Author Topic: Avast definition update process secure?  (Read 12003 times)

0 Members and 1 Guest are viewing this topic.

Chankama

  • Guest
Re: Avast definition update process secure?
« Reply #15 on: October 13, 2005, 12:56:11 AM »
Chankama is right boys...
Kaspersky and Symantec have to admit new attacks came last week through virus definitions of both companies.

haha :). Guess attacks such as that is right around the corner then. Norton will always get attacked first due to their customer base - much like IE.. If Avast uses digital signatures as Lukor has mentioned, they shouldn't have to worry about this too much. Assuming, the virus doesn't modify the program itself..  :-\

Avast using just one file for virus database and it updates that makes more difficult to crack. As I know.

What do you mean by this man?.. Please elaborate. :)

MrBabis

  • Guest
Re: Avast definition update process secure?
« Reply #16 on: October 13, 2005, 10:16:30 AM »
This 400.vps file in the avast data folder contains virus definitons and it is only one file.

To prevet modification of program itself is by checking version with MD5 on server when updating.

Chankama

  • Guest
Re: Avast definition update process secure?
« Reply #17 on: October 13, 2005, 07:30:05 PM »
This 400.vps file in the avast data folder contains virus definitons and it is only one file.

To prevet modification of program itself is by checking version with MD5 on server when updating.

So you are saying Avast checks only the MD5 hash of the virus definition file, with the one on the server?.. That's it?..  :o

Lukor mentioned that it is also digitally signed.. But, if what you say is true and all it does is simply verify the MD5 hash (and NOT digitally signed), then Avast should be suspectible to a very persistent attacker who "does not" necessarily have control of your machine.. Would be a problem, on an untrusted network.. Which I am on.. :(

I hope Lukor was right.....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast definition update process secure?
« Reply #18 on: October 13, 2005, 07:35:03 PM »
This 400.vps file in the avast data folder contains virus definitons and it is only one file.
I think not...
What are all those files into avast4\setup folder?
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Avast definition update process secure?
« Reply #19 on: October 13, 2005, 08:51:56 PM »
This 400.vps file in the avast data folder contains virus definitons and it is only one file.
I think not...
What are all those files into avast4\setup folder?
I think not either as it is highly likely that your 400.vps file because of the different start point and differing number of updates, I doubt it would match an MD5 hash on the avast! web site. My 400.vps was last updated today plus I can't see any way of checking the MD5 hash of the 400.vps file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

MrBabis

  • Guest
Re: Avast definition update process secure?
« Reply #20 on: October 13, 2005, 08:59:04 PM »
Damn sorry But....:
-----------
!!! I sade to prevet modification of PROGRAM ITSELF
NOT md5 for database!!!
You just missunderstod me !!!
-----------

and 400.vps is located in that folder by default

%ProgramFiles%\"Alwil Software"\Avast4\DATA\

Chankama

  • Guest
Re: Avast definition update process secure?
« Reply #21 on: October 13, 2005, 09:31:15 PM »
So I guess it's final. Both Lukor and Igor says that the Avast definitions are digitally signed!.. Guess, I don't have to worry about this anymore..  ;D. Thx everyone!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Avast definition update process secure?
« Reply #22 on: October 14, 2005, 12:47:16 AM »
Damn sorry But....:
-----------
!!! I sade to prevet modification of PROGRAM ITSELF
NOT md5 for database!!!
You just missunderstod me !!!
-----------
There may well be misunderstanding, but what you have put above isn't what you said, your statement mentions checking against the server when Updating and since we were talking about VPS update that was the assumption I got."To prevet modification of program itself is by checking version with MD5 on server when updating."

However, I still don't follow your logic as to how checking the programs MD5 # against what is on the avast web site. I can find no information about MD5 # data on the avast web site (see image) and even if there was something it is likely to be an MD5 for the installation file setupeng.exe, which will bare no resemblance to the installed program. So there is nothing to check against.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9408
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast definition update process secure?
« Reply #23 on: October 14, 2005, 12:51:08 AM »
Well i can confirm the self protection of avast! files. At least main ones like ashserv.exe and other active processes.

I was tackling with their icons long ago and they got replaced/fixed on every update and system restart. I think i also got warning that files were modified.
Visit my webpage Angry Sheep Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Avast definition update process secure?
« Reply #24 on: October 14, 2005, 01:00:21 AM »
Thanks RejZoR.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89352
  • No support PMs thanks
Re: Avast definition update process secure?
« Reply #25 on: November 22, 2005, 04:43:54 PM »
« Last Edit: November 22, 2005, 04:47:51 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security