Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BunkFace on September 15, 2007, 12:03:54 PM

Title: avast Self-Protection
Post by: BunkFace on September 15, 2007, 12:03:54 PM
Does avast have a mechanism to protect itself against possible virus attacks (like disabling avast or messing up the settings).

Also, will setting a password for avast help to prevent this?
Title: Re: avast Self-Protection
Post by: RejZoR on September 15, 2007, 12:17:05 PM
Not yet, but i hope they'll make one soon. At least before avast! 5.x :P ;D
Title: Re: avast Self-Protection
Post by: swico on September 15, 2007, 12:21:20 PM
It is said that the new 5.0 version will have self-protection.
As for me, I use SensiveGuard to protect my avast!.
IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.
Title: Re: avast Self-Protection
Post by: Lisandro on September 15, 2007, 01:52:59 PM
It is said that the new 5.0 version will have self-protection.
As for me, I use SensiveGuard to protect my avast!.
IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.

Protect critical system and personal files
SensiveGuard can protect files from being written, deleted, copied, and read in real-time. By default, it
suspends and warns on every write or delete on executable files by any program with Internet connection.
User can add sensitive folders and files under protection that can not be read, copied, written, or deleted by
hackers remotely or spyware in the background.  File security policies can be set regarding program
identities, user initiation, folders and file types. SensiveGuard does not interfere with normal network file
sharing.

Supported systems and license
SensiveGuard supports Windows 2000 and Windows XP, and is license free for personal use.


How do you update avast, do you need to disable SensiveGuard?
What happens with automatic updates?
Title: Re: avast Self-Protection
Post by: Lisandro on September 15, 2007, 01:57:42 PM
IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.
It's not only your opinion, it's truth, that is it, unfortunately.
Title: Re: avast Self-Protection
Post by: swico on September 15, 2007, 04:47:50 PM
How do you update avast, do you need to disable SensiveGuard?
Mmm, I create corresponding FD rules for avast.setup, avast.ovr, ashdisp.exe and aswserv.exe.
BTW, as my settings, SensiveGuard will prompt me for any file access without permission.
Title: Re: avast Self-Protection
Post by: Lisandro on September 15, 2007, 05:34:07 PM
I create corresponding FD rules for avast.setup, avast.ovr, ashdisp.exe and aswserv.exe.
avast.setup is a temporary file created in each update, so, if you're excluding it from SensiveGuard checking, ok. If not, is SensiveGuard checking it in fact? I don't think so.

Into the firewall settings, the following programs should be allowed to connect:

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.

Don't need rights to connect:
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashdisp.exe (icon on system tray)
Title: Re: avast Self-Protection
Post by: swico on September 15, 2007, 06:03:34 PM
avast.setup is a temporary file created in each update, so, if you're excluding it from SensiveGuard checking, ok. If not, is SensiveGuard checking it in fact? I don't think so.
Even it is a temporary file, to create a rule for it is acceptable.
avast.setup is a vulnerability, let me see...
Title: Re: avast Self-Protection
Post by: swico on September 15, 2007, 06:20:21 PM
Create two rules:
warn any program to create or write C:\program files\alwil software\avast4\ *.setup
allow C:\program files\alwil software\avast4\ashServ.exe to create or write C:\program files\alwil software\avast4\setup\avast.setup
Now you can block any fake avast.setup.
Title: Re: avast Self-Protection
Post by: Lisandro on September 15, 2007, 07:20:16 PM
avast.setup is a vulnerability, let me see...
I don't think it's a vulnerability at all... why do you think so?
Title: Re: avast Self-Protection
Post by: Dwarden on September 15, 2007, 11:52:51 PM
in moment Your are connected to any network You are vulnerable ...

in fact with all these super technological advanced secret agencies ...

You are unsafe in moment You power up computer :)

btw. this was just irony :)

avast.setup is quite safe if You monitor it's checksum and allow it access only Alwil owned domains ...
(again this may be tricky if your routers or DNS is cracked but then it's already too late)
Title: Re: avast Self-Protection
Post by: swico on September 16, 2007, 04:52:01 AM
I don't think it's a vulnerability at all... why do you think so?
Maybe malwares can create a fake avast.setup to bypass the incomplete FD rules,
so it is neccessary to create an additional rule that is used to prevent avast.setup from being creating by other applications without permission.
I will try to create strict rules.
Title: Re: avast Self-Protection
Post by: swico on September 16, 2007, 04:57:06 AM
avast.setup is quite safe if You monitor it's checksum and allow it access only Alwil owned domains ...
Dwarden, you are right.
But most FD do not care checksum of files, so I only allow aswserv.exe to creat or modify avast.setup.
IMO, it is enough to defend against most modest malwares.
PS: Is avast.setup a temporary file? Does it has a fixed checksum?
Title: Re: avast Self-Protection
Post by: Lisandro on September 16, 2007, 04:02:27 PM
Maybe malwares can create a fake avast.setup
And to connect which sites? avast ones? To update the antivirus itself?
I can't imagine a malware that 'uses' avast.setup' file to steal rights to connect the Internet... Maybe I'm silly to imagine how malware creators could do it and use it...
Title: Re: avast Self-Protection
Post by: swico on September 16, 2007, 04:26:51 PM
I can't imagine a malware that 'uses' avast.setup' file to steal rights to connect the Internet... Maybe I'm silly to imagine how malware creators could do it and use it...
Sorry, Tech™, I just mean that my file defense rules allow avast.setup to modify any files of avast!...
In China, many editors of malwares do not paid attention to avast! yet, but they maybe will do that in nearly future.
Title: Re: avast Self-Protection
Post by: Lisandro on September 16, 2007, 04:42:21 PM
I just mean that my file defense rules allow avast.setup to modify any files of avast!
Ok, but it's a .setup file and not .bat, .com, .vbs, .exe and so on that could manage avast executables. Of course, avast programmers could drop a word here. I'm trying to 'defend' the use of avast.setup as being safe. But I could be wrong and, in this case, it would be good that Alwil team say something about security issues and holes while using a temporary file during update.