Author Topic: SecureLine VPN Auto Install?  (Read 32931 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #30 on: June 22, 2015, 01:19:20 PM »
avast is not sneaking in anything, they are honest and open about it.

I'm amazed you haven't suffocated from having your head in the sand this long. In what way is installing and running something without notifying the user or getting permission from them not sneaking? How is that open or honest?

Before you tell me to read the blog again: Have you ever read Hitchhiker's Guide to the Galaxy? Remember the beginning with Arthur's house and the bulldozer? The Vogons with the Earth? That's the same thing you're defending.

Seriously, stop repeating yourself and come up with a real argument or get out of this thread. You're not contributing anything.

Welcome to the real world. Neither of them is a plain anti-virus product. You should start with learning the differences between all kinds of malware. A virus is just one form of them. Protection against only viruses is like having no protection at all. As I said "anti-virus" is a name from the old days. It is still being used to avoid confusion amongst the users. A better name nowadays would be "anti-malware" or "anti-thread(s)".
You're nitpicking terms instead of coming up with a real defense. Doesn't matter though, because none of those products do anything besides protect my computer from running unwanted software. Tell me again how I'm wrong.

The truth is that you have a lack of knowledge. Here is a good place to start for you: https://en.wikipedia.org/wiki/Malware
I'm familiar with malware. What does VPN software have to do with it? Tell me I don't know what I'm talking about again. I'm loving this.

That is the freemium business model that the avast staff thinks will bring in the most revenue. It is used for many years by many (small/medium/large) companies worldwide. And no not everyone is happy with this business model, including people from avast. https://forum.avast.com/index.php?topic=169059.msg1225615#msg1225615
Freemium is where you offer a bare bones product that has features you can unlock for money. The business model you're talking about is the one used by Ask Toolbar and Bonzi Buddy. That one's called scummy.

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: SecureLine VPN Auto Install?
« Reply #31 on: June 22, 2015, 01:20:17 PM »
I like the use of superfluous quotes to try to discredit me. Arguments work better when you use sources or logic instead of cheap tricks.

Sorry, but  you are the one that discredits himself by not giving arguments and using cheap tricks. It is You that writes: " You're out of your
mind if you can't see how big of a security problem that is", but can not explain the "security problem"...

If all you're watching for is unwanted software, you don't need to spy on my SSL connections in my browser. You can get everything you need through normal system monitoring.

What is "normal system monitoring"? If you mean filesystem scanning, than this is not sufficient for preventing numerous
malware attacks that are executed from memory as the browser loads some content from the network. Such malware may
never "see" the filesystem and still be executed and that's why the webshield is there.

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #32 on: June 22, 2015, 01:29:14 PM »
Sorry, but  you are the one that discredits himself by not giving arguments and using cheap tricks. It is You that writes: " You're out of your
mind if you can't see how big of a security problem that is", but can not explain the "security problem"...
Sorry, I was too busy using "cheap tricks" like logic and examples. I missed that. The problem is that you've put a piece of software on my computer that has the express purpose of spying on me, then done something to show you can't be trusted. How do I know you're not sending my data back to your company? How do I know you're not sharing it with other people?

Aside from the trust problems: How do I know your SSL implementation is good? Is your source code open? Has it been audited? May I see the report?

I'll answer your next question when you answer all of mine. Why the hell did your company think it was okay to install SecureLine without notification or permission?

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: SecureLine VPN Auto Install?
« Reply #33 on: June 22, 2015, 02:36:13 PM »
The problem is that you've put a piece of software on my computer that has the express purpose of spying on me, then done something to show you can't be trusted.
It was not us who installed Avast onto your computer...

How do I know you're not sending my data back to your company? How do I know you're not sharing it with other people?
We do. And you have agreed with that in the license when installing Avast.

Aside from the trust problems: How do I know your SSL implementation is good?
You don't. But how do you know, that your browsers implementation is good? Even if it is opensource,
you really have gone through every line of the code and are sure there is no bug? In 2014, every major
SSL/TLS implementation had a serious security issue. Have you known that before it was discovered?
Or are you using your own browser with your own SSL implementation and so You are not affected by
bugs in all that "bad" implementations?!

Does all that sound absurd? Of course it does. But it is as absurd as writing "aside from the trust
problems". Unless being a security expert with lots of free time, You only have trust available to judge
whether some SSL implementation is good or not.

Is your source code open? Has it been audited? May I see the report?
No. No. No.

Why the hell did your company think it was okay to install SecureLine without notification or permission?
Because it is considered being a part of the "Security suite" you have installed. A new part but still a part of it.

And now that I have answered all your questions, I would like to know why you consider the HTTPS scanning
option a "security problem". Or to be more precise why you consider just this particular option a security problem
in a software suite, that runs several components under root and even has its own kernel modules loaded
(thus having access to any data on your computer).

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #34 on: June 22, 2015, 11:44:01 PM »
It was not us who installed Avast onto your computer...
A fair point. I misspoke. You had a piece of software on my computer capable of spying on me, and then you did something showing how untrustworthy you are.

We do. And you have agreed with that in the license when installing Avast.
I meant all of my browser activity and sensitive info. Are you admitting to that?

You don't. But how do you know, that your browsers implementation is good? Even if it is opensource,
you really have gone through every line of the code and are sure there is no bug? In 2014, every major
SSL/TLS implementation had a serious security issue. Have you known that before it was discovered?
Or are you using your own browser with your own SSL implementation and so You are not affected by
bugs in all that "bad" implementations?!
I haven't been through every line, but I have examined several. The fact that yours is closed source is not a good thing.

The fact that every implementation had serious flaws found wasn't a surprise to most people in the security community. We had been expecting vulnerabilities to be discovered in some of the older ciphers for quite some time. Qualys' SSL Labs tool has been suggesting disabling most of the problematic SSL options since before the vulnerabilities were found.

Does all that sound absurd? Of course it does. But it is as absurd as writing "aside from the trust
problems". Unless being a security expert with lots of free time, You only have trust available to judge
whether some SSL implementation is good or not.
Actually, the only absurd thing here is a closed source SSL implementation.

No. No. No.
You have a closed source SSL implementation that hasn't been audited? Holy ... that's really bad. Rule #1 of crypto is never roll your own. If you haven't even had someone audit your code, you're just hoping nothing bad ever happens. I'm failing to find the words to express how horrifyingly bad that is. So glad I uninstalled.

Because it is considered being a part of the "Security suite" you have installed. A new part but still a part of it.
I installed antivirus! Not a suite! Seriously,

And now that I have answered all your questions, I would like to know why you consider the HTTPS scanning
option a "security problem". Or to be more precise why you consider just this particular option a security problem
in a software suite, that runs several components under root and even has its own kernel modules loaded
(thus having access to any data on your computer).
You still haven't answered all of my questions. Why are you (a "security" company) trying to teach users that they can't trust update channels? Why are you mimicking the behavior of the malware you're supposed to be protecting users from? Most important (the second question I asked in this thread): is Avast going to continue this underhanded, dishonest, and scummy behavior?

I view that as a problem because you've got a closed source crypto implementation that only serves to increase the attack surface of my machine. I get that you need root access to my machine, but since you already have that why did you have to make browser security worse?

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: SecureLine VPN Auto Install?
« Reply #35 on: June 23, 2015, 01:11:48 PM »
I meant all of my browser activity and sensitive info. Are you admitting to that?
Yes. If you use the browser extensions (those are again optional like SecureLine), than all URLs
you visit are collected and used to gather marketing analytics data sold here:
https://www.jumpshot.com. The data are of course aggregated, anonymized and sensitive
stuff is stripped, but they are collected.

Actually, the only absurd thing here is a closed source SSL implementation.
Well, in fact we use OpenSSL in combination with Apple's Security Framework (certificate checks),
but since it is much easier to use OpenSSL wrong than right ;-) I do not consider our implementation
as whole to be open source. But we are not that crazy to implement all of the ciphers, hash algorithms
and other cryptographic stuff ourselfs.

Why are you (a "security" company) trying to teach users that they can't trust update channels? Why are you mimicking the behavior of the malware you're supposed to be protecting users from? Most important (the second question I asked in this thread): is Avast going to continue this underhanded, dishonest, and scummy behavior?
I have already answered this questions and the answer is Yes. It is the business model of Avast to sell
you additional products whenever possible. The core Avast products are "free", but that doesn't mean
you do in fact not pay for them. You only do not pay with money but with being the target of various
marketing campaigns instead.

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: SecureLine VPN Auto Install?
« Reply #36 on: June 24, 2015, 05:08:20 PM »
In reference to the fact that the user claims to have installed an Anti Virus and not a suite, I would like to remind the user that the Product is in fact called 'Avast Free Mac Security' which indeed implies it is a suite of security tools.

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: SecureLine VPN Auto Install?
« Reply #37 on: June 24, 2015, 10:52:58 PM »
In reference to the fact that the user claims to have installed an Anti Virus and not a suite, I would like to remind the user that the Product is in fact called 'Avast Free Mac Security' which indeed implies it is a suite of security tools.

That's true, but the product was "rebranded" just a year ago, so it is perfectly possible that he really
had installed "Avast Antivirus". But to be honest, the naming is only a marketing "game" - the Windows
version is still named "Avast antivirus" even thought it contains many components that are not antivirus
related and is thus much more a security suite than the Mac version...

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: SecureLine VPN Auto Install?
« Reply #38 on: June 24, 2015, 11:23:29 PM »
Fact remains that somehacker agreed with the license terms when installing avast.
He should stop making false accusations en start reading the terms/license that he agreed with.

If he doesn't like them, he is free to remove avast and use something else.
Not that it will make much of a difference because others have something simular in their license.

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #39 on: June 24, 2015, 11:47:26 PM »
I made an account for the sole purpose of agreeing with the user about the questionable business practices of a security company that installs an additional application on my machine, without prior warning or permission granted. Yes, it is a separate application, my computer treats it as such. I've used Avast for years, on all of my laptops (including 5 machines over 6 years) and mobile phones (3 devices over 3 years). The company has my contact info and could have easily promoted this new product. Instead, I get a random new icon, with no explanation. This is EXACTLY what my security program is supposed to PREVENT.

I am extremely disappointed in Avast. Did you not learn anything from the U2/ Apple fiasco? People do not like things installed on any of their devices, without any warning. You can argue that you are doing it for the customer's convenience, but the customer will often feel like you have violated our trust in a poorly conceived promotion.

You were a pretty good company with a solid product. I am sad that I can no longer use it, but I'd rather not risk my devices and see what other surprises you'll put on my mobile and tablet since you already violated my laptop. 

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #40 on: July 31, 2015, 03:42:06 PM »
I too am posting on here for the first time because of this.  Yes we installed an full security suite.  Yes we agreed to auto updates.  However those updates were supposed to be for virus definitions and updates to the program itself.  When you are installing, the software tells you all about the different parts and you get to decide what to install.  We want security software to work for us and keep us safe.  To stop bonzai buddy and whatever else tried to install itself from the web, on top of the normal virus protection.  What we do NOT want, is your company to install whatever it feels like installing because it thinks it knows better than us.  I never gave permission for another VPN to be installed.  As a matter of fact, I have one from another company, and yours would conflict.  Then not only do you install it, You have it running.  Taking up system resources without permission.  What part of this business practice do you think is above board?  Just saying we gave permission for updates months ago when we installed in insufficient on it's face.  This software is supposed to be designed to detect PUP, not install one itself.  As you can hear on here, it is definitely unwanted by many people.  35000 views is quite a lot.  Not to mention the people who don't know to come here and find out.  It's sleazy business and you know it.    Software should NEVER install NEW software (just saying it's part of the suite does not excuse it) on a users machine without consent.  That's the entire theory behind PUP's and other things.  You want to act scummy like that, fine, but don't try and rationalize it.  Don't try to make people out to be bad guys when they are pissed that YOU modified THEIR computer without so much as a "by your leave".  How dare you think you can do something to a users computer without their permission.  Using the permissions it was granted to protect a users system to load it up with apparently any software you deem fit, just because it is part of your suite, or in the users best interest.  You are not in a position to know what they user wants.  You do not know if there is some software that may conflict with  the sleaze-ware you want to push on us.  Luckily I have little snitch and was notified that it was trying to connect and I could shut it down.  But look at it like this...  You are pushing unwanted-unasked for software onto a users computer that then runs and makes connections to the internet, even without signing up or asking permission to connect.  How is that anything but dirty.  Saying that we allowed updates when we installed avast is disingenuous at best.  We allowed updates to the definitions and the software we opted for.  We did not give blanket permission for you to install what you want when you want.  Then choosing to attack users / customers / potential customers because they are angry and frustrated about this sneaky action is ridiculous.  Users come here to find out what the hell you people did and you attack them?  Try to shame them for being pissed?  Another sign that your side is being shady.  So you act like a virus or malware and modify a computer outside the parameters of the install or what was agreed to, then dress down the people for being pissed.  No matter how you try and spin it, FORCING software onto a customers computer, with no notification or warning of any kind, software that touches deep into the network system to route ALL network traffic, and that software begins contacting the net and calling home immediately is just plain crappy.  It will not make you new friends.  It will not make you look good.  Makes you seem like the bad guys.  How you don't see that, I 'm not sure.  Im sure that some people would have happily installed it and paid for a vpn, had they known what you wanted.  On the other hand I think the vast majority of people don't need or want a vpn, but you don't care either way.  Force it onto your computer then maybe scare and trick you into paying for it and you get the money.  Sounds like a lot of other shady business from the web where you get something unwanted installed and you get tricked into paying for it.     

Shame Avast.  Shame

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #41 on: August 04, 2015, 03:24:22 AM »
I've used Avast for years, will continue to do so, but, this caused a heap of trouble for me.
 I just quit it and dragged it to the trash - I hope that's enough.

That's not the correct was to uninstall it, there's a uninstall option from inside the Secureline app in the top menu, there are other important tidbits left in the system besides the .app.

The installer does *not* get all those tidbits. There were several leftovers (found by name) that I manually removed

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: SecureLine VPN Auto Install?
« Reply #42 on: August 04, 2015, 03:58:17 AM »
Quote
The installer does *not* get all those tidbits. There were several leftovers (found by name) that I manually removed

Then can you please share the list of those files?

If you are referring to .plist files, these are innocuous and make no difference, and, like it or not, most uninstallers will not delete them.
« Last Edit: August 04, 2015, 04:00:18 AM by specimen9999 »

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #43 on: August 10, 2015, 09:03:20 AM »
Strange: I have paid Avast on my wife's Win machine --- no Avast SecureLine in sight on that computer.  ;)

   Anyway, after testing it every which way on my Mac, I decided to "buy" it.  ;D

   Activation failed.  :-[

   Tech phone support failed: 
1. An AV program must be interfering ---    :o
2. It won't run on a Mac --- (I must have been hallucinating when I was test running it every which way during the week of free trial)  :-[
3. Refused to escalate, referred to Avast web support  >:(

    Anyway, I went to my payment service for dispute resolution --- and (surprise!) the vender had decided to skip dispute resolution, so it was escalated to claim status almost immediately.  :D

   Somebody in the Avast marketing/ business departments needs to be fired.    :-\

REDACTED

  • Guest
Re: SecureLine VPN Auto Install?
« Reply #44 on: August 10, 2015, 09:14:11 AM »
Quote
The installer does *not* get all those tidbits. There were several leftovers (found by name) that I manually removed

Then can you please share the list of those files?

If you are referring to .plist files, these are innocuous and make no difference, and, like it or not, most uninstallers will not delete them.

   Besides the plists, there were invisible items in assorted places ---- startup items, boot files, launch agents/daemons, possibly others (working from personal memory here)