Author Topic: Pro effectiveness?  (Read 13142 times)

0 Members and 1 Guest are viewing this topic.

rozeltf

  • Guest
Pro effectiveness?
« on: January 18, 2004, 02:34:52 AM »
Hello
I've been testing Avast Pro version tonight debating getting rid of NAV. I've been using the email tests from www.gfi.com/emailsecuritytest/ The test sends a series of emails with different packages to test the AV system.  Avast picked them up as they were incoming as "potential infection detected" , with choices of Delete or Continue, I opted to continue as I wanted to further test. Upon opening each email, several of the attachments were allowed to run. E.G. a VBS attachment when double-clicked was not intercepted and wrote a text file with details from my registry.  I assumed that possibly my selecting "continue" defeated any subsequent Avast intervention, except when I tried to launch the Eicar attachment (one of the other sent tests), Avast caught it.  I tried the same test with Nortons AV 2003 with incoming email scanning turned OFF, and NAV picked up on everything.  Not a great first impression...
Thanks
« Last Edit: January 18, 2004, 02:42:06 AM by rozeltf »

Culpeper

  • Guest
Re:Pro effectiveness
« Reply #1 on: January 18, 2004, 02:43:55 AM »
Selecting continue only allowed the email to come through in it's original state.  You gave Avast permission to butt out.  The fact that NAV caught them when opened by you probably means NAV has put these files in their definition files despite the fact that they are harmless?  I'm not quite clear on the details of the files in question.  I am curious of why the pro script blocker didn't work on the vbs file.  Was the script blocker active?
« Last Edit: January 18, 2004, 02:45:26 AM by Culpeper »

Culpeper

  • Guest
Re:Pro effectiveness?
« Reply #2 on: January 18, 2004, 02:51:04 AM »
Also, you have NAV and Avast installed on the same machine?

rozeltf

  • Guest
Re:Pro effectiveness?
« Reply #3 on: January 18, 2004, 02:51:48 AM »
How can I tell if the script blocker is active?

rozeltf

  • Guest
Re:Pro effectiveness?
« Reply #4 on: January 18, 2004, 02:52:58 AM »
No , I uninstalled NAV prior to installing avast!

Culpeper

  • Guest
Re:Pro effectiveness?
« Reply #5 on: January 18, 2004, 02:54:05 AM »
Sorry, I don't have the Pro version. I use the Home version with Script Sentry added.  I suppose opening up the avast scanner and once the avast scanner window appears you can right click and open up the menu to check the settings.  Or try right clicking on the Avast ball in the system tray.

rozeltf

  • Guest
Re:Pro effectiveness?
« Reply #6 on: January 18, 2004, 03:03:35 AM »
It appears script blocking is on ...

Culpeper

  • Guest
Re:Pro effectiveness?
« Reply #7 on: January 18, 2004, 03:09:46 AM »
It should have given you a warning about opening the vbs file at least unless it only works in the browser.  I don't know why it didn't warn from the email itself when you opened it.  

I'm sure the Alwil staff will respond to this thread.  They are pretty good about responding to threads like this.


Culpeper

  • Guest
Re:Pro effectiveness?
« Reply #8 on: January 18, 2004, 03:11:35 AM »
Oh, be sure to subscribe to this thread so you know when someone responds tomorrow.

rozeltf

  • Guest
Re:Pro effectiveness?
« Reply #9 on: January 18, 2004, 03:13:31 AM »
Thanks for the tip, I'll do that. :)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Pro effectiveness?
« Reply #10 on: January 18, 2004, 11:47:20 AM »
Well, personally, I don't see anything wrong about the behavior. The e-mails sent are not real viruses/worms, are they? (I didn't check, but I certainly hope so!)
Therefore, avast! didn't pick them up as viruses. The avast! e-mail heuristics only warned you about suspicious (i.e. possibly dangerous) message. You choosed to continue, the messages were delivered.

Then, if you tried to run them, they were executed - since they were not subject to the e-mail scanner heuristic test anymore. Remember - they are not viruses; so, the Standard Shield didn't block their execution.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Pro effectiveness?
« Reply #11 on: January 18, 2004, 03:09:47 PM »
No , I uninstalled NAV prior to installing avast!

I'm not the guru of this site but, for sure, doing this will corrupt your Registry. It's impossible to get rid from NAV without special removing issues.

There are a lot of threads discussing this. NAV messes your registry (http://www.avast.com/forum/index.php?board=1;action=display;threadid=259;start=0). The main reason installation fails or systems freeze when using new AV programs is the inablility of the old ones to uninstall properly. I have had to dig up removal tools for Norton before anything would operate properly. This is not an avast issue, Kaspersky, McAfee and even Grisoft (e-mail plugin) have their own unique uninstall issues as well.

Read more here.  ;)
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Pro effectiveness?
« Reply #12 on: January 18, 2004, 03:19:33 PM »
Not a great first impression...

Besides what igor said, you must check your avast! settings for the highest protection. I suggest you choose 'Custom' level of Standard Shield and see what configuration will be good for you.

You can add *.VBS files into the extentions settings.
The best things in life are free.

Culpeper

  • Guest
Re:Pro effectiveness?
« Reply #13 on: January 18, 2004, 05:29:53 PM »
Why didn't the script blocker block the vbs file?  Or does the script blocker not work with email attachments?

rozeltf

  • Guest
Re:Pro effectiveness?
« Reply #14 on: January 18, 2004, 05:42:50 PM »
Well, personally, I don't see anything wrong about the behavior. The e-mails sent are not real viruses/worms, are they? (I didn't check, but I certainly hope so!)
Therefore, avast! didn't pick them up as viruses. The avast! e-mail heuristics only warned you about suspicious (i.e. possibly dangerous) message. You choosed to continue, the messages were delivered.

I guess maybe thats it. I reran the test with the VBS file, same results So I copied it to a folder on hard drive, scanned that folder for viruses and nothing came up. Went to explorer , double-clicked to launch and the file executed.  Performed the same on a different computer running NAV and it was identified as virus.
So how does one run meaningful tests for comparison?
Thanks