Author Topic: ATTN: VLK - This may have to be sent to my local/ state agencies.  (Read 4350 times)

0 Members and 1 Guest are viewing this topic.

UserA789

  • Guest
I know anyone can boast anything.  Thats fine but I do implore you to understand some things are not boastful, but simply facts.  the local and state agencies in my area are using your solutions partially based on my opinion and history with your product.  My best friend since grade school is one of the lead sheriffs here in my county.  He is also aware of the works I did while serving the Armed Forces and the experinced gained.  Over the past month or so, Avasts direction has become a concern.  Recent findings have led me to draft the following statement to be sent if things within Avast support and product remain 'stagnant':

To Whom It May Concern;
I understand that you have chosen Avast in order to protect the local computers within your agency.  While I will admit myself that for the most part Avast is one of the most secure scanning software apps for viraltic and  illicit code propagation; are you aware that some of its tools are being manipulated by parties that would mean to mislead users of its services and protection?

For instance, one of our most relied upon tools within Avast is its 'WebRep' feature.  This was, in its design, to be a great mediator when doing searches within websites that would carry a higher level of 'trust worthiness'.  Some of your employees have even been instructed to rely upon it for their browsing habits.  However, it has become a fact that this tool is manipulated by a community which rates such sites as www.fbi.gov as 'BAD' (to the largest degree a bad rating can be given) while sites for illicit 'warez' and illegal downloading have a 'GOOD' and/or 'GREAT' rating.

Another issue within a product designed with security in mind, is its lack of being able to connect an Avast account (https://my.avast.com/) via a more secure,complex password.  While one is able to set a secure, complex password within the webportal itself; the Avast GUI seems to not allow for special charcters to connect to this 'monitoring account'.  In today's world of internet crime, can one honestly feel comfrortable over this when it has been repeatidly reported to the Avast team, without effect?

As well, I can attest to the fact that there have been a number of concerned users such as myself that have tried to bring current 'security risks' of the program to the attention of Avast developers on their support forums.  This has led to nothing more than some of their top-level posters seemingly trying to either sway the conversation away from its main point or insult us in general.  These 'abusers' of the forum policy seem to have established some sort of immunity to its rules and guidelines.  When I have brought problems to their Techical Support Team, I have only been met with misunderstadnings or just simply wrong/inapporpriate fixes that never address the initial support query.  A huge deciding factor in the obvious direction of this once, great tool for web protection.

The last imprtant issue I would like to cover, although it is no longer a support option, was Avast's choice of using iYogi for phone support.  It took nothing more than a well-worded Google search for this user to see that iYogi had very deceptive tactics and practices; yet Avast seems to have chosen them without any research into this.  A search on the Avast forum reveals many users atttempted to being 'tricked' into purchasing separate support prrograms when calling this service.  Again, the team at Avast could have discovered these practices with a simple search on google.  All of this from a product/company that supposedly prides itself on security.

In closing, I would simply like these facts to be considered upon any renewal to Avast and its services... even as a free scanner.  If its 'WebRep' tool can be transformed into a tool showing sites that provide illicit, and virus filled sites as 'trustable'; what other measures has Avast let their design be compromised?  I can say, in full confidence, that in the past this company has been a leader in web protection and scanning techniques, however, their recent direction has brought more than a passing concern just for my home use.

I would hate to think things such as described above affecting my local and state government offices and compromising  the citizens information those computers/servers protect.

With Hestisation,


While Im sure some users simply view my posts as an arrogant American, or this is at least the feeling Im left with.  I know that sometimes drastic steps need to be taken.  I love that Avast is fast becoming the standard for web protection and services; but at the same time, with my 60+ yr old mother trusting many of your features, I have become increasingly aware that things cant be as they currently are.

Please do not interpret this as a threat or even as speaking out against forum moderation; but simply insight in a method not veiwed yet.  This will wait one month before mailing to see if that can be avoided.  But as stated in the letter, I do not support the current methods being implored within the community as far as a device to protect the securities/persoanl information of the indiviuduals on servers your software is installed upon.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40604
  • Dragons by Sasha
    • Malware fixes
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #1 on: March 30, 2012, 10:56:40 PM »
Webrep is based on user generated data all the same as WOT and the like

The security is via the shields which are not open to user generated content..  If you wish you can uninstall webrep with no adverse affect on your security.  But to be honest does any one use webrep more than a guide before making their own decision.  If the site is malicious then webshield will shut it down pronto 

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11660
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #2 on: March 30, 2012, 11:22:07 PM »
UserA789,

1. Regarding the WebRep feature: as has been reiterated quite a few times already, the ratings you see are currently a result of a democratic voting process of the Avast community members. They do not represent the company opinions or opinions of any of our employees. We just provide the platform through which our users can cast their votes.

While it's an interesting fact that the FBI site has been voted as red, it is currently not our intention to tamper with the results in any way.

2. Regarding the strong passwords in the avast account. As I already told you in an email, the problem is with the ampersand (&) character. This is currently not a supported character in the password. I.e. you can't use a password that contains this character to link avast with the account. This issue should be addressed in the next program update

3. Regarding iYogi. I'm not going to comment on this any further.


Have a good day.
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6709
  • Trust only what you test yourself!
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #3 on: March 30, 2012, 11:23:47 PM »
Several of us has tried to get the OP to understand WebRep to no avail.
The OP will only believe what he/she wants to believe. They are not very open minded.  ???

See http://forum.avast.com/index.php?topic=96424.msg768955#msg768955
As for iyogi see http://krebsonsecurity.com/2012/03/avast-antivirus-drops-iyogi-support/#more-14182

Thanks vlk!
« Last Edit: March 30, 2012, 11:26:05 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11182
  • No support PM's thanks
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #4 on: March 30, 2012, 11:35:53 PM »
No matter how you look at it that is a threat, expecting avast to change things to meet your approval within one month otherwise you'll send out this letter OMG some people never cease to amaze me ::)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #5 on: March 31, 2012, 12:02:19 AM »
Hi UserA789,

It is a pity that you base your "facts" mainly on misleading information. Web rep is not essential for the avast solution to fully function. That the official FBI site would have a bad web rep according to one forum visitor/user here is totally insignificant. BrightCloud gives it green 100 rep index meaning Trustworthy
There is a very low probability that the user will be exposed to malicious links or payloads.
This institution has done a lot also recently and in the past to fight cybercrime and even opened up servers to keep millions in Europe and Australia online despite of the fact they were infected with DNSChanger malware and they were threatened by losing their Internet connection. And they do a lot for this community as well. That other have a different opinion and their site has been under attack, has nothing to do with the workings of the avast av solution. In this case the avast web rep index needs re-evaluation, and could have been manipulated, because all other web rep indexes have a full green, M86 Security Secure Browsing, Bitdefender TrafficLight, even WOT and also webutation. So this should be enough reason to question the avast result. We recently had a user here reporting this issue as well. This is the good site of your feed-back and reporting this.
iYogi phone support was being reconsidered. So that does not count either. Then the question of https is because http connections are fully protected by the avast shields, one of the spearhead technologies of this av solution.

Well something on a side note. Why as an American are you waving the Irish colours from your avatar?

polonus

« Last Edit: March 31, 2012, 12:11:02 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6709
  • Trust only what you test yourself!
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #6 on: March 31, 2012, 12:43:50 AM »
UserA789 has a local time the same as the UK.  ???
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

UserA789

  • Guest
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #7 on: March 31, 2012, 07:31:50 PM »
Ondrej;

Honestly I'm not trying to cause problems.  My letter was simply to grab attention for things that are really messed up.  Take a look at some of the posts these so called 'Ubervangelists' have made to it.  While at first glance they seem relative, the letter covers much more than the WebRep app, but they wont focus on anything other than that.

Additionally, the support Iv encountered to date has been very under par at best.  While I understand right now there is only the main Avast team providing official support and that there will inevitably be a language barrier... some of their comments are worse than the flaming on the forum.  I LOVE Avast for the main part, but through trial and error, its become obvious part of Avast is tainted.  Personally, Id start with whoever recommended the iYogi service, as my letter states they have ALWAYS been un-reputable.  Google it and have Google look before you hired them.  Unfortunately there are companies like reputation.com that can be hired to hide real, honest problems with a company on search engines so one needs to get VERY specific now days.

The official Technical Support crew needs some American English training.  As Iv stated, a lot of the local county and state offices in my area have turned to Avast over its former reputation.  But when they cant rely on support at their homes; which a lot of them have gotten because of how well it functions on their work machines, this carries over to their 'word of mouth' opinions to the IT's they work with.

I will tell you that I am not trying to threaten you at all with the letter.  Usually I don't even let one know that type of action is going to occur, but, I felt compelled to make the problem unignorable before such an action is carried out... because I love Avast!

Now, while I have cleared up my understanding of the Web-Rep tool and what drives its ratings; consider this:  Bob3160 tours around the US helping the elderly gain an advanced understanding of Internet security (http://forum.avast.com/index.php?topic=78426.165).  I'm sure recently he has talked about the wonderful feature that should be part of WebRep in helping the elderly know if they should navigate via search engine to w website.  Well, now we know how flawed this tool is.  How many of these elderly have now been 'hi-jacked' because this tool may have rated a website 'GOOD' or even 'GREAT' and the websheild didnt catch the spyware on it?  My mom almost lost her livelihood through "MyCandianPharmacy", as the orginiating email had a faked header appearing to be from her brother, and the webshield did nothing to cath it.  My quick actions saved her from being one of their last victims.  I'm not boasting my skills here, but pointing out the webrep tool and webshield combined were, indirectly, responsible for her choosing to trust the site.

Take no offense, the web is different than when me and you started on it and the criminal element has gotten youth involved that don't understand the problems they are incurring.  Yes, mainly US youth over other countries.  Yet these folk who don't get the Internet is dangerous, not only to their machines now, but their financial well being are in essence being misled by the WebRep tool.  This tool should honestly be remanded via the next update until it has more than just user opinion driving it.

As far as the letter complaining about the 'CONNECT' feature and its inability for complex passwords; consider that I sent this as a ticket to the official Avast support.  I posted the problem on the forums.  All this weeks, if not more than a month ago.  As I cant seem to log into the support site any longer I cant tell you the ticket its on, but last time I checked, there were only two tickets running even though the information inside of these tickets had nothing to do with one another.  The point is, you're not banned from looking into this and the very poor answer I got from Avast support.  The forum was no help at all either, but I did get a better answer there than Official Avast Support.  All in all, I had perfect right to bring this up in the letter.  Now that I understand this, if the letter ends up still needing to be sent to the affected offices; that portion will be remanded.

Again, look only at this as my outright desire for a product than began so far ahead of the rest to continue that motion.  As Avast has protected me a lot in the past, I don't want to go back to AntiVir solutions that bog down my memory and/or processor.  I truly am one of the greatest fans of the Avast dream, but am not so in the dream I don't see the basic problems with some of its newer features.

With Respect,


UserA789,

1. Regarding the WebRep feature: as has been reiterated quite a few times already, the ratings you see are currently a result of a democratic voting process of the Avast community members. They do not represent the company opinions or opinions of any of our employees. We just provide the platform through which our users can cast their votes.

While it's an interesting fact that the FBI site has been voted as red, it is currently not our intention to tamper with the results in any way.

Ondrej;

Before I talk about the largest security risk in this app and sound like Im focused on that detail, Id like to thank you for addressing ALL parts of the letter, minus the support being given to some of us.

Again, as stated in my email to you, considering people like Bob3160 is traveling around the US  ;) boasting about Avast (http://forum.avast.com/index.php?topic=78426.165) to those that need the most protections out there; the elderly, as almost all scams and phishing methods are honestly aimed at them due to their trust of what they hear and see in their security apps.  One would think this would be enough to re-consider how the WebRep tool functions and why its just not a goood idea :-[.

Persoanlly, this leaves me wondering what motives would be behind such a decision  :o.  If I was enlightened to how easy it wass to manipulate one of my apps, you can bet your bottom dollar my honor and integrity 8) would have me pulling it as quickly as possible.  Especially when given the information that sites its not warning against (either by rating or resident protection) are giving people malware.  This is fact; as I can navigate to some sites I KNOW for a fact are malicous in nature but come up high in search results yet because the way the app works it looks like it would be safe to go to from its Avast WebRep rating (its not called the user WebRep rating to anyone other than those denying its culprabiliuty).

You can only rely on the excuse that its user driven for so long.  Its simple logic (theres that word again) that people are going to blame the software, Avast!, not the community that made the rating as such.  After all, when it comes to my PS3, while I know that Playstaion(SCEA) is a completly differnet company than Sony; I still blame Sony :'( for the problems it has based on branding.

@Bob3160... I really hope you paid attention to all of this, as your out there instructing those that usually cant protect themselves (http://forum.avast.com/index.php?topic=78426.0) and rely HEAVILY upon their security solutions and the tools within it.  I pray you are warning those elderly I see you coaching  about the WebRep tool and how it can lead them to sites that will do nothing but harm to their systems >:( ... and in essence their fincances as this is where a lot of folks keep their lives and 'wallets' now days.  Especially the elderly.

OFF TOPIC - as far as the comment you wonder about Bob3160; maybe it refers to an area within Camp Pendleton where are most elite units train... maybe its a freemason reference... maybe its nothing more than a statement to make your brain start looking at things.  You can pick, but I only claim it. :-X
« Last Edit: March 31, 2012, 07:33:51 PM by UserA789 »

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: ATTN: VLK - This may have to be sent to my local/ state agencies.
« Reply #8 on: April 01, 2012, 12:06:09 AM »
UserA789,

Im not sure where you are getting you idea of lack of support. These forums help hundreds of users every week, as a combination of the Avast team and other users/evangelists.

Quote
The official Technical Support crew needs some American English training.  As Iv stated, a lot of the local county and state offices in my area have turned to Avast over its former reputation.  But when they cant rely on support at their homes; which a lot of them have gotten because of how well it functions on their work machines, this carries over to their 'word of mouth' opinions to the IT's they work with.

Local and State offices, and really any business or agency, should be purchasing through an Avast reseller in their area. The resellers would obviously speak the native language very well and are there to support their customers when the need arises. Avast has a vast reseller network and no matter where you are there is a reseller that can speak your language.  If you are having issues with a business using Avast, go ahead and contact your local reseller. They would likely be happy to assist you, it benefits them to keep the business using avast so they can profit from the renewal license.

Quote
Now, while I have cleared up my understanding of the Web-Rep tool and what drives its ratings; consider this:  Bob3160 tours around the US helping the elderly gain an advanced understanding of Internet security (http://forum.avast.com/index.php?topic=78426.165).  I'm sure recently he has talked about the wonderful feature that should be part of WebRep in helping the elderly know if they should navigate via search engine to w website.  Well, now we know how flawed this tool is.  How many of these elderly have now been 'hi-jacked' because this tool may have rated a website 'GOOD' or even 'GREAT' and the websheild didnt catch the spyware on it?  My mom almost lost her livelihood through "MyCandianPharmacy", as the orginiating email had a faked header appearing to be from her brother, and the webshield did nothing to cath it.  My quick actions saved her from being one of their last victims.  I'm not boasting my skills here, but pointing out the webrep tool and webshield combined were, indirectly, responsible for her choosing to trust the site.

A good many of these fake sites are hosted on hijacked web servers and thanks to the work of Security companies like avast the web admins are notified and can take corrective action quickly. I would imagine these sites may not be live long enough to get a bad rating in WebRep.

Quote
@Bob3160... I really hope you paid attention to all of this, as your out there instructing those that usually cant protect themselves (http://forum.avast.com/index.php?topic=78426.0) and rely HEAVILY upon their security solutions and the tools within it.  I pray you are warning those elderly I see you coaching  about the WebRep tool and how it can lead them to sites that will do nothing but harm to their systems  ... and in essence their fincances as this is where a lot of folks keep their lives and 'wallets' now days.  Especially the elderly.

Bob does an Amazing job with his presentations. Anyone walking away from one of his presentations has a much better idea how to protect themselves online, webrep or not.
"People who are really serious about software should make their own hardware." - Alan Kay