Security Tools, Pen-Test Tools & Hacking Tools

First I must say Avast is a fantastic product and the Avast Development and Support Teams deserve a big “thank you” from the security professional community. Avast is one of the few (if not the only) AV products that doesn’t “dumb down” it’s look/feel/operation for the mass-market of low-skill computer users. Features like the “Enhanced User Interface”, the “Show detailed info on performed action”, and Command-line tools set it apart from the rest of the products out there.

My issue is that Avast is beginning to annoy me by repeatedly identifying every security tool I download/install/use as a “Virus” or “Trojan” of one form or another. For example, the extremely useful tool Enum.exe (which is used to enumerate users and can be very useful in troubleshooting AD as well) is identified as “Win32:Trojan-gen {Other}”. This description is VERY misleading at best and incorrect at worst. Many other security-related tools (Cain & Abel, etc.) get flagged as something like a “Trojan”. Scanning Enum.exe at www.virustotal.com shows that EVERY OTHER AV scanner identified it as something with a better description (usually with the word “tool” in it). For example here are 4 descriptions from other products that I MUCH prefer for Enum.exe (which is actually the updated EnumPlus tool but renamed to the original Enum.exe):

“HackTool.EnumPlus.a (Not a Virus)”
“Enum Scanner”
“potentially unwanted program PWCrack-Enumplus”
“Not-A-Virus.HackTool.Win32.EnumPlus.a”

These are GREAT descriptions and I would like to see Avast go one step further and create the most descriptive and accurate descriptions for security tools. Avast should be the best in this category as they are clearly concerned with making a product for the professional (not just the “Computards” and the Grandmothers out there). That is not to say that Avast isn’t for Granny, because its standard interface and ease-of-use is great for unskilled users.

So I add exclusions for the tools. The problem is that continuing to add exclusions for these files gets annoying and eventually you have entire folders that are excluded because adding every tool in one by one to the exclusion list is a pain. So now you weaken the security of your system just to be able to do your job. What happens when you really DO download a Trojaned hacking/security tool? (and this happens often) You’ve trained yourself to ignore the alert due to all the false positives you’ve already excluded.

I hope Avast will continue their excellent work to make products for the skilled user as well as the mass market of unskilled users. I stumbled upon Avast a long time ago because I couldn’t stand Norton or McAfee hiding from me what was REALLY going on on the system and dumbing things down. The fact that Avast has two interfaces for the skilled and unskilled audiences makes it the best product out there. Please Avast Team, get the detection descriptions up to the same level of quality and keep us security professionals happy.

Thanks Avast

Mike

Welcome to the forum Mike.
Any one interested in a small review of the book Mike is displaying with his avatar,
can be found at:
http://netsecurity.about.com/od/7/fr/aabrgrayhat.htm

Hopefully you’ll be around from time to time to lend us your expertise. :slight_smile: