Controversy[edit]
As of 2014, there are numerous reports dating back to 2012 that the AVG SafeGuard Toolbar installs itself without the consent of the user, as a side effect of installing other applications. The toolbar program appears to cause significant RAM issues and can be considered an intrusive
potentially unwanted program (PUP). Once installed, the AVG toolbar is virtually impossible to remove. The toolbar uninstaller does not function, instead re-installing the add-on if manually removed. Consequently, many discussions and blog posts have described complex procedures for removal of the AVG toolbar, each with very mixed results.
[14][15][16][17][18][19]
In September 2015, AVG announced that it would start tracking users for profit, analyzing their data for sale to the advertising industry. This measure received criticism from consumers, the press and security industry, as many users intended to use the software in order to protect themselves from spyware and would not expect the functions of spyware to be "hidden" in security software.
[20]
In December 2015, the "AVG Web TuneUp"
Google Chrome extension (automatically installed with AVG AntiVirus) was revealed to contain multiple critical security vulnerabilities.
[21] Most notably, Chrome users' browsing history could be exposed to any website, cookies from any site the user has visited could be read by an attacker, and trivial
cross-site scripting (XSS) issues could allow any website to execute arbitrary code (as another domain).
The XSS vulnerability allowed a user's mail from "mail.google.com" to be read by any website, or financial information to be read from the user's
online banking site. The AVG team fixed this by only allowing "mysearch.avg.com" and "webtuneup.avg.com" to execute these scripts. Despite this remediation, attackers could leverage any of these attacks if an XSS vulnerability was found on the AVG sites. As of April 2016, Web TuneUp was still not available for download from the AVG website.
