Author Topic: User info about new fix for the next VPS?  (Read 11815 times)

0 Members and 1 Guest are viewing this topic.

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: User info about new fix for the next VPS?
« Reply #15 on: December 31, 2005, 04:07:25 PM »
Quote
bdss.exe (BitDefender scan server) - Details

The bdss.exe process runs in the background and scans your system for virus threats. If you stop this process, BitDefender will not be able to effectively protect your computer from viruses and trojans, so unless it causes problems with your system your should try and leave it running.

Bit Defender Free does not contain resident modules, yet this *.exe was on every computer I installed Bit Defender.
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: User info about new fix for the next VPS?
« Reply #16 on: December 31, 2005, 04:34:26 PM »
It's not how much work is it for Alwil, but how much this extra processing effort to check for other AVs file locations, etc. adds to everyone of avast's users processing effort too. I for one wouldn't want avasts scan to be potentially slowed because of the errors or omissions of other AVs.

Quote
And why would Bit Defender make their own encryption more efficient, so the users could buy more of avast?
Sorry I don't follow your logic here. Turn that logic on its head, why should avast adjust their scanning to make up for the errors or omissions of others, so the users could buy more of Bit Defender?

It is not a couple of exclusions, but potentially many, many more for all AVs and this would be a moving target that have to be constantly monitored to ensure the exclusions/exceptions are up to date.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: User info about new fix for the next VPS?
« Reply #17 on: December 31, 2005, 04:40:47 PM »
Quote
bdss.exe (BitDefender scan server) - Details

The bdss.exe process runs in the background and scans your system for virus threats. If you stop this process, BitDefender will not be able to effectively protect your computer from viruses and trojans, so unless it causes problems with your system your should try and leave it running.

Bit Defender Free does not contain resident modules, yet this *.exe was on every computer I installed Bit Defender.
I've also seen something similar in Ewido even the free version has a Service running ewidoctrl.exe (not on my system it is set to manual), a throw back to the trial version which included resident protection. The only issue I had with the service stopped was for manual updates seemed to need the service running.

Perhaps BitDefender is living in the hope you will upgrade.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: User info about new fix for the next VPS?
« Reply #18 on: December 31, 2005, 04:44:36 PM »
I'm interested in you're opinion on dealing with this issue and what is avast politics, if you have the time?

avast! politics is (exactly as my opinion) rather simple: we will not fix these kinds of "false alarms", for various reasons. That's it.

But how much work can this be for Alwil to solve the problem? One day, two, how much resources and time? This isn't a frequent case. If it tuns out to be then you are probably right.

I'm not sure if DavidR's suggestion ("negative checks" making avast! ignore the file) would be possible. It seems like a security risk to me - what would prevent a real virus from including this specific signature to make avast! ignore it? Applying checksums is also hardly possible - the virus databases change almost daily.

Basically, what we'd have to do is changing our signatures (the conflicting ones). This, however
- may negatively affect avast!'s detection
- would work only until the other AV maker changes their signatures
- may not even be possible, if the conflicting module contains the whole usable virus area
- may be a lot of work: avast! reports only the first detected virus in the file/block, but there may actually be tens or hundreds of them detected (i.e. if we change one, Saturday 14th-669 in this case, another one appears)

And this all only because somebody didn't do their homework? No, thanks. You may call it a matter of principle, if you like.

And why would Bit Defender make their own encryption more efficient, so the users could buy more of avast?

That's certainly not the reason. But:
- I'd call it "good manners of AV maker" to scramble the virus signatures
- it may actually cause various problems even when there's no other AV involved. Let's say, for example, that the program crashes and DrWatson makes a dump on disk (saving the decrypted signatures from memory). Now, the user suddenly finds an "infected" file on his disk.
Or, there's a much more serious problem in Win9x: the operating system doesn't clear the newly allocated memory (like NT-based systems do). Additionally, many programs don't clear the memory themselves - (older?) MS Office, for example. So, the following can happen: Windows decide to swap some pieces of AV memory out and give it to MS Office instead. Office doesn't clear the memory block, fills only the necessary items and saves the block to disk. Now, your antivirus suddenly warns you about an "infected" Word .doc file. A closer inspection reveals that the .doc file contains a big block of virus samples - dumped virus database from memory.
This is not a theoretical speculation - we've seen a number of such files from Avast32 (that also kept decrypted virus signatures in memory).

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: User info about new fix for the next VPS?
« Reply #19 on: December 31, 2005, 05:03:51 PM »
Perhaps BitDefender is living in the hope you will upgrade.

:) Perhaps, but not in the next 12 months until my avast Pro license expires.
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: User info about new fix for the next VPS?
« Reply #20 on: December 31, 2005, 05:10:34 PM »
we will not fix these kinds of "false alarms", for various reasons. That's it.

I understand.

I'm sorry now but I have to go, because in the next 10 days I will be on my vacation without the computer, so I'll gues I'll see you then.

David, Igor, Alanrf, Lector and to the rest of the Forum, I wish you happy holidays, virus free and with good health and lot's o' money :)

See you in 10 days  8)
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: User info about new fix for the next VPS?
« Reply #21 on: December 31, 2005, 05:40:56 PM »
The bdss.exe process runs in the background and scans your system for virus threats. If you stop this process, BitDefender will not be able to effectively protect your computer from viruses and trojans, so unless it causes problems with your system your should try and leave it running.
On contrary, this is not true. Zagor, look, BitDefender (free) is not resident. It does not protect you of nothing!  :P

Why should avast or any other AV company spend time and money developing another level of checking to cater the errors or omissions of other AVs if their signatures aren't encrypted as in Panda's.
Fully agree.

But how much work can this be for Alwil to solve the problem? One day, two, how much resources and time? This isn't a frequent case. If it tuns out to be then you are probably right.
I can't think different from Igor and David here... No need for extra avast work, for sure.

This may well not be the case with dbss.exe as I can't see why a supposed on-demand scanner is in memory?

And why would Bit Defender make their own encryption more efficient, so the users could buy more of avast?
BitDefender free loads two Services in background. If you scan memory with avast, the back encription of BitDefender is just being shown to the user. BitDefender could be used as a background scanner (not resident) only if the two services are set to manual while avast is scanning memory.

And really, how much pain on the detection engine are we talking here, regarding couple of exclusions?
It's not a matter of exclusion but security risk, extra work that not worth for Alwil.
The best things in life are free.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: User info about new fix for the next VPS?
« Reply #22 on: December 31, 2005, 09:36:42 PM »
Quote
They continue to make this product available for free to a huge number of people.  They are not of the size and resources (thank Heavens!) of Symantec and must, I am sure, be much more prudent in allocating their efforts. 
I have to take exception with your analogy. The free version is simply a stripped down version of the Pro version.
Alwil makes it's money selling the Pro version and gets lot's of publicity and free advertising by offering a free version.
Alwil as any other AV company is expected to deal with adding new detection as soon as possible and likewise keep
false positives down to a minimum.
If a false positive is discovered, it should be dealt with immediately. Not whenever it's prudent.
It's a known fact that Corporations have no loyalties toward their customers. They operate for profit not charity.
Customers therefore should also only have a loyalty toward themselves and their system.
As long as an AV product protects your system, use it and support it. When the AV product fails you, get something better.
That's just the way business and life works.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: User info about new fix for the next VPS?
« Reply #23 on: December 31, 2005, 10:05:43 PM »
OK, let's put it another way - this is not a false positive; somebody took samples of real viruses here and stored them in their own file/module.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: User info about new fix for the next VPS?
« Reply #24 on: December 31, 2005, 10:11:22 PM »
OK, let's put it another way - this is not a false positive; somebody took samples of real viruses here and stored them in their own file/module.

In that case, avast! or any AV should be screaming to alert you.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq