Okay…now that your paying a little attention, this is not quite the rant your looking for. This is simply for Alwil’s ability to be taken seriously as a BUSINESS’ security solution provider(a provider to REAL business’).
For consumers, sending them to pretty much ANY outside source to download an app is the accepted standard. Thats fine. It helps keep the costs to the consumer at an affordable level, while allowing them to experience “corporate” quality protection. YAAAY!!!
I personally, as a registered AMD Solution Provider(Business Server Class Products as well as Home), am a little put off when I am browsing the ‘Business’ or ‘Office’ side of a website and I am sent ANYWHERE else for well…pretty much anything. To me that states that even though they enjoy the working relationship that our two entities have established, they are not quite as dedicated to insuring FULL support to a business. They appreciate that I put my faith in them as a Solution Provider to my bsiness but be ready for incomplete support as ‘we cant even garuntee your download from us.’
Again Avast Team…this only refers to your abilities to be a TRUSTED Solution Provider to REAL business’. Im sure that PLENTY of business owners DO get their initial look through CNet (http://www.downloads.com). It is a great advertising engine for MANY software vendors, but when a business owner, or working IT professional on the clock, is on Avast’s own site, please dont redirect us anywhere : …even for the download…at the very least sync(direct ftp link or something) the link so we can just pull it that way instead of being sent away from the information we are reading concerning your other business class products.
Thats all. Thanks again for a kick *** application though!!!
…still dont like the flash, what if Im running this on a m flashless enviroment for OTHER testing purposes, now I cant see data I am most likely VERY interested in. Just to please you guys ??? …until that gets fixed my testing machine cant run this.
Assuming that a download is properly signed (in my experience, Avast always has been), and that users handle the file properly afterward (i.e., make it unwriteable by the account hosting the browser, then check its signature, then install it), there’s no security reason not to mirror it elsewhere.
You are taking me wrong…this is NOT about the security of the download, its the look this gives to more than just an Internet business owner. Alot of us have been BRUTALIZED by nameless (TWC!!!) giants for so long now nad we got sick of it. The LOOK a company provides now when on thier “Corporate” side of the web site is a CLEAR display of ANY support you might get. Go and try and get real support from the nameless giant I stated…you cant, you end up talking with someone who cant do anything, or maybe just wont…and could honestly care less about your problems, and yes this is the business side not home.
What is of concern to me is that the 5.0.396 downloads from CNet, Major Geeks and freewarefiles.com are all different file sizes and have different MD5 sums.
CNet 43,550,760 bytes Signature 29th Jan 2010 4:39:02 PM - Marked OK
MajorGeeks 41,461,352 bytes Signature 29th Jan 2010 4:38:38 PM - Marked OK
An individual Avast scan of each of the above packages says 2 files scanned.
Freeware.com 41,461,360 bytes Signature 29th Jan 2010 4:38:38 PM - Marked Invalid
An individual Avast scan of this package says 3 files scanned.
I always prefer to download security software direct from the manufactures site to avoid just this issue.
Why is the install files from CNet and MajorGeeks so different in size?
Interesting to see the comment about download.com’s delay in updating … at one time they were notorious for offering out-of-date versions of way too many apps, and it looks like that hasn’t changed.
(Edit) In fairness, though, that is where I first got the installer for 377 – admittedly, the first place I tried since it was the first for which a link was posted here somewhere.
Very interesting. Does Windows think that the different downloads' digital signatures are valid? Do they have the same signing date?
zerospam,
As I said in my previous post the digital signature of the file from freeware.com is marked as Invalid by Windows XP. The signature date and time of this file is the same as for the file from MajorGeeks.
The signature date of the CNet is the same as for the other two, but its signature time is slightly different.
Incidentally, the counters show there has been 409,629 downloads of the file from freeware.com!
I’m sorry, I misread your message. Certainly no one should install anything that lacks a valid digital signature (computed using sha1, not md5) from the correct signer. It sounds like there’s been corruption or an attack. Note, however, that downloading software directly from its publisher does not guarantee immunity from corruption or an attack. Always check the signature.
The signature date of the CNet is the same as for the other two, but its signature time is slightly different.
Do both purport to be signed by Alwil? What signing algorithm do they use (check digital signatures/details/advanced/digest algorithm)?
The screen shots, 2 with this post and 1 which I will attach to a subsequent post show the details for the three downloads concerned.
In the case of the file with the invalid certificate, I would not have thought that straight corruption would result in an avast scan saying it had 3 files, compared to the other two with 2 files.
My main point incidentally is the inconsistency in the files available for download perhaps introduces yet another factor Awil have to consider when looking at why some have problems when others with similar setups don’t.
Again, when I purchase as a consumer then send me to whoever is helping spread the word…on other words:
make your cake.
However, it really says POOR things about your relationship with business clients when this happens. What if they get infected by trojan/redirect via the download. Even though thats realy Alwil fault AT ALL, who do you think the IT pro is gonna blame
…Im just saying 8)
BTW…it is VERY strange the differnt sizes when SO CLOSE together.
Yeah. It is always a concern of mine that obtaining any legit software from a 3rd party host could potentially, albeit not at the intent of the developers, introduce ‘extra’ stuff that we like to call spam. Typically a 3rd party host will package the deal with some other advertising medium for whatever reason. While this usually isn’t a serious threat to security, it is an annoyance. Especially if it is forced upon us during install. If I am ever FORCED to install another yahoo.com toolbar or ask.com search box, I will blacklist that particular host and it’s IP will be uploaded as a viral threat to every agency known to man. I simply will not tolerate that type of bloating. So long as the installer provides an option to disable the extra software and make sure it is not installed without my permission, then we can remain friends.
I have recently gotten into the habit of using some great free tools:
I did some hunting and ALWIL is hosting the files on their own servers if you want it directly from the horses mouth. ALWIL is not giving out links to their own servers because there is no way they could ever stand up to the load as the demand is so high. Download.com claims Avast 5 Free was downloaded 1,177,946 times last week! Its hard to believe but possible. IMO they were very smart not to even try and host the files themselves. Without further adieu here you go!
The file size, signature date & time and Md5 sum exactly matches the file downloaded from MajorGeeks.
The Md5 value for both these files is bae19e7f87f55674becd9967716792fe.
I don’t have any real issue with outsourcing file distribution, although I personally prefer to source from the authors site where possible, and I certainly appreciate the load that is placed on download servers when a new version is announced.
Again, the main point of my posts in this thread is that some variations exist in what people are downloading from the various sites, including one where the signature is not valid, and this might be a contributing factor in why some have experienced problems others haven’t
THANK YOU!!!
I just went to try and re-download the IS but got broswer jacked to some app for ‘jehovah witnes’'??? on the CNet download…man, whoever Vlk is taking advice from right now needs to put the light bulb down and step away from the lighter. :o
Seriously, if everyone else was putting a porn dialer in their application just to be cool as the next guy…would you VLK? :
Just cause a bunch of people swear that flash CANT comprimise the product dont mean their right. Im reinstalling from either an infected rework of Dune 200 I found on the net…VERY SUSPECT OF BAD CODE, walked right past Avast and initiated Win7 FW query???
Anyhow, Im still buying it but I hope someone pulls their head out for either the download site(s) or at least something as infectable as flash calls in my security app!!!
Are you serious? I mean, are you saying that your browser got hijacked right on download.com? I mean, that’s somewhat hard to believe, given the huge exposure of this site.
I mean, the ads they host are sometimes pretty nasty but other than that, we have never really heard of any problem like this. Plus their download speeds are marvelous now since they switched to a new CDN provider.
Unless they started letting people disguise the ads as download buttons with Avast written in it, I click, then Im on a page that looks the same but wanting me to download some ‘feildbible’ app…so you figure out what happened. Im just happy its available from the source.
The direct download links are now also part of the website:
Free AV http://www.avast.com/free-antivirus-download#tab4
Pro AV http://www.avast.com/pro-antivirus#tab4
IS http://www.avast.com/internet-security#tab3
VLK,
These links (the Free AV one at least) still puts the download through CNet.
As I have stated before, I don’t have a problem with downloading from CNet, however the file “setup_av_free” (selected English version) from that download is 43,550,760 bytes, which is significantly different from the one able to be downloaded from
…even for the download…at the very least sync(direct ftp link or something) the link so we can just pull it that way instead of being sent away from the information we are reading concerning your other business class products.