If a software on Windows 7 has storage access and network access, what prevent it from sending all the files on the computer to a external server?

As the title says, if for example an antivirus send to their server “suspicious” non-executable files (such as documents), and neither ask permission for that from users, what it prevents any other software installed on Windows 7 to send all the files on the computer to their server?

And how to know if a software is sending private files to external servers?

On other operating systems like Android you can see what permissions have every software and restrict it, but on Windows 7 it's like a blind eyes, you install a program and never know what that program could do with your computer.

It's very terrifying to thing about it.

Waiting your replies.

https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/ "You are forced to blindly trust that they don’t send any of your private data files."

Mike

Posted 2019-05-24T14:08:46.643

Reputation: 11

Keep in mind that while that article is technically true, most of the risks are sensationalized; it was written by a developer to promote his own software. The fact is that the major players have discovered that data mining is a source of income. Google knows more about you than you do. Microsoft isn't far behind. Do you shop at Amazon? Same thing. Have a smart appliance in your home? Use a smart phone? There are ways to cut way back on your data mining exposure, but you will pay a price in convenience and access to services. – fixer1234 – 2019-05-24T21:14:17.540

Answers

Indeed there is no way of knowing what an installed program is doing. When a program misbehaves in such a way, we call it "virus". You protect yourself by using an anti-virus product and by yourself watching for unreasonable amount of Internet traffic going on in your computer.

See for example the article Kaspersky Labs: Warning over Russian anti-virus software.
Luckily such cases are very rare.

harrymc

Posted 2019-05-24T14:08:46.643

Reputation: 306 093

If you are interested to see what you PC is sending out, you might want to take a look at Wireshark. Check if you can legally use it in your country and stay within the legal boundaries as you use it.

Some programs will ask you to be installed with administrator privileges. Be careful around them.

Oh, and don't trust the Cloud. You don't need a person wearing a ski mask and a hoodie to steal your stuff if you yourself upload your files to some server for convenience.

As for counter measures:

Encrypt your files. A stolen file that can't be decrypted might not harm you, while unencrypted files could. Consider using Bitlocker if you are on Windows (backup your files before you do, however!)

Delete what you don't need. Data can be used in rather interesting ways.

Consider using maintained Open Source software, if available for the task at hand. While you personally might lack the time or knowledge to check it, there is at least the chance that someone checked the sources. If it is actively maintained, this (or another) someone is working on it. See this page. Money quote:

[...] The rest is about trust as always on the internet.

On a different note, as you mentioned running Windows 7

As Windows 7 is slowly getting older, you might want to consider changing to another OS. While it will receive further updates until the January of 2023 (as stated here, text is in german) for paying customers, you can either upgrade to a newer Windows OS (if you need to run software that is Windows-only) or consider trying something like Linux Mint, which should make the transition between operating systems mostly painless.

Alexander Mayer

Posted 2019-05-24T14:08:46.643

Reputation: 11