Author Topic: Avast troubles again?  (Read 1018 times)

0 Members and 1 Guest are viewing this topic.

Offline jaje

  • Newbie
  • *
  • Posts: 16
  • “I choose a lazy person to do a hard job"
Avast troubles again?
« on: June 29, 2020, 10:59:53 AM »
Today I saw this post to Reddit about Avast

https://www.reddit.com/r/sysadmin/comments/hht8jb/should_i_report_avast_to_the_australian_cyber/

I might be over reacting with this but I really don't like these types of business practices so just looking for an outside opinion with this one.

I manage the IT department at a large school in Australia, I've recently setup a Honeypot on the BYOD wireless network to identify if any students are doing something they shouldn't. Within about 20 minutes I got two hits; Something was scanning the entire network and accessing ports 80, 443, 445, 1900, 2869 and 3389.

Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server. In one instance CVE-2012-0152 was used in an attempted RDP DDoS attack.

After some panic and investigation I discovered that Avast has a "feature" called Wi-Fi Inspector. This basically scans the users wireless network and tests for vulnerabilities, this feature is on by default but can be disabled.

We have over 3000 students with BYOD devices, many with Avast installed scanning the network at least once per day. This is creating a huge overhead on our wireless network and seems like Avast is acting like a virus itself, especially seeing that the thing is crafting payloads and actively accessing resources it's not authorised to access.

IMO this is a malicious practice and constitutes as a cyber security incident. I have no idea what Avast is doing with this collected data or what the purpose of the scan is as the end user received no notification that a vulnerability was even found!

I called Australian Cyber Security Centre and they said I could report the activity and start an investigation. What do you guys think, is it worth the effort of reporting this?
“I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.” - Bill Gates

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast troubles again?
« Reply #1 on: June 29, 2020, 03:31:52 PM »
Today I saw this post to Reddit about Avast

https://www.reddit.com/r/sysadmin/comments/hht8jb/should_i_report_avast_to_the_australian_cyber/

I might be over reacting with this but I really don't like these types of business practices so just looking for an outside opinion with this one.

I manage the IT department at a large school in Australia, I've recently setup a Honeypot on the BYOD wireless network to identify if any students are doing something they shouldn't. Within about 20 minutes I got two hits; Something was scanning the entire network and accessing ports 80, 443, 445, 1900, 2869 and 3389.

Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server. In one instance CVE-2012-0152 was used in an attempted RDP DDoS attack.

After some panic and investigation I discovered that Avast has a "feature" called Wi-Fi Inspector. This basically scans the users wireless network and tests for vulnerabilities, this feature is on by default but can be disabled.

We have over 3000 students with BYOD devices, many with Avast installed scanning the network at least once per day. This is creating a huge overhead on our wireless network and seems like Avast is acting like a virus itself, especially seeing that the thing is crafting payloads and actively accessing resources it's not authorised to access.

IMO this is a malicious practice and constitutes as a cyber security incident. I have no idea what Avast is doing with this collected data or what the purpose of the scan is as the end user received no notification that a vulnerability was even found!

I called Australian Cyber Security Centre and they said I could report the activity and start an investigation. What do you guys think, is it worth the effort of reporting this?

My question is why is the IT guy upset that the student uses an AV that protects him from possible network vulnerabilities? I'd also like to know if Avast discovered any vulnerabilities. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Avast troubles again?
« Reply #2 on: June 29, 2020, 05:14:53 PM »
"Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server."

That sounds like utter nonsense.
Visit my webpage Angry Sheep Blog