Author Topic: .  (Read 22336 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast accessing websites (DNS logs)
« Reply #30 on: January 05, 2015, 06:11:57 PM »
Why can't the list (log) be encrypted. Avast gets what it needs and we or any one else looking at our computer don't have to put up with that list.

Hi Bob, the OP reported that he used OpenDNS to create log of all DNS activity. You can also capture packets on the network and create a log file from the capture. From the packet log, you can however also tell that the domains are not accessed - which means no connection and traffic between your PC and the suspicous site(s).
The OP isn't the only one using OpenDNS. I was one of the very first forum members to recommend the use of that service a very long time ago.
I am just uncomfortable with that list even if it clearly states that those sites were not accessed.
« Last Edit: May 24, 2015, 07:10:08 PM by lukas.hasik »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Avosec-UK

  • Avosec Technical Support
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 296
    • Avosec
Re: Avast accessing websites (DNS logs)
« Reply #31 on: January 05, 2015, 06:14:06 PM »
The issue as outlined by the OP is that while Avast is not contacting the sites it is seen in the OpenDNS logs.

FYI: OpenDNS will not log anything if the DNS servers on your computer or router are compromised / hijacked, while Avast will know about it and alert you.  ;)

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast accessing websites (DNS logs)
« Reply #32 on: January 05, 2015, 07:06:58 PM »
@thekochs
After the last explanations I think I understand this function, and if nothing of theses searches are going outside to the Internet - I cannot see anything harmful for me. To say "check only inside my computer" ignores the attacks to the routers we all need to use.

The only real problem left is - these function (and others too) should be explained to new customers of the program. It's not very funny when I have to search around for informations when I change to such a sensitive and always working tool as a malware scanner.

An easy-to-understand example: in another thread I asked lately for the directory of the virus quarantaine store.  I want to know this files when I get an malware alert and want to check for false positive on jotti or virustotal. Never got an answer.

Another example are some very short and rough answers in some threads - instead of RTFM or "use search" or "click the question mark" the helper could give a link to an explanation.

stibi


P.S. how can I search for threads where I wrote? This is also a miracle for me ...
« Last Edit: January 05, 2015, 07:12:27 PM by stibi »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast accessing websites (DNS logs)
« Reply #33 on: January 05, 2015, 07:21:34 PM »
P.S. how can I search for threads where I wrote? This is also a miracle for me ...
@ stibi,
Click on your username

Next:

That will show you all of your participation on this forum.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Avast accessing websites (DNS logs)
« Reply #34 on: January 05, 2015, 08:02:47 PM »
The only real problem left is - these function (and others too) should be explained to new customers of the program. It's not very funny when I have to search around for informations when I change to such a sensitive and always working tool as a malware scanner.

I agree it should be somewhere in helps or knowledge base - but you'd still need to know you should be looking there (and I'm not sure you would here). Plus, this kind of stuff changes dynamically, e.g. to deal with new threats - so what we are talking about here may be true today, but the behavior may be different tomorrow (and I don't mean in the future version of the program, I mean tomorrow).


An easy-to-understand example: in another thread I asked lately for the directory of the virus quarantaine store.  I want to know this files when I get an malware alert and want to check for false positive on jotti or virustotal. Never got an answer.

The quarantine (Chest) is in the "chest" subfolder of the Avast data folder (C:\ProgramData\AVAST Software\Avast).
However, the files are renamed and their content is scrambled, so I don't know if it's of much use for you.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast accessing websites (DNS logs)
« Reply #35 on: January 05, 2015, 08:31:20 PM »
There's also a very easy way to get to the virus chest and always have it handy. Just look at:
http://youtu.be/Ox8LU6GOlok
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
Re: Avast accessing websites (DNS logs)
« Reply #36 on: January 05, 2015, 10:43:30 PM »
The issue as outlined by the OP is that while Avast is not contacting the sites it is seen in the OpenDNS logs.

FYI: OpenDNS will not log anything if the DNS servers on your computer or router are compromised / hijacked, while Avast will know about it and alert you.  ;)

Why go thru all the efforts.....change your PW on router, disable remote access over WAN and check https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS Seems Avast could just get your IP address and check this link too.......obviously I'm over simplifying.

Seriously, if you publicized "how" this is working I'm sure your are going to get a ton of people OK with it, a ton that are not.  I fall in the latter category so I have chosen to disable this Avast feature and work the security myself.
« Last Edit: January 05, 2015, 11:37:59 PM by thekochs »

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast accessing websites (DNS logs)
« Reply #37 on: January 06, 2015, 12:05:43 AM »
@ stibi,
Click on your username ..

Thank you - it is easy if you know that, but hard to find for a newbee.
« Last Edit: January 06, 2015, 12:07:45 AM by stibi »

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast accessing websites (DNS logs)
« Reply #38 on: January 06, 2015, 12:10:10 AM »
The quarantine (Chest) is in the "chest" subfolder of the Avast data folder (C:\ProgramData\AVAST Software\Avast).
However, the files are renamed and their content is scrambled, so I don't know if it's of much use for you.
Well, in the meantime I found that place myself. If this files there are not original: how can I test them at Jotti or virustotal?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Avast accessing websites (DNS logs)
« Reply #39 on: January 06, 2015, 12:39:15 AM »
The quarantine (Chest) is in the "chest" subfolder of the Avast data folder (C:\ProgramData\AVAST Software\Avast).
However, the files are renamed and their content is scrambled, so I don't know if it's of much use for you.
Well, in the meantime I found that place myself. If this files there are not original: how can I test them at Jotti or virustotal?

You can't upload from the virus chest - so you have to Extract (not Restore) from the chest to a location outside of the chest. The reason not to Restore is that this sends a copy back to the original location, if it was truly infected it could well be active (if a registry entry or other means) of running it were present.

You can't do this with the file securely in the chest, you need to Open the chest and right click on the file and select 'Extract' it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

Now you can Extract it (a copy) to that location and upload it to virustotal, etc.

EDIT added attached image.
« Last Edit: January 06, 2015, 12:44:03 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast accessing websites (DNS logs)
« Reply #40 on: January 06, 2015, 10:24:36 AM »
Thx, David.

This is a good example for the problems I mentioned in #32 above  ;)

I am new to this important program which should be a kind of safety barrier for my PCs. And to feel safe I must understand the functions. The explanation you give here is an important information and should be available for customers in a kind of central help text for the basic informations.

It may be not intentional by the programmers, but for me such missing or nicely hidden basic informations look like security by obscurity. Sorry...
« Last Edit: January 06, 2015, 04:06:26 PM by stibi »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Avast accessing websites (DNS logs)
« Reply #41 on: January 06, 2015, 03:27:23 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Avast accessing websites (DNS logs)
« Reply #42 on: April 13, 2015, 02:51:44 AM »
Ugh... A couple of weeks trying to figure out what was going on in my household, doubting my teenage kids when they say it was not them, I finally tracked the porn DNS requests to avast. Then found this thread. Another unhappy customer. While I accept the arguments as to why its being done. I would suggest the implementation could use some work. Blindly grabbing the top 1000 domains, and performing lookups against those seems poorly thought out.

REDACTED

  • Guest
Re: Avast accessing websites (DNS logs)
« Reply #43 on: April 13, 2015, 05:35:58 AM »
I second SannonT's comment.  I use opendns, in part to block dns lookups for porn sites.  This wasted a day of my time to track down the suspicious requests to Avast's Home Network Security feature.  Was surprised and disappointed when I finally found the source.  I'd suggest adding configuration that allows filtering the "types" of urls in avast's dns scan.  I'm looking for something that will not trigger my settings for blocked urls in opendns.  For now I will be disabling Home Network Security.

REDACTED

  • Guest
Re: Avast accessing websites (DNS logs)
« Reply #44 on: April 13, 2015, 06:57:14 AM »
The more I think about it, the worse this seems to be.... Overeaction maybe, but, yeah, this just feels bad. Avast is effectively providing a file with the top 1000 websites (and therefore by definition most popular porn sites) and saving it onto customers machines where it can be read. Mum & Dad trying to do the right thing may have installed Avast, and in doing so, have now handed their kids a list of the best of the best porn sites. Clear text in the vps (from memory thats where I saw it) file.

Another thought..... Worst case scenario.... What happens if one of those top 1000 site are on the interpol block list for child abuse that certain ISPs have implemented..... Wonder if there would a liability issue there? Yeah, I am used to thinking worst case scenario for customers. Its my job lols.
« Last Edit: April 13, 2015, 01:08:19 PM by ShannonT »