I recently installed Wireshark onto my laptop, and in testing it I found a number of addresses were taking a lot of traffic (23% of total outbound traffic) from me.
I Google the addresses and followed various links.
I found that VirusTotal.com suggested that that a number of virus/malware were reported to be delivering payloads to these servers.
Giving their testing as follows;
Antivirus Result Update
DrWeb Adware.Iminent.98 20151107
Malwarebytes PUP.Optional.1stBrowser 20151107
Avast not detected 20151107
So I made sure Avast was up to date, started a Bootup scan - with nothing detected.
Uninstalled Avast IS and installed AntiMalwarebytes (free) and immediately found a number of issues including the above.
So why is Avast not detecting these malwares ?
For interest the server IP addresses were
23.64.99.144 belonging to Akamai International B.V. based in the Netherlands, although server may be in USA.
8.253.70.30 belonging to Level3 Communications in Los Angleles
23.215.61.80 also belonging to Akamai but listed as being located in London with postcode WC2N 5RJ (Ministry of Defense??).
I have (hopefully) blocked these addresses in my Router, but the question remains why didn’t Avast detect this Malware ?
So I made sure Avast was up to date, started a Bootup scan - with nothing detected.
[b]Uninstalled Avast IS[/b] and installed AntiMalwarebytes (free) and immediately found a number of issues including the above.
Malwarebytes is not a replacement for antivirus, there is a ton of stuff MBAM will not detect
MBAM is a good additional program to run alongside your residential AV service. I run a combination of Avast, Adguard-beta and MBAM premium. You cannot do without a first-class residential AV solution like Avast, you cannot do without a good Adblocker (Adguard or uBlock origin) and without a program like MBAM. I also like the additional alerts I get from Browser JS Guard extension inside Google Chrome browser, it also blocks some that the other three programs may miss.
So its my own fault that when Avast IS says “You are protected” and “Smartscan scans everything” I assume it isn’t lying and I should know that I also need a second application to deal with the stuff Avast hasn’t picked up on ?
I mean 23% of my outgoing traffic was being generated by “unwanted programs” that Avast didn’t pickup, that is not an insignificant amount of data leaving my computers.
So in summary - Avast EPS doesn’t work with Windows 10.
Avast IS works with Windows 10 but doesn’t detect stuff that a freebie application does pickup.
Windows 10 Defender doesn’t appear to do anything except report back to Microsoft Spynet even though you tell it not to.
Security starts and falls with what the user knows, not with any application.
The most made mistake is to use a user account with administrator rights for daily things.
Use a limited account and only use administrator rights when it really is needed.
If malware get on a system it will/can have the same rights as the user that is logged in at that moment.
Is avast (as well as others) lying ?
It is just a matter on what you know and how you look at it.
All anti-malware tools are limited.
It is not possible to create one tool that can detect/prevent/cure all malware.
Doctors can find find/develop a cure for a disease that is not yet known
And have a look at how many new malware appears each month…
Give or take a few, that is 400.000(!) new things a day.
I mean 23% of my outgoing traffic was being generated by "unwanted programs" that Avast didn't pickup
Did you had PUP detection enabled. If not, that can be why avast didn't alerted you about them.
Yes you do need multiple “layers/software” for protection.
A good combination is :
I appreciate what you are saying and I guess I am peed off at Avast for the lack of response on the Windows 10 farce. And yes detecting Pups is enabled.
The AntiVirus software can only find stuff that it has been told about. So I expect there may be a delay of a day or so for new risks. However if MalwareBytes knows about it for almost a month and Avast still does not then there is something wrong.
I have the following setup
Netgear ADSL router with medium firewall and NAT enabled. DHCP and uPnP are disabled.
Netgear Cable (Virgin fibre) router with low firewall and NAT enabled. Anything higher on Firewall and nothing seems to work. DHCP and uPnP are disabled.
Virgin Media area is over committed and unreliable, when it gets to run for more than 15 mins I get about 9Mb instead of 100Mb.
So this is going to be replaced with a second ADSL line and router.
Now I have a new Load Balancer with medium Firewall and NAT which will be modified slowly to lock down the comings and goings. This is where the spurious address are now locked out in both directions. Also some devices that I have do not need access to the internet, so they are also blocked from accessing the WAN interfaces.
Network analyser port mirrors the two WAN connections.
Then I have a TP Link WiFi router with medium firewall and NAT. DHCP and uPnP is only enabled on this device. Most devices that access the WiFi (soon to be all) are locked via MAC address.
Then Avast EPS running all RealTime shields on File/Backup and Media servers also disk scans around midday. Plus Windows Defender which seems to be a waste of space and difficult to disable/remove. And as of now MalwareBytes set to scan overnight after the backups are completed.
Then Avast IS running RealTime shields on Desktops and Laptops running Windows 10 except for two that I have managed to prevent from automatically upgrading to Windows 10. Plus Windows Defender which seems to be a waste of space and difficult to disable/remove. And now MalwareBytes set to scan during the evening.
I am planing on replacing Avast IS with Sophos so it is different to the servers. If I am going to have to pay again for licences it has to be for something that works with Windows 10.
What victim and Eddy and little old me have reported here in this thread are issues that go on in the so-called twilight zone of crap, junk and unwantables.
Abuse on services that are in the cloud and then only run as a non-public service are very hard to be monitored to be secure.
Another guestion is “Do the bulk services perform such a splendid pro-active security job? - I highly doubt it because here it is all about a considerable income stream brought in against the lowest possible cost”. And there we have the basic problem tackled.
In such instances MBAM and also Adguard (that anti-adware software that injects each and every page you visit with anti-adware code) are great tools.
It is the PUPs and adware/junkware crap that isn’t reckoned to be clear-cut malware, meaning a nuisance to the end user and often a pest that is very hard to be cleansed off of devices (sometimes only through the assistance of a qualified removal helper (and aren’t we lucky we have some outstanding removers here)) are just the things to be cleansed by such tools like MBAM, junkware removal tool, also a regular cleansing routine by a wonderful tool like CCleaner can work miracles in this respect. As residential services they also come to guard your computer to keep them clean of meeting such “malcode”.
It is a sorry thing to have to admit to it, but the days of just an AV and a firewall to keep your devices and peripherals out of harm’s way, those days, my good friends, are over and are never to return i.m.h.o.).
polonus (volunteer website security analyst and website error-hunter)
Thanks for info,
I will add Malwarebytes to the list of essentials which include CCleaner, Defraggler and Steganos.
I also use Opera and DuckDuckGo instead of IE, Edge, Chrome and Google.
