Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Randissimo on December 23, 2013, 01:12:08 PM
-
... is a feature to directly exclude files from the "actions to take" window.
It's unreasonable having to go to the chest with every false positive detection or to turn of some of the protection just to start a download with a fp detected file.
It's inconvenient to exclude files in advance.
Like I've written in another topic:
What if Avast finds a legit Windows file suspicious and when it gets removed or send to chest, you instantly get a BSOD and from then on can't even boot up Windows anymore?
With the recent increase of false positives since Avast 2014 came out and because even with Avast 8 you can't directly exclude files which are categorized as viruses - only suspicious (evo_gen32 something in Avast 2014) files and downloads - I've lost all my longstanding trust and that's why I've already moved on to another anti-virus.
Avast used to be good in my opinion when the false positive rate was almost non-existent and there was a an option to directly allow file access to false positives which would be rather rated as suspicious than as virus threats, but with the state it is in now (regardless of version 8 or 2014), I don't want to think about that there might be a high possibility that one day, Avast will detect a harmless Windows system file or itself, move it to the chest and as a result, I would either need to re-install or to use some image backups which would mean wasted time if I need to update Windows and/or programs again even with the process of having to revert to an older system image.
So my question is, why does Avast exclude this option and made it even worse in Avast 2014, because you can't exclude suspicious rated files and downloads on demand anymore?
-
There are plenty of ways within avast to exclude URL's, processes and applications.
Adding a "do nothing " scenario to the actions on finding a virus would be madness.
You would soon be back here screaming at avast when your machine is crippled and avast failed to do anything.
-
There are plenty of ways within avast to exclude URL's, processes and applications.
They mean nothing if a legit system file triggers a false positive. Or do you think it would be a good idea to exclude the whole Windows folder in advance?
Adding a "do nothing " scenario to the actions on finding a virus would be madness.
No, from my point of view it is madness not having a "do nothing" scenario.
I'd rather scream at Avast if my machine were crippled because of some false positive alarm than because of my own decision.
If I can have a choice, I will never regret it, because that's something that I myself have decided, however, if I can't have a choice
and things screw up, I will put the blame on the program which robbed me of my decision and I believe, others would do the same.
-
That is why on the File Shield settings, I set everything to ASK first then Repair and then if that fails, Remove to Chest. During ask, I can decide for myself if it looks like a false positive, especially if it a critical system file ( I have run into that once already with avast) because I always have an disk and system image backup available. But, not that many people could or would do that.
-
That is why on the File Shield settings, I set everything to ASK first then Repair and then if that fails, Remove to Chest.
I had only set it to ask, because I always want to have the time to evaluate it and because I don't trust the repair or chest,
however, the problem is that during ASK I can't decide to let the file through if it's a false positive so I would end up using a system image and most users won't even have that, so they would even need to re-install windows in the worst case.
Or another solution would be to hard shutdown your computer and to try making exclusions in safe mode or to uninstall it, before it can delete or move something to chest but that might be risky for the hardware or I could force shutdown Avast by terminating the processes with the right tool and immediately halt all file shields on restarting it before excluding the file but that would leave a really bad impression.
I mean, you shouldn't need to disable any shield just to make an exception on demand. That's just stupid.
-
I have not taken the V9 plung yet so here is pic from v8......this is in my custom scan I have running daily.
-
YES! The software needs the capability to ALLOW THIS FILE THIS TIME, and also an IGNORE THIS RULE UNTIL NEXT (DEFINITIONS OR PROGRAM) UPDATE feature.
Maybe not available as the default, but power users need to be able to configure it as an option to the "Ask" option.
I started out asking for exactly this a month or so ago when I was fighting a false positive as well. I was told, as some are telling in this thread, that there are other ways to do it. Those other ways are not sufficient!
Here's a scenario that the current "exclude after the fact" measures do not work with.
1. You're building software sources into executables.
2. Avast triggers a false positive and kills an intermediate file that has a temporary name assigned by the build software.
3. You can't tell it to IGNORE THIS FILE, THIS TIME, so the build fails, interrupting your productivity. Neither can you tell it to exclude the particular (flawed) rule that made the false positive happen in the first place. This forces you to deal with the Avast! problem immediately.
4. You go to the Chest and try to exclude that file from there, but next time you build the file is given a different temporary name, so the build fails and you spin your wheels some more. This forces you to have to move from "set it and forget it" to "expert" level in Avast configuration.
5. You finally, in disgust, exclude your entire development folder structure so you can get back to work after having been distracted for a good long time figuring out the convoluted Avast! UI. Hopefully you haven't been fired yet, and you have to work late to catch back up.
6. You submit the file as a false-positive, wasting more of your time that you could be working.
7. Some weeks / months later, MAYBE some other Avast issue makes you remember that you've excluded an entire block of your disk from all protection and you remove the exclusion (and maybe the false-positive detection has been corrected). Hopefully some malware hasn't found a way to use that exclusion to its advantage.
How do I know this is such detail?
-Noel
-
Am I missing something or did avast drop the setting to exclude low prevalence files in the sandbox section(now Deepscan)?
-
Locked (running) system files cannot be removed, you wouldn't isnatntyl get BSOD. Besides, there are safeguards that preventdeleting and quarantining of files in system folders (generic location based and whitelisting along with digital signatures).
-
I have not taken the V9 plung yet so here is pic from v8......this is in my custom scan I have running daily.
We're talking about the exclusion of files after a file system scanner detection, not about the exclusion during/after a custom/full/boot-time scan.
Locked (running) system files cannot be removed, you wouldn't isnatntyl get BSOD. Besides, there are safeguards that preventdeleting and quarantining of files in system folders (generic location based and whitelisting along with digital signatures).
Sorry, but I've already lost my trust in those "safeguards":
http://forum.avast.com/index.php?topic=141737.0 (http://forum.avast.com/index.php?topic=141737.0)
http://forum.avast.com/index.php?topic=143299.0 (http://forum.avast.com/index.php?topic=143299.0)
http://forum.avast.com/index.php?topic=126814.0 (http://forum.avast.com/index.php?topic=126814.0)
http://forum.avast.com/index.php?topic=138386.0 (http://forum.avast.com/index.php?topic=138386.0)
http://forum.avast.com/index.php?topic=143092.0 (http://forum.avast.com/index.php?topic=143092.0)
http://forum.avast.com/index.php?topic=142987.0 (http://forum.avast.com/index.php?topic=142987.0)
and that's only a small amount of topics. However, even if I could trust Avast on this matter, when it comes to deleting/moving files without an option to leave them alone, I still wouldn't want to continue using it, just take a look at NoelC's example.
Is there any official wording as to why Avast doesn't offer an exclude on demand feature in the system file shield and in the web shield when set to ask?
-
Hi Randissimo,
But not a lot of users are able to make these advanced user decisions to discriminate between FP or genuine detection or even to the nature of the detection.
Seems a lot of users do not really trust the av solution they choose. Whenever a detection is made they go into denial or do like to ignore because it interferes with whatever they like to do at that very moment. Users are generally more irritable nowadays Some go into denial, some blame avast, but they never start from the PEBKAC point of view. In a lot of cases it is not "What is avast critically missing?", but "What is this user critically missing?".
We even had users here that started to defend developers of insecure code despite the infection was being fully and extensively explained to them.
Of course this attitude can be understood for miscreants and those that want to evade blackhat SEO spam detection or for instance users of crack code and illegal code.
Best policy is to check a detection for validity online or ask here on the forums and then act decidedly, report FPs as they can happen, but are a low percentage always and are known to soon be cured/repaired within a coming update.
Direct exclusions are often searched by gamers that like to cheat or developers that claim FPs on packer code or common users that do not know the workings of the av solution or how to allow potential unwanted programs.
Then finally there is a percentage of users that like to rant because of ranting and they fall into the category forum trolls,
polonus
-
Hey polonus,
Wow, so you're saying that if Avast! put in the ability to allow a file that's come up on Avast's radar to be used anyway, that everyone would just blithely choose to allow it anyway, despite the warning.
Are you really saying every user has so little sense or impulse control that he/she would choose to infect themselves even after being told their file has malware in it, and that even power-users cannot be trusted to enable the ability to bypass the detection under some conditions?
Do you think that excluding whole blocks of the disk structure is better? Perhaps Avast! should remove that as well?
Who do you think owns the computer?
As someone who knows what he's doing with a computer, I'd pay extra for the options I noted.
-Noel
-
Now you are taking my answer out of context. Whenever you start to use the av solution avast make a scan and gives you an ability to allow programs and tools you'd trust. If something happens as with what you describe, everybody is up in arms against avast detecting part of the valid OS as a FP. Believe me soon we are being flooded by messages. So that is not the point, why this thread has been started in the first place? Is the bottom line here? I like to use your av solution but only under my conditions only. Why use an av solution anyway? Avast does only detect a file when the solution finds malcode or takes some code to be that.
What if you have the freedom to exclude a nasty file infector and later only could use the computer for a door stopper. Excluding blocks of disk structure is because they cannot be scanned, and also sometimes happens to prevent cross detection as with MBAM code files for instance, etc.
You own the computer and avast owns the software you decided to have on it and you can choose to use that software or not. If a full detection pattern is not to your liking then choose something more to your liking - an inferior solution or an av sieve! ;D
I am not against using a file that comes up on the avast radar. I strongly advise all users to report these file detections (file a FP reoprt from inside the file detection to avast) or report as FP in the virus and worms for a general discussion. What I am against is the possibility of users circumventing a valid detection. Malcreants would praise the day we allowed that and it would make the product quite worthless and unreliable. So until you exclude in advanced mode avast keeps alerting and detecting. You have so much options as to fine tune the av solution. So what is the bottom line of your critique?
polonus
-
Well put polonus!
My main question which is better a false positive or a bad infection?
As far as avast being a good choice read on...http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf
Compared to previous versions v2014 stands up well for itself.
If you are looking for an anti-virus that is built to each users preferences, ain't gonna happen.
There will always be someone wanting this and another that. There has to be some give and some take.
I don't know of "any" software which includes every individual want into their software.
If you want to exclude, then exclude and be done with it.
There is no way that even a complete nitwit is going to send a "vital" OS file to the chest.
avast will always ask before sending a vital file to the chest.
-
what is the bottom line of your critique?
Only this: There are situations the current toolset doesn't handle well at all. Having to exclude whole subsections of the disk in order to circumvent a temporary false positive is hitting a gnat with a sledgehammer.
Ignoring the possibility that false positives can happen is just silly. They ARE happening. More than ever now as the landscape evolves, from what I can see.
I laid out my suggestions to fix it above, in capital letters. Seems to me an "ignore this rule until next update" would be an awesome way to keep 99.999% of the product intact while allowing a user to work nicely around a problem. It's certainly less risky than just disabling shields or turning off protection on a block of disk space, and that IS happening now.
When observed reality doesn't match theory, one has to change.
-Noel
-
Hello polonus,
NoelC has already given a clear example why the current situation disrupts legit workflow and you keep on restricting
the message to cracks and other illegal stuff even though it has never been a subject in this thread nor in the other threads
I've linked as examples? Way to talk about prejudices!
As if that wasn't enough, you even picture anyone who is for an "exclude in dialog" feature as people who have
some issues? If you're going on like that, I'll stop taking you seriously, however I'll still give you a chance to behave more respectfully
(and no, greetings alone without direct assaults don't necessarily mean respectful behavior), so let's go on with the main topic:
I've already moved to another AV, so there is no reason for a rant in the first place, which you've suspected. Instead, I've only wanted to
share my opinion as to why I've decided to leave Avast to help the developers improve with the feedback I've been giving as a small thank you for doing a good job in the past and because I feel that I'm not alone with that point of view.
There is also a difference between a permanent and a temporary whitelistening. In my opinion, a permanent whitelistening should only
be the last means of effect in case a program or system file is detected and it should only be done if nothing else helps while a temporary whitelistening should be the first thing to do to prevent the program or the system from breaking, because it allows you to check for yourself (for example on VT and/or with other on-demand scanners) before a crisis begins. A temporary whitelistening also doesn't interrupt the current workflow and guarantees that the files and/or the system is safe in case of false positives.
With the current way, people need to know beforehand which files are triggered and it is absolutely impossible to evaluate that, because in the next hour some file could get detected in a streaming update while you've already made a full scan with no detection.
Your biggest argument was that leaving this option out would increase security, however that is a very wrong assumption. Let's go back to the example NoelC made. Any user working in the productive sector would need to exclude whole folders in their work, but what if a malware would spread to the excluded folder without any fear of being detected forever? Wouldn't it be better to have alerts every time to double check the suspicious files first and then to exclude them file by file if they're harmless?
Of course, you could also exclude them in advanced settings, but that's not the same as excluding them on demand and it wastes time and therefore money, even in the best case, that the chest would be working without any issues and that the programs/and or the system wouldn't get affected which would mean more time spent to fix a potential mess an anti-virus caused.
Reporting false positives might be nice for the developers, but not everyone has the time and inclination to do so, especially when we've been talking about an extreme increase of the FP rate since the last couple of months.
So far, I hope you and others might understand the quintessence of this topic.
Best regards,
Randissimo
edit: There is no way that even a complete nitwit is going to send a "vital" OS file to the chest.
avast will always ask before sending a vital file to the chest.
The problem is, there is no option to exclude this vital file or to postpone the decision even when you're asked.
-
Randissimo, well said. I think we're both here to try to genuinely help improve the product, based on experience and sensible thinking.
Do you get a sense of being marginalized for trying to do so?
-Noel
-
Thanks for the praise. I do get a little bit the exact impression you've mentioned, but if others with a similar mindset on this topic
would come to add their opinion just like you did, I wouldn't feel cornered by Avast's fanboys and -girls at all.
By the way: What does the "watched symbol" mean? I don't hope that it means you've been marked as a "bad guy", because from what I've read in your other postings aside from this topic, you simply stated your opinions with clear arguments even if it meant going against the "everything's o.k." - policy.
If this thread will get me "watched" too, then I'm sorry to bother even though I've already switched to another AV.
-
I'll reply just to show my support. Being critical is not the same as flaming or being hostile. Not taking for granted but seeing room for improvement and providing feedback is valuable and should be seen as such.After FP's causing enormous troubles in the past, for example when AVG marked a core windows system32 dll as virus and it automatically removing it left many thousands of people unable to boot their pc, I'm all for an option to whitelist a file. It should not be an easy -click away the annoyance- button, but if an advanced user goes as far to choose 'ask' instead of automatic he/she should be able to determine NOT to quarentine or delete a file when asked what to do.
-
Well propheticus,
I addressed that situation. It is a worst case scenario for any av solution and alas not only avast! and AVG experienced such incidents. Because of the impact it sometimes makes headlines in newspapers - someone in development twisted the handles and the error has spilled out to users and will be cured with a next streaming update. In such cases I also would hope there was an in-between solution, sometimes the next streaming update is not good enough,
polonus
-
The next streaming update is too late when the file has already been removed and rendered a machine unbootable. And if a fix was to go as far as downloading an original dll appropriate for the user's system and placing it in the system32/syswow64 folder, this had to be done rather quick. At least before the next shutdown, otherwise not being able to boot means unable to update and fix anything.
-
Wow, another supporter, thanks, I'm delighted now. ^^
It should not be an easy -click away the annoyance- button, but if an advanced user goes as far to choose 'ask' instead of automatic he/she should be able to determine NOT to quarentine or delete a file when asked what to do.
That's exactly what the browsers do in case you try to visit a site that might have been contaminated, however only was triggered as false positive. You have to take your time to actually look at the message before being able to proceed and and it would be almost impossible to accidentally proceed, because there's always a second message asking for confirmation of the decision you yourself have made.
I've feared that Avast might do the same thing you've mentioned with AVG, so I've switched before it could come to that to another one which get's lower scores but guarantees me, that the AV won't screw up my computer.
In such cases I also would hope there was an in-between solution[...]
It's called temporary allowing/whitelistening files. ;)
Also, it would be interesting to know to which degree Avast would be hold responsible in a worst case scenario if they refused to make a temporary whitelistening/postponing decision feature and if a crash meant a loss of working hours and therefore money.
edit: The next streaming update is too late when the file has already been removed and rendered a machine unbootable.
+1
-
By the way: What does the "watched symbol" mean?
I don't know, but the exclamation point gives me the impression I'm somehow "treading on thin ice" with my postings. I understand that I haven't put in the years here to earn the respect of others, and have been pretty forward with my opinions.
I've always felt that if a person finds a product they feel is valuable, that they can and should try to contribute to its improvement and to help others in the community. The world is what we make of it. But perhaps I should just move on. I do actually have other things to do.
I hope my suggestions haven't fallen on deaf ears. Adding user control is a great way to differentiate a paid product from a free one.
Anyway, my recent Avast problems are solved - by uninstalling and reinstalling the product then deconfiguring update notices. I suppose I'll be back here if I have another problem.
A sincere thanks to those who have helped me.
Happy holidays to all!
-Noel
-
Hi propheticus,
In hopefully rare cases where the next streaming update would be overdue and there is a real threat the OS would be rendered nonbootable a safety mechanism should be brought in - a restore point to be created with every update, so user could enable a complete rollback to the previous update (what actually also happens in a streaming update whenever something critically goes wrong). In how far such an emergency mode should be implemented is up to avast development. Are there av solutions that have such a restore to the previous update function? SpywareBlaster for instance has such an inbuilt mechanism for restore points.
One should understand it is not only this situation that could render a machine not bootable. It could also be due to a nasty malware infestation of critical files. A mechanism should be brought in to strictly discriminate between these situations,
polonus
-
"Don't shy away from criticism, because it's healthy and it makes you better at what you do."
Avast is ignoring this common sense tough for years. Fanboys are defending Avast, no matter what. So bad......
-
The one question nobody has asked is, "when do these alerts/pop-ups appear"?
IOW, "when does it happen when avast would/could automatically delete/quarantine the file"?
Is it during a scan? ???
Full system scan? ???
Quick scan? ???
Boot scan? ???
@ kodl "Fanboy" or not being rational, logical and mature is more important than ranting. :)
-
Fanboys are defending Avast
From what I've read in this topic, a "Fanboy" is anyone who doesn't agree with your agenda. :(
-
You don't help along a proper discussion by either calling someone a ranter nor calling the other fanboy. Both are detrimental to the overall tone (hostile). If all you reply to is the part where someone calls others that shoot down any criticism a fanboy you don't really bring anything to the conversation yourself, Bob. You could just have ignored it, this might be the wiser move.
I won't mix myself in calling people ranter or fanboys, but I don't get the feeling anyone is ranting (yet). No swearing and no all caps or other mindless rambling. Only one person stating clearly he has lost trust in Avast, but that's his prerogative (or loss, if you see it as such). On the other hand no real fanboyism is going on in this particular topic either, bar the last couple of posts I see a discussion with supporters and non-supporters bringing forward argument for or against. However I do get the feeling there's a group of 'regulars' supporting and re-enforcing primarily each other (sometimes posting nothing of worth, just "well said <x>!") and shooting down anything that does not fall within their mantra/standpoint.
...
@ kodl "Fanboy" or not being rational, logical and mature is more important than ranting. :)
Are you passive aggressively calling him irrational, illogical and immature? Not helping along the discussion either.
--
On-topic:
These pop-ups would be most prevalent when real-time shield detect them while working on software project when a lot of false positives tend to occur.
When a full system scan is performed " take no action" is already an option.
Some related questions:
- How wide a scope of folders do you add to ignored folders to prevent detection of project files without setting this so wide that it becomes a security risk?
- Is manually adding excluded folder a real option for these users (software developers/testers/etc) as they often use many (extruded) code from various (remote) sources.
- Does a deeply hidden (advanced) option that enables an advanced user to whitelist a file from the pop-up actions list really pose such a big risk to average users? Will they really go through the effort to go deep into the setting to enable this? I believe not.
-
The one question nobody has asked is, "when do these alerts/pop-ups appear"?
IOW, "when does it happen when avast would/could automatically delete/quarantine the file"?
It's when the file system is detecting a threat when it's set to ask, there's even a screenshot of the message in the very first posting.
You (usually) won't see those messages as long as you don't have set the first action to ask instead of the default settings to move everything in quarantine in the file system (real-time protection) settings.
The main problem is, there is no ignore this file for once feature, so the only real options are to either delete or to quarantine the files.
"Fanboy" or not being rational, logical and mature is more important than ranting. :)
From what I've read in this topic, a "Fanboy" is anyone who doesn't agree with your agenda. :(
Fanboys (and fangirls) are people who will defend their idols (= Avast in this case) no matter what. I don't have anything against fanboys (or fangirls) at all, however I'd prefer if they gave at least some good arguments as to why there shouldn't be an option to exclude files on demand from the real-time protection.
Having said that, Merry Christmas to everyone reading this. :)
-
If you are working on a software project logic dictates you will get detections.
The files you are working with have not been added nor sent out via a vps update.
I am not a "fanboy", I am an "avast evangelist" dedicated to assisting others with their usage of avast.
Just because someone disagrees with you or can't make what you want happen does not make them a fanboy.
It does not indicate they are for your idea nor does it indicate they are against tour idea.
Please use common sense, logic and some sense of maturity.
Please show some level of decency and don't take things out of context.
-
What could be done and try to do so only - whenever you are absolutely sure as to what you are excluding -
is to exclude a specific file by typing it out manually as some File System Shield default rules come with file names.
This should work for the free solution as well.
I do not know such tweaks are endorsed by avast!as the info was found through Wilders Security Forums
and as I am not representing the official avast point of view as we are no avast! team members/avast !staff.
We are not fan-boys either, but try to give support as far we know it for this great av solution.,
and will always try to come up with solutions in a positive way.
polonus
-
What could be done and try to do so only - whenever you are absolutely sure as to what you are excluding -
is to exclude a specific file by typing it out manually as some File System Shield default rules come with file names.
I'm not sure if I've understood it right, but when you exclude a specific file like "worksheet1.dll" by writing it manually in the
exclusion field, files like "worksheet2.dll" would get instantly whitelisted, too?
If that's the case, it would be much more a risk than a (temporary) whitelistening feature on demand for each file that triggers an alert,
because malware might try to read the whitelist and name themselves like "worksheet9.dll" or "worksheet5.dll" while you yourself know
that you only have "worksheet1.dll" till "worksheet4.dll" from your work project.
If you are working on a software project logic dictates you will get detections.
The files you are working with have not been added nor sent out via a vps update.
What's your point and what does it have to do with the feature request of making a "do-nothing" scenario when a fp pop-up
is shown from the real-time protection?
- How wide a scope of folders do you add to ignored folders to prevent detection of project files without setting this so wide that it becomes a security risk?
- Is manually adding excluded folder a real option for these users (software developers/testers/etc) as they often use many (extruded) code from various (remote) sources.
- Does a deeply hidden (advanced) option that enables an advanced user to whitelist a file from the pop-up actions list really pose such a big risk to average users? Will they really go through the effort to go deep into the setting to enable this? I believe not.
Would be nice to hear some answers from the staff or at least from the "everything's o.k. with current Avast" - lot.
-
Normally work projects are to be made in lab settings disconnected from the Internet, the av testing phase is a next one.
I would have such a lab settings without any active av solution and bring in the testing phase with av active in another more natural settings later.
The excluding development phase handling with avast exclusion on demand is in fact somethng an avast team developers could instruct on.
Maybe one can react to these questions posted here?
polonus
-
A lab setting might be feasible for the development of a corporate scale information system, but I don't think a small developer will do this. Or let's say a developer works from home, he'll need to be connected via the internet (VPN or not, still..). Also hobby programmers or one of the many people making (android/iOS) apps will often use a PC that's connected to the internet. Open source projects use online bugtrackers and version control repositories like sourceforge.net
Whenever you are connected to the internet you should have an Antivirus solution. Inconvenient truth nowadays...
-
The simple truth is that any person could create a file that triggers a detection - and I'm not talking about a virus writer or a person who's already infected.
I've had it happen, in an intermediate file as part of a software build. Apparently something about the Win32:Evo-gen detection at the time was set a little loose because I'm not the only one. In fact, other than alerts on a few web sites that I wouldn't have gotten an infection from anyway (I disable ActiveX as a matter of course), false positives are the ONLY detections I've had literally in years. I do not rely on my AV solution, it's there as a safety net that hopefully never sees action.
Thing is, a LOT of people develop software and/or create content out there. Smart people. People who know what they're doing as well as any evangelist here, and who don't practice bad habits and get infections. I'll concede that it's probably no where near a majority of all users, but enough that there needs to be an expert option - or maybe an expert version - that provides expanded user control and includes better options for working around false positives.
This does not even touch on the possibility of the AV software having a problem that causes false positives.
Here's a good rule for any software developer to follow:
Make things easy to use, and as foolproof as possible, but don't dumb things down so much that they get in the way of smart users who know what they're doing.
If I had to summarize, the argument here seems to be between smart users who know what they're doing and aficionados who believe people would just get themselves in trouble if given control.
But, you see, the trouble is they DO have control. All or nothing control. This just needs to be refined.
-Noel
-
Make things easy to use, and as foolproof as possible, but don't dumb things down so much that they get in the way of smart users who know what they're doing.
If I had to summarize, the argument here seems to be between smart users who know what they're doing and aficionados who believe people would just get themselves in trouble if given control.
But, you see, the trouble is they DO have control. All or nothing control. This just needs to be refined.
-Noel
Thats part of the problem though, not everyone that uses avast is a "smart user" as you call them, some are people that are new to computers or dont know the risks involved with what you guys are so hard trying to prove a point.
Take it for instance the older generation, they didnt grow up with this kind of technology and yet a lot of them are forced to use it because thats what a lot of things now a days are required of this era. Just because the advanced users want something doesnt mean avast will cater towards it because they have to think of every user here not just those that are tech savy.
-
..Take it for instance the older generation, they didnt grow up with this kind of technology..
Cast,
Though perhaps not intended, that is more than a little patronizing. Some of us "older generation" had to design and write their programs long hand before transferring to paper tape, then stand in a queue to have the chance to try it on the few uni machines available. Many wrote their own programs in micro code for (by todays standards) incredibly limited memory and limited hardware functionality home built micro "computers", and later used primitive multipass compilers. (anyone else remember the early fortran compilers). We were there as the computer industry progressed from its infancy to where it is today.
Some of us may well know more about what is happening technically in terms of both the hardware and software than many of the current generation who buy their PC's off the shelf, and buy all of the software itself. I have no problem with this, that is what personal computers are for now, to be "used".
There are obviously people in the "older generation" who don't have the same level of computer knowledge as some of the people of the current generation, and there are people in the current generation who don't have anywhere near the technical knowledge of some of the "older generation"
Please think a little before making generalisations based on age.
Nuff said - have a happy Christmas and a prosperous new year. :)
-
Hi olddog,
Remarks that went right down to my good "old" heart. On the other side I have experienced what is still lacking with security education on Higher Education Institutes for IT Development and Communication Science in the Netherlands. Doing the rounds this year at exams I asked several students about their coding security education? Non-existent this year, had been in the curriculum the year before, but taught from the wrong textbooks. :(
Student in question is now having his own hosting firm, being a potential danger to the general Interwebs community (of course some of the posters in this thread excluded :D) ,
That is the other side of arrogant remarks, the unreasonable demands etc. I would not code outside a VM environment and inside a sandbox. Who is to risk his valuable OS coding right on the open Internet, that is now known to be completely "pn*w*d", from the recent various gov surveillance revelations and we now know the extent of where this goes ;)
polonus
-
@ Cast,
As someone of the "older generation", I take a little exception to your comment.
Those of us in the "older generation" taught most of you much of what you now know. Hopefully, you will eventually become part of that "older generation" should you be around
long enough.
You'll then need to put up with those of your current generation who will be calling you a member of the "older generation". ;D
Remember, we all eventually reap what we sow. :)
-
It is extremely annoying when developers of AV, operating systems or browsers take control over the users pc's. I make plenty of small applications to make computing faster and easier. These almost always trigger Avast, either because they are unknown, scripts or some other debauched reason. I use version 7, and have my entire application work mainfolder marked as "Avast free zone". This works fine until the moment I try to move a file to usb or anywhere else. Then I need to pick it up from the chest and mark it trusted. All this annoying babysitting could be avoided by adding a simple ignore button. And why is there no ignore button? Because some people don't understand pc's, we must all be treated as completely ignorant fools. How hard could it be to make a babysitter/non-babysitter option. And for the sake of all the worried evangelists, make babysitter mode the default. I suspect version 9 to be even worse than version 8 and version 7, that is why I stick to version 7.
-
@para-Noid, so it is logical/common sense go and ignore what people are demanding/suggesting and also negatively react to criticism? Read people reaction on Avast 9! I'm not the only1 who is criticizing. Avast should learn first RULE of any business anywhere in the world: Customer is ALWAYS right. So far Avast is ignoring this rule. I did check Avast reviews on the net. Why is Avast falling? Again: Customer is always right!
-
I only used the older generation as an example because I know my parents and grandparents arent as tech savy as most of the younger generation, I meant no offense to anybody in particular but all I meant is that the younger generation such as myself grew up with this technology while the older generations such as my grandparents had to adapt to it and still are.
-
Hi Uncle Scrooge,
And alas that is a general trend and development and it is not only av that is contributing to this here. To have the IDS detection of a user script like malware script detector extension inside the firekeeper add-on for firefox, I had to incorporate that into firekeeper's blacklist to make it function. Would have liked to tweak it with my own rules. Incorporate my own user scripts into firefox is ask ing me to jump more and more hoops and hurdles to accomplish this. What I mean to say is to take software back into apt user's hands by tweaking is not that easy as it used to be and on all levels. As a f.ravia and woodman adept I know what I talk about. Annoying it really becomes when for instance Google bans the use of specific adblocking in their OS when they seems to be able to get away with it, because it conflicts with their commercial earn model. Whenever general security considerations prevail I can go along with these developments, whenever patronizing the user is behind it or fingerprinting/monitoring like with the browser google sponsor model I loathe it. So legally fuzz, code explore, use safe hex, regular expressions, input output validation on all layer levels to be aware what is going on under the hood. Bur do not make cheap accusations and assumptions. That won't help the situation. The avast! av solution has "a lot of irons in the fire" at the moment, but I hope they also will watch over general development".
polonus
-
1) Many studies have been done showing the same result...99% of the time the customer is wrong.
2) Don't get me wrong...I can see your point. I just don't think it's feasible or wise.
3) The points made "for" this idea should have been posted in the feedback board in the first place.
Click "login">click "single sign-in">wait for page to reload>click "idea">then post your idea
Don't be too surprised when it gets rejected.
https://feedback.avast.com/
-
Hi Para-Noid,
This discussion is going more and more into a general opinion discussion and we have been there many times before. Tweak-ability of (open) software opposed to rigid predefined closed software. So specific use of software. Just give an example from what I am doin' here, website software analyzing. Whenever I use http://aw-snap.info/file-viewer/ to scan the code of a site on a fixed IP I get banned by the tool as that specific use was not being foreseen by redleg, the developer. When asked he saw no objection and granted me access, because he knew I was not abusing the service, just sanning suspicious or potential malicious code on websites from website owners that asked for support with detections. Well a similar situation arose here. Only thing is this can only be tackled by avast development and the big question here can abuse be excluded?
polonus
-
I see your point...abuse cannot be excluded.
And there's this...the good of the many outweighs the good of the few.
But this has become more of an editorial and debate than something worthwhile.
-
Wow Para-Noid: Quote...99% of the time the customer is wrong.
You are candidate for a job at M$, telling their foolish clients how wonderful Win8 is ::)
-
This could be an interesting discussion as to know more about specific developer user wishes and the pro and contra of it, if we could only weed out where the discussion goes to be personal. We are get documented here about specific developer wishes that make use of the av or write software that will be used by users of the av and also the why some restrictions might not be avoidable. The discussion should be practical in the first place and not fundamental where opinions easily clash. Thank the contributors for what they brought to the table,
polonus
-
Couple of tips for this specific user group:
Do not use shared folders between VM and host
Use a separate network whenever possible
Work on a physical station and not a VM
Take snapshots with VirtualBox
Use this: https://github.com/a0rtega/pafish, a demo tool that performs some anti(debugger/VM/sandbox) tricks
Tips credits go to BartBlaze presented in another context on malware lab use, but also usable in this context, I hope.
polonus
-
Let me pull this out of going to "general opinion discussion" ...
Why would you offer to remember a user decision if you know you are not going to remember it.
I own a 40+ user license for many years and help other companies. This has annoyed them tremendously and I hear about it almost daily.
Here are a few examples of my customers with this problem:
An auto panel company uses AutoCad with a third party addon.
A driving school has custom accounting software.
A telecom company has old version of accounting software.
A tax company uses one of the most popular software for their field.
Each of these customers gets the sandbox message every time they open a drawing or application. I am not looking for the solution to each but want to know why Avast does not work like it says right on the screen??? Avast is offering a click by and an option to remember it right there on the screen. Any user expects the software to work as it says on the screen.
To me this makes Avast look like a poor product.
Why? Because of what my customers say.
Are they wrong to expect a piece of software to work as it says on the screen? I say they are right.
If the interface does not get fixed then I will be forced by my customer to review other products. Avast has been a great product and I have been with them through their growing pains. But as a user and administrator this must get fixed.
-
You can post your suggestion(s) here: http://forum.avast.com/index.php?topic=146141.0