Avast and Dialup

[yetanotheruser]

Is it possible?

Last night, I started downloading avast before I went to bed. (second try) This morning I find I have a file 58,557,984 bytes in size. (are there installer MD5s - or preferably CRC32s posted somewhere?)

So I run it. (On Vista Home Premium SP2) I have already installed it on an XP system on dialup and I have some observations about that, but first I shall describe my Vista Avast installation experience. It failed so spectacularly in so many ways I'm not sure where to start. I will probably have to repeat the process and document it in detail to make you aware of the real problems with the product. However... that is the developer's QA responsibility. Not the responsibility of the user of a "stable" release. That said...

First download was complete but corrupted the other day so I tried again last night. I wake up this morning to find a 58,557,984 byte file. (are installer MD5s or CRC32s preferably posted anywhere - by version?).

First run of the completed download appears to be on its way to completion... then just stops with an error and says check the log for the error description. (sorry forgot to copy and paste, but again... not really my responsibility....) The descrioption of the error was not present in the log anyway. It just stopped.

So I run it again. This time it appears to complete. (ah yes, the point that it continues to is the vc runtime installer - it did not get that far the first time... - note this is a development machine - several IDEs and platform SDKs installed as well as debug and release versions of runtime libraries... the c runtime libs should already be there... what did your installer do? It did not tell me... will my build environments still work?)

So this time after it got past the vc libs install, it appears to complete... but hangs on the last installer tab (I later determine it is downloading something with no notice or indication that it is doing so at all) - (remember the XP installation? - while more sucessful, a similar installation issue appeared... on first startup it wwent right to update and started dowloading merrily many tens of megabytes... but the download progress bar stays at zero.... then, several hours later, when the download completed, the progress went immediately from 0% to 100% saying the download completed in 0.7 seconds - when I know that it took many hours) This observation from my vista install tells me that your development team only works on high speed connected workstations, and are trusting 3rd party libraries to do what they say - when they do not - lesson - write and test your own code...)

So, back to my vista install.. (still underway as I type, it is downloading something still, even though I have dismissed the final installer page by pressing the "finished" button (or whatever that last butten was labeled, and the istaller closed.) I get the femal voice sound file indicationg that installation is complete, but I see nothing. So I start the UI from the start menu. It appears, along with the systray icon... OK I think maybe it worked... The interface tells me that the service is not running and that the status is "Unsecured". There is a "Fix Now" button... I press it, knowing nothing will happen, because it is still re-downloading another 50 megabyte copy of itself (I assume). There is a "Start Program" button on your iterface below that - so I press it. Again, nothing happens (as expected).

So moral of the story and I think the key to your problems is connection speed awareness and getting actual correct data on the progress of various downloads your product performs  - currently it really has no idea where it is... (microsoft has exactly the same issue with windows update - the download progress indicatiors don't really work - but developers working on high speed connections assume they do because they cannot tell the difference.)

So if you do not have a dialup connection to test on I recommend the use of Windows QoS service on the appropriate interface and use WinTC to throttle it completely to 40 Kbps. Then test your product. You will find the problems and then hopefully fix them for me.

Sorry if this comes across as smart assed, but I am a detailed developer and very serious about QA in anything I do, so I find this extremely frustrating to observe in a product with an excellent reputation (Yours - Avast).

All that said... Is there an offline installer? At 55.8 Mb do you offer any physical distribution solutions? FedEx? UPS?

Oh, one more thing. Brothersoft. Scary. I download your product from CNET. I do not trust brothersoft and never will, their google spam tactics are those of hackers and spammers. I have watched brothersoft develop over the years and I steer very clear of them, they are just too "warezy" for me thanks. I would not trust your installer downloaded from brothersoft, so I go to CNET to get it. My advice: Don't use brothersoft, find somebody trustworthy.

Again, not trying to be too much of a smart ass here, but your product has serious problems with distribution and installation and really is not ready for "prime-time".

I would be most appreciative and extremely happy if you could address these issues and make your product that much more sucessful.

In the interim, any suggestions you might have on how to get your installer and product to work on dialup would be great, thanks.

(your product is still downloading something... I have no idea what.. there is no indication whatsoever, no progress bar - nothing... however, I know what I am doing... so:

Code: [Select]

>netstat -b

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    X.X.X.X:49974   a910sm:http            ESTABLISHED
 [avast.setup]
  TCP    X.X.X.X:49975   ev1s-209-62-2-75:https  CLOSE_WAIT
 [AvastUI.exe]
  TCP    X.X.X.X:49988   a797sm:https           CLOSE_WAIT
 [AvastUI.exe](local address edited out for post)

Your application is unaware of what it is doing...

Are you using NSIS? It looks like you may have wrapped a second (custom?) installer system inside an NSIS installer? Why? Simple is better. Yes your product is a target, but you know what they say about obscurity...

edit: I had written another entire paragraph of useful input for you, but you timed out my SMF session. I suggest you increase that. (again it poses no real security issue if everything is done right on the back end - I run several major SMF installs larger than this one as well... >700K posts)I will not type it out again. Sorry.

[igor]

(are there installer MD5s - or preferably CRC32s posted somewhere?)

The files are digitally signed - so you if open the file's properties and let the digital signature be validated, you can be sure that the file is OK. (And if the digital signature tab doesn't appear at all, you can be sure that it's truncated).

First run of the completed download appears to be on its way to completion... then just stops with an error and says check the log for the error description. (sorry forgot to copy and paste, but again... not really my responsibility....) The descrioption of the error was not present in the log anyway. It just stopped.

The log contains quite a lot of information - so if you posted it here, it should be possible to say what happened. But yes, it's not really meant for the users.

So I run it again. This time it appears to complete. (ah yes, the point that it continues to is the vc runtime installer - it did not get that far the first time... - note this is a development machine - several IDEs and platform SDKs installed as well as debug and release versions of runtime libraries... the c runtime libs should already be there... what did your installer do? It did not tell me... will my build environments still work?)

It's just the original Microsoft redistributable - it does all the work itself. So yes, your build environments will still work.

All that said... Is there an offline installer? At 55.8 Mb do you offer any physical distribution solutions? FedEx? UPS?

This is an offline installer. But the program certainly checks for further virus database updates after installation, there were probably some released in between. The size of the download should be small, however.
No, no physical delivery, sorry. (Actually, I'm not sure - maybe Element5 makes it possible to order a physical CD when purchasing a license... but I really don't know that.)

Are you using NSIS? It looks like you may have wrapped a second (custom?) installer system inside an NSIS installer? Why? Simple is better. Yes your product is a target, but you know what they say about obscurity...

No, no NSIS.
The only wrapped installer is the Microsoft redistributable, which I don't think can be done any other way (license stuff etc.)

[yetanotheruser]

Your SMF install timed out on me again.  

Lucky for you I pasted my post into notepad before hitting the post button and losing it all. (You really must fix that).

So here is what I had written:

The files are digitally signed - so you if open the file's properties and let the digital signature be validated, you can be sure that the file is OK. (And if the digital signature tab doesn't appear at all, you can be sure that it's truncated).

Cool, thanks for the tip. I did not think to check that, (it never occurs to me to pay for a CA... that is all such a scam... as long as Thawte still exists it is evidence that model is horribly broken... anyway, not your problem - I see you use the overlord Verisign...* insert plug for Entrust *) So my download does check out by this method. I can assume it is intact. Interestingly when I unzip it with 7-zip it does show errors... the fact that I was able to unzip it one level with 7-zip is what led me to suspect you were wrapping a proprietary installer in an NSIS one... but since there are errors when unzipping it with 7-zip that tells me it it probably not an NSIS installer (have not read your further comments on this below yet....)

The log contains quite a lot of information - so if you posted it here, it should be possible to say what happened. But yes, it's not really meant for the users.

Unfortunately I expect an uninstall and re-install may not duplicate the result. Also, I am still about 45 megabytes into the unknown download that avast.setup is running. My suspicion is that if I allow it to complete over the next few hours that I may end up with the desired result (a functional avast install) - so I am hesitant to interrupt it, as repeating the process will be essentially another days work, and I am trying to get to my real development work... anyway, I did not copy the log, apologies.

It's just the original Microsoft redistributable - it does all the work itself. So yes, your build environments will still work.

Thank you for the information, that is reassuring. I expected so, but with all the weird behaviour I was not really sure.

This is an offline installer. But the program certainly checks for further virus database updates after installation, there were probably some released in between. The size of the download should be small, however.

Ah there's the rub. In both cases, on XP and now on Vista, your installer downloads at least 50 megabytes of data. There is no doubt about this. You guys need to take another look. Like I said, use QoS, packet sniffers, MRTG... something. I know it is fact. Your installer re-downloads itself as its last step. (or something of equal size) it is not a definitions update. I know roughly how large those should be. (I have been maintaining my own ClamAV windows builds for several years now). THis is where the problem is, as you are not aware of it, nor is your software, but I am and I am looking at the evidence right here... (see attached) I connected this morning a few hours ago and started your installer and have looked at nothing but these forums in SRWare Iron and have been monitoring connections via nestat at the commandline. There is definitely something wrong then, and you guys are not seeing it.

No, no physical delivery, sorry.

That's too bad. I'd seriously consider paying if there were. You guys might want to consider it as an option if the product swells any larger.

Much of the world is still on dial-up and will be for some time to come. There is no more copper and no one wants to lay the fiber. It is not financially viable like it was in the days of the telegraph.

No, no NSIS.

Interesting. (see above comments re: 7-zip)

The only wrapped installer is the Microsoft redistributable, which I don't think can be done any other way (license stuff etc.)

Aside from an externally linked pre-requisite... ....

um no wait... there is... I think.. MS's side-by-side redistributables... i think they were called? I've seen them and used them in my ClamAV builds... (not done for a while now though - so foggy in memory) They came around after the new compilers... we're still digging our way out of the vc6 world everywhere...  the new vc8 and 9 libs can be used in this fashion as I recall, you just need to change your build link properties somewhat ... don't think I'm imagining all this. I could look it uyp for you but MS sites are big... and I still have the avast-double-download ongoing... up to 57Mbits now... must be getting close...

Edit: P.S. If you're not using NSIS, you may want to consider it. If your current install system does not support lzma compression and your installer is just about 60MB then I can think of no better reason. (though I expect Verisign has the final say in your installer format... Ditch them. Use proven methods.)

P.P.S. Thank you very much for the prompt and near-complete reply.  

[Rednose]

Element5 makes it possible to order a Backup DVD for USD 9.95 extra.

Greetz, Red.

[yetanotheruser]

Um what is Element5? Does it involve aliens and Milla Jovovich in skimpy clothing? 

$9.95 sounds pretty reasonable...

[yetanotheruser]

Interesting. I just got the sound notification "virus database updated". (several hours and several tens of megabytes later). This is clearly more than a definitions update. The avast.setup process no longer appears in a ">netstat -b -f". The installer (with window no longer visible since dismissed hours ago) just finished downloading something nearly 60 megabytes in size. period. No question. No ifs ands or buts about it. There you go.

Just what installer system are you using? Can you trust it?

Anyway, that's all for now, I hope it is somewhat helpful and can make your product more effective, professional and secure.

Summary:
- Use NSIS, Drop Verisign, use checksums posted on trusted sites and internal CRC checks. (i.e. Don't let Microsoft browbeat you into paying off CA goons like Verisign with bogus security warnings to the user through the OS. We trust you, we don't need Microsoft and Verisign to tell us who to trust... in fact.. just the opposite...)
- Seriously, drop brothersoft like it was hot. It is. I almost abandoned the idea of downloading your product at all when I was redirected there to download. Absolutely the wrong place to host AV product downloads. (I don't care if they are your friends or if it might hurt their feelings. They made their bed, they can lie in it.) It can only bring to mind the standard conspiracies about AV software... see where that goes?
- Test on a throttled connection. That will make it all clear as a bell to you.

[Rednose]

Um what is Element5? Does it involve aliens and Milla Jovovich in skimpy clothing? 

$9.95 sounds pretty reasonable...

The Backup DVD is offered in the Avast! store. But I beleve the handeling is done by Element5, the billing company.

Greetz, Red.

[yetanotheruser]

Cool. I'll take a look, but I suspect from the way you have phrased it that the total cost is significantly more than $9.95.

Additional input for the Avast team:

I started a boot-time scan at 2pm today, it just finished at 7:35pm. (not too bad...)

BUT, it missed thousands of archive files reporting them all as corrupted when I know they are not. What compression library are you using? I suspect it is not zlib... You need to use functional decompression libs. Whatever you are using is not working.

False positives:

VNC dlls when part of a tightvnc installer is NOT a trojan... nobody gets this. The tightvnc dev must be pretty pissed at you all by now. (all the AV scanners make this mistake)

Netcat is not a trojan on its own. It is "the swiss army knife of tcp/ip". Give it a try, it may help you illuminate some of your installer double-download issues.

The boottime scan reported sending a number of instances of both to the virus chest, yet the your windows UI does not show them present. I wonder what your scanner did? (I can deal regardless, but again, your status indications are totally inaccurate. Output to the user has to be accurate. That is all there is to it.

I'm sticking with it as ClamWin has gone retarded (they think they are panda now or something) but one can still build ClamAV and clamd (always missing from thclamwin dist anyway) from source.

Why would I use ClamAV? (note - not clamwin - but clamAV built for windows) It is the only one suitable to run on a server, even though it has huge holes in detection. Standard AV such as McAfee or Symantec corporate installs will cripple any serious web server. (let alone a complicated application server) Nor can our non-profit organisation afford to pay for AV. (otherwise I'd want to use Avast on our servers). So ClamAV builds of my own are the only viable solution.

Anyway, second free consult summary:
- Use a working decompression library.
- VNC and Netcat ARE NOT Trojans.
- Your application output during boot-time scans is inaccurate, it reports moving items to the chest, yet they are not there.

Beta quality. Good beta quality, but still - beta quality.

[yetanotheruser]

Hi Igor,

This was going to be a personal message but ...

An Error Has Occurred!
You are not allowed to send personal messages.

As you will see, perhaps you might want to consider allowing forum users to send personal messages to avoid the following. (hurry now, delete the thread... )

Re: http://forum.avast.com/index.php?topic=64382.315 and the above...


Here is my now-not-so-personal message to Igor:

Well la de da... I guess someone didn't like having their "stable" release assesed as beta by an experienced developer. No more free consults from me then - no skin off my nose.

I understand that you cannot publicly acknowledge the lack of development of the windows kernel (patches are one thing, new development is another). You know as well as I.

I wish you well with that pack of lusers.

As you were. I'll stop rattling your cage and I shan't burst their bubble.

P.S. I love how you consider "slashdotter" "strong language" - that was hilarious. I got it.

P.P.S. I know you'll just tell yourself this guy is just crazy and does not know what he is talking about. Then you'll feel better. That's OK, I'm used to it. Truth is most often interpreted as insanity. Then when time proves me right, you'll find ways to justify your actions (or rather lack of action) to yourself. It is all so predictable.

(account self-disabled to assure you this is my last word here - look closely, you'll see how)

[Wurstler]

The only thing I am worried about when reading your thread is that this pile of cr.. is going to take away another 10min to read and maybe even more to answer. You consider yourself a dev but show in public that there is not even a little knowledge, but just some pieces you read somewhere. That is what i call ridiculous

[igor]

I certainly don't consider "slashdotter" a bad word - it's just your whole tone and "I know the best, you are idiots" attitude (which even this thread proves very wrong) that is very offensive.

I also have no problem bashing Microsoft - especially at times when I find two bugs in Windows in two days - I'm just saying that I don't believe you have much idea the development of Windows kernel.