Author Topic: Suggestion: Make Avast more proactive - please!  (Read 10052 times)

0 Members and 1 Guest are viewing this topic.

heroxx

  • Guest
Suggestion: Make Avast more proactive - please!
« on: October 26, 2012, 11:02:47 PM »
The following text is more or less copied from a message of mine in a thread called 'Downloading zip-file: "No virus" Scanning again: "Threat found" Why?' on this URL: http://forum.avast.com/index.php?topic=107655.0 :

My experience is that Avast does NOT see the virus, neither when I download the zip file, nor when I unpack the zip-file. Only when I specifically ask Avast to scan the zip file. That doesn't seem like a good protection strategy to me!
This particular file was never intended to be run on my Windows machine. It was supposed to be put on my website's Linux web-server.

Even when I save a mail attachment with virus to my hard disk, Avast doesn't see the virus. I DON'T think that is optimal! (I extracted it more than a month after receiving it.)

And 2 days ago when Avast gave me a strange warning and an error message, I did a 3-hours boot scan, and there I discovered a virus that I must have received in January via a USB-stick. Also, NOT very trust-inspiring! But theoretically that might have been before the virus was known by Avast.

So all in all I would very much like Avast to be more proactive!

-Heroxx

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6699
  • Trust only what you test yourself!
Re: Suggestion: Make Avast more proactive - please!
« Reply #1 on: October 27, 2012, 12:18:00 AM »
With all due respect the web shield is ticked "all packers" by default. When I am finished downloading I always right click on the download file and scan depending on the source. avast has an on-demand removable media scan. Anytime I insert a USB stick into the USB port I run a scan by habit. As far as zipped files go they are by nature inert and pose no harm until unpacked. As I stated before right click on the download and scan before unpacking. The security of any computer rides on the user. There is no such thing as a "perfect" anti-virus. None of the a/v's have a 100 per cent detection rate. As with anything the ultimate responsibility is with the user.  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

marc-d-l

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #2 on: October 27, 2012, 02:16:43 AM »
I have a habit of scanning all downloaded files with both avast and malwarebytes. The 30 seconds it takes is better than the 2 to 3 hours of reformatting,

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5712
  • Spartan Warrior
Re: Suggestion: Make Avast more proactive - please!
« Reply #3 on: October 27, 2012, 07:28:50 AM »
hi,

Archive files are inert until opened.  Nothing will ever start/run from them until you tell/cause it to. 

As it is, there are some archive files Avast! will scan that are password protected.  These files, when Avast! attempts to open them, will always result in a "corrupt file archive" error, as Avast does not know the password to open them.  Nothing is wrong with these files, it is an unknown password error as far as Avast! is concerned.

Best security practices state that the user must manually scan such files before opening them; automatic scanning will lengthen scan times inordinately with little to no added result in detection because of the above password issue.  Best practices also involve using a site such as virus total dot com to scan any unknown file in question.

https://www.virustotal.com/
« Last Edit: October 27, 2012, 07:40:57 AM by mchain »
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Suggestion: Make Avast more proactive - please!
« Reply #4 on: October 27, 2012, 01:50:41 PM »
If you're paranoid, check to scan archives... Archives are inert by their nature (i.e., only when unpacked the virus can do harm if the antivirus is not present).
You'll degrade your browser and mailing experience without adding real protection.
When the file get "used" (or at on demand scannings) they would be managed by the antivirus.
The best things in life are free.

heroxx

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #5 on: October 27, 2012, 03:39:42 PM »
Well... I would like Avast to scan files when they are downloaded or unpacked from archives or extracted from mail attachments.
Can't that be configured??

heroxx

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #6 on: October 27, 2012, 03:47:23 PM »
... some archive files ... are password protected.  These files, when Avast! attempts to open them, will always result in a "corrupt file archive" error, as Avast does not know the password to open them.

What makes you think that I am talking about password protected archives???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Suggestion: Make Avast more proactive - please!
« Reply #7 on: October 27, 2012, 04:50:59 PM »
Well... I would like Avast to scan files when they are downloaded or unpacked from archives or extracted from mail attachments.
Can't that be configured??
Yes, configure Web Shield and Mail Shield scanning properties.
Do you use any download manager?
The best things in life are free.

J.Stalin

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #8 on: October 27, 2012, 07:32:15 PM »
No extra scanning please...Avast is superior to all other AV's exactly because it is not paranoid. Only executable files are scanned unless you ask for a scan. Further on, unnecessary scanning of files that just resides on a hard drive is not performed. They can be scanned with a complete scan when the computer is not in use.
If you want a paranoid AV that scans everything all the time and degrades you to an imbesile with no right to control your computer, I suggest you try Comodo.
When this is said, I don't understand if your packed files are not scanned when unpacked. They will be if the content is executable.
     

heroxx

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #9 on: October 27, 2012, 08:57:41 PM »
When this is said, I don't understand if your packed files are not scanned when unpacked. They will be if the content is executable.

The virus was not found when I unpacked the zip file. The zip file contains a 'half baked' WordPress blog website.
The infected file is called "thumbs.php" and is situated in a directory called wp-content/plugins - inside the zip file.

heroxx

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #10 on: October 27, 2012, 09:06:33 PM »
Well... I would like Avast to scan files when they are downloaded or unpacked from archives or extracted from mail attachments.
Can't that be configured??
Yes, configure Web Shield and Mail Shield scanning properties.
Do you use any download manager?

I have the Avast Free Antivirus, and I tried looking under 'Real-time shields' -> Web Shield (and Mail Shield), but I couldn't find any settings that sounds relevant. Could you please elaborate a bit?

I don't use a download manager.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6699
  • Trust only what you test yourself!
Re: Suggestion: Make Avast more proactive - please!
« Reply #11 on: October 27, 2012, 10:03:15 PM »
Both the web and mail shields have the "all packers" ticked by default. I would advise you to right click on the download and scan before unpacking files.
This not a guarantee that the actual executable will be scanned. I does mean the download file will be scanned. When the file is unpacked then the file and behavior shields will kick in for protection. The file shield has the built-in autosandbox for that extra protection.  :)

To test the autosandbox use http://forum.avast.com/index.php?topic=76650.msg825680#msg825680  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

heroxx

  • Guest
Re: Suggestion: Make Avast more proactive - please!
« Reply #12 on: October 28, 2012, 12:19:45 PM »
Both the web and mail shields have the "all packers" ticked by default.

Yes - also on my machine. But that didn't help in this situation.

Offline claudiubotezatu

  • Jr. Member
  • **
  • Posts: 61
Re: Suggestion: Make Avast more proactive - please!
« Reply #13 on: October 28, 2012, 01:30:51 PM »
Hi heroxx ,

You are absolutely right!
I am surprised that a lot of AV's will implement sofisticated metods to block a threat but will not do a simple thing: automatically scan a rar/zip download!!!

The reason vehiculated here by avast! suporters/evangelists that while is packed is not a threat is not a valid one; I can ask , why will we have a website shield , the same reson should apply , if is not executed do not scan/block.

The real reason is unpacking a rar file after download and scanning it is time consuming and will loock like Avast is slowing your internet. So, if you right click and scan, this is a different story.

You can download a virus in RAR format, send it by email,save it on a memory stick, give it to somebodyelse and will never be detected by Avast!

The free av which is automatically scanning a rar/zip dovnload is MSE4.

Claudiu

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Suggestion: Make Avast more proactive - please!
« Reply #14 on: October 28, 2012, 04:12:11 PM »
A web site is different than downloading an archive.  An archive is inert, and requires action by the computer user to present a threat.  The user must open and execute the contents of the archive, and by then if the AV is going to find a threat at all it should have.  To be on the safe side, I always manually scan all downloaded archives and installers with an AV and MalwareBytes after making sure that they have the latest signatures available.

OTOH, web sites can and do contain active content which can be run on your machine simply by visiting the site, requiring no user action at all.  These days, visiting one web site usually means you have connected to many sites via embedded links.  Any of these could be malicious.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner