Author Topic: ALWIL we hope you can get Responsible&Seriously  (Read 11577 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43102
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #15 on: September 08, 2007, 09:43:32 PM »
Quote
about virus detections ... i guess it's all about priorities nows ... there is 1000 times more files to check then 3y ago
and seriously u can't await Alwil to hire 100-100 times more staff  :)
To keep us safe, I certainly do.... :) ;D :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #16 on: September 10, 2007, 10:42:01 AM »
guys, i wrote it to other threads and Dwarden mentioned it also here - the count of virus samples grows and we are working on new submission system, which will make all related things faster... it's nice to catch samples from users in 5 minutes, but that's possible only without internal testing (the scan of cleanset takes a bit more than 5 minutes ;D) and we must test the detections, simply because we can't release any serious false positive... btw: a new detection of Virut/Cheburgen will be included in next VPS (this is one of the most important detections in last three weeks)

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #17 on: September 11, 2007, 12:55:37 AM »
guys, i wrote it to other threads and Dwarden mentioned it also here - the count of virus samples grows and we are working on new submission system, which will make all related things faster... it's nice to catch samples from users in 5 minutes, but that's possible only without internal testing (the scan of cleanset takes a bit more than 5 minutes ;D) and we must test the detections, simply because we can't release any serious false positive... btw: a new detection of Virut/Cheburgen will be included in next VPS (this is one of the most important detections in last three weeks)

Good; why is it so important ?
Just curious  :)
Al968

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #18 on: September 11, 2007, 09:14:04 AM »
al968: because of http://forum.avast.com/index.php?topic=30335.0 and ~43000 files from VirusTotal...

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #19 on: September 12, 2007, 11:26:58 AM »
Sorry I meant this
"this is one of the most important detections in last three weeks"

Al968

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #20 on: September 12, 2007, 11:37:06 AM »
hah.. the answer was targetted to this question actually... the detection is important because we don't want to let it destroy avast executables (described in the mentioned link) and because it flooded virtotal with ~43000 samples..

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #21 on: September 12, 2007, 02:26:17 PM »
we don't want to let it destroy avast executables (described in the mentioned link)
Maxx, was this virus written specifically to destroy avast files (or other antivirus too)?
Isn't there another method to protect avast executables? I mean, file protection.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82708
  • No support PMs thanks
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #22 on: September 12, 2007, 02:38:27 PM »
What would be nice it to see another beta release of the avast self-protection code which was previously beta tested but quietly allowed to die without any update to the code and further trial.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #23 on: September 12, 2007, 02:44:13 PM »
Virut is a generic file infector and avast executables was only a few of its victims... there is some integrity check (avast is able to detect unauthorised modifications of itself), but it is a post-operation..

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #24 on: September 12, 2007, 03:04:44 PM »
There is some integrity check (avast is able to detect unauthorised modifications of itself), but it is a post-operation.
And why can't avast restore the 'original' files (repair the installation)?
Can't be the file be protected (like system ones into Chest) for restoration?
The best things in life are free.

Offline al968

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 847
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #25 on: September 12, 2007, 03:13:06 PM »
What would be nice it to see another beta release of the avast self-protection code which was previously beta tested but quietly allowed to die without any update to the code and further trial.

I definitly second that  :)

Al968

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82708
  • No support PMs thanks
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #26 on: September 12, 2007, 04:44:09 PM »
There is some integrity check (avast is able to detect unauthorised modifications of itself), but it is a post-operation.
And why can't avast restore the 'original' files (repair the installation)?
Can't be the file be protected (like system ones into Chest) for restoration?

That is certainly something which I feel could be done easily (store in the chest that is) and the integrity checker could call a routine to replace the modified file with the back-up copy.

However, if avast hasn't dealt with the file infecter they will just be modified again.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.1.2397 (build 20.1.5069.558) UI-1.0.460/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11722
    • AVAST Software
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #27 on: September 12, 2007, 05:06:18 PM »
It is already done. avast! setup would detect the unauthorized modification sooner or later (or you can invoke the "Repair" function) and the files get replaced by the original versions.

On the other hand, if the virus is active in the system at the moment, it might hook the file access functions (opening, writing) and infect the files again, right at the moment of the replacement (or, a bit later, of course).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #28 on: September 12, 2007, 07:22:44 PM »
It is already done. avast! setup would detect the unauthorized modification sooner or later (or you can invoke the "Repair" function) and the files get replaced by the original versions.
But the user must be able to boot, logon and connect to Internet. Otherwise, the repair won't work. It's not as self-protected as we want or need.

On the other hand, if the virus is active in the system at the moment, it might hook the file access functions (opening, writing) and infect the files again, right at the moment of the replacement (or, a bit later, of course).
And so? How to solve this?
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11722
    • AVAST Software
Re: ALWIL we hope you can get Responsible&Seriously
« Reply #29 on: September 12, 2007, 11:41:11 PM »
My post was a reaction to the previous David's post, nothing more.