Author Topic: Download from CNET....SERIOUSLY???  (Read 21089 times)

0 Members and 1 Guest are viewing this topic.

hyjaxltd

  • Guest
Download from CNET....SERIOUSLY???
« on: February 01, 2010, 08:01:28 PM »
Okay...now that your paying a little attention, this is not quite the rant your looking for.  This is simply for Alwil's ability to be taken seriously as a BUSINESS' security solution provider(a provider to REAL business').

For consumers, sending them to pretty much ANY outside source to download an app is the accepted standard.  Thats fine.  It helps keep the costs to the consumer at an affordable level, while allowing them to experience "corporate" quality protection.  YAAAY!!!

I personally, as a registered AMD Solution Provider(Business Server Class Products as well as Home), am a little put off when I am browsing the 'Business' or 'Office' side of a website and I am sent ANYWHERE else for well...pretty much anything.  To me that states that even though they enjoy the working relationship that our two entities have established, they are not quite as dedicated to insuring FULL support to a business.  They appreciate that I put my faith in them as a Solution Provider to my bsiness but be ready for incomplete support as 'we cant even garuntee your download from us.'

Again Avast Team...this only refers to your abilities to be a TRUSTED Solution Provider to REAL business'.  Im sure that PLENTY of business owners DO get their initial look through CNet (http://www.downloads.com).  It is a great advertising engine for MANY software vendors, but when a business owner, or working IT professional on the clock, is on Avast's own site, please dont redirect us anywhere ::) ...even for the download....at the very least sync(direct ftp link or something) the link so we can just pull it that way instead of being sent away from the information we are reading concerning your other business class products.

Thats all.  Thanks again for a kick *** application though!!!

...still dont like the flash, what if Im running this on a m flashless enviroment for OTHER testing purposes, now I cant see data I am most likely VERY interested in.  Just to please you guys ??? ...until that gets fixed my testing machine cant run this.

zerospam

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #1 on: February 01, 2010, 08:11:25 PM »
Assuming that a download is properly signed (in my experience, Avast always has been), and that users handle the file properly afterward (i.e., make it unwriteable by the account hosting the browser, *then* check its signature, *then* install it), there's no security reason not to mirror it elsewhere.

gideond

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #2 on: February 01, 2010, 08:21:47 PM »
The fact that it took Download.com 3 days to update from 5.0.377 to 5.0.396 is reason enough. Majorgeeks had it days before download.com

hyjaxltd

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #3 on: February 01, 2010, 08:22:12 PM »
Assuming that a download is properly signed (in my experience, Avast always has been), and that users handle the file properly afterward (i.e., make it unwriteable by the account hosting the browser, *then* check its signature, *then* install it), there's no security reason not to mirror it elsewhere.
You are taking me wrong...this is NOT about the security of the download, its the look this gives to more than just an Internet business owner.  Alot of us have been BRUTALIZED by nameless (TWC!!!) giants for so long now nad we got sick of it.  The LOOK a company provides now when on thier "Corporate" side of the web site is a CLEAR display of ANY support you might get.  Go and try and get real support from the nameless giant I stated...you cant, you end up talking with someone who cant do anything, or maybe just wont....and could honestly care less about your problems, and yes this is the business side not home.

olddog

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #4 on: February 01, 2010, 09:51:22 PM »
What is of concern to me is that the 5.0.396 downloads from CNet, Major Geeks and freewarefiles.com are all different file sizes and have different MD5 sums.

CNet               43,550,760 bytes  Signature 29th Jan 2010 4:39:02 PM - Marked OK
MajorGeeks      41,461,352 bytes  Signature 29th Jan 2010 4:38:38 PM - Marked OK

An individual Avast scan of each of the above packages says 2 files scanned.

Freeware.com  41,461,360 bytes  Signature 29th Jan 2010 4:38:38 PM - Marked Invalid
An individual Avast scan of this package says 3 files scanned.

I always prefer to download security software direct from the manufactures site to avoid just this issue.
Why is the install files from CNet and MajorGeeks so different in size?
« Last Edit: February 01, 2010, 09:56:58 PM by olddog »

zerospam

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #5 on: February 01, 2010, 10:10:33 PM »
What is of concern to me is that the 5.0.396 downloads from CNet, Major Geeks and freewarefiles.com are all different file sizes and have different MD5 sums....

Very interesting. Does Windows think that the different downloads' digital signatures are valid? Do they have the same signing date?

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re: Download from CNET....SERIOUSLY???
« Reply #6 on: February 01, 2010, 10:26:16 PM »
Interesting to see the comment about download.com's delay in updating ... at one time they were notorious for offering out-of-date versions of way too many apps, and it looks like that hasn't changed.

(Edit) In fairness, though, that is where I first got the installer for 377 -- admittedly, the first place I tried since it was the first for which a link was posted here somewhere.
« Last Edit: February 01, 2010, 10:28:28 PM by MikeBCda »
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

olddog

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #7 on: February 01, 2010, 10:27:22 PM »
Quote

Very interesting. Does Windows think that the different downloads' digital signatures are valid? Do they have the same signing date?

zerospam,
As I said in my previous post the digital signature of the file from freeware.com is marked as Invalid by Windows XP. The signature date and time of this file is the same as for the file from MajorGeeks.

The signature date of the CNet is the same as for the other two, but its signature time is slightly different.

Incidentally, the counters show there has been 409,629 downloads of the file from freeware.com!

« Last Edit: February 01, 2010, 10:29:02 PM by olddog »

zerospam

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #8 on: February 01, 2010, 10:51:19 PM »
Quote

Very interesting. Does Windows think that the different downloads' digital signatures are valid? Do they have the same signing date?

zerospam,
As I said in my previous post the digital signature of the file from freeware.com is marked as Invalid by Windows XP.

I'm sorry, I misread your message. Certainly no one should install anything that lacks a valid digital signature (computed using sha1, not md5) from the correct signer. It sounds like there's been corruption or an attack. Note, however, that downloading software directly from its publisher does not guarantee immunity from corruption or an attack. Always check the signature.

Quote
The signature date of the CNet is the same as for the other two, but its signature time is slightly different.

Do both purport to be signed by Alwil? What signing algorithm do they use (check digital signatures/details/advanced/digest algorithm)?
« Last Edit: February 01, 2010, 10:55:42 PM by zerospam »

olddog

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #9 on: February 01, 2010, 11:54:58 PM »
zerospam,

The screen shots, 2 with this post and 1 which I will attach to a subsequent post show the details for the three downloads concerned.

In the case of the file with the invalid certificate, I would not have thought that straight corruption would result in an avast scan saying it had 3 files, compared to the other two with 2 files.

My main point incidentally is the inconsistency in the files available for download perhaps introduces yet another factor Awil have to consider when looking at why some have problems when others with similar setups don't.

 

olddog

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #10 on: February 01, 2010, 11:56:25 PM »

Continued from my previous post ..
The third file download from CNet


Offline jimb11

  • Sr. Member
  • ****
  • Posts: 221
Re: Download from CNET....SERIOUSLY???
« Reply #11 on: February 02, 2010, 01:26:37 AM »
I just hope we can soon just download directly from the avast web site!!

hyjaxltd

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #12 on: February 02, 2010, 03:25:12 AM »
I just hope we can soon just download directly from the avast web site!!
Again, when I purchase as a consumer then send me to whoever is helping spread the word...on other words:

make your cake.

However, it really says POOR things about your relationship with business clients when this happens.  What if they get infected by trojan/redirect via the download.  Even though thats realy Alwil fault AT ALL, who do you think the IT pro is gonna blame  :'(

...Im just saying 8)

BTW...it is VERY strange the differnt sizes when SO CLOSE together.

jujdred

  • Guest
Re: Download from CNET....SERIOUSLY???
« Reply #13 on: February 02, 2010, 03:30:04 AM »
Yeah.  It is always a concern of mine that obtaining any legit software from a 3rd party host could potentially, albeit not at the intent of the developers, introduce 'extra' stuff that we like to call spam.  Typically a 3rd party host will package the deal with some other advertising medium for whatever reason.  While this usually isn't a serious threat to security, it is an annoyance.  Especially if it is forced upon us during install.  If I am ever FORCED to install another yahoo.com toolbar or ask.com search box, I will blacklist that particular host and it's IP will be uploaded as a viral threat to every agency known to man.  I simply will not tolerate that type of bloating.  So long as the installer provides an option to disable the extra software and make sure it is not installed without my permission, then we can remain friends.

I have recently gotten into the habit of using some great free tools:

HIGHLY SUGGESTED:
http://www.spywareguide.com/analyze/index.php
http://www.javacoolsoftware.com/eulalyzer.html
http://www.opendns.com/  (REPLACE YOUR ISP's DNS ROUTING AND GAIN FULL CONTROL OF WHAT PASSES THROUGH IT, FREELY)
http://www.threatfire.com/  (with avast, Threatfire really brings your protection to maturity, but it can be a little aggressive at times)
http://www.malwarebytes.org/index.php  (funny to note, downloading both Malware Bytes and Threatfire from their respective sites link you to CNET host.  lol)
http://www.zsoft.dk/index/software_details/4    OR     http://www.revouninstaller.com/

and finally

http://www.sandboxie.com/

Offline wonderwrench

  • Sr. Member
  • ****
  • Posts: 223
Re: Download from CNET....SERIOUSLY???
« Reply #14 on: February 02, 2010, 03:48:40 AM »
I did some hunting and ALWIL is hosting the files on their own servers if you want it directly from the horses mouth. ALWIL is not giving out links to their own servers because there is no way they could ever stand up to the load as the demand is so high. Download.com claims Avast 5 Free was downloaded 1,177,946 times last week! Its hard to believe but possible. IMO they were very smart not to even try and host the files themselves. Without further adieu here you go!  

Avast 5 Free
Multi-Language: http://files.avast.com/iavs5x/setup_av_free.exe
English: http://files.avast.com/iavs5x/setup_av_free_eng.exe
French: http://files.avast.com/iavs5x/setup_av_free_fre.exe

Avast 5 Pro
Multi-Language: http://files.avast.com/iavs5x/setup_av_pro.exe
English: http://files.avast.com/iavs5x/setup_av_pro_eng.exe
French: http://files.avast.com/iavs5x/setup_av_pro_fre.exe

Avast 5 Internet Security
Multi-Language: http://files.avast.com/iavs5x/setup_ais.exe
English: http://files.avast.com/iavs5x/setup_ais_eng.exe
French: http://files.avast.com/iavs5x/setup_ais_fre.exe


« Last Edit: February 02, 2010, 04:13:06 AM by wonderwrench »
Main Box*i7 930*GB X58A-UD3R*3x4 gig Patriot DDR3 1600 EL*EVGA GTX 460 1 gig*Intel X25-M G2 80 gig*WD 2TB Green*ASUS DRW-24B3LT*Samsung SH-S223L*LG WH14NS40*Corsair AX750*Rosewill Challenger case*Windows 8 Pro 64 bit*Avast 8 Free 8.0.1482*MBAM Pro*Firefox 19.0.1*NoScript