Author Topic: ARA Security Considerations  (Read 31102 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 46125
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #30 on: February 24, 2012, 07:58:17 PM »
Quote
The guy who made this poll doesn't even know how to do a custom install for God's sake! I know the forum is supposed to help and inform people but this is just ridiculous.

Christ, what an offense. I'm not from a competing anti-virus firm guys!

Anyway, you're missing the point. It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!
Did you read the title of this post ??? or, did someone else writ it for you ???


Change the title of this thread to what your actual problem is and get rid of this one sided poll and we wouldn't all be an the defensive.  :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Arsh de Grand

  • Helper
  • Jr. Member
  • **
  • Posts: 52
  • just an avast user !
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #31 on: February 24, 2012, 08:00:24 PM »
For years, there has been a remote assistance feature installed with every copy of Windows that I have seen. And there are many more Windows users than there are Avast users. Are you going to protest Windows too?  Just turn it off/uninstall it if you don't like it.

A bad guy would have to physically be sitting at the computer to enter the code. Why would he need a remote assistance connection if he is already physically at the computer?

I will tell you what. You use the remote assistance feature in avast! to hack into my computer. I would like to see how far you get. According to you, it's easy to do, right?
100% agree with you. if anyone don't like this feature just simply switch off it !
PC=win 7 ultimate 64 bit ,Avast IS 7(latest ) win defender OFF
Android=galaxy s2 ICS I9100XWLPT (4.0.4) stock UK . rooted with= Siyah Kernel

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9384
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #32 on: February 24, 2012, 08:01:28 PM »
Sorry but you're complaining for nothing. If you have an untrusted person behind your computer, i think you have a bigger problem than the remote assistance that so called "anyone" can activate. So i really don't understand why are you complaining about this feature.
Visit my webpage Angry Sheep Blog

Offline Charyb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2428
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #33 on: February 24, 2012, 08:03:18 PM »
It is speculation. The OP is just making accusations that he cannot prove. The subject line reads like there was an actual breach which is untrue. You can't answer the poll because each answer is leading. Another thing, your subject line reads "Unite against REMOTE AVAST SECURITY BREACH" with remote avast security breach in all caps. How misleading and untrue is this subject line? I don't care for misleading and untrue. A different approach at this may have yielded different, less hostile, responses.

Either prove it or leave it alone! Stop the speculation.
« Last Edit: February 25, 2012, 12:02:51 AM by Charyb »

Offline WhiteZero

  • Jr. Member
  • **
  • Posts: 62
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #34 on: February 24, 2012, 08:07:48 PM »
Love the loaded question for the poll.

Get over it man.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #35 on: February 24, 2012, 08:25:43 PM »
This poll makes a strong argument for an mandatory "Irrelevant" to be added as a vote option to any poll by the forum software. ;D
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline Indoctor

  • Newbie
  • *
  • Posts: 13
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #36 on: February 24, 2012, 08:29:40 PM »
Quote
And IF the user is ona LUA and not the admin Windows doesn't allow them to install an update or new software, it requires an admins authorisation.

Wrong. Avast has SYSTEM priviliges so can update itself (program) under LUA.

Quote
Wait a second. Who said anything about you being from a competing firm?

This one's funny. You're suggesting I'm ADMITTING to BE from a competing firm? Hilarious. It was a METAPHOR.

http://en.wikipedia.org/wiki/Metaphor

Offline Paul Rodgers

  • Avast Reseller
  • Jr. Member
  • *
  • Posts: 62
  • President - Primary Technology Solutions, Inc.
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #37 on: February 24, 2012, 08:30:38 PM »
Symantec had a network breach and had their source code stolen. If this happened to avast I would jump ship because by that point they couldn't be trusted with security.
Symantec and other security companies were compelled to release the source code to military authorities if they sell the product in India.
It was not a breach in the search code. Even less in the remote assistance technology. It's completely unrelated.

I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #38 on: February 24, 2012, 08:33:57 PM »
Wrong. Avast has SYSTEM priviliges so can update itself (program) under LUA.
Wrong. Your messing avastUI.exe and avastSvc.exe.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #39 on: February 24, 2012, 08:35:25 PM »
I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.
No, you're wrong. You've wrote: "Symantec had a network breach" and it is not a network from Symantec.
The best things in life are free.

Offline Paul Rodgers

  • Avast Reseller
  • Jr. Member
  • *
  • Posts: 62
  • President - Primary Technology Solutions, Inc.
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #40 on: February 24, 2012, 08:44:05 PM »
I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.
No, you're wrong. You've wrote: "Symantec had a network breach" and it is not a network from Symantec.

That is what I stand corrected means. I was admitting that I was wrong and that Symantec was not to blame.

Offline FlyingRobot

  • Full Member
  • ***
  • Posts: 105
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #41 on: February 24, 2012, 09:01:04 PM »
There are a couple of distinct issues involved here.  IIRC (I started testing 7 but aborted that effort early on), the typical and default custom installs included Remote Assistance.  Arguably, such a feature should not be bundled with an anti-malware tool let alone installed by default.  The ability to opt-out is something but arguably opt-out is insufficient.  IIRC, the appearance was that by unchecking the installation of Remote Assistance, that component would literally not be copied to an Avast directory and thus all related functionality would simply not exist on the target machine.  Theoretically speaking, that may or may not be the case because some functionality could be built into other components.  Only those intimately familiar with the code would know.  Routing Remote Assistance traffic through avast Servers is on one hand (potentially) convenient for (less sophisticated) users but doing it that way also creates additional security/privacy issues.  So yes, there does seem to be some must consider issues with respect to the Remote Assistance feature.

PS: I don't recall seeing an option to prevent the installation of avast remote management portal functionality.  It would be good if that functionality could be completely eliminated, included as is, or included in private remote management only form (where management via avast servers is impossible but management via private server is possible).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #42 on: February 24, 2012, 09:02:50 PM »
That is what I stand corrected means. I was admitting that I was wrong and that Symantec was not to blame.
Ok, sorry. Misunderstand you.
The best things in life are free.

Offline BTIsaac

  • Jr. Member
  • **
  • Posts: 98
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #43 on: February 24, 2012, 09:30:51 PM »
This one's funny. You're suggesting I'm ADMITTING to BE from a competing firm? Hilarious. It was a METAPHOR.

Don't link wikipedia for me pal, I know more about metaphors than whoever wrote that article and I can tell you weren't making one.

And I'm not suggesting that you're admitting anything, I'm asking who accused you of working for a competing firm. You don't have to act all defensive over a legitimate question

Offline Indoctor

  • Newbie
  • *
  • Posts: 13
Re: Unite against REMOTE AVAST SECURITY BREACH
« Reply #44 on: February 24, 2012, 09:56:16 PM »
Quote
Wrong. Your messing avastUI.exe and avastSvc.exe.

I know about the two, but it is irrelevant. Your the developer guy, you should know that updating Avast program under LUA does work.

@FlyingRobot: Good argument. So removing Remote Assistance afterwards with the installer might not be a guarantee to get rid of its dangers. Great.

Quote
Don't link wikipedia for me pal, I know more about metaphors than whoever wrote that article and I can tell you weren't making one.

I was. Sorry to disappoint you. OT please.
« Last Edit: February 24, 2012, 09:58:53 PM by Indoctor »