Author Topic: avast Self-Protection (Read 7106 times)

BunkFace · « **on:** September 15, 2007, 12:03:54 PM »

Does avast have a mechanism to protect itself against possible virus attacks (like disabling avast or messing up the settings).

Also, will setting a password for avast help to prevent this?

RejZoR · « **Reply #1 on:** September 15, 2007, 12:17:05 PM »

Not yet, but i hope they'll make one soon. At least before avast! 5.x

swico · « **Reply #2 on:** September 15, 2007, 12:21:20 PM »

It is said that the new 5.0 version will have self-protection.
As for me, I use SensiveGuard to protect my avast!.
IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.

Lisandro · « **Reply #3 on:** September 15, 2007, 01:52:59 PM »

Quote from: swico on September 15, 2007, 12:21:20 PM

It is said that the new 5.0 version will have self-protection.
As for me, I use SensiveGuard to protect my avast!.
IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.

Protect critical system and personal files
SensiveGuard can protect files from being written, deleted, copied, and read in real-time. By default, it
suspends and warns on every write or delete on executable files by any program with Internet connection.
User can add sensitive folders and files under protection that can not be read, copied, written, or deleted by
hackers remotely or spyware in the background. File security policies can be set regarding program
identities, user initiation, folders and file types. SensiveGuard does not interfere with normal network file
sharing.

Supported systems and license
SensiveGuard supports Windows 2000 and Windows XP, and is license free for personal use.

How do you update avast, do you need to disable SensiveGuard?
What happens with automatic updates?

Lisandro · « **Reply #4 on:** September 15, 2007, 01:57:42 PM »

Quote from: swico on September 15, 2007, 12:21:20 PM

IMO, the password can prevent other users from messing up your setting, but cannot stop virurses.

It's not only your opinion, it's truth, that is it, unfortunately.

swico · « **Reply #5 on:** September 15, 2007, 04:47:50 PM »

Quote from: Tech™ on September 15, 2007, 01:52:59 PM

How do you update avast, do you need to disable SensiveGuard?

Mmm, I create corresponding FD rules for avast.setup, avast.ovr, ashdisp.exe and aswserv.exe.
BTW, as my settings, SensiveGuard will prompt me for any file access without permission.

Lisandro · « **Reply #6 on:** September 15, 2007, 05:34:07 PM »

Quote from: swico on September 15, 2007, 04:47:50 PM

I create corresponding FD rules for avast.setup, avast.ovr, ashdisp.exe and aswserv.exe.

avast.setup is a temporary file created in each update, so, if you're excluding it from SensiveGuard checking, ok. If not, is SensiveGuard checking it in fact? I don't think so.

Into the firewall settings, the following programs should be allowed to connect:

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.

Don't need rights to connect:
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashdisp.exe (icon on system tray)

swico · « **Reply #7 on:** September 15, 2007, 06:03:34 PM »

Quote from: Tech™ on September 15, 2007, 05:34:07 PM

avast.setup is a temporary file created in each update, so, if you're excluding it from SensiveGuard checking, ok. If not, is SensiveGuard checking it in fact? I don't think so.

Even it is a temporary file, to create a rule for it is acceptable.
avast.setup is a vulnerability, let me see...

swico · « **Reply #8 on:** September 15, 2007, 06:20:21 PM »

Create two rules:
warn any program to create or write C:\program files\alwil software\avast4\ *.setup
allow C:\program files\alwil software\avast4\ashServ.exe to create or write C:\program files\alwil software\avast4\setup\avast.setup
Now you can block any fake avast.setup.

Lisandro · « **Reply #9 on:** September 15, 2007, 07:20:16 PM »

Quote from: swico on September 15, 2007, 06:03:34 PM

avast.setup is a vulnerability, let me see...

I don't think it's a vulnerability at all... why do you think so?

Dwarden · « **Reply #10 on:** September 15, 2007, 11:52:51 PM »

in moment Your are connected to any network You are vulnerable ...

in fact with all these super technological advanced secret agencies ...

You are unsafe in moment You power up computer

btw. this was just irony

avast.setup is quite safe if You monitor it's checksum and allow it access only Alwil owned domains ...
(again this may be tricky if your routers or DNS is cracked but then it's already too late)

swico · « **Reply #11 on:** September 16, 2007, 04:52:01 AM »

Quote from: Tech™ on September 15, 2007, 07:20:16 PM

I don't think it's a vulnerability at all... why do you think so?

Maybe malwares can create a fake avast.setup to bypass the incomplete FD rules,
so it is neccessary to create an additional rule that is used to prevent avast.setup from being creating by other applications without permission.
I will try to create strict rules.

swico · « **Reply #12 on:** September 16, 2007, 04:57:06 AM »

Quote from: Dwarden on September 15, 2007, 11:52:51 PM

avast.setup is quite safe if You monitor it's checksum and allow it access only Alwil owned domains ...

Dwarden, you are right.
But most FD do not care checksum of files, so I only allow aswserv.exe to creat or modify avast.setup.
IMO, it is enough to defend against most modest malwares.
PS: Is avast.setup a temporary file? Does it has a fixed checksum?

Lisandro · « **Reply #13 on:** September 16, 2007, 04:02:27 PM »

Quote from: swico on September 16, 2007, 04:52:01 AM

Maybe malwares can create a fake avast.setup

And to connect which sites? avast ones? To update the antivirus itself?
I can't imagine a malware that 'uses' avast.setup' file to steal rights to connect the Internet... Maybe I'm silly to imagine how malware creators could do it and use it...

swico · « **Reply #14 on:** September 16, 2007, 04:26:51 PM »

Quote from: Tech™ on September 16, 2007, 04:02:27 PM

I can't imagine a malware that 'uses' avast.setup' file to steal rights to connect the Internet... Maybe I'm silly to imagine how malware creators could do it and use it...

Sorry, Tech™, I just mean that my file defense rules allow avast.setup to modify any files of avast!...
In China, many editors of malwares do not paid attention to avast! yet, but they maybe will do that in nearly future.

Author Topic: avast Self-Protection (Read 7106 times)

BunkFace

avast Self-Protection

RejZoR

Re: avast Self-Protection

swico

Re: avast Self-Protection

Lisandro

Re: avast Self-Protection

Lisandro

Re: avast Self-Protection

swico

Re: avast Self-Protection

Lisandro

Re: avast Self-Protection

swico

Re: avast Self-Protection

swico

Re: avast Self-Protection

Lisandro

Re: avast Self-Protection

Dwarden

Re: avast Self-Protection

swico

Re: avast Self-Protection

swico

Re: avast Self-Protection

Lisandro

Re: avast Self-Protection

swico

Re: avast Self-Protection