely until the next encryption ransomware outbreak had it not been for the fact that the user liked to read the Anti-virus Times, from which he once learnt that his free anti-virus could nab any suspicious file in the system and send it straight to the developer's server, even if the file contained personal data.
The user got really upset and deleted the free anti-virus and replaced it with Dr.Web Security Space 11.5 which has a built-in firewall.
A day passed, and then suddenly a firewall prompt appeared on the screen, warning the user that an unauthorised outbound connection was about to be established. And that wouldn’t have been a big deal except for the fact that the message referred to the all-too-familiar free anti-virus.
"How could that be?", the user wondered. The free anti-virus had been removed completely by the windows installer and wasn't even listed among the installed programs.
But then the user checked the file path in the firewall's message and miraculously discovered the intruder in the Common Files directory.
So, the free anti-virus was removed but an application featuring the anti-virus developer's logo persisted in a folder whose name matched that of the anti-virus company, and the file was signed using a valid certificate from that very company.
It didn't take long to find out that the program didn't just occupy a small portion of disk space but was being launched routinely every day (this procedure was established in the Task Scheduler) and forwarding some data to a remote host.
To learn more about the program, let's look at the anti-virus developer's official forum. Here is what the developer tells us about the application:
So it appears that the program is tasked with monitoring and resolving issues related to the anti-virus software. It can retrieve updates and determine whether the anti-virus services are working properly.
It can retrieve updates even though the anti-virus is no longer present in the system.
Does the developer's EULA say anything about this?
The vendor may, from time to time during the Subscription Period and without your separate permission or consent, deploy an upgrade or an update of, or a replacement for, any Solution (“Update”), and as a result of any such deployment you may not be able to use the applicable Solution or Device (or certain functions of the Device) until any such Update is fully installed or activated. Each Update will be deemed to form a part of the Solution for all purposes under this Agreement. Updates may include both additions to, and removals of, any particular features or functionality offered by a Solution or may replace it entirely, and the Vendor at its sole discretion will determine the content, features and functionality of the updated Solution.
In the most general sense, this may indicate that one day an advertising module or another application a user has no need for may appear in their system and everything will be perfectly in line with the terms of the license agreement.
Hold on, you're probably saying, but once the free anti-virus is removed, the agreement becomes null and void, right? Then how can the application persist in a system?
Well, the developer can always claim that this happened because of a technical issue and that the agreement terms users accept during installation gives the company this right. Under the agreement, the company doesn’t have to explain anything to users and can't be held accountable by them.
Read the agreement carefully, and you'll understand that in fact the free anti-virus is not obligated to neutralise malware.
The Anti-virus Times recommends
Developing an anti-virus is a complex and expensive process involving a multitude of people. The time when a talented programmer could singlehandedly write an anti-virus program is long gone. Naturally, anti-virus companies look for funding sources to maintain and further develop their products.
That's why one way or another users have to pay for an anti-virus, if not with money then by viewing ads or providing valuable data. But, in the case of free anti-viruses, you may never learn the actual price you’re paying for your “anti-virus security”.