Author Topic: Avast is shooting itself in the foot  (Read 12567 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast is shooting itself in the foot
« Reply #15 on: June 26, 2014, 04:25:39 PM »
Quote
It would ultimately make it safer for all because it is akin to having a secondary tech team with vast experience helping to pave the way safely for the novices that follow.
This is the action you institute by submitting what you presume to be a false positive to the guys in the virus lab.
Once confirmed, that item will then no longer be tagged as an unsafe item.
The ultimate decision still rests with those you've hired to keep you safe.

Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: Avast is shooting itself in the foot
« Reply #16 on: June 26, 2014, 10:14:28 PM »
Then perhaps Avast can add a clickable "report false positive to Avast" right in the software would be good, with an immediately activated update in the local installation so a user stops having unnecessary issues.

A link to report false positive is right in the detection popup, isn't it?
Most solved false positive are distributed (also) via reputation services... i.e. basically instantly. So once the false positive is solved avast! stops detecting the file.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9385
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast is shooting itself in the foot
« Reply #17 on: June 26, 2014, 10:22:58 PM »
It's by design so people don't go and exclude every thing avast! pops up about. I've seen that so (too) many times...
Visit my webpage Angry Sheep Blog

Offline NoelC

  • Poster
  • *
  • Posts: 569
Re: Avast is shooting itself in the foot
« Reply #18 on: June 27, 2014, 03:41:21 AM »
I have been seeing way too many Win32: Evo:gen [Susp] reports - all false positives - lately.

Yep, I've submitted them all.

Yep, they're still happening after the latest update/reboot. 

They happen on trusted tools that have been on my system for YEARS, and which have been passing Avast's own scans every day.

It's a "[Susp]" report!  Not an "OMG, it's the instant-death-parasite virus in all it's glory" report!

I would appreciate being given the opportunity to ponder a "[Susp]" report on a file I recognize and make the final decision to "push through" anyway, instead of being FORCED to blow up whatever job is running, however complex or important.  And also to be able to directly configure the sensitivity of the heuristic that's clearly broken, so I can fix the root cause until the fix comes out. 

How about an "ignore rule until next update" capability with regard to "[Susp]" reports?

How about a secret "user is in charge" registry tweak that's geeky to apply and which at least makes it possible for an expert user to take control?

Thing is, Avast really doesn't know better than I do about every single file on my computer.  I've been a software engineer for a few years shy of 4 decades.  I actually do know a thing or two about what I'm doing and the files on my computer.  I don't appreciate a product so dumbed down that I can't override its bad decisions with better ones, resulting in lost time and lost work.

EITHER Avast needs to work out their false-positives and get it right 100% of the time, or they need to provide the user the opportunity to recover from Avast's mistakes.  I don't think the first is possible.  It's arrogant to think the second is not needed.

-Noel

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast is shooting itself in the foot
« Reply #19 on: June 27, 2014, 04:18:01 AM »
@ NoelC,
I guess you didn't like Avast"s answer which was posted by igor.
In ten years of use, I haven't yet run into a situation were the current policy of Avast made use of my computer impossible. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline gordon451

  • Full Member
  • ***
  • Posts: 165
  • It MUST be beer\\\\food'o'clock SOMEwhere!
Re: Avast is shooting itself in the foot
« Reply #20 on: June 27, 2014, 08:04:24 AM »
We all get false positives, they seem to be a fact of AV life.  I can remember them from w95 days, and they were much harder to deal with then.

In Avast!?  Easy.  Just turn off the Heuristics.  Simple.  Avast! used to pick up my Lotus files regularly, not to mention various other legacy software.  Switch off heuristics and Problem Solvered!  (stolen from a popular Aussie paint ad  ;D )

Ah yes.  I did submit many FPs to the Virus Lab, and it was generally painless, but much easier to do as an email attachment.

Gordon.
Gigabyte H61M-USB3-B3 r2.0, I5-2400 3.10GHz, 4GB RAM; W7HPx64 SP1, Lotus SmartSuite 9.8, K-Meleon 76RC, Pale Moon 26.2, Opera 12.17x64, IE11, Clyton email 14.0, Foxit Reader 7.0.6.1126, PaintShop Pro 6.02, Avast! 12.3.2280, SuRun 1.2.1.2, VoodooShield 3.50

Offline NoelC

  • Poster
  • *
  • Posts: 569
Re: Avast is shooting itself in the foot
« Reply #21 on: June 27, 2014, 02:00:31 PM »
No, I do not think the present approach is right, no matter what Igor has said.

I have expressed my opinion.  It's a learned opinion, and I'm not going to debate it with those of you who don't do with your computers what I do or have the same knowledge.  I expressed it here in the fond hope that people who make a difference might see it and realize that not every thinking person is in agreement with the "Avast always knows better" school of thought.

Don't worry, I'm not going to "stomp off ranting and switch to the competitor's product" over this.   :)

-Noel

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast is shooting itself in the foot
« Reply #22 on: June 27, 2014, 03:39:29 PM »
I would prefer to be part of the Avast Knows Best crowd than your alternative
which appears to be the NoelC Knows Best crowd. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline cooby

  • Poster
  • *
  • Posts: 441
Re: Avast is shooting itself in the foot
« Reply #23 on: June 27, 2014, 08:51:50 PM »
Bit hard to understand why something so obvious causes mudslinging here.

All we need is simple things so that unknown programs can run
1. description of interaction between deep screen, hardened mode and reputation
2. make exclusions work and all in one place
3. add IGNORE or ALLOW when an alert comes up, as it was in version 8.

Refusing to believe or understand that some users may have programs unknown to Avast team, or programs changing frequently, that submitting as FP is impractical is not helpful.

Not all of us are complete idiots.
1. Toshiba Satellite A75, Windows XP-Pro-SP3, Avast! free v9, Sunbelt Firewall 4.7.4.0, SSM, Opera 12.17, SeaMonkey+NoScript, mvps hosts, (MalwareBytes updated and run on demand only, rarely used), Acronis v11, SUMo
2. Toshiba Thrive tablet (rooted) ICS, AdAway (hosts), Opera, Avast Mobile Security 3.0.7801, Titanium Backup, App Backup&Restore

Offline NoelC

  • Poster
  • *
  • Posts: 569
Re: Avast is shooting itself in the foot
« Reply #24 on: June 28, 2014, 01:08:41 AM »
Quote
Not all of us are complete idiots.

Well said.

Let me postulate something...

Some of us have setups where Avast does NOT actually regularly detect malware, because we have set up other things and follow practices that make it almost unnecessary to have Avast in the first place.  It's just there as a safety net that really doesn't get used.

I suspect those who are anti-choice may be those who find Avast blocks infections all the time.  Those who find Avast saves their bacon on a regular basis quite likely would have a completely different outlook than those who never see Avast alerts except for false positives on files that have already been on the system for years.

I don't believe Avast has actually blocked any malware on my system since some time in mid-2013, when it alerted on a web site that couldn't actually have delivered the malware anyway, because I have ActiveX turned off and scripting severely limited.

I don't need the safety net jumping up and getting in the way of the adept trapeze artist.   ;D

-Noel

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Avast is shooting itself in the foot
« Reply #25 on: June 28, 2014, 02:26:01 AM »
Please, in last 11 years here I've seen the asking for changing the policy, please, no, do NOT change the false positive policy. It's the best we can offer to +220 million users.
The best things in life are free.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3742
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Avast is shooting itself in the foot
« Reply #26 on: June 28, 2014, 03:30:50 AM »
I agree :)

The security of so many is more important to me than the ( temporary ! ) irritation of a few.

Greetz, Red.
OS: Win 10 / iOS 14 / Debian 10 / Tails 4
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with CyberSec

Offline ted_s

  • Newbie
  • *
  • Posts: 10
Re: Avast is shooting itself in the foot
« Reply #27 on: June 29, 2014, 01:48:20 AM »
@herschk,,,  I agree with you completely.  they have gotten too big for their britches
to listen to us -  I just finished a grueling task to erase every last of their items from
my pc.  ver 9 :-p  ...    would rather go without for a while (tried avg - nope) 
and its sad cause they seemed to have ""been"" the best,, but they are going the way
 of the do-do bird.

Offline falcongrey

  • Newbie
  • *
  • Posts: 16
Re: Avast is shooting itself in the foot
« Reply #28 on: June 29, 2014, 03:07:11 AM »
I know I mostly ghost these forums and glean information I need to solve problems, sometimes my own but decided I'm going to comment here.

In the 20 some years that I've worked on computers, most of which was removal of virus and malware, the number one reason can be summed up in the response I typically get from clients I ask why something was installed which was 'I thought it was wrong when it said it was a virus so I pressed ignore'.  The average user in my experience of over 20 years has been that of someone that needs their hand held when it comes to the security of their computer. It isn't that they are dumb, ignorant, or a slew of other twists to what I am saying it is often simply in too much of a hurry to really read what the warning is saying on the screen or simply lacking experience with what or where things can be trusted. Now, if you have a client that you 'teach' how to slow down, read, and understand what is safe and what is not... that is different and then also teach them where and how with Avast! you can safely ignore the warning. In my opinion from my experience, Avast! has the right thinking that the needs of the many out weigh the needs of the few who have the knowledge to know the difference between the false positive and the real deal.

For those of us who have the knowledge and experience to correctly tell Avast! 'Ignore this' and 'ignore that', the aggravation that we get from jumping through the exclusion loops is far less than the hundred of thousand common users who would simply press 'ignore' then spout off how Avast! failed them and let viruses/malware into their computer that they said it's ok and just ignore to. Not to mention the sudden increase in costs of repair to remove said viruses and malware. Avast! is thinking on a saving resources globally level not just the ease of use level and what is best for the average user.

I will say, it would be nice (nothing that I would demand on the Avast! Team but ask politely, being I'm only a customer as well and I DO understand their point of view and agree with it) to have a hidden option or a buried one that is hard to find (even if its a registry key to change) that would allow for an 'ignore' button on the suspected threat warning before it goes to quarantine that automatically submits it to Avast! for review as well as a second hidden option to 'submit' the false positive with ignoring or not to for those of us who are flooded by too many false positives due to unique or antiquated software being run that appears iffy to Avast!.

Additionally, for those slinging mud and making the stand that they are far superior of an intellect and know far more than an entire forum of geeks and Avast! Team Members (of which I'm in the Geek crowd) I do hope that one day you can see that no one is superior to another, that each of us have a strength of one area or another that the other person doesn't. In basic, we are all on the same ground footing and simply see a problem from different points of expertise, experience, and views.  Putting ALL 3 of these areas together from everyone and you then see the broader picture that Avast! is viewing by a cliental base of over 200 million and hearing all three of these areas from many of them.

Lastly, over the many years I have been with Avast! I've seen them go from having an easily accessed IGNORE option to what it is today. I've seen their 'GEEK' UI that it use to be which was hard sometimes even for a geek to understand go to the now streamlined one that the most novice of users today can figure out very easily. Again, in my opinion, they have over the years made the Avast! program into something designed for the many average users at the price of some frustrations for the few of us users who are ubber geeks. The current design with the hard to reach ignore/exception has reduced my numbers of 'repairs' considerably because most of my cliental now are those using other antivirus software before I switch them to Avast!. The remainder is hardware / non-malware problems.

-David

Offline AntiVirusASeT

  • Poster
  • *
  • Posts: 464
Re: Avast is shooting itself in the foot
« Reply #29 on: June 29, 2014, 05:55:11 AM »
Perhaps a setting buried in Avast! GUI to permanently turn on the ability to exclude for the scenarios mentioned above would do for geeks (of course disabled by default).

I do agree with the reasoning of the current loops required for users by Avast to exclude files for such cases. However, I believe the approach I suggest would be a good compromise as if the user actually manages to find the hidden setting which I mentioned, nothing is going to stop the user from excluding the files he requires. The current situation of inconvenience would only making him extremely irritated.

That said, it is definitely preferable to submit false positives when one has the opportunity to do so.
« Last Edit: June 29, 2014, 06:07:14 AM by AntiVirusASeT »