Author Topic: Files sent - (Curiousity)  (Read 15417 times)

0 Members and 1 Guest are viewing this topic.

Walker

  • Guest
Files sent - (Curiousity)
« on: October 18, 2003, 01:57:51 AM »
Guy's,

This is purely a question born out of curiousity and hopeful enlightenment  :)

Can anyone (Avast Team) tell me what files Avast poles off of my computer and an overview of what they are/why?.

Also how often?. It seems that Avast wants to connect quiet often according to the firewall log.

Thanks for any info.

Walker.

Pavel Baudis

  • Guest
Re:Files sent - (Curiousity)
« Reply #1 on: October 18, 2003, 09:06:31 AM »
Guy's,

This is purely a question born out of curiousity and hopeful enlightenment  :)

Can anyone (Avast Team) tell me what files Avast poles off of my computer and an overview of what they are/why?.

None. Avast did not send out any files from your computer.
Why do you think we are interested in your files? We have plenty of our own files here ;)

Also how often?. It seems that Avast wants to connect quiet often according to the firewall log.

Avast checks the Internet connection via ping to see if it can try to get the updates. Discussed on this boead many many times...

Pavel

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Files sent - (Curiousity)
« Reply #2 on: October 18, 2003, 10:27:46 PM »
Hi Johnnie,
again, it's Saturday and we can have some conversation. How sweet! 8)

Quote
Are you saying that a simple ping is all it takes to identify which version of Avast I am running and when it's due for an update without gleaning any further info from my pc?

No. Let me explain how it works.
avast uses pings to find out whether the updating servers are reachable (that's what ping is for anyway). If the ping works, it tries to fetch an update. It makes a HTTP GET request to one of our updating servers and downloads a couple of tiny files that hold the time stamps of the installation packages. Using these files, it can determine if there is something new on the servers. If there is, it downloads it and installs it. After the update, it sends a report of the update - this is the only point when it sends some data to our servers, and it only sends info about avast itself, mainly about how it worked, and also some licensing info so that we can blacklist those pirates, y'know ;) But really, no files and/or avast-nonrelated info is leaked. Never.

Quote
For example, I was also wondering about the unp3676 (crash file). Is that information ever polled or sent.

The crash dump, and the chest files are only sent by e-mail (SMTP), and only when a user explicitly asks avast to do so.

Quote
Does Avast open any ports for it's own use?.

Not deliberately. :)
Of course, things like the mail proxy need to do this but that shouldn't surprise you. ;)

So far,
Vlk
If at first you don't succeed, then skydiving's not for you.

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #3 on: October 18, 2003, 11:45:34 PM »
Hi Johnnie,
again, it's Saturday and we can have some conversation. How sweet! 8)

Vlk

Hello sailor,

I'm not convinced, mainly from past comment from one of the 'team'.  ::) But I have no concerns anyway... just curiousity  ??? ;) Topic closed  :)

HOWEVER  ;D ;D ;D <only joking>  but my crash dump say's Avast did it  ::) :-X ie crashed  :o

And I'm not going out with you in that hat  :-* :-* :-*

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Files sent - (Curiousity)
« Reply #4 on: October 19, 2003, 12:11:10 AM »
Ahoy there,

Quote
I'm not convinced, mainly from past comment from one of the 'team'.


Which comment, which member? (I suppose I know which team ::)).

Quote
HOWEVER     <only joking>  but my crash dump say's Avast did it    ie crashed

<talkin' serious> But that's the dump that I've looked at with the overwritten bits in the NTFS driver, right? The thing is, the way Windows "determines" which driver is in charge for a BSOD is rather "interesting" - it backtracks the stack and the first non-Microsoft driver is the one that's guilty :) :) :)</talkin' serious> And you know MS drivers are perfect, don't you? ;) ;)
« Last Edit: October 19, 2003, 12:13:31 AM by Vlk »
If at first you don't succeed, then skydiving's not for you.

kubecj

  • Guest
Re:Files sent - (Curiousity)
« Reply #5 on: October 19, 2003, 12:27:19 AM »
Quote
I'm not convinced, mainly from past comment from one of the 'team'.


Which comment, which member? (I suppose I know which team ::)).


Something tells me he means me here http://www.avast.com/forum/index.php?board=2;action=display;threadid=1412;

Walker, what's still unclear? I thought I already explained that. You may PM me for details, but you'll get nothing than techno-geek stuff  ;)
« Last Edit: October 19, 2003, 12:30:55 AM by kubecj »

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #6 on: October 19, 2003, 12:30:37 AM »
Which comment, which member? (I suppose I know which team ::)).

Nope... I'm not telling  :P . It was only idle chit-chat with an 'implication' of what was being read, but as you say.... nothing detremental... my credit card number... but my wife hs already distributed that to most of the stores in the country  :'(  


Quote
But that's the dump that I've looked at with the overwritten bits in the NTFS driver, right?

No dear boy, I'm now talking about Avast's own crash file (referred to above). That's the one that's poking the finger at Avast itself. My questions about the MS mini dump file where ignored by 'a member of the team'  ::) :)

Now wait a minute, I know what your gonna say next... MS have hacked the 'Avast' crash file  8) ;)

 8)

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #7 on: October 19, 2003, 12:46:48 AM »
Something tells me he means me here ...

Hi kubej.  No.... HE doesn't, thanks very much.

Quote
Walker, what's still unclear? I thought I already explained that. You may PM me for details, but you'll get nothing than techno-geek stuff  ;)

kubej, your all jumping to conclusions that I have some ulterior motive... I DON'T, I'm curious because of other reasons that Vlk knows a little about. I don't mind 'Geek' stuff, I plod my way through it.  8)
« Last Edit: October 19, 2003, 12:47:16 AM by Walker »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Files sent - (Curiousity)
« Reply #8 on: October 19, 2003, 01:20:02 PM »
The avast crash dump is generated when avast crashes - the file is only written to avast log directory at the moment; then, the crash window ("avast! has encountered an error...") should appear, having a part to write your own comment and two buttons - "Send report" and "Don't send". Only when you press the "Send" button, the crash dump file is sent (using SMTP) afterwards.

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #9 on: October 19, 2003, 03:04:35 PM »

Hi Igor,

Thanks for the info.

I don't remember any crash window popping up, but out of interest and to put you guys minds at rest that I'm not asking for some 'other' reason, here is extract from the unp3676 crash file....


Crash list of Avast Antivirus, v.4.1.280
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------
System Information
------------------
Time of this report: 16/10/2003, 13:29:02
      Computer name: SERVER-02
   Operating System: Microsoft Windows XP Personal (Build 2600) Service Pack 1
          Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz, MMX, ~2982Mhz
      System memory: 1048044 KB (installed), 804500 KB (available), 2097024 KB (virtual)
           Language: 0809-0809-0809-0809 (SLangID, SLCID, ULangID, ULCID), 0409-0409 (SUILang, UUILang)
------------
Fault source
------------
D:\Alwil Software\Avast4\ashserv.exe caused an Access Violation at location 7ffefdfd Reading from location 7ffefdfd.

-----------


Walker.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Files sent - (Curiousity)
« Reply #10 on: October 19, 2003, 03:43:58 PM »
Johnnie, please send me the file. I'll take a look at it.

And about the crash dumps - the last I got from you was Mini101303-01.dmp which is the NTFS one. Nothing else since that. :-*
If at first you don't succeed, then skydiving's not for you.

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #11 on: October 19, 2003, 06:25:17 PM »
Johnnie, please send me the file. I'll take a look at it.

Hi Andy :P

Okay.... see, you guy's get 'curious' as well   ;) I'll send it as an e-mail attachment in a few minutes.

Quote
And about the crash dumps - the last I got from you was Mini101303-01.dmp which is the NTFS one. Nothing else since that. :-*

Sent two e-mails after your reply to that mini-dump and a memory jog by IM... it's still there in my forum sent box... but no reply  :-X :'( ;)


Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #12 on: October 19, 2003, 06:39:35 PM »

File sent Andy.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Files sent - (Curiousity)
« Reply #13 on: October 19, 2003, 06:52:35 PM »
Quote
Okay.... see, you guy's get 'curious' as well   I'll send it as an e-mail attachment in a few minutes.

Got it, and am totally confused. This crash dump is a complete mess. I can't find anything useful in that file, sorry... :(

Quote
Sent two e-mails after your reply to that mini-dump and a memory jog by IM... it's still there in my forum sent box... but no reply

OK, OK, I'm not denying but the truth is that you haven't sent me any other crash dump, have you? Just the original one. :-*
If at first you don't succeed, then skydiving's not for you.

Walker

  • Guest
Re:Files sent - (Curiousity)
« Reply #14 on: October 19, 2003, 07:21:01 PM »
Got it, and am totally confused. This crash dump is a complete mess. I can't find anything useful in that file, sorry... :(

A'humm <cough>

Really  ??? ... you surprise me Vlk <bigger cough>

Quote
OK, OK, I'm not denying but the truth is that you haven't sent me any other crash dump, have you? Just the original one. :-*

Can you send me a bottle of whatever you were sipping last night  8) :P . I didn't say I had sent you any more crash dump files  ???. Unless of course I'm trying to access my own invalid memory location.  ::) ::) ::) ;)