To those who are not understanding what ‘this’ post is about – it is about Avast (7) polling the server while updates are off. This post is not about ‘our’ reasons for doing so, which has nothing to do with protection
@VLK: We are continuing our research and have found that disabling ‘reputation services’ has slowed the polling down, while the polling continues at less intervals. Rather than us blindly disabling things, via trial and error, can you offer any other suggestion(s)/recommendations as to what to disable to stop the traffic while ‘update’ and ‘reputation’ are disabled? --Currently with the aforementioned items disabled-- the polling has to do with “emupdate”.
The polling is attemping to ‘GET’ (download) the ‘emupdate’ without prompting or notifying the user(s). We cannot find anything in the help file for ‘emergency update’ (emupdate) or what might be enabling/controlling this. Given that none of our boxes which run Avast has ‘emupdate’ on the HDD’s, we need to know ‘what’ from our Avast installs is polling the server with these ‘GET’ request for ‘emupdate’ without obvious documentation and notification to the machines users, that this is taking place --in addition to our original concern of the program polling with ‘updates’ and ‘reputation’ disabled.
There are times when we require our network to be entirely silent. We also like to be notified, or at least have documentation as to why a program is reaching out over our network; and a way to disable it should we need to do so.
Once again, this post is not about Avasts’ ability to protect, it is about the network traffic generated by Avast (7).
This is a relatively new feature - the avast! emergency update, is a scheduled task, but it shouldn’t run that frequently (a couple of times a day I think), I know it runs shortly after boot on my system.
@DavidR:
Thanks you. The Avast (7) install is polling/requesting, via http ‘GET’, to download ‘emupdate’ --it is not, as we understand it, ‘emupdate’ itself --unless, after reading VLK’s explanation of the “Emergency Update (push) feature”–, ‘emupdate’ is a server-side process. If ‘emupdate’ is a server-side process (pushing), the user should very well have the option to turn the receiver off/on as they see fit; as is currently our case.
In this instance, it is not about protection, it is a network (traffic) concern. The short version of this entire topic is, without using a firewall, we need to stop all polling to/from the Avast (7) application and its associated processes. How can we do this at the application level?
No it isn’t an update as such but a check to see if there is an emergency update available. If so as an avast user I don’t know if it would be push or pull by the AvastEmUpdate.exe process. But it isn’t envisaged that an emergency update would be a regular occurrence.
Whilst currently there is no UI setting to disable it - The second quote that I gave is from a topic which talked extensively about it.
@DavidR: We thank you again. … Depending on how close you are with the project (Avast) ‘Free’ or otherwise, are there any plans to address this type of concern? – i.e. to allow the Avast product to continue and provide AV protection while allowing the end_user or administrators to kill the network noise when needed --for other unrelated issues.
I’m an avast user like yourself, so I’m not really privy to interface changes or policy. So I don’t know if there is any plans to allow the feature to be disabled either in the UI or via an .ini file switch.
Vlk is an avast team member, the Chief Technical Officer.
allow the Avast product to continue and provide AV protection while allowing the end_user or administrators to kill the network noise when needed --for other unrelated issues.
It's the same as asking avast! to knowingly allow you to run avast! partially crippled and thereby exposing you to
increased security risks.
Doesn't make much sense to me. It would also mean that Avast is condoning the fact that you are at risk when that same risk is preventable.
I would call such a move on their part "Security Malpractice".
Somebody correct me if I’m wrong but I was under the impression that the file reputation service was for just that, files, and that web site reputation was checked by the Web Shield and WebRep if you use it. If a site is known to have hosted malware, it gets blocked by the Web Shield.
I hope that the file reputation cloud service does not require WebRep to be active. I thought they were completely different things and that the file rep service applied to all files, not just ones coming from the web.
Point, but that’s why I use Firefox, and only permanently script permission a select few sites, Yahoo does not get permanent permissions. Not even Google.
[quote="colwarg post:18, topic:669626"]
I don't want to cripple it, I want it to update when I tell it to update, and that's when I'm _NOT_ using the computer.
[/quote]
Well, I understand what you are saying, but I'm afraid it doesn't make much sense for me - what's the point of having an updated antivirus when you're not using the computer?
The moments when you [b]are[/b] using the computer, that's when you need to have it updated.
I expect the antivirus to be updated as much as possible when I'm using the computer, so it should of been updated already the previous night. It's the difference between changing your oil before the road trip to changing the oil while on the road trip. :o
It's the difference between changing your oil before the road trip to changing the oil while on the road trip.
What you’re not realizing is that avast! has the ability to remove the impurities that are added to your oil while you’re driving
and you’re preventing that from happening there by allowing the viscosity of that oil to break down faster than it should.
Simply put, any antivirus product should be allowed to automatically receive definition updates as soon as they become available. Otherwise, it’s being crippled in it’s effectiveness.
I am honestly enraptured with crossing this topic here, as "Non consenting Home Phoning ", for whatever “reason” it might be, is an eternal Internet annoyance. I am delighted that my “Brothers in Arms” - End_User and colwarg, perfectly pointed on Avast excessive activity, certain “misbehavior”, one of common policies within software programming hidden world.
“Free” users actually have no right to reprimand Avast, in spite of its arbitrary, somehow invasive home-chatting behavior. I do like abundance of customizable functions, where the best one is handy and quick shields control. The worst one, nonexistent function is that you can’t make it quiet. Here I miss old good practice, when pack of AV definitions we used to download manually, without “nasty punks” calling home, who knows why and for what exactly.
Good security can be maintained, as in a WWII Atlantic theater, with total radio silence. I wish my Windows PC would be silent to “Internet Ocean” as a submarine in a war zone. AV software should work more like sonar, which only announces potential threat to me and all decisions are left to captain - me again.
A rule of thumb for any good software is that it should offer full customization for advanced users, with no auto-deviations from “orders”. For that I would be willing to pay in gold. Whether AV Companies like it or not, your/their software is secondary defense line. Primary defense are strict NTFS security settings with recommended work in Limited User Windows environment, supported by extra configured Firefox add-ons NoScript and AdBlock+, running in sandbox eventually. For email client use Thunderbird and that’s it.
In the world and Internet particularly, where no one can trust anyone, including own governments, persistent AV software dubious umbilical and hidden traffic with home servers are suitable tools for all kind of “extra activities”.
@FerisH
The best thing you can do is go back to using an old fashioned typewriter and adding machine.
Internet access and connecting you to it to keep you fully updated as to the latest threats is imperative
for all security programs.
If you’re looking for anonymity, then the internet is the wrong place. There is no privacy in this modern world.
@bob3160
It seems as you can’t or don’t want to understand what me and other two guys are talking about. If Avast, aside of other excellent customizable settings, offers manual update, I do expect this literally, no arbitrary auto connections at all, total “radio silence”.
Let me emphasize again what is here irritating in general, not about Avast only - it is programmer’s intentional malignant unwillingness, to let off hidden umbilical with their software, once it settles on other people machines.
And no, I am not looking for anonymity; I despise stalking like tracking of any kind. Programmers are addicted as kind of junkies to these extremely aggravating policies, simply because they can. Microsoft is one of world leaders and not even the worst.
First off, there is nothing "malignant " in a security application receiving automatic updates. In fact is is very much to be desired. Only having manual updating of an anti-malware application is , to put it plainly, foolish.
@RE to Dch48
It is interesting how undoubtedly intelligent people do not understand certain concept. Nowhere I mentioned or marked automatic updates malignant. Once again Avast has excellent UI with lot of custom options, where shields control is superb. Subject is on manual update control, which is not exactly as declared and expected.
When my (custom configured) Windows XP load completely, there is no single ping or any other outgoing traffic to Internet and such silence remains until I start with certain activity. With Avast, even set to manual, there is constant outgoing traffic. I was experimenting with IP blocking, when blocked on one IP it switches to another one and this “game” goes on. Let me emphasize, this is not updating traffic, which is set to 1440.
Arbitrary hidden outgoing auto-traffic, benign or malignant, is what annoys me. Avast is not the only one, nowadays every piece of newer software is “noisier” from previous version. And this has nothing with eventual desire for anonymity as respectable @bob3160 commented.
To summarize, unwanted and excessive outgoing auto-traffic, whatever reason it might have, is unacceptable and understood as malignant “Unconsenting Home Phoning”
I can only explain the extra traffic as Avast checking the cloud services for possible new detection signatures or file reputation. MSE has done the same things since it’s inception.
If you haven’t found a satisfactory solution to your problem, you might inspect your Scheduled Tasks folder for EmUpdate additions. After a fresh install of v7.0.1466.549, I was surprised — and disappointed — to find that Avast! had added several new entries.
Dch48 is correct. For avast! to continiue to be one of the best products, it has to use cloud services for it to work properly, streaming updates, file rep, whitelist / blacklist, autosanbox, etc. all need to communicate with avast!
