Problems accumulate in Avast and AVG antivirus. Alleged spy cases detected in the first weeks of the year are still going on, and many are searching for alternatives to Avast for their computers. Now things got worse, as more problems were discovered for the reputation of this company. In this case, there are problems with AntiTrack, which is complementary to the free antivirus from Avast and AVG. Although it was designed to protect our privacy, it appears that it was doing the opposite.


The security company tried to calm things down with the launch of the free version Avast Free Antivirus 2020. This new version contains new privacy settings, in addition to not installing browser extensions automatically. The enhanced privacy section allows you to disable personal data collection, although it is something that is enabled by default.

David Eade has released a security report regarding the vulnerability in Avast and AVG AntiTrack, which opens the computer to attacks called Man-in-The-Middle (MiTM) and data theft. This affects all versions before Avast AntiTrack 1.5.1.172 and AVG AntiTrack 2.0.0.178. Attackers do not need difficulties to exploit the vulnerability, nor do they need special software.

Avast and AVG are designed to block ad tracking and prevent user monitoring. You can try it for free, although the annual rate is 49.99 € per year. According to Avast, it will allow us to know if they are tracking us at all times, keeping our identity confidential, and avoiding personalized ads.

The problem now is that he appears to be not doing his job properly, as he allows Mi-Center attacks. The second problem, according to this security researcher, is that it "lowers" the security protocols in the browser to TLS 1.0. Even if the web server supports TLS 1.2, this program will ignore it and use TLS 1.0.

The third problem is that it fails to protect session keys. In the case of Internet Explorer and Edge, the security researcher explains that he "ignores new security measures in favor of legacy encryption operations that are considered unsafe today." An attacker with malware could steal victim's HTTPS traffic and even copy cookies.

The issue is fixed in Avast AntiTrack versions 1.5.1.172 and AVG AntiTrack 2.0.0.178, so all users will have to update to avoid these vulnerabilities. David Eade confirms that Avast reported this vulnerability on August 7, 2019, but was not resolved until March 9, 2020.