Download: avc_datasending_2014_en.pdf (via PC Pro)

What Does Your Security Suite Know About You?
You installed that security suite to protect your computer, and your privacy, but just what is it reporting to its maker? Could your suite itself be a security risk? A pair of German computer magazines commissioned AV-Comparatives to find out. Their results are now publicly available, and the report makes interesting reading.

Data Sources
To start, the researchers loaded 21 popular security suites onto test PCs and analyzed their network traffic, looking at just what data was sent. The report notes that "in some cases" the data was encrypted, so they couldn't read it. That's as it should be, but it implies that in other cases the data was not encrypted. Alas, the report doesn't identify which those were.

They also perused the End User License Agreement (EULA) and privacy policy supplied with each product. These documents should spell out exactly what data the program may send back to its maker.

As a final step, they sent a detailed questionnaire to each vendor, though they gave the other two data sources more weight than the results of the questionnaire. The report notes that in some cases the vendors didn't answer particular questions, for various reasons. "We understand that too much transparency might be useful for criminals," noted the report. "We thus accept that vendors cannot provide us with any information that could compromise security." (Source)