Version 5.1.889 as well as the 6.0.1000 seems to carry a “security hole” !
Indeed, it is possible to “kill/terminate/abort” the service “avast! Antivirus” (process: AvastSvc.exe) without any problem ! And this, even if the interface is totally password protected !
This leaves the system with NO protection !
Moreover, once this service/inactive or stopped process (cross by the Avast orange ball), if you try to reactivate the “protections” thru a right click, the access to the control module is denied (wrong password) !
In fact, thru Task manager >> Services, you can gain access to avast ! Antivirus (belonging to AvastSvc.exe) and stop it !
But you can’t kill AvastSvc.exe from Task manager >> Process : Access denied !
So I don’t really need help on this, but I (as well as everyboby, I guess) would like to get fixed.
I don’t want anybody nor “anything” to mess with the security settings.
You can stop the Avast! Antivirus service from Task Manager just like you can stop the shields from the GUI. But you need an authenticated admin to answer the popup below in the affirmative in either case. I could also restart the service from Task Manager. After answering “no”, I got the second popup next time I tried. You can also kill the GUI, but it does not affect the operation of Avast!
As far as I’m concerned, I don’t get that “unable to stop service” windows even after x numbers of trials, with V 6, but I do at the second shoot with V 5. And I did experienced this on different configurations and Win versions. Which means : random problem/behavior !
So, what should be the normal behavior, is to get that “unable …” msg in the first place, cause the system protection MUST be only controlled thru the Avast GUI. And like you said, even if the user kills the GUI, it does’nt affect the whole security process.
Like I said in my msg, I killed it using task manager … and since the “avast ! Antivirus” is linked to “AvastSvc.exe”, the service goes into a “stopped” state.
And once again, I don’t need help on it, but this to be fixed !
Hi sded,
Yes, with V 6 I do get the first one and answered YES.
Even answering NO, and keep trying doesn’t change anything at all; I can stop it at every shoot if answer is YES.
Here is the comment from Avast French international forum zone :
Quote - tout le monde est au courant depuis longtemps donc ils ne sont pas spécialement en train d’étudier le problème en passant tu peux volontairement arrêter les services mais pas tuer le processus directement, tu me diras l’effet est le même mais bon c’est vrai qu’ils n’ont pas jugé utile de protéger les services. De toutes manières le mot de passe est une barrière futile faite pour rassurer et empêcher les gosses de faire des conneries. Un adulte averti n’aura aucun mal à passer outre, même pour accéder à l’interface seulement. Un posteur l’avait démontré il y a plus d’un an. Avast le reconnait et ils s’en foutent lol. – unquote.
Gee ! What to think about it ? It’s hard to believe this is true !
In fact what’s coming out of that post is : known problem, unsolved because Services protection is considered as useless, and Avast team doesn’t care !
it’s expected behavior, imho. If you answer Yes then it’s obvious that you want to stop the service. And theYes/No dialog has to be clicked by a human (it’s not possible to automate the click).
You’ve got to laugh or you’d cry! : This seems akin to folk that run a leak test to test their firewall and then declare that the firewall is rubbish after allowing the process access to the Internet when prompted by the firewall ;D If you have admin rights and stop the process then what do you expect? ??? Sounds pretty much like like scaremongering to me.
I live in the sticks, plenty of hillbillies around…some of them actually do that…yet somehow, natural selection fails…either that, or they out-breed natural selection, like mice.
@new Mod (congrats on your “appointment”, wow, you actually moved a thread, have not seen that much here ): Thanks for explaining both the obvious…
Of course a human can disable Avast while having control of a computer.
There can be a number of reasons for wanting to have this feature in the Security Software.
As far as stopping the service through an internet attack without having control of the computer’s desktop it is not possible.
Of course I imagine if some computer genius spent enough time trying to figure out how to disable Avast over the internet without gaining control of the desktop he/should might eventually be able to come up with a way to do it.
As Willie Sutton the great American 20th century safe cracker said. There isn’t a safe in the world that a safe cracker given enough time couldn’t break into without having to blow it up or torch/laser into it.
Sure ! But then what is the interest of having a way to password protect the interface and the modules ?
You gonna say, to prevent ugly users to mess with the settings. Good !
But what about leaving that ugly guy totally stopping the overall protection.
Sounds to me like a backdoor to get around that desired system protection.
As a Sysadmin, you can give people “admin rights”, for whatever reason, but not wanted them to fool with some security settings.
you already posted that in the French section and I already answered you. There’s no security hole, period.
edit: just on a side note, IIRC Comodo does just that, protect the shutdown of services with the main password used for anything else in the interface. You’re also prompted to enter this password again if you want to uninstall. But, again, it’s all about password implementation, and it’s been demonstrated a few times that they’re easy to circumvent.
A trojan would have to go through too many steps I guess before it can stop services… not sure about that. Now if you’re talking about a hacker with local access, there’s not much Avast can do for you ;D
This seems akin to folk that run a leak test to test their firewall and then declare that the firewall is rubbish after allowing the process access to the Internet when prompted by the firewall ;D If you have admin rights and stop the process then what do you expect? ??? Sounds pretty much like like scaremongering to me.
): Thanks for explaining both the obvious…