Now part of the multinational company Gen Digital, Avast has reputation for making effective security solutions to combat viruses and other threats. But how safe and reliable are they? In this post we examine why some users are suspicious of Avast, and whether you can still trust this developer’s products.
Is Avast safe?
Avast solutions are popular with millions of users worldwide. Independent experts rate them highly too: in the SE Labs test for Q2 2022, for instance, Avast software detected 98% of threats — only slightly worse than both Kaspersky and McAfee, which shared the top spot (100% of threats). That said, over the years Avast has had its fair share of unpleasant incidents, which make many users and experts question how safe their products really are.
Avast security issues
Avast has let its users down many a time. In 2017, more than two million people downloaded a malware-infected version of CCleaner — one of the company’s solutions.
Even more unfortunate for Avast was 2019. That year, the company reported that its internal network had been compromised by intruders, whose goal was most likely gaining access to that selfsame CCleaner. But the company’s problems in 2019 didn’t end there. A short while later, independent experts revealed that Avast browser extensions collect users’ data without their knowledge — far more than is necessary for protection.
And in the beginning of 2020 it was reported that Avast was sharing users’ data with its subsidiary, Jumpshot, which then sold it to large corporations.
To work effectively, antivirus software needs full access to the given device and its operating system (otherwise it cannot detect and neutralize viruses and other threats). It also has to be in constant contact with the servers to keep the databases up to date. Thus, when choosing an antivirus, it’s important to pay attention to its reputation.
Once installed, Avast has access to huge amounts of user data. And while to date there’s no evidence of unscrupulous behavior on the company’s part or insecurity of its products, more than a few incidents over the years may make users wonder if Avast solutions can be trusted.
Malicious code in CCleaner
In July 2017, Avast bought the British company Piriform, developer of the above-mentioned CCleaner — a popular PC optimization and maintenance solution with a total of two billion downloads (as of 2016).
Shortly afterward, on August 15 and 24, new versions of the product were released: CCleaner 5.33.6162 and CCleaner Cloud 184.108.40.20691. And as early as September, Cisco Talos and Morphisec experts found malicious code in the installers of this software. The infected solutions were signed with valid digital certificates and hosted directly on the official CCleaner server.
Further investigation showed the attack to be sophisticated, and consisting of at least three stages. In stage one, the infected CCleaner was downloaded by more than two million users. Next, a script running on the command-and-control server selected devices with domain names that suggested their owners work for large IT companies. This way, in stage two, 40 computers were selected. From these 40 devices, the cybercriminals (probably manually this time) picked out the four targets of most interest to them.
Stage three: on these four devices they then installed a modified version of ShadowPad. This malware covertly gave the attackers remote control over their victims’ devices. Experts later suggested that the Chinese group Axiom (aka APT17) was behind the attack.
What’s important to mention is that the first traces of cybercriminal activity on Piriform’s servers date back to April 2017, three months before it was acquired by Avast. After the attack was detected, Avast promptly released an update for the utility, revoked the malicious version’s certificate, and contacted everyone affected by stage two of the attack.
Attack through a neglected VPN
In May 2019, unknown criminals infiltrated Avast’s internal network using a temporary VPN profile that didn’t have two-factor authentication. Four months later, Avast’s experts detected suspicious activity in the corporate network and sounded the alarm.
The company immediately contacted law enforcement and launched an investigation. It was revealed that the cybercriminals had tried to connect to the company’s network through a VPN using the (presumably stolen) credentials of different users. The compromised account that eventually delivered access to the network lacked domain administrator privileges, but the intruders were able to elevate their rights to that level.
On the back of the investigation, Avast pointed the finger at CCleaner as the likely target — as it had been two years earlier. And it turned out that the repeat attack had been made possible by the temporary VPN profile having been “left active by mistake”.
Avast suspended the release of CCleaner updates after detection of the attack. A little less than a month later, the company released a “clean” update of the solution signed with a new certificate, and revoked the certificate used for signing previous versions. Avast claims that no harm was caused to users as a result of the incident.
Overly curious extensions
Unfortunately, Avast has suffered some unpleasant incidents in relation not only to security, but also to user data privacy. In 2019, cybersecurity expert Vladimir Palant argued that Avast Online Security, Avast SafePrice, as well as AVG Online Security and AVG SafePrice extensions (made by another Czech antivirus developer bought by Avast several years earlier) collect and forward to the company’s servers volumes of data about users’ online activity that were clearly way over and above what is needed.
The information collected by the company was sufficient to determine which sites users visited and what they searched for online. Palant also reported that this data could be used to establish how much time users spent viewing a site, what they clicked on, and when they switched to another browser window.
Palant’s revelation provoked much public outcry, leading to Avast extensions being removed from the Chrome, Opera, and Firefox official stores as a result. However, after the company started warning users about its data harvesting, and significantly reduced the amount of information it collected, Avast extensions were allowed back into the stores.
Sale of user data
In early 2020, Avast found itself at the heart of another scandal related to user data privacy. This time, a joint investigation by PCMag and Motherboard based on documents leaked online accused Avast of harvesting users’ browser history and selling it on to large corporations through its subsidiary Jumpshot.
The “user dossiers” seen by PC Mag and Motherboard included:
- Google search history;
- Google Maps search history (locations, GPS coordinates);
- YouTube videos;
- Porn site visits.
Also the date and time of users’ visits to sites like YouPorn and PornHub could be determined using the collected data, and in some cases even search-keywords and videos watched.
PC Mag noted that the collected data contained neither names, e-mails, nor IP addresses. However, each user was assigned an ID, which was retained until Avast was removed from their device. Armed with this ID and the data sold by Jumpshot, large corporations like Amazon could easily de-anonymize users.
What is Avast Premium Antivirus?
Avast Premium Antivirus is a cybersecurity solution developed by Avast, which is headquartered in Prague, the Czech Republic. As the name would suggest, Avast Premium Antivirus offers users protection against viruses, as well as all-round security. Avast Premium Antivirus is designed to remove malware, defend against ransomware, and block hacking attempts on Windows, Mac, Android, and iOS devices.
Avast was founded in 1988 in Czechoslovakia by Pavel Baudiš and Eduard Kučera. Over its 30-year-plus history, it has grown into one of the largest players in the antivirus market. Avast solutions regularly receive awards from independent industry expert companies.
Avast at a glance:
|Industry||Information technology, antivirus software|
|Founded||Prague, Czechoslovakia, 1988|
|Notable products||Avast Free Antivirus
Avast Premium Antivirus
|Historical events||1991 — The company Awil is transformed from a cooperative into a partnership
2010 — Awil is renamed Avast
2016 — Avast acquires AVG
2017 — Avast acquires Piriform (developer of CCleaner)
2018 — Avast floats on the London Stock Exchange
2022 — Avast merges with NortonLifeLock
Can Avast be trusted?
Avast products are generally held in high esteem: they perform well in independent tests and effectively neutralize threats. Unfortunately, however, a string of unpleasant incidents has left a question mark hanging over the company. Some experts have even gone so far as to stop recommending it.
For its part, Avast has stated that all the above-mentioned issues have been fixed. Currently there’s no information of any security risk associated with use of its products.
However, if you’re not quite ready to take a leap of faith, you could always choose a top-quality alternative — for example, from Kaspersky, a company with deep understanding of the current cybersecurity landscape.
Choose security software you can truly trust
Kaspersky has always championed cybersecurity without borders. Our products detect and neutralize threats of any origin. Kaspersky experts continuously monitor the security landscape, find and investigate new threats, and share their findings with clients and competitors alike.
We do not collect user data beyond what is necessary for protection. As part of our Global Transparency Initiative, Kaspersky has opened a network of Transparency Centers to provide partners and clients with information about how we handle user data. The Centers also allow our partners and clients to verify that Kaspersky solutions contain no hidden or malicious functionality.
Kaspersky products regularly take first place in independent tests. More than 400 million users and counting place their trust in us, and numerous independent audits continue to prove the effectiveness of our solutions against all kinds of threats.