Hi to the Avast team
It seems that there is no special place for bug reports, so I post this message in the general forum
The config :
WinXP SP3, Firefox 3.6.28, Avast Free 7.0.1466
Firefox is run under a limited account (member of the Guests group) through a RunAs command
Before Avast installation, the Guests group (including this limited account) has been set to :
NO READ/NO WRITE access to C:\Program Files* (except C:\Program Files\Mozilla Firefox* for the limited account)
This is done by editing NTFS permissions of the ‘C:\Program Files’ folder
These permissions are automatically inherited to C:\Program Files\AVAST Software*, when Avast is installed
first case : Avast is installed with File shield only, Firefox is able to start
second case : Avast is installed with File/Script/Behavior shields, Firefox won’t start (csrss.exe gives an error dialog)
In the second case it seems that Firefox tries to load some Avast DLLs
but fails to do so because Firefox has no read access to C:\Program Files\AVAST Software*
As a consequence Firefox completely fails to start
My solution :
Uninstall Avast > reboot
the ‘C:\Program Files\AVAST Software’ folder is still here (and almost empty, I empty it completely)
Edit NTFS permission of the ‘C:\Program Files\AVAST Software’ folder : adding a read access permission for the limited account
Re-install Avast with File/Script/Behavior shields > reboot
Now Firefox successfully starts, and loads many Avast DLLs from the ‘C:\Program Files\AVAST Software\Avast’ folder
I think it is a small bug that Avast don’t install its files (the one that are to be injected in other processes)
with custom NTFS permissions : read access for everyone
I’m using Firefox 3.6.28 which is far from being the last version.
(by reading this forum, the script shield does not seem to support the latest versions of Firefox :'()
I use Avast 7.0.1466 (not the last : 1473), but there is a very low chance that
the NTFS permisssions for the Avast files would be set up differently in 1473.
I think I’m not using the very last version of Windows either :
I just forgot to say that during the test I’m logged in Windows as an admin,
and doing a ‘RunAs’ on Firefox with a guest account.
This problem is very unlikely to occur to a lot of people, since very few of them, if any,
change the NTFS permissions of the ‘C:\Program Files’ folder…
However anyone with some knowledge could test this issue with any browser and any version of Avast :
0. Check that you have at least the 3 shields : file/scripts/behavior installed and active with their default config in Avast
Disable Avast self protection (this should be enough to change NTFS permissions without uninstalling Avast)
1+ . Maybe reboot so that Avast self protection will be really and completely disabled
Right click ‘C:\Program Files\AVAST Software’ > Properties > Security tab >
‘Add user or group’ > select the Guests group : deny ALL access (so no read access) > Apply
2+ . Right click a DLL in the ‘AVAST’ folder to check if the Guests are really denied any access to it
Re-enable Avast self protection
If you don’t have a guest account create one
Right click your browser executable : ‘RunAs’ with this guest account
The browser should fail to load the DLLs in the ‘Avast’ folder, and thus the browser should fail to start.
Better to clean up the NTFS permission you added to ‘AVAST Software’, and the guest account you might have created
And am I right when I say that there is no dedicated place for bug report on the forum ?
As a conclusion, by now Avast is the best free AV I’ve found (reliable/modular/configurable/non-intrusive),
and I hope it will stay this good in the future
I should have written :
after reading some threads in this forum, I learned that the Avast Script Shield does not always work with some Firefox versions 12 and up.
Reason I ask is because urlquery dot com makes it a point to use such insecure and obsolete software to find exploits in infected websites
You are asking me if I use an old Firefox so as to detect malicious/infected websites ? Response is no.
The reasons why I use the last version of the 3.6.x branch of Firefox are numerous
(ressource usage, extensions incompatibilities, the fact that I’ve 0 problem with my version…)
3.6.28 is not really old : 6 march 2012
I could use Firefox v10-ESR or v17-ESR (I did not know of Extended-Support-Release versions until recently)
For security : I don’t rely much on Firefox itself, but on security apps like Avast/Comodo/Noscript
and system configuration (running Firefox under a guest account, DEP, etc…)
But the small problem I’m talking about in my first post should affect some more recent versions of Firefox.
I say the problem is small because it will only affect people who have changed
the default NTFS permissions of their ‘program files’ or ‘avast software’ folders (very few people probably).
Keep in mind I’ve solved the issue for myself, I posted it in case someone stumbled on the same problem
and for the information of the Avast developers.
Currently my Script Shield gives 904/0, which shows that it works as intended.
(For curious people there is an history which is somewhat related https://bugzilla.mozilla.org/show_bug.cgi?id=733892)
