Avast definition update process secure?

[Chankama]

Chankama is right boys...
Kaspersky and Symantec have to admit new attacks came last week through virus definitions of both companies.

haha . Guess attacks such as that is right around the corner then. Norton will always get attacked first due to their customer base - much like IE.. If Avast uses digital signatures as Lukor has mentioned, they shouldn't have to worry about this too much. Assuming, the virus doesn't modify the program itself.. 

Avast using just one file for virus database and it updates that makes more difficult to crack. As I know.

What do you mean by this man?.. Please elaborate.

[MrBabis]

This 400.vps file in the avast data folder contains virus definitons and it is only one file.

To prevet modification of program itself is by checking version with MD5 on server when updating.

[Chankama]

This 400.vps file in the avast data folder contains virus definitons and it is only one file.

To prevet modification of program itself is by checking version with MD5 on server when updating.

So you are saying Avast checks only the MD5 hash of the virus definition file, with the one on the server?.. That's it?.. 

Lukor mentioned that it is also digitally signed.. But, if what you say is true and all it does is simply verify the MD5 hash (and NOT digitally signed), then Avast should be suspectible to a very persistent attacker who "does not" necessarily have control of your machine.. Would be a problem, on an untrusted network.. Which I am on..

I hope Lukor was right.....

[Lisandro]

This 400.vps file in the avast data folder contains virus definitons and it is only one file.

I think not...
What are all those files into avast4\setup folder?

[DavidR]

This 400.vps file in the avast data folder contains virus definitons and it is only one file.

I think not...
What are all those files into avast4\setup folder?

I think not either as it is highly likely that your 400.vps file because of the different start point and differing number of updates, I doubt it would match an MD5 hash on the avast! web site. My 400.vps was last updated today plus I can't see any way of checking the MD5 hash of the 400.vps file.

[MrBabis]

Damn sorry But....:
-----------
!!! I sade to prevet modification of PROGRAM ITSELF
NOT md5 for database!!!
You just missunderstod me !!!
-----------

and 400.vps is located in that folder by default

%ProgramFiles%\"Alwil Software"\Avast4\DATA\

[Chankama]

So I guess it's final. Both Lukor and Igor says that the Avast definitions are digitally signed!.. Guess, I don't have to worry about this anymore..  . Thx everyone!

[DavidR]

Damn sorry But....:
-----------
!!! I sade to prevet modification of PROGRAM ITSELF
NOT md5 for database!!!
You just missunderstod me !!!
-----------

There may well be misunderstanding, but what you have put above isn't what you said, your statement mentions checking against the server when Updating and since we were talking about VPS update that was the assumption I got."To prevet modification of program itself is by checking version with MD5 on server when updating."

However, I still don't follow your logic as to how checking the programs MD5 # against what is on the avast web site. I can find no information about MD5 # data on the avast web site (see image) and even if there was something it is likely to be an MD5 for the installation file setupeng.exe, which will bare no resemblance to the installed program. So there is nothing to check against.

[RejZoR]

Well i can confirm the self protection of avast! files. At least main ones like ashserv.exe and other active processes.

I was tackling with their icons long ago and they got replaced/fixed on every update and system restart. I think i also got warning that files were modified.

[DavidR]

Thanks RejZoR.

[DavidR]

Further information in this thread http://forum.avast.com/index.php?topic=17559.msg149375#msg149375