Avast definition update process secure?

[Chankama]

Hi guys.

Just have a quick question regarding the security of the virus definition update process. You can get them 2 ways:

(1) Run the auto-update from within Avast
(2) Download the definitions

Is either of these procedures "secure"? As in can an attacker force corrupt/malicious definitions on your system?

Only if the download channels are secure (e.g. SSL) or definitions are digitally signed will they be totally reliable IMO. Otherwise, some attacker "can" force their own definitions on you.

Please can someone provide me with more details as to what Avast does?.. Thank you!

[MrBabis]

All antivirus have different kind of def. incryption and it is often changes increases with new program updates. So it is difficult, almost impossible to inject other code in the definition file with out warning from antovirus that file become corrupt or cannot be read.
Some antivirus crashes and can crash you computer in that cases.
//Avast not do that as normal

[lukor]

The definitions are digitally signed.

[MrBabis]

If you are not sure. You can download defiition file manualy scan it then with some online scanner. And then use it.

//How safe can that be?

[Chankama]

Hi guys. Thanks for the responses.

The definitions are digitally signed.

That's great to here. Any links to this on the avast website man? Would like to read more details about it.

If you are not sure. You can download defiition file manualy scan it then with some online scanner.

I am not talking about a "virus" infecting the definitions. Just someone modifying the definitions to harm your system. For example, deleting a subset of the definitions so that your system is more vulnerable to some viruses after the update. Or worse!

Thanks guys ..

[MrBabis]

Worth can be be if new definition file is replaced with old one, but avast will complani in that case. "You need to update you definition file."

//But those warings can be also disabled. I think so.

[lukor]

Worth can be be if new definition file is replaced with old one, but avast will complani in that case. "You need to update you definition file."

//But those warings can be also disabled. I think so.

\\ I don't understand
// what is your point.

[MrBabis]

Poit is that it is good to use automatical update of virus database. And check that it works.

--------

New virus. not shutting down antivius, it just replacing definition file with old one. So old viruses can be downloaded and executed.
That does not exit but old viruses also do came back sometimes. But now users have as rull few different protections and online scanners. So in that case it is so actualy.

Avast have good feature for that, sound alers that is enabled by default. So user knows that virus database is updated.

BTW... do avast have time limit on how old version of database can be used?

And almost no one or noone of antiviruses protected access to database when it using realtime protection. Not all setting usualy protected with password.

[RejZoR]

I pretty much doubt anyone will target avast! for a very long time... Not to mention size of tha "carry" load that would be required to carry all old definitions for all antiviruses...

[MrBabis]

I pretty much doubt anyone will target avast! for a very long time... Not to mention size of tha "carry" load that would be required to carry all old definitions for all antiviruses...

P2P/FTP/WEB sharing for old databases
All those viruses need just to chose correct filename to download and know where to put it. //Some viruses alredy did that b4.

Old version of programs is easy to find.
Lots of people have CD's with old or almost old software.=Simple to collect if need.

Search egines is one way for finding. So it is not neseccery to have own list of download path, just be able to sort results, scan pages for links. Internet have lot of different search engines, not just google.

Spywares collecting user information now to some database on the internet. Virus can be able to use same database for own use (make zombies).
Zombies= PC of users who cannot manage computer well and have low security and often connected to internet. How much are they?

Or... first wave: spywares for crypt-info collect
secound wave: viruses that uses same database.

Who knows how fast that can spread youself?
No one knows. I thinking that we are good protected and "all" have backedup computers and important documents.
Just restore them and continue to work.

...BTW internet become be faster and faster so you will not se that connection become be slower....

[Chankama]

Hey guys.

The reason I posed my original question was "not" because of someone trying to force an "old" (but legit) copy of definitions on you, but an attempt where they purposefully craft a malicious definition file and force "that" on you. Naturally, they would also try to set the "date" of the file to sometime recent so that your program might think "hey this is a new update, let us use it."..

The only way for the Avast program to know that the copy of the "new" definitions was in fact manufactured by Avast is if it is digitally signed or if it is downloaded over a secure channel. That's what I was getting at ..

If the updates are simply incremental, I guess it would be a less of a problem. But, still it IS a problem against new viruses.

[MrBabis]

To force it against you, is just to infect unprotected system files in windows. I hope that you used VRDB that avast have. If not so you can run it manualy once efter you updated windows.

Signed and randomly encrypted time by time, is almost impossible to change fast b4 it will be changed again.

Time is encrypted inti the file inside and on some other settings in program and not outside(when you se on that time when file was created or changed).

[Lisandro]

Chankama is right boys...
Kaspersky and Symantec have to admit new attacks came last week through virus definitions of both companies.
It required a 'program' patch to correct. Even doing that, they admited that a lot of computers get compromissed.
Do not underestimate the capacity and imagination of the virus makers... 

[MrBabis]

Nothing is impossible in the virtual world.

Symantec, kaspersky and few others have different kind of encryption on different databases. Some of them almost never changes. That makes time for cracking.

Avast using just one file for virus database and it updates that makes more difficult to crack. As I know.

[szc]

Nothing is impossible in the virtual world.

Symantec, kaspersky and few others have different kind of encryption on different databases. Some of them almost never changes. That makes time for cracking.

Avast using just one file for virus database and it updates that makes more difficult to crack. As I know.

You are 100% right, and it makes a lot of sense...