Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Colin on September 12, 2003, 03:40:17 AM
-
My firewall - Zonelabs Prof has notified me that Avast setup programme is attempting to access the internet and that the programme has been modified since the last time it ran.
I am running NT4 and Avast ver 4.0-235. The notification indicated the setup to be ver 1.0.0 as I remember. I blocked access until I get response here.
Is the setup programme able to auto-modify and if so why? Should the setup programme be trying to access the internet anyway? Surely it only runs the first time when you install Avast?
-
This is a normal function for Avast. Avast is set to update the DB by default and that is what it is trying to do.
In addition, version 4.1 was just released and AVAST is checking to see if a new program update is available. It will not INSTALL it automatically unless you change the default, but it will always look for an update.
That is why Avast is super! Set the defaults to download any new update to both DB and Program, and it runs itself.
You get complete protection automatically without doing any work. No searching for updates, no manual installations, no broken downloads.
The Setup file will automatically adjust itself to work with the new update.
Without access, the automatic update will not function and Avast will not do its job.
I suggest you allow access for Avast functions only!
;D
-
I am not sure that you read my mail correctly? I am well aware that Avast auto-updates the DB and the actual programme as well. I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
On a second point, I run NT4 and I need to know whether it is vital for Avast to access the internet through a programme called "Services and Controller App". I find if I block the automatic routing of this programme - I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way - then Avast does not appear to update itself when I log on.
-
Avast Setup indeed modifies itself. In the previous version (4.0) it downloaded the new version of setup first. In the new version (4.1) it uses our genius secure incremental way to update itself (in order to minimize traffic). Of course this is done during the program update only (not during the database update).
You can say to ZA that this program changes frequently and it will not check its integrity next time. If you are paranoid enough :) you can still let the ZA ask you if the setup is allowed to access the net so you will have the control if it does it only during real update).
Hope this helps
Pavel
-
Avast Setup indeed modifies itself. In the previous version (4.0) it downloaded the new version of setup first. In the new version (4.1) it uses our genius secure incremental way to update itself (in order to minimize traffic). Of course this is done during the program update only (not during the database update).
You can say to ZA that this program changes frequently and it will not check its integrity next time. If you are paranoid enough :) you can still let the ZA ask you if the setup is allowed to access the net so you will have the control if it does it only during real update).
Hope this helps
Pavel
Hey Pavel...
Now we have a lot of avast! modules and parts trying to access the Internet...
The panel of ZA are "filled" with them...
Is it possible to "join" this parts (avast! antivirus service, avast! e-Mail Scanner Service, avast! Setup (two different programs, one temporary!), setup.ovr) :'(
-
Hi Technical,
Now we have a lot of avast! modules and parts trying to access the Internet...
Yes, and? I still can't see the problem - just say to your firewall what to do - it is set and forget task.
It's is crystal clear, isn't it? I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great :D
-
Yes, and? I still can't see the problem - just say to your firewall what to do - it is set and forget task.
It's is crystal clear, isn't it? I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great :D
Hey Pavel. Let me disagree with you. See what says Colin (I agree with him):
"I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
"I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way - then Avast does not appear to update itself when I log on."
Btw, see what says the "negative" opinion at CNET from Don 29-Jul-2003 05:20:09 PM:
"Scans your systems and creates a database"
This application scans your system in the name of crating backups for restoring after a virus corruption....Baloney...it communicates via RPC and opens a listening service on port on 6100 see C:\programFile\Alwil\Avast\Data\avavast4.ini for information. This could be aserious trojan software from Czec republic.
Of course, I do not agree with Don (http://download.com.com/3302-2239_4-10212719.html?pn=2&fb=2) but, Pavel, felling of security is as important as security... Panic brings heartattachs... :P
-
I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great :D
Sorry, Pavel, but in FAQ are written:
Q: What should I know about using avast! 4 in combination with firewall?
A: You will keep warnings by your firewall once you install avast! 4, because avast! tries to connect to our servers - it looks for virus definition file updates and for program updates. You should allow avast! to connect, otherwise the update feature will not work.
The components of avast! 4 that should be allowed to connect:
avast.setup
avastXX.setup (where "XX" are some numbers)
aswUpdSv.exe
What is the "new one": setup.ovr ???
-
Hi Technical,
I still did not get the point... When you decide to update the program (by default there is only info about the new version, YOU initiate the update!), first the setup is updated in order to manage all possible new situations, then the rest of avast! program is updated. In my advice I recommend to let the firewall to ask whether setup is allowed to access the net and so to have full control over it.
Where do you see any security hazard? I can't see none. It is quite normal that any application comes with new setup, isn't it?
-
I have a similar problem :(
I have 9 (yes nine) ! modules for the Avast program sitting in the "program option" in ZA Pro 4.
A normal amount (for ANY program) should only be 1 or 2 modules maximum.
With every avast program update the list in ZA seems to get longer and longer.
I have no clue, on wich modules i can delete out of ZA, as i don't want to take the risk of Avast not working properly
Waldo
-
I have 9 (yes nine) ! modules for the Avast program sitting in the "program option" in ZA Pro 4.
Actually, you can delete ALL of them ;) Next time you will use any avast! module, ZA will ask if it is ok, so you can approve (and configure) them from the scratch - but just those you actually need!
Pavel
-
The components of avast! 4 that should be allowed to connect:
avast.setup
avastXX.setup (where "XX" are some numbers)
aswUpdSv.exe
What is the "new one": setup.ovr ???
Please, how could you get setup.ovr to contact to the internet? Is that repeatable?
-
Please, how could you get setup.ovr to contact to the internet? Is that repeatable?
The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).
It´s not repeated. It´s a new component (I think)... ::)
I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up). Is anything wrong?
-
kubecj seems to be rather surprised that this file is trying to connect to the Internet... it's probably not supposed to.
-
The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).
That's fine.
I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up).
I would like to know _when_ does it ask to connect to Internet. Can you perform some tests for me? (Removing from ZA and waiting for that popup and writing down when did that happen).
-
The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).
That's fine.
I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up).
I would like to know _when_ does it ask to connect to Internet. Can you perform some tests for me? (Removing from ZA and waiting for that popup and writing down when did that happen).
kubecj, I have removed it - I´m not sure when - probably when Pavel was insisting that this behavior is perfect (see this forum)...
Now, this file does not ask for Internet access anymore but I´m absolutely sure it asked sometime, probably when updating to 4.1.260. :'(
-
Okay, may I ask you to remember the request when next release will be out?
-
I would like to know _when_ does it ask to connect to Internet. Can you perform some tests for me? (Removing from ZA and waiting for that popup and writing down when did that happen).
I performed your requested test: I updated avast! yesterday (17-9), delete all entries for avast! in ZA and then I roll back my XP system before... (using Roxio GoBack). I boot and update avast! again and then, suddenly, the file setup.ovr asked for permition again. I´ll try to send you the images of the messages... Can you send me your e-mail?
Do you have any idea? ???
-
So you just updated the program? Do you remember all the parts which were asked by ZA? My email is kubecj FUNNY_@_CHARACTER asw DOT cz
Thanks,
-
This problem isn't really a problem but is due to the fact that Zone-Alarm counts it up to the list.
I use Outpost firewall and Outpost also detects the modification of the Avast-setup, also asks if I want to allow it but leaves the list of trusted programs to 3, because it replaces the former avast-setup by the new one as soon as I say "allow it".
The "problem" is a way of handling by ZA, not a nag of Avast.
-
Hi Technical,
I checked the IP of your report and it took me back to your country. I assume it's your own IP in the time of posting.
Avast updater in any situation tries to get the hostname of the computer, even when not requesting 'real' internet connection. Just for reporting purposes.
So, as it tried to get your own hostname, it contacted internet for a while and ZA spotted that.
Next time, you may check that it's really your own IP by checking winipcfg (w9x) or ipconfig (w2k,wxp) programs.
I'll try to change that behaviour.
thanks for your time.
-
Avast updater in any situation tries to get the hostname of the computer, even when not requesting 'real' internet connection. Just for reporting purposes. So, as it tried to get your own hostname, it contacted internet for a while and ZA spotted that.
Isn´t a spyware behavior? >:(
Next time, you may check that it's really your own IP by checking winipcfg (w9x) or ipconfig (w2k,wxp) programs.
Thanks but, the user knows his(her) own IP, why avast! need this? :'(
I'll try to change that behaviour.
Thanks. ;)
-
Avast updater in any situation tries to get the hostname of the computer, even when not requesting 'real' internet connection. Just for reporting purposes. So, as it tried to get your own hostname, it contacted internet for a while and ZA spotted that.
Isn´t a spyware behavior? >:(
I don't think so. This information is just for
a) statistical purposes - this info is just plotting various graphs etc. It can't even be used to contact you back.
b) reporting purposes - this is just stored in setup.log and normally (until you send it) doesn't leave your computer
Spyware (at least 'real' one) should also gather some information about you, your behaviour and your computer. We don't store such information, we don't send the information and we don't sell/give away your information to anyone else.
Next time, you may check that it's really your own IP by checking winipcfg (w9x) or ipconfig (w2k,wxp) programs.
Thanks but, the user knows his(her) own IP, why avast! need this? :'(
As written above - just for statistics/reports. No lists of MP3 files sent to RIAA ;D
I'll try to change that behaviour.
Thanks. ;)
Don't be mistaken - I'm talking just about removing it from non-internet operations. In internet operations it will be still there. Just pop-up from setup.ovr should go away.
-
I don't think so. This information is just for
a) statistical purposes - this info is just plotting various graphs etc. It can't even be used to contact you back.
b) reporting purposes - this is just stored in setup.log and normally (until you send it) doesn't leave your computer
Spyware (at least 'real' one) should also gather some information about you, your behaviour and your computer. We don't store such information, we don't send the information and we don't sell/give away your information to anyone else.[\quote]
Sorry kubecj. The 'real' spywares always said that they have a Privacy Policy... ;D
I'm talking just about removing it from non-internet operations. In internet operations it will be still there. Just pop-up from setup.ovr should go away.
Ok. ;)