Mozilla removes all Avast Firefox extensions
If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results by these companies are returned. Neither Avast Online Security or SafePrice, nor AVG Online Security or SafePrice, are returned by the Store currently even though these extensions exist.
It appears that Mozilla removed these extensions from its Store. When you try to open one of the Store URLs of Avast or AVG extensions you get a "Oops! We can't find that page" error message.
Update: The extensions are available again. Avast provided us with the following statement:
“Privacy is our top priority and the discussion about what is best practice in dealing with data is an ongoing one in the tech industry. We have never compromised on the security or privacy of personal data. We are listening to our users and acknowledge that we need to be more transparent with our users about what data is necessary for our security products to work, and to give them a choice in whether they wish to share their data further and for what purpose. We made changes to our extensions including limiting the use of data and these changes are explained clearly in our Privacy Policy. Our browser extensions Avast Online Security and AVG Online Security are back on the Chrome Store, and on the Mozilla Store (since 12/17). It’s important to us that users understand that we’re listening to concerns about transparency and data use, and striving to do better and lead by example in this area.“
End
The extensions are not blacklisted by Mozilla. Blacklisted extensions are put on a blocklist -- which is publicly available here -- and removed from user browsers as a consequence.
Update: Avast provided the following statement:
We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user's identification.
We have already implemented some of Mozilla's new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.
Avast and AVG extensions have been removed but are not blocked which means that the extensions remain installed in Firefox browsers for the time being.
Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent, but Avast's extensions are not on the list.
What happened?
Wladimir Palant, creator of AdBlock Plus, published an analysis of Avast extensions in late October 2019 on his personal site. He discovered that Avast's extension transmitted data to Avast that provided Avast with browsing history information. The data that the extension submits exceeded what is necessary to function according to Palant.
The extensions include the full address of the page, the page title, referer, and other data in the request. Data is submitted when pages are opened but also when tabs are switched. On search pages, every single link on the page is submitted as well.
The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.
Palant concluded that the collecting of data was not an oversight. The company states in its privacy policy that it uses anonymized Clickstream Data for "cross-product direct marketing, cross-product development, and third-party trend analytics.
Mozilla is in talks with Avast currently according to Wladimir Palant. Possible scenarios are that Mozilla will add the extensions to the blocklist that it maintains or will request that Avast makes changes to the extensions before they are reinstated.
The extensions are still available for Google Chrome at the time of writing.
Though the Avast extension might be malicious, this is not a reason to remove it from the store. The users should have a choice to install whichever extensions they want to. Mozilla is the bigger evil here.
@RobinHood: Though the Avast extension might be malicious, this is not a reason to remove it from the store. The users should have a choice to install whichever extensions they want to. Mozilla is the bigger evil here.
That claim is ridiculous.
Everything is clearly stated in “Add-on Policiesâ€.
If the extension (add-on) does not pass it, it will not be registered on the Mozilla Add-ons site.
In addition, if a violation is found or a suspicion is found, the registration will be cancelled.
That is the rule (Promise, Regulations). If miss an injustice that is out of the rule, “evil†will sprout and grow.
Preventing diffusion of “Malicious†are public morality.
Anarchy (disorder) becomes chaos, threatens safety and morality and causes devastation.
To maintain morality, the rule of law is important.
Add-on Policies – Mozilla | MDN | Extension Workshop
https://extensionworkshop.com/documentation/publish/add-on-policies/
Publish: Add-on Policies
Add-ons extend the core capabilities of Firefox, enabling users to modify and personalize their web experience. A healthy ecosystem, built on trust, is vital for developers to be successful and users to feel safe making Firefox their own. For these reasons, Mozilla requires all add-ons to comply with the following policies on acceptable practices. These policies are not intended to serve as legal advice, nor as a comprehensive list of terms to include in your add-on’s privacy policy.
All add-ons are subject to these policies, regardless of how they are distributed. When an add-on is given human review or otherwise assessed by Mozilla, these policies act as guiding principles for those reviews. Add-ons that do not comply with these policies may be rejected or disabled by Mozilla. Therefore, follow these policies when making add-on design and development decisions.
Add-ons/Reviewers/Guide/Reviewing | MozillaWiki
https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing
Case A. About “malicious serious incidents, such as a trick”:
It is time to get rid of Stylish | gHacks Tech News
https://www.ghacks.net/2018/07/03/it-is-time-to-get-rid-of-stylish/
Stylus sees large user increase after Stylish removal | gHacks Tech News
https://www.ghacks.net/2018/07/09/stylus-sees-large-user-increase-after-stylish-removal/
Case B.
A wave of malware add-ons hit the Mozilla Firefox Extensions Store | gHacks Tech News
https://www.ghacks.net/2019/05/29/another-malware-wave-hit-the-mozilla-firefox-extensions-store/
Mozilla’s AMO Extensions store has a spam infestation problem | gHacks Tech News
https://www.ghacks.net/2017/12/13/mozillas-extensions-store-has-a-spam-infestation/
Another wave of spam add-ons hits Mozilla Firefox AMO | gHacks Tech News
https://www.ghacks.net/2018/04/09/another-wave-of-spam-add-ons-hits-mozilla-firefox-amo/
Another Chrome extension horror story: coinhive and domain registration | gHacks Tech News
https://www.ghacks.net/2017/10/15/another-chrome-extension-horror-story-coinhive-and-domain-registration/
Google’s bad track record of malicious Chrome extensions continues | gHacks Tech News
https://www.ghacks.net/2018/05/11/googles-bad-track-record-of-malicious-chrome-extensions-continues/
Malicious Chrome extensions with Session Replay appear in Chrome Store | gHacks Tech News
https://www.ghacks.net/2018/02/05/malicious-chrome-extensions-with-session-replay-appear-in-chrome-store/
Case C.
Mozilla bans all extensions that execute remote code | gHacks Tech News
https://www.ghacks.net/2019/11/05/mozilla-bans-all-extensions-that-execute-remote-code/
Why Firefox Had to Kill Your Favorite Extension | How-To Geek
https://www.howtogeek.com/333230/why-firefox-had-to-kill-your-favorite-extension/
Google finds AVG Chrome extension to bypass malware checks, possibly exposing browsing data | http://www.neowin.net
https://www.neowin.net/news/google-finds-avg-chrome-extension-to-bypass-malware-checks-possibly-exposing-browsing-data
AVG’s extension is ostensibly designed to provide a search safety tool, but it also captures revenue from routing search queries to its own pages. The company has a history of augmenting its core business of selling anti-malware solutions; a few months ago, AVG updated its privacy policy to allow the company to sell a user’s browsing and search query history to third parties.
Justin Schuh 🤬 (@justinschuh) | nitter.net
https://nitter.net/justinschuh/status/802491391121260544
You misunderstand your own ignorance. AV is my single biggest impediment to shipping a secure browser.
Disable Your Antivirus Software (Except Microsoft’s) | robert.ocallahan.org
https://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html
antivirus software vendors are terrible; don’t buy antivirus software, and uininstall it if you already have it (except, on Windows, for Microsoft’s).
Like to point out that Windows firewall and windows defender can be disabled remotely in about 15 minutes. I have been a long time supporter with AVG since it is light weight and doesn’t try to take over your system like McAfee or Norton. Also I run my browser in private mode and in a virtual instance. I have also taken measure in running a light weight firewall using the Linux distro for Windows.
I could spot avasts shady practices from a mile away, I tested their AV recently and the amount of realtime data streaming to their servers was mesmerizing, so I got rid of their spyware in a heartbeat. Nod32 is the best over all windows AV in terms of privacy, and over all. Its footprint, only 6-10 mb for endpoint security, and currently, 30mb for Internet Security which I am using right now. Which beats even windows defender. As long as you disable realtime cloud-based protection, “web access”, and “phishing protection,” there is nothing sent back to them, and you can rely on your own first party common sense & browser addons ETC. Be sure to disable SSL protection as well. https://security.stackexchange.com/questions/148402/should-antivirus-https-scanning-be-left-on-is-it-secure No other AV has this much fine grained control over individual settings and components.
Glad to see AVG on the quit list. It’s garbage. I don’t like any software that tries to trick users into buying something and AVG is incredibly guilty of that.
The study was released in October 2018. So it took over a year for them to react to this?
He published it in 2019.
I used to use Avast on about 15 systems I was in control of. I used the free version and always made sure the only things installed and allowed were real-time protection, database updates and application updates. Then one day all the machines had several new programs installed, a new default browser, extensions added to other browsers, and various network settings changed. Avast denied they were automatically installing junk and essentially hijacking computers but their forum and numerous other groups exploded with angry users. It was a real eye opener.
They became worse than many adware/spyware programs the supposedly protected you from.
AVG has worked reliably ever since as long as you disabled the extra junk. I may need to take a closer look now that I see this, though.
Well, Avast bought AVG, so both are most likely to have the same issues eventually.
Here is the most interesting part of this story, which no one has commented on:
“The extensions are not blacklisted by Mozilla. Blacklisted extensions are put on a blocklist — which is publicly available here — and removed from user browsers as a consequence.”
And this next bit which is an ‘extension’ of the first (pun intended) :
“Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent…”
So first Mozilla collects data, your data, without notification or consent. Second, there is a blacklist… that automatically and forcefully removes extensions and addons of users clandestinely.
@KillShill:
Here is the most interesting part of this story, which no one has commented on:
Excerpt
“Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent…â€
So first Mozilla collects data, your data, without notification or consent. Second, there is a blacklist… that automatically and forcefully removes extensions and addons of users clandestinely.
You should stop distorted fiction (fake news)!
Everything is clearly in line with “Add-on Policies” and “Add-ons/Reviewers/Guide/Reviewing”.
Add-on Policies | Extension Workshop
https://extensionworkshop.com/documentation/publish/add-on-policies/
Add-ons/Reviewers/Guide/Reviewing | wiki.mozilla.org
https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing
Moreover,
This matter is the result of Wladimir Palant (extension: author of Adblock Plus) reporting to Mozilla.
Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do? |
palant.de
https://palant.de/2019/12/03/mozilla-removes-avast-extensions-from-their-add-on-store-what-will-google-do/
Posted on 2019-12-03 08:47 by Wladimir Palant
Spying on your users is clearly a violation of the terms that both Google and Mozilla make extension developers sign. So yesterday I reported these four extensions to Mozilla and Google. Mozilla immediately disabled the extension listings, so that these extensions can no longer be found on the Mozilla Add-ons site.
Unfounded, hoaxes and sedition act Let’s quit!
It wasn’t Mozilla.It is the extensions by Avast and AVG collecting user data.
Anonymous, oh yes, Mozilla does collect/steal user data. Did you people already forgotten about “[email protected]â€
https://www.ghacks.net/2018/09/21/mozilla-wants-to-estimate-firefoxs-telemetry-off-population/
Your going off topic there,what’s being discussed are the Avast and AVG extensions.
@Douglas Wardle, I totally agree! Especially now, when people are arrested and incarcerated for posting on the internet (internet censorship in places like England, Germany, China, etc.).
@Jonas is wrong, Chrome became the #1 browser partially because Goolag paid security researchers bounties (cash) to ensure Chrome was the most secure browser.
Mozilla wants to do one better – becoming the #1 privacy conscious browser. Goolag can’t compete with Mozilla there, since Goolag is an advertising company that needs to track people on the internet to sell people’s information/data to third-parties (primarily advertising companies, and people who sell products to consumers).
Competing against Goolag Chrome in the arena of privacy, where Goolag cannot compete due to their business model, is smart strategic planning.
It’s not based on fear, it’s based on logic.
Will their decision to become the #1 privacy browser help them regain the marketshare lost over many years to Goolag Chrome? Only time will tell. And it will probably take years (just like losing to Chrome took years).
In the meantime, trying to diversify their revenue stream (or add to their revenue stream) to survive while their strategic plan plays out is a no brainer.
I read an opinion that ad-blocking is the most prolific consumer revolt/boycott in history. More and more people are becoming aware of the extent of data harvesting and doing something about it. It used to be that new software versions were functional improvements. Now the industry is focused on privacy invasion and selling your data. While I can’t forecast the future, I would love to see companies bankrupted or dissolved over privacy issues.
@Douglas Wardle
I boycott most all e-commerce, where I prefer to pay cash at real stores.
If and when I buy something online, I get a friend to order it for me.
I don’t do “social” and I use a dumb phone.
I also use a VPN, passive ad blockers, and a strict popup blocker.
So, my online data is worthless, yet I’m sure they try to gather and sell it anyway.
That said, I’d say the biggest consumer revolt is with pirated media, although that’s more like a steady looting of sorts.
As for privacy issues, users need to understand that these companies (and govs) they trust do and can break the law and get away with it. For example, they can sell a backdoor “vulnerability” to their user data, and after the deed is done, they claim they are a victim of a hack. It’s an old yet clever tactic, used at various levels, such as with Facebook who made such more “accessible” to their “partners”.
Good on Mozilla. Avast has been a dumpster fire for years now.
Reply to Sam and John Fenderson’s posts:
“…Mozilla is a nonprofit only interested in…”
Most (almost all) employees at most organizations, whether “for profit” or “non profit”, are mostly interested in maintaining their jobs, including salaries and perks.
The devs at Mozilla are probably running scared, as Firefox’s market share continues to drop. Their salaries depend on money coming in (mostly from default-search-engine contracts)… and that in turn is dependent on market share. At some point the people who work at Moz will start getting laid off, and that probably drives all their panicky bad moves. All their talk about “privacy” or “mission statements” etc. are mostly just public-relations baloney.
Do your own filtering with a custom HOSTS file. You can get a good one at http://winhelp2002.mvps.org/hosts.htm
Good. Their AV started behaving like adware and spyware long ago, and it’s been allowed for far too long. How people can just accept an anti-virus that behaves like malware itself is beyond me, but it happens all the time. Even in these comments, people are complaining about how horrible Mozilla is for doing this, despite the article spelling out for them how much personal information these add-ons were vacuuming.
Good because avast has become spyware as far as I’m concerned. Even if you tell is NOT to install certain aspects of the program including the extension it does so anyways.
Also to the guy up above saying how windows defender only looks good because other software is bad…you couldn’t be more wrong.
First off defender uses essentially no resources unlike every other av package which always slows a system down. More importantly it is actually more accurate than just about anything else and it has zero bloat. It also has mitigation techniques that other av software can’t use because it’s tied into the windows kernel.
Enough of this Microsoft bad crap. 99% of it is based on clickbait stories and misinformation. Yes there have been a couple bad patches…it happens. Also those patches only effected about 5% of the many millions of systems running win10 and they were fixed pretty quickly.
d0x360, What do you use to mitigate Microcrap’s key loggers, backdoors and other junk ? I know, I know you probably have nothing to hide, right ? This is why we are currently in this mess with company’s doing the crap they’re doing. I’ll stop staying Microcrap is bad when they get their sh*t together… Until then, no thanks. Even their Enterprise edition is a major risk. Run to Linux, fast (They’re trying to weasel into Linux ) ! Plenty of non clickbait info out there about all of this.
This is exactly why I don’t use Firefox anymore. First, they got rid of AdBlock, then this.
Firefox promotes adblockers, specifically uBlock Origin, and has just removed an add-on that invades your privacy. Are you being ignorant on purpose?
I’m guessing you’re trolling but I’ll give it a chance you’re not, it’s the exact opposite situation. They removed these extensions because they weren’t protecting you and in fact spying on you, as well as transmitting loads of data about your browsing to god-knows-where.
There are still plenty of adblockers on Firefox, iirc the one you’re talking about they removed because it was revealed the maker was offering a whitelisting service where advertisers could pay to be added to a universal whitelist in the extension. Either that or it was one of the many fake Adblockers that replaced ads with ads that gave them money instead.
ublock origin is still by far the best adblocker and is fully featured on Firefox, something you can’t say about the chrome versions, where google has crippled adblockers by reducing their functionality, something they are looking into limiting further.
I would suggest re-researching firefox, it seems you’ve misunderstood some of their decisions and got the exact opposite takeaway that you should of. It’s important to remember at the end of the day, Mozilla is a Non-profit only interested in satisfying their users, and Google is a for-profit Advertising and data collection company worried about profits.
@Sam: ” It’s important to remember at the end of the day, Mozilla is a Non-profit only interested in satisfying their users”
Mozilla is a nonprofit only interested in satisfying a certain demographic. There are a lot of people that Mozilla has made a business decision to ignore the needs and concerns of.
@Fenderson, another baseless claim against Mozilla. Where’s your proof? Oh, that’s right it’s because Mozilla decided to deprecate their add-on system (based on the architecture setup by the defunct Netscape Navigator, that died circa 1998 when Netscape sold it to AOL) because security researchers have stated that the XUL system was a security risk/vulnerability (see why ActiveX was bad).
BTW, when Quantum arrived (and XUL add-ons were deprecated) I adopted Firefox as my primary browser.
Mozilla is non-profit organization, because a non-profit organizations pay less taxes. The for-profit entity Netscape went belly up in 2003 (realistically, in 1998 when Netscape was sold to AOL), Mozilla is what is left of Netscape Navigator’s heritage. In some industries, it’s better to be a non-profit (pretty much all golf clubs/courses are non-profit for example).
It’s not a “business decision” to jettison an insecure relic for the 1990’s (XUL add-ons) for the modern, secure web extensions that were already being used by the Chrome, the browser with the highest marketshare. It’s a common sense decision. Mozilla’s marketshare had steadily decreased, while Chrome took that marketshare. Goolag paid big “bounties” to security researchers to make Chrome the most secure web browser in the internet (as proven during various Pwn2Own competitions). Naturally, Mozilla wanted to compete with Chrome, but the insecure XUL add-on system was one of the major elements holding them back. So they deprecated XUL add-ons and adopted Goolag’s web extension architecture. Makes perfect sense.
If your too much of a dinosaur to appreciate that, then too bad for you.
@notanon:
My proof is in the modern builds of Firefox and Mozilla’s response to criticisms of it. Their response is pretty overtly that they don’t really care about Mozilla’s old userbase because they’re trying to attract Chrome users. That’s a valid business decision.
“it’s because Mozilla decided to deprecate their add-on system”
No, it’s not. It’s because in the course of doing that, they eliminated functionality that was important to some people. They could have rolled out the new system without doing that. Also, that’s not the only reason — there are numerous others that are unrelated to that.
However, again, I’m not saying Firefox is bad. I’m saying that they have decided to address a specific demographic.
“If your too much of a dinosaur to appreciate that, then too bad for you.”
Insults only undermine your points.
@Fenderson, XUL add-ons are dead, get over it.
BTW, that “functionality” is why XUL add-on were a SECURITY VULNERABILITY/RISK in the first place, so you clearly didn’t understand what Mozilla has been trying to tell you XUL add-on trolls for YEARS.
But whatever, cry about Mozilla “not listening” to you, when, in reality, you’re too dense to realize that you haven’t been “listening” to Mozilla.
Let me refresh your memory (or maybe you didn’t even know about it), here what happened in 2016, when Firefox used XUL add-ons.
“NoScript and other popular Firefox add-ons open millions to new attack”
https://arstechnica.com/information-technology/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
That’s the reason why Firefox deprecated XUL add-ons, that’s why you lost your “functionality”, because that “functionality” due to Netscape’s old XUL add-on architecture allowed Firefox to be hacked through their add-ons, which security researchers almost never audited.
Chrome didn’t have to worry about this happening to them, because they used web extensions, that didn’t allow hackers the resources to hack Chrome through their web extensions.
Mozilla, who knew about the security vulnerability for years, but were reluctant to deprecate XUL add-ons had finally had enough, and deprecated XUL add-ons for web extensions shortly after this debacle.
So keep blaming Mozilla. [Editor: please stay polite]
@notanon: “XUL add-ons are dead, get over it.”
This comment implies that I didn’t make myself clear enough. I don’t have an issue with XUL add-ons going away. I have an issue with the reduction in functionality that happened alongside that.
“that “functionality†is why XUL add-on were a SECURITY VULNERABILITY/RISK in the first place”
Perhaps, but it should be my decision about whether or not I’m willing to take that risk. Also, this is a bit of a straw man. The missing functionality could be implemented in a safer way in the new system. It just isn’t.
“But whatever, cry about Mozilla “not listening†to you, when, in reality, you’re too dense to realize that you haven’t been “listening†to Mozilla.”
More insults, and you’re assuming things about me. I’ve been listening to Mozilla very, very closely. I have a long and affectionate relationship with Mozilla.
“So keep blaming Mozilla.”
I find it interesting that you take so much offense to my comments. I’m not bashing or blaming Mozilla. I’m acknowledging the reality of the business decision they’ve made. Again, as I’ve already pointed out a number of times, I consider it a legitimate decision on their part.
That it has made Firefox into a browser that no longer meets my needs is simply a fact that is a side-effect of that decision. I’m continuing to keep tabs of it, though, in case the day comes when it starts meeting my needs.
@Fenderson, you deny bashing Mozilla, but that’s all you’ve posted.
It’s NOT your decision. Car manufacturers don’t sell defective cars, food manufacturers don’t sell any defective produce that can make you sick/kill you, pharmaceutical companies don’t sell defective medication that can kill you. Mozilla is no different. They are NOT going to put out a DEFECTIVE web browser, because it’s YOUR CHOICE, LOL.
It’s NOT your choice, get over yourself.
You’re acting very narcissistic … but it’s Mozilla fault right? It’s Firefox’s fault that you don’t get everything you want in this world. Pathetic.
I don’t have to “assume” anything about you, you’re saying “me, me, me” in every post you make about Firefox.
Fenderson, the world doesn’t revolve around you.
And Mozilla’s going to make decisions you don’t like, because you don’t own Mozilla.
If you want “functionality” make your own browser with all the other but-hurt XUL add-on dinosaur trolls. Good luck, since the last successful company to fork a browser engine is Google (a multi-BILLION dollar multi-national corporation with nearly 100,000 employees).
@notanon: “you deny bashing Mozilla, but that’s all you’ve posted. ”
We very much disagree about what counts as “bashing”, then. Also, I don’t think that you’ve followed my comments here over time. I am not shy about defending Mozilla when they are unfairly criticized, but I am equally not shy about criticizing Mozilla when I think it is legitimate.
“It’s NOT your decision”
Indeed it’s not. I never claimed it was. In fact, I’ve repeated pointed out that Mozilla makes these decisions, and I consider them legitimate.
“If you want “functionality†make your own browser”
I don’t have to. I have completely acceptable alternatives. Not Chrome, by the way. Security issues aside, Chrome also does not meet my needs.
“You’re acting very narcissistic … but it’s Mozilla fault right? It’s Firefox’s fault that you don’t get everything you want in this world. Pathetic”
You are clearly not understanding anything that I’m saying, and keep descending into insults. It’s pointless to continue talking with you.
Brain transplant needed?
Companies insist on proving me right, every da*n time.
Avast is mostly a CPU eating malware. I would recommend to avoid it at all cost, if possible. 😑
Yes like most of antivirus companies including your default enabled Windows Defender, Avast is spyware crap, using scaremonger communication to collect a disproportionate amount of data. I have stopped using proprietary antivirus products, all I have ever seen them do for years is spamming me with ads, spying on me, and once Avast preventing all Windows 10 updates in a way that couldn’t be repaired without using advanced hidden partition editing tools ; all this without *even once* protecting me from the corporate grayware and targeted malware I was infected with.
The problem is that this is a huge hypocrisy from Mozilla that is doing exactly the same, with Google safebrowsing and in other areas. They inform Google of about half of the file downloads of Firefox users by default. This is NOT necessary to accomplish the security goal, this is a design choice to rape privacy.
Using safebrowsing (either Mozilla, Goolag, or Microsoft [SmartScreen]) is making a choice between security vs. privacy.
If it’s more important for you to have privacy (to download all your illegal files) than security than don’t use safebrowsing/SmartScreen.
If it’s more important for you to be protected against (unintentionally or intentionally) websites that serve malware/crypto miners/adware when clicking links on your Goolag/Bing/Duck Duck Go/StartPage search, than use safebrowsing/SmartScreen.
Goolag Safebrowsing, Mozilla Safebrowing. Microsoft SmartScreen need to know about the download file to provide their protection, it’s not malicious (as you insinuate).
Just like i did, some times ago, removed all avast b/s apps…
Needs a class action against these spying thieves.
Not surprised b/c it is Avast. They have been shady for years now. Before it was their shopping extension that spied on you. Then we found out their “secure” browser disabled https encryption for some reason years back and now we have this.
Even paid AV are problematic b/c they tend to be invasive which actually increases potential attack vectors which have been used in targeted attacks.
Seriously no matter what AV you use, disable all addons and man in the middle type web traffic scanning in your AV’s. AV always insert themselves in your traffic to scan for malware and to block urls even with encrypted traffic, but they add another layer of vulnerability b/c they have to inject their own scripts to do it.
Avast is trying hard to make people hate them.
Mozilla “Store” you say?
Hmm..
Regardless, thanks for this news.
Yet another reason to never use anything from evil Avast.
It’s pretty much like a mobile app store now – they strictly control what gets in (which has no relation to whether it’s safe, btw) and can remotely remove or disable your extensions as shown by the great certificate fiasco.
At least Android lets you side load, now that will also disappear if it hasn’t already.
Avast always been the bloatware av ‘solution’. Now that they own avg, you can add avg to that pool of crap. Just avoid this s good you can, the practices are just too shady mho
Ah, they’re killing each other now, these two equally horrible companies. Things just keep getting better!
Wonderful! These days you can’t even trust the anti-virus you pay money for… I literally just got my subscription renewed…
Have you looked into the MITM-Proxy that is called WebShield and part of Avast?
https://forum.avast.com/index.php?topic=229164.0
It even runs when you disable the webshield module!
RAM hook directly changing firefox settings..
For what it’s worth, most AV solutions aren’t necessary with how good Windows Defender is nowadays. It might be a good idea to try to get a refund. Last resort a chargeback if you cite “having extensions” as a critical part of your use case.
That’s hilarious and concerning, but not surprising, that you think Windows Defender actually does a good job. It’s not worth the paper it’s written on, so the speak.
>> Windows Defender is not worth the paper it’s written on, so the speak.
That’s hilarious you think that. See https://www.av-test.org/en/antivirus/home-windows/
@Roger : You are aware of that Windows Defender is linked with a lot of bugs and other security risks ? Why do You think so many around the globe have their computers affected by infections when they only “trust” Windows Defender ?
>> Why do You think so many around the globe have their computers affected by infections when they only “trust†Windows Defender?
Because the weak factor is the human working with the computer, not the software.
It’s not that Windows Defender is so amazing, it’s that all antivirus programs are more or less equally bad. Therefore, if you insist on having a placebo to make you feel better, you’re better off using something that’s shipped with your computer.
Realistically, there’s no substitute for commonsense, safe browsing techniques. Your time is better spent teaching yourself (and your tech-illiterate friends and family) what banner ads not to click on than it is in identifying which of the available AV programs is least terrible.
@foolishgrunt: “It’s not that Windows Defender is so amazing, it’s that all antivirus programs are more or less equally bad.”
I used to work for a major security company that had a mainstream AV product (although I didn’t work on the AV product). I mostly agree with you here. It’s not strictly true — there are a number of AV products that are objectively superior to Defender, but there’s a real question about whether or not the additional protection is actually useful.
“Realistically, there’s no substitute for commonsense, safe browsing techniques.”
If you change this to not be web-specific, then I agree entirely. The problem with AV products is that they are extremely intrusive (they have to be, in order to do their job) and can cause a number of hard-to-diagnose problems.
I’ve not personally used an AV product for about 30 years, and that has never caused a problem for me. However, I’m a few orders of magnitude more cautious than most people: I don’t allow JS to run in my browser, I don’t install or run programs that I have the slightest bit of doubt about, I pay close attention to where the code is coming from, and my network is chock full of various defenses, some of which would notice if malware started trying to phone home.
That said, most people seem to want to be able to be very casual in their computer use and don’t want to have to stay vigilant. Those people should use some sort of AV product.