Home Support

AVG Threat Labs - Clean guidelines

AVG AntiVirus protects your PC by detecting and blocking threats. To accurately determine whether a software program is well intended or not, we have created a set of guidelines that describes what we consider to be malicious and potentially unwanted behavior.

Best practices for clean software

Advertising

Must have:

  1. Landing page
    • Clearly identify the product vendor, describe the software functionality, and provide cost information if applicable.
    • Include a list of all bundled software, third-party components/dependencies (for example, monetization engines), plugins, or widgets.
    • Visibly link to the product's EULA and Privacy Policy.
    • Indicate if the software is ad supported, if applicable.
    • Present information in line with industry standards for readability (for example, no green font on a greenish background, and no tiny letters).
  2. Disclosure and consent
    • All app promoting pages must clearly identify the vendor.

Prohibited:

  1. Misleading ads
    • All forms of threatening messages.
    • All forms of deceptive behavior (for example, missing codecs, plugins, vulnerable/infected machine, when unnecessary).
    • All forms of impersonation of system messages (for example, impersonating the Windows user interface, MSFT/Windows logo, etc.), other brands (such as Chrome, Flash, anti-malware, etc.) or web components (for example, download buttons).
    • Displaying multiple 'call to actions' with different wording but leading to the same or a similar action.
    • Advertising a free product for a cost.
  2. Download
    • Auto or direct download from ads is strictly prohibited.
  3. Disclosure and consent
    • Starting the app download or installation process without proper disclosure and user consent is strictly prohibited.

Installation process

Recommended:

  1. Signing software
    • Every executable file should contain a vendor identifier. No specific format is required, but version information is preferred. Alternatively, a plain text description in a custom section is also sufficient.
    • Availability of a digital signature is preferred.
    • If the file is packed, it should have a Taggant.

Must have:

  1. Bundling software
    • All included programs should be legitimate in nature and contain a clear, positive value to the installing user.
    • Each program must be offered on its own offer/install screen with clear information about its functionality, behavior, cost (if applicable) and purpose.
    • Each offer screen must have a clearly labeled skip/decline button or opt-in/opt-out checkbox enabling the user to decline the offer.
    • Each offer screen must have the same wording, 'Call to Action' buttons, navigation style and button placement throughout the installation process.
    • Any software that includes third-party components or software therein must provide appropriate disclosure to end users.
  2. User consent, control, and transparency
    • All disclosure and consent clauses must be unavoidable to end users, must meet industry standards for readability, and must be presented in a language that an ordinary end user comprehends.
    • User consent must be obtained before download/installation of any software.
    • Installer will install only software which the user provided their consent to install.
    • User must be able to stop the installation at any point.
    • Any data acquisition must be made with the end user's consent.
    • Each setup screen must include exit functionality.
    • App installation must not be affected by any user decisions on the offers.
    • The app must disclose to the user the name of the product, identify developer name or brand name of the providing entity, and how to contact this entity.
    • The software's EULA must disclose to the user if and how the app may affect any other programs on the user's PC and settings.
    • It must be clear in which stage the installation currently is and show progress during longer stages (i.e. while copying/downloading files).
  3. Misleading behavior
    • All of the app's functionalities must correlate with the description mentioned in the installation screens.
  4. Update
    • A software updater can only update main application (it must not install any additional software without the user's consent).

Prohibited:

  1. Bundling software
    • Software without offer screens.
    • Any form of promoting exaggerated or false claims about the user's system (health, registry, files, etc.).
  2. User consent, control, and transparency
    • Sell or otherwise share a user's personal identifying information to third parties without the user's explicit consent.
    • Any software must have its own privacy policy to describe its data collection, usage, and sharing practices.
    • Software must not bypass/hack system or other apps' security and consent features (browser hijack, disable notification, etc.).
    • Software must not operate, access any content, or cause the use of a user's PC without prior informed consent (i.e. operate BitCoin miners).
    • Software must not redirect/block/modify searches, queries, user-entered URLs, etc. without user consent.
    • Software must not access any other site that doesn't directly relate to consented software functionality.
    • Any type of installation which does not require the End Users' informed consent is expressly prohibited.
  3. Misleading behavior
    • The installer must not mislead a user to take action that was previously declined.
    • Revenue modules must not engage with fictional installations of the product or the revenue model.
    • The software must not display exaggerated, misleading, or inaccurate claims about the health, files, registry or other items of the system of the user.
    • The installer must not initiate the installation of an app based on false, misleading, or fraudulent representation.
    • The software must not falsely claim to be a program from another brand (such as AVG, Microsoft, Google, Adobe, etc.).
  4. Interfering
    • Software must not engage with interfering, replacing, uninstalling, or disabling any third-party content, application, browser functionality and/or settings, websites, widget, the operating system or any part thereof without the user's consent.
    • Software must not engage in any fraudulent activity.
    • Software must not interfere with the browser default search/search pages without the user's consent.

Program functionality

Must have:

  1. Transparency and attribution
    • Ads must include a clear attribution to the providing application.
    • Ads must be clearly labeled and identified as ads.
    • When injecting data into external content (such as websites or search results), monetization services must be clearly labeled and distinguishable from any platform (such as a website) it appears on.
    • Ads must provide a link to an 'Ad Info' webpage with the following prominent notices and information:
      • A short explanation about why the ad was displayed.
      • Links to the advertiser's full and clear description of the revenue module.
      • Links to the product's terms of service and privacy policy.

Prohibited:

  1. Transparency and attribution
    • A program must not fail to clearly indicate when the program is active, and must not attempt to hide or disguise its presence.
  2. Program behavior
    • Software must not include monetization services such as pop-ups, pop-unders, expanding banners, etc.
    • Software must not use the end user's device for purposes that are unwarranted and unexpected by the end user.
    • Software must not decrease a PC's reliability and/or cause a poor end user experience.

Uninstallation process

Must have:

  • Completely remove all components of the software and/or related monetization modules, leaving no remains on the user's PC.
  • Function properly in an equivalent manner to the installation process.
  • Include a corresponding 'Add/Remove' entry in the Windows Control Panel or equivalent on different platforms, and the user must be able to completely uninstall the software.
  • Show the same software name as shown during the installation process and during operation of the app and/or monetization module. Likewise, the same software name must be visible in the Add/Remove section of the Windows Control Panel.
  • Provide an easy way to close the software and/or ads attributed to it.

Privacy Policy and EULA

Must have:

  1. Privacy Policy
    • The app and/or monetization service's privacy policy must comply with applicable privacy and data collection and protection laws, and provide a clear and comprehensive description of the advertiser's data collection practices.
    • The Privacy Policy must specify:
      • Whether the software uses cookies or other means of collecting user data.
      • Whether the software accesses, collects, uses, or discloses users' personally identifiable information (PII).
      • What types of user data is accessed, collected, used, or disclosed, as well as what means it uses to do so and what is done with the collected data.
      • How a user can opt out of PII collection and stop the app and/or monetization service from collecting PII data about them. Users must be able to achieve this in a straightforward way, and app and/or monetization service must comply with the users' request immediately.
  2. EULA
    • The app and/or monetization service must comply with applicable laws and have an EULA that is easy to access during the installation process and from the app's website.
    • The vendor and product must comply with the EULA as accepted by the user during installation.
    • The app and/or monetization service should be clearly described in the EULA, any changes to the EULA require updated user consent.

Prohibited:

  1. Privacy Policy
    • The app and/or monetization service must not sell or otherwise share with third parties personally identifying information without the user's specific consent in advance.
    • The app and/or monetization service must not mislead users about the origin of cookies and/or other means of data collection, or cause a user to falsely believe it is associated with another app.
  • All AVG products and services
  • All supported platforms

Was this article helpful?

Still looking for answers ?

Visit our AVG Support Community or contact us here:

Struggling with non-AVG technology? We can fix that, too!