A few questions regarding Avast

Hi all. Firstly a BIG sincere thanks to all the people who made Avast possible and who keep it going. I changed from Norton to Avast… and ask me the difference!

I had a few Qs regarding avast, and thought it better to post them together rather than start separate posts.

A> I do not use outlook, only web-based (yahoo & google) email. Can i permantly switch off AshMailserv or do i need it?

B> ashWebserv starts at startup, even when i have not switched my net connection on. Is that required?

C> ZoneAlarm shows that ashwebserv is listening to port 12080, while Firefox is listening to port 1262, 1264. Am i really protected then? On-access Control though shows that ashwebserv is scanning the files in the recent url’s.
{Note: I am using ZoneAlarm free (v6.5.737) with no privacy alerts, and face no compatibility issues with ashWebserv.}

D> What should i set the “configure how firefox accesses the internet” as?
Direct connection to the internet OR auto-detect proxy settings (Currently chosen) OR manual proxy configuration.

E> I have chosen ‘manual updating’, Can i somehow turn off aswupdsv.exe from running constantly? It was not running by default till i updated to recent version. Cant seem to be able to disable it from Services now.

F> I manually update the definitions once in 4-5 days. The size comes to abt 80-120 KB for each day. Is that much new virus definitions added each day? Because Avast says its only incremental updating, and my 400.vps size is only 17MB. I mean it should be more then, if daily virus defs are 100KB each.

G> Is it ok to be updating virus defs once in 4-5days, or absolutely imperative to have auto-updating? Actually, i have set all programs to ask for permission before accessing net (using ZA), except for ashwebserv, and would like to keep it that way, unless vital.

I know thats too many questions to ask at one go, so apologies for it! :slight_smile:

PS: Is it given anywhere how & why the people keep Avast as a freeware prog. I done find any adware within the prog. I mean when compared to the prices charged for softwares like Norton, and their Shylock like concept of annual subscription fees.

A. Leave the Internet Mail provider running in fact I will go further, set the sensitivity to High. If you use web mail it will consume little resources, but what it could do for you is alert you to an undetected spambot (with its own very small smtp client) on your system sending out spam. e.g. too many identical emails in a time period.

B. Yes you don’t want to have to manually start the web shield before you connect or worse still after you connect, or even worse forget. It costs nothing to allow avast to start it shortly after it starts as those with broadband have always on connection shortly after boot.

C. The web shield redirects port 80 to localhost port 12080 and that is what it listens on, so firefox listening on those ports , is outside the web shields control but it doesn’t diminish the protection. You should also notice that these ports are localhost:loopback ports and not an issue.

D. You shouldn’t have to make any changes to firefox, avast Program Settings, Update (Connections), Proxy button, here you can select Direct Connection (no proxy), only if this is true, e.g. you don’t have to connect to the internet through a proxy (your ISP could require this). This is for updates only and doesn’t know or care what browser you use.

E. I have absolutely no idea why you would want to do this ?
It is best to leave them as per the default settings, the auto update of virus signatures only downloads incremental updates and can be counted in KBs rather than MBs, even on dial-up (as I am) it takes no time at all.

F I see absolutely no point in updating every 4-5 days you wan’t the latest signatures when they are available to provide protection against newly added signatures.

G. IMHO crazy.

I have been using avast for four and a half years there is absolutely no adware.

Hi. Thanks for that detailed and informative reply David. You really seem to be an uberevangelist! :slight_smile:

You have really solved the queries i had.

A,B,C & D> I have implemented whatever you had discussed.

E> I am outting my ghastly truth. Am running WinXP-SP2 on a 128MB RAM machine for the past 3-4 years! I know the obvious answer, but i just want to see how long i can keep it going with that. {IMHO if u think thats crazy, then read my prev post, till few months back i had been running Norton System Works on top of that!! :)}
So i keep auto-access off for most programs basically to prevent RAM use spikes, rather than to save on downloads.

F> unanswered…

G> I would do that, but is updating the new defs the same day so vital? I mean i dont forget to update in 4-5days max. (Plz dont take it to be stubborness, just wanting to know whether keeping auto-update option on is so crucial.)

Ending with a thanks again for the previous post.

Hi CHim
since avast’s updates are incremental you will use roughly the same amount of time/ bandwidth to do them in small batches as to do them manuall
are you running some real time application where the very process of updating would throw off your timing?
Otherwise I’d go for the incremental updates
which
BTW
also REMOVES false Positives or whitelists them

thanks for your thoughts in the other post

Thanks for that reply wrymrider.
As i said, it was not the download size i was talking about. The process of avast accessing the net will take cpu time. And whenever i manually update, AshSetup runs after the dl is complete, which takes up cpu time for quite a significant period (abt 30-40 seconds). (That may be because of my low RAM).

Btw, you are confusing me with CHim on the other post. Thats another person!
I will not be turning off AshMail now after David’s reply regarding smtp bots.

E> Well with a restricted system you don’t mention the CPU either, I would still say that leave the auto updates as the default as the memory saved would be negligible as it doesn’t use much until it actually download and processes the update and the same would be true of a manual update and possibly worse as the downloaded element would be larger. The auto update also has a CPU restriction trick to it where it doesn’t allow the CPU % used to exceed 30% this still allows you to get on with other things, the manual update has no such restriction.

Memory is relatively cheap and easy to install and you would really notice a difference in your overall system performance and responsiveness.

F> was most certainly answered I see absolutely no benefit in this policy and you put your system at a greater risk if you implement it, that simple. The size of the 400.vps is irrelevant as it will over time increase, it is on your system and the increments may also modify existing signatures within that file. I would also think that that file is very optimised for speed of access, etc.

G> it could mean the difference between an infected/compromised system and one that isn’t infected/compromised.

What you have to ask is not why it is so crucial to have auto updates set, but what benefit you get from doing a manual update every 4-5 days and why you need to do it given the answers we have already given.

Your system your choice.l

Thanks for the prompt reply again.

After your informative posts, i think auto-update is the only real option. I hope i dont need to do it from an admin account only, as i mostly run my comp under a secondary windows account.

F> Dare i say, still unanswered. The Q was basically as to why the daily virus defs amount to ~100s KBs. A very naive question but cant they be simple text files, or they need to have code in them.

The size of the daily updates (sometimes 2 or 3 per day - but not too often) varies quite a bit depending on what the alwil team is adding. My vps update this morning was only 5 or 6 K. The size depends on what is being added… sometimes just corrections to false positives.

The 400.vps is encrypted (and possibly even compressed) as otherwise the signatures contained in it could be detected by other security applications, e.g. anti-spyware or on-line virus scan.

So the files being downloaded I would say are also encrypted and avast has to verify the integrity of those files (that is where the processing effort comes from) and then incorporate (install) them into the 400.vps file, so they aren’t simple text files.

:o Whew! Your reply had me going there for ½ a minute, wrymrider. I took a leisurely stroll in here. Then I saw you were replying to me. And I was, “What? I posted something on this thread? It doesn’t sound familiar.” There I was scrolling up and down to find what I had posted. Then as per cimmind’s comment, I realized that yes, Chim and cimmind could easily get fused, confused and swapped in our brain. ;D No Biggie.

But, what the heck since I’m here, I might as well echo the rest of you all’s stance on this issue. I myself am most definitely on the bandwagon of Automatic Virus Signatures Database Updates as soon as they are available, as quickly as they can send them our way. I certainly wouldn’t want to wait 4 or 5 days. I mean, just imagine if the Automatic Option WASN’T provided by avast!. What if there was a Super Virus making the rounds and the normal routine was that we had to WAIT 4 or 5 days to get the Virus Database Update? Our computers would get infected. So, since we DO have the great luxury of avast!'s smooth, Non-problematic Automatic Updates option, I see no sense, no logic in why NOT to utilize it. The alternative is just wayyy too risky.

Lucid discussion and immaculate logic by all regarding auto-update.

Btw, my Q about updating under admin/secondary account got missed. When i tried today, the iAVS update worked under the secondary account too (which was not happening earlier). When i checked the folder security properties of the avast folder, the permissions of ‘DATA’ folder had got enhanced to Full control (and ticks for all else) for “Everyone”. I reduced that to full control for “Users” only. Did a update again (obviously it showed protection already upto date). When i checked again, the permissions had agin got enhanced to full control for “Everyone”.

While this is indeed making it easier for me, by permitting updating under my sec account too, i hope this is not a security risk in itself.

As far as I’m aware the VPS (signature) updates are fine under a limited user account, though I believe program updates require you to be a member of the administrators group.

I have no idea how this plays out in Vista with UAC, etc.

RAM is the best investment you can make!

Crucial has a memory scanner and recommends RAM upgrades and the price:
http://www.crucial.com

On Vista, manual updates of both program and virus database require UAC confirmation.
Automatic updates are run without the user interaction (through UAC), at least for virus database.
I’m so impatient to wait up to 7 days to automatic updates for program… I run it manually before and UAC is invoked.

Thanks Tech.