[German]Mozilla developers have blocked (removed) AVG and AVAST antivirus addons in Firefox from Mozilla addon store. The probable reason: The addons of this provider (AVAST) must have passed on private data. Addenum: A statement from AVAST has been added.
I have already been informed about the topic by Ralf within this German comment (thanks for that) – but had already read it in the following tweet by Martin Brinkmann (ghacks).
— ghacksnews (@ghacks) December 3, 2019
Martin Brinkmann reported that when searching the official Mozilla Add-ons website for Avast or AVG, no results were found. Neither Avast Online Security nor SafePrice nor AVG Online Security or SafePrice are currently offered as extensions in the shop. Whoever knows the direct links of the addons and calls them will get an error message “Oops! We can’t find this page”. Mozilla has removed these extensions from its store.
Since the extensions did not end up on a black list through Mozilla, the question arises as to the background. Brinkmann and heise suspect that it might have to do with an article by Wladimir Palant. Palant is the founder of Adblock-Plus. He had documented in October 2018 that AVAST antivirus products were spying on users.
Responsible for that is the Avast Online Security Extension, which recommends AVAST and AVG products to users for installation in the browser to ensure maximum protection. Palant discovered that the Avast extension sent data to the manufacturer’s server, which provided Avast with browser history information. The same is true for AVG (which is part of AVAST). According to Palant, the data transmitted by the browser extension exceeded the required level for the feature.
The information provided included the URL of the page visited, the page title and the referrer. This means that AVAST was informed about the surfing behaviour of millions of users. German site points out here that AVAST’s privacy declaration confirms that the “clickstream data” collected would be pseudonymised and anonymised. This data would then be used for “cross-product direct marketing”.
It’s still all speculation, because there’s no official statement. But the following links show that AVAST caused some additional trouble with Firefox. Maybe there were several reasons to take the extensions out of the store.
Addenum: Statement from AVAST
In the meantime, AVAST has issued a statement below, which reveals the reasons why the addons are gone.
“We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user’s identification.
We have already implemented some of Mozilla’s new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.”
I simply put here in the original version for informational purposes. They claim, that the addons are back soon.
Palant: McAfee Web Protection ineffective
Some people rely on Kaspersky, AVAST, McAfee, and use their browser add-ons to have better protection. It’s usually snake oil, which doesn’t really help and may harm (as shown above). Since it’s convenient, I had another tab open with the following tweet by Wladimir Palant:
My first article on #McAfee antivirus, detailing a bunch of issues rendering its web protection component ineffective. There will be more interesting findings to publish later. #infosec #appsec #antivirushttps://t.co/DDGs8njRPI
— Yellow Flag (@WPalant) December 2, 2019
Vendors of browser extension claim that they protect against online threats. They have some pretty big challenges to overcome. They need to be better than the malware and phishing protection built into the browser, not an easy task. In fact, McAfee WebAdvisor “blocks” malicious websites after they’ve started loading, which is not optimal, but more typical of this type of extension.
Palantir found three problems in implementing McAfee WebAdvisor 6.0 that make protection far less reliable than it should be. In the linked article, Palant points out that McAfee Web Protection can be bypassed and is therefore ineffectual-you can omit it right away, so there’s no additional problem.