I'm interested in you're opinion on dealing with this issue and what is avast politics, if you have the time?
avast! politics is (exactly as my opinion) rather simple: we will
not fix these kinds of "false alarms", for various reasons. That's it.
But how much work can this be for Alwil to solve the problem? One day, two, how much resources and time? This isn't a frequent case. If it tuns out to be then you are probably right.
I'm not sure if DavidR's suggestion ("negative checks" making avast! ignore the file) would be possible. It seems like a security risk to me - what would prevent a real virus from including this specific signature to make avast! ignore it? Applying checksums is also hardly possible - the virus databases change almost daily.
Basically, what we'd have to do is changing our signatures (the conflicting ones). This, however
- may negatively affect avast!'s detection
- would work only until the other AV maker changes their signatures
- may not even be possible, if the conflicting module contains the whole usable virus area
- may be a lot of work: avast! reports only the first detected virus in the file/block, but there may actually be tens or hundreds of them detected (i.e. if we change one,
Saturday 14th-669 in this case, another one appears)
And this all only because somebody didn't do their homework? No, thanks. You may call it a matter of principle, if you like.
And why would Bit Defender make their own encryption more efficient, so the users could buy more of avast?
That's certainly not the reason. But:
- I'd call it "good manners of AV maker" to scramble the virus signatures
- it may actually cause various problems even when there's no other AV involved. Let's say, for example, that the program crashes and DrWatson makes a dump on disk (saving the decrypted signatures from memory). Now, the user suddenly finds an "infected" file on his disk.
Or, there's a much more serious problem in Win9x: the operating system doesn't clear the newly allocated memory (like NT-based systems do). Additionally, many programs don't clear the memory themselves - (older?) MS Office, for example. So, the following can happen: Windows decide to swap some pieces of AV memory out and give it to MS Office instead. Office doesn't clear the memory block, fills only the necessary items and saves the block to disk. Now, your antivirus suddenly warns you about an "infected" Word .doc file. A closer inspection reveals that the .doc file contains a big block of virus samples - dumped virus database from memory.
This is not a theoretical speculation - we've seen a number of such files from Avast32 (that also kept decrypted virus signatures in memory).