Author Topic: ARA Security Considerations  (Read 31104 times)

0 Members and 1 Guest are viewing this topic.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #15 on: February 24, 2012, 06:11:36 PM »
Quote
Where exactly is the privilege escalation?
The remotely connected user can only do the same as the local user can - the remote assistance is not running under any privileged account.

We'll see how long that will remain so ... after an exploit's been found  ;)

Exploit for what? To get out of the ordinary user's account avast! UI is running in?
You are basically saying you need an exploit in Windows - to use it via avast! to exploit Windows. OK, but since it's already there, you don't need avast!, you can use it directly.
« Last Edit: February 24, 2012, 06:40:08 PM by igor »

Offline Coolmario88

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1554
  • Bronies make the web go round
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #16 on: February 24, 2012, 06:13:15 PM »
Remote assistance feature is there but that doesn't mean you have to use it. ;D
OS: Windows 10 64-bit
Webbrowser: Mozilla Firefox

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #17 on: February 24, 2012, 06:19:05 PM »
Symantec had a network breach and had their source code stolen. If this happened to avast I would jump ship because by that point they couldn't be trusted with security.

I believe it wasn't their network, but rather one of their partners?
I would probably argue about the idea that something like that can fully be prevented if you just try hard enough (I mean, if one of the developers packs the code and gives/sells it someone... you can only prevent it by not having any developers or no source code ;)), and I also don't think that when it comes to antivirus applications, the bad guys can learn from the source code anything new they don't already know... but I'd be getting off topic here, so I won't :)

Offline AdrianH

  • Advanced Poster
  • **
  • Posts: 854
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #18 on: February 24, 2012, 06:32:50 PM »
The poll was posted by someone that simply has not even learned how to use Avast correctly.

If anyone feels there is a security issue or does not want to use the feature they can remove it.  It is already a "separate" download as it is a user choice within the installer.
Win8.1 Pro 64Bit  : KIS2014 : CryptoPrevent : Privazer:

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 46125
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #19 on: February 24, 2012, 07:09:22 PM »
Nice Poll,  :-[
No mater how you vote, you're voting his way. Typical pole to prove your own point.
I personally am extremely happy this feature is available.
I no longer have to rely on a third party application to help someone who has a problem and can't fix it on their own.
Since the person needing the help has to start this feature, I don't see where there is a security breach ???
If they don't trust me, they simply don't ask for the help and don't allow access.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Mi Ka El

  • Jr. Member
  • **
  • Posts: 54
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #20 on: February 24, 2012, 07:19:43 PM »
The guy who made this poll doesn't even know how to do a custom install for God's sake! I know the forum is supposed to help and inform people but this is just ridiculous.
Windows XP SP3 Pro x86: Avast Free Antivirus 8.0.1489, Private Firewall 7.0.29.1, Malwarebytes Free 1.75(on-demand), Opera 12.15.

Offline Gargamel360

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2346
  • Memento Mori
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #21 on: February 24, 2012, 07:33:09 PM »
Yeah, nice FUD poll.  ::)

Honestly, what doesn't compromise security?  Hiding in a box.  Unplugging the cord.

Most of us here on the forum don't need it, but I can think of plenty of people who do......sick of this general idea that remote assistance is "evil".
Signature?  But I gots no pen....

Offline Indoctor

  • Newbie
  • *
  • Posts: 13
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #22 on: February 24, 2012, 07:33:34 PM »
Quote
The guy who made this poll doesn't even know how to do a custom install for God's sake! I know the forum is supposed to help and inform people but this is just ridiculous.

Christ, what an offense. I'm not from a competing anti-virus firm guys!

Anyway, you're missing the point. It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!

Offline Gargamel360

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2346
  • Memento Mori
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #23 on: February 24, 2012, 07:39:39 PM »
Anyway, you're missing the point. It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!
If you are not ADMIN, its not your PC, so you have nothing to complain about.
Signature?  But I gots no pen....

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11805
    • AVAST Software
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #24 on: February 24, 2012, 07:48:11 PM »
Well, if you simply say that you automatically get a feature you don't want, OK. I'm not saying the thing gets changed for you, but I can see your point.
But I don't see the announced security problem here.

Offline AdrianH

  • Advanced Poster
  • **
  • Posts: 854
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #25 on: February 24, 2012, 07:48:37 PM »
Quote
The guy who made this poll doesn't even know how to do a custom install for God's sake! I know the forum is supposed to help and inform people but this is just ridiculous.

Christ, what an offense. I'm not from a competing anti-virus firm guys!

Anyway, you're missing the point. It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!

And IF the user is ona LUA and not the admin Windows doesn't allow them to install an update or new software, it requires an admins authorisation.

The admin/license holder/registered user is responsible for his/her own actions and security.  Before allowing a new version of anything on your system you need to check exactly what you are getting and what it will do.

The information on all the coming features was there for all to read and act on.  IF a user on an LUA feels they don't want the feature that worries you so much they simply need to ask the admin account holder to remove it.
Win8.1 Pro 64Bit  : KIS2014 : CryptoPrevent : Privazer:

Offline Dch48

  • Massive Poster
  • ****
  • Posts: 3150
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #26 on: February 24, 2012, 07:49:25 PM »
If you thought for 5 seconds prior to posting it just might have occurred to you that this "Remote Access" feature is a CHOICE just like all the other features available in avast!

Don't want it ? Then simply don't install it, end of problem!  ::)
+10

I couldn't vote in your paranoid poll because none of the options apply.
Avatar FX6327X desktop, FX-6300 CPU, RX 470 GPU, 8GB RAM, Windows 10 Home 64 bit
HP dv6-6140us laptop, A8-3500M APU, 8GB RAM, Windows 7 Home Premium 64 bit
RCA W101 v2 10" tablet, Intel Atom Bay Trail Z3735F processor, 2GB RAM, Windows 10 Home 32 bit

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #27 on: February 24, 2012, 07:53:39 PM »
Symantec had a network breach and had their source code stolen. If this happened to avast I would jump ship because by that point they couldn't be trusted with security.
Symantec and other security companies were compelled to release the source code to military authorities if they sell the product in India.
It was not a breach in the search code. Even less in the remote assistance technology. It's completely unrelated.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #28 on: February 24, 2012, 07:55:35 PM »
It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!
And so? What's wrong with that? You don't need to alter anything or change the installation. The breach just does not exist.
The best things in life are free.

Offline BTIsaac

  • Jr. Member
  • **
  • Posts: 98
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #29 on: February 24, 2012, 07:56:08 PM »
Is it just me or is that poll a little like "DurrHurr me stupid" vs "OMFG Avast is h4xx0rin' mah computerz"?

Christ, what an offense. I'm not from a competing anti-virus firm guys!

Wait a second. Who said anything about you being from a competing firm?
« Last Edit: February 24, 2012, 08:00:00 PM by BTIsaac »