[German]Mozilla developers have blocked (removed) AVG and AVAST antivirus addons in Firefox from Mozilla addon store. The probable reason: The addons of this provider (AVAST) must have passed on private data. Addenum: A statement from AVAST has been added.
But when I installed Firefox and I wanted to install the avast passwords addon I couldn't find it. I tried to find it in the addon 'market' in firefox and I also tried to install it from the avast passwords, but if I click on 'Install avast passwords in firefox' it takes me to the chrome addon site. I tried to find it from other sites, but I can't. While it is possible to disable the extension in Firefox's Add-ons Manager, there is no option to remove it completely from the browser. The extension won't be loaded if you hit the disable button, and while you should see improvements right away, you may want to remove the extension completely from the Firefox web browser if you do not plan on using it ever again.
I have already been informed about the topic by Ralf within this German comment (thanks for that) – but had already read it in the following tweet by Martin Brinkmann (ghacks).
Mozilla removes all Avast Firefox extensions #mozilla#firefox#avasthttps://t.co/bbTkx74trfpic.twitter.com/pUoG84bkof
— ghacksnews (@ghacks) December 3, 2019
Martin Brinkmann reported that when searching the official Mozilla Add-ons website for Avast or AVG, no results were found. Neither Avast Online Security nor SafePrice nor AVG Online Security or SafePrice are currently offered as extensions in the shop. Whoever knows the direct links of the addons and calls them will get an error message “Oops! We can’t find this page”. Mozilla has removed these extensions from its store.
Since the extensions did not end up on a black list through Mozilla, the question arises as to the background. Brinkmann and heise suspect that it might have to do with an article by Wladimir Palant. Palant is the founder of Adblock-Plus. He had documented in October 2018 that AVAST antivirus products were spying on users.
Responsible for that is the Avast Online Security Extension, which recommends AVAST and AVG products to users for installation in the browser to ensure maximum protection. Palant discovered that the Avast extension sent data to the manufacturer’s server, which provided Avast with browser history information. The same is true for AVG (which is part of AVAST). According to Palant, the data transmitted by the browser extension exceeded the required level for the feature.
The information provided included the URL of the page visited, the page title and the referrer. This means that AVAST was informed about the surfing behaviour of millions of users. German site points out here that AVAST’s privacy declaration confirms that the “clickstream data” collected would be pseudonymised and anonymised. This data would then be used for “cross-product direct marketing”.
It’s still all speculation, because there’s no official statement. But the following links show that AVAST caused some additional trouble with Firefox. Maybe there were several reasons to take the extensions out of the store.
Addenum: Statement from AVAST
In the meantime, AVAST has issued a statement below, which reveals the reasons why the addons are gone.
“We have offered our Avast Online Security and SafePrice browser extensions for many years through the Mozilla store. Mozilla has recently updated its store policy and we are liaising with them in order to make the necessary adjustments to our extensions to align with new requirements. The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks. It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user’s identification.
We have already implemented some of Mozilla’s new requirements and will release further updated versions that are fully compliant and transparent per the new requirements. These will be available as usual in the Mozilla store in the near future.”
I simply put here in the original version for informational purposes. They claim, that the addons are back soon.
Palant: McAfee Web Protection ineffective
Some people rely on Kaspersky, AVAST, McAfee, and use their browser add-ons to have better protection. It’s usually snake oil, which doesn’t really help and may harm (as shown above). Since it’s convenient, I had another tab open with the following tweet by Wladimir Palant:
My first article on #McAfee antivirus, detailing a bunch of issues rendering its web protection component ineffective. There will be more interesting findings to publish later. #infosec#appsec#antivirushttps://t.co/DDGs8njRPI
— Yellow Flag (@WPalant) December 2, 2019
Vendors of browser extension claim that they protect against online threats. They have some pretty big challenges to overcome. They need to be better than the malware and phishing protection built into the browser, not an easy task. In fact, McAfee WebAdvisor “blocks” malicious websites after they’ve started loading, which is not optimal, but more typical of this type of extension.
Palantir found three problems in implementing McAfee WebAdvisor 6.0 that make protection far less reliable than it should be. In the linked article, Palant points out that McAfee Web Protection can be bypassed and is therefore ineffectual-you can omit it right away, so there’s no additional problem.
Similar articles:
Firefox 65 for Windows: Issues with AVAST/AVG Antivirus
Firefox 67.0.2 loses passwords; blame AVG antivirus
Issues with Avast v18.6.2349 in Windows
Advertising
Mozilla Firefox extensions created by Avast have been removed from the available add-ons listed within the browser's extensions management UI and Firefox website. GHacks reports that existing add-ons, that many people might already use to extend Firefox security, are no longer listed but are still functioning for those that have previously download them.
Particular extensions that appear to have been zapped include; Avast Online Security, Avast SafePrice, AVG Online Security, and AVG SafePrice. Trying to reach the web pages for these Firefox browser add-ons results in an 'Oops! We can't find that page,' response at the time of writing. For an example, try and reach the AVG SafePrice page now.
Avast Password Firefox Addons
Curiously the affected extensions are not on an official Mozilla add-ons blacklist, which would be the usual case. This is why the extensions are still operable, if already owned and downloaded. It is noted, that Mozilla updated its blacklist as recently as yesterday and no Avast / AVG extensions are on it.
However, an analysis of Avast extensions was published in late October 2018 by the creator of AdBlock Plus, Wladimir Palant, and this might provide a 'smoking gun'. Palant discovered that Avast extensions were sending data back containing browsing history - which is somewhat beyond their remit, and provided some details of this over-reaching on his person blog.
'The data collected here goes far beyond merely exposing the sites that you visit and your search history,' declared Palant. 'Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behaviour: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.' Additionally the AdBlock Plus creator concludes that Avast's over-reach is by design not by oversight.
The Avast extensions are still available for Chrome users
Firefox Add-ons Downloads
So, what is happening right now with the Avast extensions for Firefox apparently in limbo? Palant Tweeted yesterday that 'Mozilla is still talking with Avast ,' about the four extensions currently missing from the add-ons store.