AVAST 5 & 6 !! Security hole ...

[Gargamel360]

This thread reminds me of a hillbilly looking down the barrel of a loaded gun to see why its jammed.

I live in the sticks, plenty of hillbillies around.....some of them actually do that.....yet somehow, natural selection fails.....either that, or they out-breed natural selection, like mice.

@new Mod (congrats on your "appointment", wow, you actually moved a thread,, have not seen that much here  ): Thanks for explaining both the obvious....

it's expected behavior, imho. If you answer Yes then it's obvious that you want to stop the service.

...and the important, but not-so-obvious

And the Yes/No dialog has to be clicked by a human (it's not possible to automate the click).

[Nesivos]

Of course a human can disable Avast while having control of a computer.

There can be a number of reasons for wanting to have this feature in the Security Software.

As far as stopping the service through an internet attack without having control of the computer's desktop it is not possible.

Of course I imagine if some computer genius spent enough time trying to figure out how to disable Avast over the internet without gaining control of the desktop he/should might eventually be able to come up with a way to do it.

As Willie Sutton the great American 20th century safe cracker said.  There isn't a safe in the world that a safe cracker given enough time couldn't break into without having to blow it up or torch/laser into it.

[Pat_2]

Hi Friends,

Sure ! But then what is the interest of having a way to password protect the interface and the modules ?
You gonna say, to prevent ugly users to mess with the settings. Good !
But what about leaving that ugly guy totally stopping the overall protection.
Sounds to me like a backdoor to get around that desired system protection.
As a Sysadmin, you can give people "admin rights", for whatever reason, but not wanted them to fool with some security settings.

Pat

[Hermite15]

you already posted that in the French section and I already answered you. There's no security hole, period.

edit: just on a side note, IIRC Comodo does just that, protect the shutdown of services with the main password used for anything else in the interface. You're also prompted to enter this password again if you want to uninstall. But, again, it's all about password implementation, and it's been demonstrated a few times that they're easy to circumvent.

 A trojan would have to go through too many steps I guess before it can stop services... not sure about that. Now if you're talking about a hacker with local access, there's not much Avast can do for you

[Pat_2]

"you already posted that in the French section and I already answered you. There's no security hole, period"

Hi Logos,

Could you pls be less vindictive !  Thks.
We're here to exchange, not to fight, right !

I do have a lot of people around being surprised, even complaining, about that problem, that's the reason of my post.

I knew about the Comodo firewall stuff, thanks anyway. But I don't think using one program to "protect" a second one is a good issue.

Pat

[MikeN92]

"you already posted that in the French section and I already answered you. There's no security hole, period"

Hi Logos,

Could you pls be less vindictive !  Thks.
We're here to exchange, not to fight, right !

I do have a lot of people around being surprised, even complaining, about that problem, that's the reason of my post.

I knew about the Comodo firewall stuff, thanks anyway. But I don't think using one program to "protect" a second one is a good issue.

Pat

I thought this was an antivirus not antistupid. Most people get infected because they don't have any common sense and then complain about the "bad job" their antivirus program did. You said that there are a lot of people complaining about this problem. I think the problem is the people. I really don't see the point of discussing any further. I'm sorry if anyone was offended.

[doktornotor]

I thought this was an antivirus not antistupid. Most people get infected because they don't have any common sense and then complain about the "bad job" their antivirus program did.

Yeah, sadly... An "antistupid" application would solve about 95% of the infected computers out there. Alas, noone is able to write one.  :'(

[claudiuc]

IMHO, avast! self protection should be improved. It's not bad right now but should be better.

http://www.anti-malware-test.com/?q=node/192 - Antivirus self-protection test under x64 platform - Avast! Internet Security 5 (83%)

[Hermite15]

"you already posted that in the French section and I already answered you. There's no security hole, period"

Hi Logos,

Could you pls be less vindictive !  Thks.
We're here to exchange, not to fight, right !

I do have a lot of people around being surprised, even complaining, about that problem, that's the reason of my post.

I knew about the Comodo firewall stuff, thanks anyway. But I don't think using one program to "protect" a second one is a good issue.

Pat

who spoke about a program protecting another one anyway, my post was not hostile, just meant to bring up some clarification, end of discussion on my side, and on a side note, unless you take into account those easily alarmed, nobody cares

edit: show me a concrete example of an attack on Avast services - not a virtual scenario - and I'll be pleased.

[doktornotor]

IMHO, avast! self protection should be improved. It's not bad right now but should be better.

Yeah, self-protection should be improved by improving it against malware that can hamper/disable the protection by automated means, not against users with administrator privileges setting at the console.

[Vlk]

Hi Friends,

Sure ! But then what is the interest of having a way to password protect the interface and the modules ?
You gonna say, to prevent ugly users to mess with the settings. Good !
But what about leaving that ugly guy totally stopping the overall protection.
Sounds to me like a backdoor to get around that desired system protection.
As a Sysadmin, you can give people "admin rights", for whatever reason, but not wanted them to fool with some security settings.

Pat

This is actually a valid concern, and we will fix this in the upcoming version of avast.

IMHO, avast! self protection should be improved. It's not bad right now but should be better.

http://www.anti-malware-test.com/?q=node/192 - Antivirus self-protection test under x64 platform - Avast! Internet Security 5 (83%)

The only test that was said to kill the service process (as opposed to the UI process, which isn't very critical) was the "change access rights test", and this is fixed in v6.


Thanks
Vlk

[MikeN92]

IMHO, avast! self protection should be improved. It's not bad right now but should be better.

http://www.anti-malware-test.com/?q=node/192 - Antivirus self-protection test under x64 platform - Avast! Internet Security 5 (83%)

Agreed. But I don't think there is any process termination problem. I'm not seeing anything wrong here. You get to chose... Yes(please come in virus), No(Stay out). It's not a program malfunction if the user clicks Yes.

[privateofcourse]

I checked it with Win XP Pro, Vista Pro and Fam, Win 7 Starter, Win 7 32 and 64 bits.

Sorry, but you can't kill the 6.0.1000 Avast service on XP Pro via the task manager. I've got full admin rights and I still get an access denied message...and repeatedly trying to terminate the process just produces the same message. I tried to terminate the process with a few other tools as well but with the same result. I don't know how you managed this.

[Hermite15]

we still weren't given any example of a trojan able to stop services... if the concern is just about granting partial admin rights excluding Avast services, I mean okay...but most of us - ie 99% of users - here are not concerned. And at enterprise level, I guess access is already easily completely denied to all Windows services for non-admin users. If you can't trust the minority that has admin rights and still feel the need of keeping them away from Avast services...alright but 

[Dch48]

I checked it with Win XP Pro, Vista Pro and Fam, Win 7 Starter, Win 7 32 and 64 bits.

Sorry, but you can't kill the 6.0.1000 Avast service on XP Pro via the task manager. I've got full admin rights and I still get an access denied message...and repeatedly trying to terminate the process just produces the same message. I tried to terminate the process with a few other tools as well but with the same result. I don't know how you managed this.

Same here--it can't be stopped in XP. There is no Services tab in the XP Task Manager and no way to make one show.