How to Best Practises Avast Clean Guidelines for Clean Software

Any malicious behavior is just removed by our anti-virus product. As with all peace enforcing measures, a grey part of potentially undesirable applications emerged in security industry. We’ve written some Avast clean guidelines by which we describe what there are here is malicious and potentially undesirable behavior :

» Advertising
» Installation Process
» Program functionality
» Uninstall
» Privacy Policy and EULA

Follow these steps to Avast clean guidelines best practises for clean software :

Advertising

Must have :

1. Landing page

  • A squeeze page from the downloadable software must have a apparent vendor identification, description in the software functionality, cost from the program (where relevant) cheap this program is ad supported. Further, such squeeze page should have an accessible EULA and Privacy in the software.
  • Listing of all bundled software, third party components/dependencies (i.e. monetization engines), plugins or widgets.
  • Connect to product’s EULA and Online Privacy Policy.
  • Information should be presented in a manner that meets industry standards for readability (i.e. no eco-friendly font on the green background, no small letters…).

2. Disclosure and consent

  • All app promoting pages must have clearly identified vendor.

Prohibited :

1. Misleading ads

  • All forms of threatening message.
  • All forms of deceptive behavior (i.e. missing codecs, plugins, vulnerable/infected machine, when there is no need for such thing).
  • All forms of impersonation of system messages (Windows UI, MSFT/Windows logo…), other brands (Chrome, Flash, anti-malware…) or web components (download buttons…).
  • Displaying multiple “calls to action” with different wording leading to similar action.
  • Advertising a free product for a cost.

2. Download

  • Auto or direct download from ads is strictly prohibited.

3. Disclosure and consent

  • Start app download/installation without proper disclosure and user consent.

Installation Process

Recommended :

1. Signing software

  • Every executable file must have a vendor identifier. No specific format is required, but Version Information is preferred. Other option may well be a plaintext description in the custom section.
  • Digital signature is always beneficial.
  • If the file is packed, it should have a Taggant.

Must have :

1. Bundling software

  • All programs presented to users needs to be legitimate anyway and may have a very apparent, positive value for the installing user.
  • Each program ought to be offered within the own offer/install screen with apparent information regarding functionality, behavior, cost (where relevant) and reason behind this program it offers.
  • Each offer screen should have clearly labeled skip/decline button or opt-in/opt-out checkbox which let the user to say no the sale.
  • Each offer screen must have a similar wording, “Call to Action” buttons, navigation style and button placement with the installation process.
  • Any software which includes third party components or software within must provide appropriate disclosure to finish users.

2. User consent, control and transparency

  • All disclosure and consent clauses ought to be inevitable to complete users, must meet industry standards for readability essential be presented in the language the ordinary finish user comprehends.
  • User consent must be obtained before download/installation of any software.
  • Installer will install only software which user provided their consent to install.
  • User must be able to stop the installation at any point.
  • Any data acquisition shall be made under the end user’s consent.
  • Each setup screen must include exit functionality.
  • App installation must not be affected by any user decisions on the offers.
  • Application must disclose to username of product, identify developer name or brand because the supplying entity, how you can contact such entity.
  • Software’s EULA must disclose to user if and just how application may affect every other programs on user PC and settings.
  • It must be clear in which stage the installation currently is and show progress during longer stages (i.e. while copying/downloading files).

3. Misleading behavior

  • All app’s functionalities must correlate with the description mentioned in the installation screens.

4. Update

  • Software updater can only update main application (must not install any additional software without user consent).

Prohibited :

1. Bundling software

  • Software without offer screens.
  • Any form of promoting exaggerated or false claims about user system (health, registry, files, etc…).

2. User consent, control and transparency

  • Sell or else share user personal identifying information to 3rd parties without user explicitconsent.
  • Any software should have its very own online privacy policy to explain its data collection, usage and discussing practices.
  • Software must not bypass/hack system or other apps security and consent features (browser hijack, disable notification…).
  • Software mustn’t operate, access any content or cause utilization of user’s pc without prior informed consent (i.e. operate BitCoin miners).
  • Software must not redirect/block/modify searches, queries, user-entered URLs etc. without user consent.
  • Software must not access any other site that doesn’t directly relate to consented software functionality.
  • Any type of installation which does not require the End Users’ informed consent is expressly prohibited.

3. Misleading behavior

  • Installer must not mislead a user to take action he has previously declined.
  • Revenue modules mustn’t build relationships imaginary installations from the product or even the revenue model.
  • All types of displaying exaggerated/misleading/inaccurate claims concerning the system’s health/ files/registry or any other products around the system are strictly prohibited.
  • Installer must not initiate install of app based on false/misleading/fraud representation.
  • Software must not falsely claim to be a program from other brands (Avast, Microsoft, Google, Adobe…).

4. Interfering

  • Software mustn’t engage interfering, replacing, uninstalling or disabling any third party content, application, browser functionality and/or settings, websites, widget, the operating-system or any sort thereof without user consent.
  • Software must not engage in any fraud activity.
  • Software mustn’t hinder browser default search/search pages with no user’s consent.

Program functionality

Must have :

1. Transparency and attribution

  • Ads must include clear attribution to the providing application.
  • Ads must be clearly labeled and identified as such.
  • When injecting data into exterior content (for instance website, search engine results..), monetization services ought to be clearly labeled and acknowledged as distinguished in the content (for instance website) it appears on.
  • Ad have a connect with an “Ad Info” website while using following prominent notices and understanding: a short explanation about why the Ads was displayed, links for the Advertiser’s full and apparent description in the revenue module, links for the Product’s tos and privacy.

Prohibited :

1. Transparency and attribution

  • A program must not fail to clearly indicate when the program is active, and must not attempt to hide or disguise its presence.

2. Program behavior

  • Software must not include monetization services that are Pop-Ups, Pop-Unders, Expanding banners etc.
  • Software will not use the end user’s device for purposes that are unwarranted and unexpected by the end user.
  • Software may not decrease computer reliability and/or cause a poor end user experience.

Uninstall

Must have :

  • Whenever a user uninstalled a credit card applicatoin and/or monetization module associated with that application, it must completely remove all components with no remains round the user’s PC.
  • The uninstall process should function correctly and become one from the installation process.
  • The installed software should have a corresponding “Add/Remove” entry in Windows Control Panel or equivalent on several platforms, and also the user must have the ability to completely uninstall.
  • Software name (as was proven within the installation process and operation from the application and/or monetization module) should be like the one out of the OS add/remove in charge panel.
  • Software or the ads attributed to it must have an easy way to close them.

Privacy Policy and EULA

Must have :

1. Privacy Policy

  • Application and/or monetization service’s online privacy policy shall adhere to relevant privacy and knowledge collection and protection laws and regulations, and shall give a obvious and comprehensive description from the Advertiser’s data collection practices.
  • Privacy Policy must describe:
    If software uses cookies or other means of collecting User data.
    If software access/collect/use/disclose user’s PII.
    What user data is accessed/collected/used/disclosed and how, what means it uses to do so and what is done with the data collected.
    How a user can notify that they wish to opt out from PII collection and have the app and/or monetization service stop collecting PII data about them. Users must be able to achieve this in a straightforward way, and app and/or monetization service must comply with the users’ wish immediately.

2. EULA

  • App and/or monetization service must comply with applicable law, must have EULA that is accessible during the installation process and from the app’s website, vendor and product must comply with EULA (as consented by user, and was available in install and on product).
  • App and/or monetization service should be described in a clear EULA, any material change to the EULA must have user consent.

Prohibited :

1. Privacy Policy

  • Application and/or monetization service mustn’t sell or else tell organizations personally identifying information with no finish user’s prior specific consent.
  • Application and/or monetization service mustn’t mislead users concerning the origin of cookies and/or any other way of assortment of data, or cause user to think it’s connected with another application.