AV Comparatives analysis of Data Transmission of security products

Martin Brinkmann
May 3, 2014

If you are running antivirus software on your system, or another type of security software, chance is good that quite a bit of data is transmitted from your system to Internet servers.

A recent AV Comparatives study reveals that products from all companies selected for the test transmit data to the Internet. Selected for the test were companies like Avira, AVG, Kaspersky, Symantec or Bitdefender.

That's not really something to worry about though without further analysis of the data that is transmitted. Considering that data needs to be transmitted for proper functionality of the program, for instance when urls need to be checked as part of a product's web protection module, it does not cut it to simply state that any data transmission is bad.

The study, which you can download as a pdf document on this page, goes further than that. Each vendor was asked to fill out a survey. In addition to that, network traffic was recorded and analyzed by AV Comparatives.

The questions were divided into the five groups:

  1. Product information: Are the product version and license information, a unique identifier, and statistical information transmitted?
  2. Machine information: Are the operating system version, computer name, display resolution, local IP address, running processes, hardware, third-party application information, or event / error logs transmitted?
  3. Personal information: Are visited urls (malicious and non-malicious), referrer, country or region of the operating system, language of the system, or Windows username transmitted?
  4. File related information: Are file hashes or parts of files transmitted?Are the detection name, file name and path transmitted? Are executable files and non-executable files transmitted if they are "suspicious? Can users opt-out of sending files.
  5. General: Use of silent detections, special update deliveries to users with specific IDs, and jurisdiction of data storage.

While some information need to be transmitted as mentioned earlier, others may not, especially if there is no opt-out option available. Avast transmits the local IP address and event- or error-logs for example, Bitdefender the Windows username and hardware information, and Kaspersky non-executable files (but with option to opt-out).

AV Comparatives did not include questions about data retention which is unfortunate. Some companies may use the transmitted data only to determine the correct course of action, while others may save it for a period of time or maybe even forever.

The organization suggests that users only download and install products of reputable companies, and that they read the End User Agreements before they do. While that is the reasonable thing to do, it is not done by the vast majority of users as it takes time and research to understand the legal speak.

Good programs should not only disclose that sensitive data may be transmitted, but also offer opt-out options or make those features opt-in from the start.

What about security software that you have installed on your system? Do you know which data it submits?

AV Comparatives analysis of Data Transmission of security products
Article Name
AV Comparatives analysis of Data Transmission of security products
A detailed analysis of security companies and the data their products transmit.

Previous Post: «
Next Post: «


  1. Hy said on May 5, 2014 at 7:06 am

    Thanks for this, Martin! The comparison chart from the study in the pdf linked to above is an excellent resource. I would have never come across this on my own. Thanks again!

    I am not aware of any, but it would be nice to have a similar chart for people to consult which contained the responses (or non-responses) of the AV companies surveyed at the end of last year by Bits of Freedom: https://www.bof.nl/2013/10/25/experts-call-upon-the-vendors-of-antivirus-software-for-transparency/

    @BMO: I completely agree. I used to have a small program that scrambled/anonymized Windows identifiers/numbers. I’m on a new machine now and I looked today but could not find it. If anyone is aware of something like this, perhaps they could post a link here.

  2. Nebulus said on May 4, 2014 at 11:56 am

    I really dislike when security vendors are collecting all kinds of information from the users. It usually has nothing to do with the real functionality of that software and it is only a data collection procedure in disguise. Of course, all in the name of creating better protection mechanisms…

    I remember that a few years ago, when this big data craze didn’t start yet, the AV producers were perfectly capable of doing their job without all sorts of information collected from the users. At most they would ask you for a sample of a virus/trojan/malware/etc., but that was all.

  3. BMO said on May 4, 2014 at 6:38 am

    This all kinda makes me wish that there was an XPrivacy tool for computers that was as easy to use as it is on Android. You know, randomizing the really important identifiers at every boot and such. Am I right? Wrong? It just seems like there wouldn’t be any privacy concerns if everything you sent, say, Norton, was a bunch of scrambled data.

  4. Dave said on May 3, 2014 at 10:39 pm

    I use MSE. But on Windows 8, Windows Defender deleted a program because it was classed as a hacktool. I think it’s wrong that Microsoft has this category in its antivirus program. Next thing they’ll be deleting my documents based on content.

    It was actually a hacktool for rooting a phone, but that’s entirely legit (except in America)

    1. Hy said on May 5, 2014 at 7:25 am

      MSE and most MS products are the real hacktools, I’m sorry to say…

  5. People said on May 3, 2014 at 9:06 pm

    People are willingly giving up their privacy for protection. Thousands of big brothers are collecting peoples private data only to be used in thousands of unknown ways. Raising awareness about this problem is a great help Martin!

  6. Dimitri said on May 3, 2014 at 5:55 pm

    ” That’s not really something to worry about though without further analysis of the data that is transmitted. ”


    Quite wrong — it is absolutely ‘something to worry about’ right now !

    Users can never know the full extent of data collection from their computers by these security programs.

    Even the admitted collection/transmission of user general metadata is extremely intrusive and unnecessary for routine security scans/fixes of user PC’s. Thus, the true motives of these security-software companies are highly suspect.

    Users need a genuine opt-out capability — so that the security-software will never (under any circumstances) connect to the internet…. except with specific, manual authorization by the user.
    Manual updates to the security-software must be available as totally separate internet downloads, not requiring the main program at all for download. (many security programs used to operate this way; some still do)

    Mainstream security-software (especially the free stuff) is morphing into spyware, for commercial purposes. Be extremely careful and skeptical.

  7. steven said on May 3, 2014 at 5:53 pm

    from mentioned pdf: “In some cases, this was encrypted, and so we were unable to read it.” encryption is good but in this case performed audit might be more than inacurate.

  8. steven said on May 3, 2014 at 5:12 pm

    since effectiveness of any av software is approx 20% that would be all about collecting user data…in short it’s like letting someone you don’t really know browsing your house while you are away. I wonder how many people limit their av to scan only system files and directories or how many people control what leaves their machines while they connected to the internet.

    BTW. I like ghacks.net because you are rising awarness Martin :)

    1. Nebulus said on May 4, 2014 at 11:40 am

      Where did you read that effectiveness of an AV solution is at 20%?

  9. Vishal said on May 3, 2014 at 4:13 pm

    There is a fake/rogue anti-malware called Net Defender and it’s extremely popular in India. A lot of idiots use it just because it is made by Indian company. It is malware in disguise and installs all sorts of fake services. God knows what information it transmits.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.