ARA Security Considerations

[bob3160]

The guy who made this poll doesn't even know how to do a custom install for God's sake! I know the forum is supposed to help and inform people but this is just ridiculous.

Christ, what an offense. I'm not from a competing anti-virus firm guys!

Anyway, you're missing the point. It's not about the INSTALL, it's about when doing the update WITH THE AVAST UI, it installs the full package. There's NO WAY AFTERWARDS to alter it except if you're ADMIN, and NOT ALL users administer their computers themselves/have access to that account!!!

Did you read the title of this post or, did someone else writ it for you


Change the title of this thread to what your actual problem is and get rid of this one sided poll and we wouldn't all be an the defensive. 

[Arsh de Grand]

For years, there has been a remote assistance feature installed with every copy of Windows that I have seen. And there are many more Windows users than there are Avast users. Are you going to protest Windows too?  Just turn it off/uninstall it if you don't like it.

A bad guy would have to physically be sitting at the computer to enter the code. Why would he need a remote assistance connection if he is already physically at the computer?

I will tell you what. You use the remote assistance feature in avast! to hack into my computer. I would like to see how far you get. According to you, it's easy to do, right?

100% agree with you. if anyone don't like this feature just simply switch off it !

[RejZoR]

Sorry but you're complaining for nothing. If you have an untrusted person behind your computer, i think you have a bigger problem than the remote assistance that so called "anyone" can activate. So i really don't understand why are you complaining about this feature.

[Charyb-0]

It is speculation. The OP is just making accusations that he cannot prove. The subject line reads like there was an actual breach which is untrue. You can't answer the poll because each answer is leading. Another thing, your subject line reads "Unite against REMOTE AVAST SECURITY BREACH" with remote avast security breach in all caps. How misleading and untrue is this subject line? I don't care for misleading and untrue. A different approach at this may have yielded different, less hostile, responses.

Either prove it or leave it alone! Stop the speculation.

[WhiteZero]

Love the loaded question for the poll.

Get over it man.

[Gopher John]

This poll makes a strong argument for an mandatory "Irrelevant" to be added as a vote option to any poll by the forum software.

[Indoctor]

And IF the user is ona LUA and not the admin Windows doesn't allow them to install an update or new software, it requires an admins authorisation.

Wrong. Avast has SYSTEM priviliges so can update itself (program) under LUA.

Wait a second. Who said anything about you being from a competing firm?

This one's funny. You're suggesting I'm ADMITTING to BE from a competing firm? Hilarious. It was a METAPHOR.

http://en.wikipedia.org/wiki/Metaphor

[Paul Rodgers]

Symantec had a network breach and had their source code stolen. If this happened to avast I would jump ship because by that point they couldn't be trusted with security.

Symantec and other security companies were compelled to release the source code to military authorities if they sell the product in India.
It was not a breach in the search code. Even less in the remote assistance technology. It's completely unrelated.

I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.

[Lisandro]

Wrong. Avast has SYSTEM priviliges so can update itself (program) under LUA.

Wrong. Your messing avastUI.exe and avastSvc.exe.

[Lisandro]

I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.

No, you're wrong. You've wrote: "Symantec had a network breach" and it is not a network from Symantec.

[Paul Rodgers]

I stand corrected. In many instances I would say that a security system is only as strong as its weakest link, but that does not apply to this.

No, you're wrong. You've wrote: "Symantec had a network breach" and it is not a network from Symantec.

That is what I stand corrected means. I was admitting that I was wrong and that Symantec was not to blame.

[FlyingRobot]

There are a couple of distinct issues involved here.  IIRC (I started testing 7 but aborted that effort early on), the typical and default custom installs included Remote Assistance.  Arguably, such a feature should not be bundled with an anti-malware tool let alone installed by default.  The ability to opt-out is something but arguably opt-out is insufficient.  IIRC, the appearance was that by unchecking the installation of Remote Assistance, that component would literally not be copied to an Avast directory and thus all related functionality would simply not exist on the target machine.  Theoretically speaking, that may or may not be the case because some functionality could be built into other components.  Only those intimately familiar with the code would know.  Routing Remote Assistance traffic through avast Servers is on one hand (potentially) convenient for (less sophisticated) users but doing it that way also creates additional security/privacy issues.  So yes, there does seem to be some must consider issues with respect to the Remote Assistance feature.

PS: I don't recall seeing an option to prevent the installation of avast remote management portal functionality.  It would be good if that functionality could be completely eliminated, included as is, or included in private remote management only form (where management via avast servers is impossible but management via private server is possible).

[Lisandro]

That is what I stand corrected means. I was admitting that I was wrong and that Symantec was not to blame.

Ok, sorry. Misunderstand you.

[BTIsaac]

This one's funny. You're suggesting I'm ADMITTING to BE from a competing firm? Hilarious. It was a METAPHOR.

Don't link wikipedia for me pal, I know more about metaphors than whoever wrote that article and I can tell you weren't making one.

And I'm not suggesting that you're admitting anything, I'm asking who accused you of working for a competing firm. You don't have to act all defensive over a legitimate question

[Indoctor]

Wrong. Your messing avastUI.exe and avastSvc.exe.

I know about the two, but it is irrelevant. Your the developer guy, you should know that updating Avast program under LUA does work.

@FlyingRobot: Good argument. So removing Remote Assistance afterwards with the installer might not be a guarantee to get rid of its dangers. Great.

Don't link wikipedia for me pal, I know more about metaphors than whoever wrote that article and I can tell you weren't making one.

I was. Sorry to disappoint you. OT please.