I'm not commenting on the actions in any way as I don't feel anything I could say would change anyone's mind, so I won't bother.
Right. Because there is no logical argument in which it makes sense that users who don't know anything about viruses would dig deep into the UI to make configuration changes so that the AV would ask them for advice and then hit IGNORE. Only imbeciles would do this.
I'm just saying your previous comment is wrong (and dangerous, actually).
No, hashes are used to avoid the very danger you are proposing.
You wrote "Hashes are published for purposes of file verification, to ensure the downloaded file is not an imposter or has been tinkered with in any way",
And I also wrote in this very thread:
https://forum.avast.com/index.php?topic=156801.msg1135277#msg1135277 If the hashes match, the file is an exact, unchanged copy of the original.So when downloading reputable software, recommended by reputable sites, from the author's own site or a reputable mirror, and you check the hash value, you know the file is clean.And even earlier in the thread I wrote:
https://forum.avast.com/index.php?topic=156801.msg1134970#msg1134970When software is highly recommended from reputable sites, and you get it from the author's site or a reputable mirror and compare hash values, the chance of getting an infected file is small (they'd have to hack the site to replace the hash too) and I'm happy to take that chance on those occasions, b/c the chance of it coming back to bite me is a near-virtual zero, while the hassle of dealing with AVAST's lack of an IGNORE option is a certainty.However, if you consider the possibility of someone compromising the file, then using the hash published there doesn't make sense. Saying that different hashes would get recognized across the Internet doesn't change anything about that statement - you could as well say that different files would get recognized (if different download sites served different content). Sure, maybe they would be, after a while (probably more likely than the hashes themselves as I don't really believe many people checks those) - but then you are basically disregarding the possibility of someone compromising the site/file (or at least someone visiting the site while it's compromised) that you assumed in the very beginning and because of which you are checking the hashes. The logic is wrong here. If you believe any modification would immediately be found and fixed, then why check the hashes at all?
The reason igor, is because THIS DOESN'T ACTUALLY HAPPEN to any significant (if any) degree. Again I ask, when is the last time a widely used, reputable software program was uploaded to its author's site, and subsequently hacked ALONG with its hash, which were both uploaded, bamboozling an entire slew of users who unknowingly got infected? While it could happen in principle, it doesn't happen in reality enough to even name ONE TIME, so as to make all your dread about it even less reasonable than if I tell you not to drive home because there are car accidents every day. At least there really ARE car accidents every day. But the context of what we are talking about here just doesn't happen as a matter of course. Why doesn't it happen more often? Because it would be a very short-term run for the hacker before discovery, which makes it a useless endeavor from their viewpoint.
A text hash on a web page is an unverified/unsigned piece of information that has zero impact on security; it certainly doesn't tell you that a file downloaded from that page is unchanged.
Let's not play word games. The context is that reputable authors (and companies) generate hashes from the original file then publish them so downloaders can be assured the file they get is unchanged from the original. Everyone from Microsoft to Mac to Linux uses hash codes for this reason.
Sure, you can browse multiple sites to check that all show the same hash (hoping those different sites aren't actually served from a single server and that it isn't your network connection / router / ISP that got compromised, redirecting all your network traffic somewhere else), maybe ask other users across the world what their file hash is (hoping the downloaded the file before the potential attack)...
Actually that isn't necessary, and you know this. With the billions of people online 24/7 downloading files and exchanging information at the speed of light, any single user has an infinitesimal chance of coming upon a widely recommended file & hash that has been replaced with a bogus file/hash before it's been found out by the community at large. And that's on those if-pigs-could-fly-days that someone would bother to replace such a program and hash... since they know this isn't an effective way to spread a virus. Infecting torrents or binaries or sending infections through HTML-enabled email is much easier and less likely to be traced back to the offender.
[...] Digital signatures, binding the [file] content to a particular subject via a trusted authority, have been created for a reason...
Hash files work very well for their intended purpose... or maybe the whole world is wrong and AVAST is right?
Anyway, enough time spent on this particular detail for me... so good luck with the hashes
No luck required. OTOH it seems like AVAST will need all the luck it can get to stay afloat with sinking AV labs and no sense the company wants to improve the product for those users who are bothering to make their needs known. Makes me wonder if anyone on the board of directors ever reads this forum... maybe someone should email them and warn them they should.