Author Topic: Early code drop from avast 5 for you to test :-)  (Read 43085 times)

0 Members and 1 Guest are viewing this topic.

Offline wishiknew

  • Jr. Member
  • **
  • Posts: 29
  • I am what I am.
Re: Early code drop from avast 5 for you to test :-)
« Reply #30 on: August 30, 2006, 09:01:56 PM »
Hi al968.

What you found was cool.  Hopefully there will be some system in place to prevent something like this but still have avast not killable.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Early code drop from avast 5 for you to test :-)
« Reply #31 on: August 30, 2006, 09:25:34 PM »
well actually it is possible by standard operation as igor mentioned I believe by doing:
net stop .....
But Alwil is deciding on whether or not to disable that option.

I personally would prefer that they do however this means that the ashserve.exe and other exe causing problems should be fixed because if avast is unstoppable then in case of a problem it can't be stopped. So the alternate would to disable other programs from shutting down avast processes but aloowing avast to shutdown its won processes.

Al968

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9385
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Early code drop from avast 5 for you to test :-)
« Reply #32 on: August 31, 2006, 10:28:03 AM »
All these issues  are related to AntiKill and avast! 4.x only. It was never really designed with this feature in mind. avast! 5.x will be built ground up with this in mind. So don't worry ;)
Visit my webpage Angry Sheep Blog

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Early code drop from avast 5 for you to test :-)
« Reply #33 on: August 31, 2006, 01:33:25 PM »
I am not worry.  ;D
I am just saying what I am seeing.

Al968

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9385
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Early code drop from avast 5 for you to test :-)
« Reply #34 on: August 31, 2006, 01:57:37 PM »
Well you can still stop the On-Access scanner like you did before. Termination of avast! processes was never really an official option. However you could do that since there was no protection...
Visit my webpage Angry Sheep Blog

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: Early code drop from avast 5 for you to test :-)
« Reply #35 on: August 31, 2006, 02:52:23 PM »
The request is reasonable, however - I also think it's not a good idea to match just the filename, some more thorough check should be implemented.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Early code drop from avast 5 for you to test :-)
« Reply #36 on: September 01, 2006, 04:07:22 PM »
Glad to help ;)

And congratulation on the latest av-comparatives.org results  :)

Al968

Offline Denisss

  • Newbie
  • *
  • Posts: 4
Re: Early code drop from avast 5 for you to test :-)
« Reply #37 on: October 01, 2006, 09:38:54 AM »
Hi,

There is an utility, called "Simple Process Termination" by System Safety.
You can download it here: http://syssafety.com/leaktests.html.

It could terminate ashDisp.exe, ashMaiSv.exe, ashServ.exe and ashUpdSv.exe with:
9       - terminate process as a task;
15      - simulation of normal process exit;
and
16      - terminate process by "bruteforce" message posting;

Moreover, I can stop avast! service by stopping manually ("Administrating Tools"->"Services") or with any program for starting/stopping services.

I hope, You'll fix it.  ::)

PS
My farewall passed this test. None of 16 methods could terminate its processes or services. When I go to "Administrating Tools"->"Services", I cannot manually stop it. The same thing was when I used Kaspersky Antivirus. I couldn't stop it anyhow, except of choosing item "Exit" in its menu.

Thanks!
Denisss
Moscow, Russia

Offline jamesvaul

  • Jr. Member
  • **
  • Posts: 73
Re: Early code drop from avast 5 for you to test :-)
« Reply #38 on: October 01, 2006, 09:57:45 AM »
Purpose
-------
The driver's goal is to prevent malware (or a malicious user) from killing the avast's on-access scanner.

Under Windows Vista this module is useless because in Windows Vista you have the UAC and a lot of security technologies (for example: system services isolation from the user session)
« Last Edit: October 01, 2006, 10:09:16 AM by jamesvaul »
Windows Vista Home Premium - Standard User - IE7 - avast! Home - Windows Defender

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: Early code drop from avast 5 for you to test :-)
« Reply #39 on: October 01, 2006, 02:58:41 PM »
yes but two secuirties are better than one, and remeber that no everyone will upgrade to Vista when it comes out.  ;)

Al968

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1791
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Early code drop from avast 5 for you to test :-)
« Reply #40 on: October 11, 2006, 11:12:10 AM »
seems like Sophos jumped on HIPS bandwagon too http://www.sophos.com/security/topic/behavioral-protection.html

looks like one mention it, second experiment with and all then go for it ;)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Littlemutt

  • Newbie
  • *
  • Posts: 16
Re: Early code drop from avast 5 for you to test :-)
« Reply #41 on: October 11, 2006, 01:20:17 PM »
seems like Sophos jumped on HIPS bandwagon too http://www.sophos.com/security/topic/behavioral-protection.html

looks like one mention it, second experiment with and all then go for it ;)

Yea, but at $60 US, kinda steep for an AV

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Early code drop from avast 5 for you to test :-)
« Reply #42 on: October 11, 2006, 01:54:09 PM »
There is an utility, called "Simple Process Termination" by System Safety.
You can download it here: http://syssafety.com/leaktests.html.
It could terminate ashDisp.exe, ashMaiSv.exe, ashServ.exe and ashUpdSv.exe
Do you mean using or not the AntiKill avast feature?

My farewall passed this test. None of 16 methods could terminate its processes or services. When I go to "Administrating Tools"->"Services", I cannot manually stop it. The same thing was when I used Kaspersky Antivirus. I couldn't stop it anyhow, except of choosing item "Exit" in its menu.
Which is your firewall?

yes but two secuirties are better than one, and remeber that no everyone will upgrade to Vista when it comes out.  ;)
For the ones that stay with XP, the AntiKill feature will be added on version 5... won't it?
The best things in life are free.

Offline ross

  • Jr. Member
  • **
  • Posts: 46
Re: Early code drop from avast 5 for you to test :-)
« Reply #43 on: October 11, 2006, 04:14:19 PM »
UAC does provide a new level of protection. But what happens if a trojan is embedded within a legitimate file? If the user accepts the UAC dialog elevation will occur, and Avast!'s processes may be terminated. Also, the behaviour blocker that is supposedly shipping with Avast! 5 will be a nice addition to UAC (because, even after UAC elevation, we may not want certain changes made).

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
Re: Early code drop from avast 5 for you to test :-)
« Reply #44 on: October 11, 2006, 05:25:59 PM »
Hi!
1)It's great you All keep developing the Avast 5 ;)
2) I have a small question: Will Avast 5 be divided into two versions just like Avast 4, or the 5th version will be only in pro version (paid)?, which may be dissapointing for me, cause I love to use a free Home version it's just awesome.
Thankyou :)
Let the God & The forces of Light will guiding you.