What we found
Avast / AVG: FAvast was installed on 435 million devices as antivirus protection.
FTC: Avast sold 8 petabytes of browsing data from 435M+ users through Jumpshot to 100+ companies (Google, Microsoft, Pepsi). Every click, search, purchase with unique identifiers. $16.5M fine, 20-year compliance order.
Kaspersky: FIn 2017, Israeli intelligence tipped off the NSA that Russian intelligence was using Kaspersky antivirus to search for classified documents on US government ...
US Commerce Dept ban (June 2024): 'unacceptable risk to national security.' Russian law compels FSB cooperation. NSA files exfiltrated via Kaspersky (2017). Three entities on Entity List for 'cooperation with Russian military and intelligence.'
Norton 360: FNorton installed a crypto miner that used your electricity, kept 15% of earnings, and was nearly impossible to remove.
Bundled NCrypt.exe crypto miner using GPU/CPU and electricity. Installed automatically, 15% pool fee (vs 1-2% standard). Users lost money. Cannot uninstall without disabling tamper protection. Antivirus installing resource-consuming profit software is malware behavior.
McAfee Total Protection: DThe US government fined McAfee $50 million for making it so hard to cancel that the FTC called it deception.
The FTC ordered McAfee to pay $50 million (2023) for using dark patterns to trap consumers in auto-renewing subscriptions. Pre-checked boxes enrolled users without clear consent. Cancellation required navigating multiple screens, retention offers, and sometimes phone calls during limited hours. The FTC said McAfee "used the guise of protecting consumers to enrich itself through deception."
Windows Defender: DDefender sends every website and download to Microsoft -- the first company in the NSA's PRISM program, with 801 advertising partners.
Every URL and file hash sent to Microsoft. PRISM participant since 2007. 801 ad partners (Outlook). URLs can contain personal info. Different collection in EU vs elsewhere.