As the owner of an outfit which releases a number of GPL system utilities, I must express my concern about the language in which Avast describes its opinion of these downloads to the user.
Whilst I agree there is a need to make users sit up and take notice that a file might be untrusted, there is also a need to balance this against the requirements of the Law of the land, namely that one may not accuse another of a crime unless a reasonable degree of proof is available. Where a downloaded file is previously unknown and no malware/virus detection has occurred, then it is patently obvious that no such proof exists.
For one example of several, it is unacceptable to state that a download from a reputable website should not be opened, using the words “THIS MIGHT HURT. DON’T SAY WE DIDN’T WARN YOU!” :o
As to whether a court of Law would regard as a crime the use of such troll-like wording to describe a product that someone else has spent numerous hours coding -and has meticulously checked against several AV engines before publishing- that is something that only a court precedent could determine. However I don’t think there are many people who would regard it as morally acceptable. This badmouthing is potentially damaging to our business interests, and by falsely branding us as blackhats to Avast! users, you may have already cost us a number of IT clients and an unknown amount of income.
Incidentally, we recently ran an antivirus comparison and published the results. In doing so we were careful to be accurate and fair in what we wrote. We too would have liked to describe one or two AV products which are often force-fed onto new OEM computers as ‘Fscking Sh8te’ but refrained from doing so. Why? Because that is unacceptable behaviour. Even if is, in their case, true! I think you likewise need to show some common respect to other coders. Even if you do not approve of our products you should refrain from what amounts to trolling.
The messages were originally seen in Google Chrome, the default browser on a client’s computer. I initially suspected Google’s own security mechanisms as the source, but a test on a VM here showed that a clean install of Chrome produces no such messages. On recalling that the client computer has Avast installed, I installed the free version of Avast, and was then able to duplicate the behaviour.
In fact, the source of the messages is unclear - They carry no program identification, and appear as elements within Chrome’s own window rather than a separate dialog, and have the style of the Chrome interface. There seems little doubt, though, that they are only produced if Avast is present. Maybe I should have mentioned this point in the first post. There is a small possibility that Google, rather than Avast, is the source of these (anonymous) messages.
I’ll put a copy of FF on the VM and see what happens there.
Screenshots were taken during the testing, and the quoted message was worded as stated, although the capitals are mine.
A test in Firefox 22 does not show any dialogs with OTT or offensive wording, but does pop this dialog when an updated version of an app is downloaded, as below. The download in question was a recompile of SoftwarePolicySetup.exe with no significant changes. Thus, Avast is clearly flagging anything it ain’t been seen before as dangerous, even if it is an update of an existing app.
You are missing the point entirely. It has nothing whatsoever to do with malware detection.
If we have to comply with signing of packages then that would predispose us to ditch the GPL licensing and copy-protect our software, such that we can recoup the cost from license fees. Basically that would suck (I hate copy-protected software as much as the next guy) and we would rather not take that route. But, it would seem we are being forced to make outlays for the sake of compliance with Avast’s own self-generated rules, in which case we are forced to recoup those outlays.
Previously this problem only arose with overblown ‘Home Internet Security Suites’ but now it seems to be spreading to standard AV, which has a much wider userbase.
The point could also be made that there is nothing to prevent authors of browser parasites and the like from buying certificates. If the malware has a commercial purpose then it may arrive in a signed package.
You are missing the point entirely. It has nothing whatsoever to do with malware detection.
yes i did see from the attached pic that it is a reputation warning.....
other AV may react different?.... you may find out with a VT scan, but thats up to you
I just installed TinyWall (a Windows Firewall outbound traffic controller) When it started, Winpatrol alerted me of it’s attempt to start
and stated that it could harm my system.
Should I now start a lawsuit against WinPatrol since the program happens to be safe or,
do I use my brain and realize, that this is a program I choose and is something I selected to install ??? A warning giving a customer a reason to pause and reflect as to what they are installing on their computer is a good thing.
Sometimes, we have to allow our own brains to make some of our decisions.
Those installing your product either trust you or, they wouldn’t have selected your product in the first place.
Anyway, this is getting a mite sidetracked. The original post was about the OTT nature of the dialogs presented by Chrome, not about Avast’s own dialogs, nor about signing executables. I’m still not sure what software was presenting them, it could have been Chrome itself or could have been an AV plugin. Hard to say. Though, searchengines show numerous reports of Chrome/Google blocking websites on the basis of false AV detections. This makes me suspect that Google may be responsible in some way or other, even though the inital pre-Avast test did not show this behaviour. If it was Google’s evil work, then I guess apologies are due to the Avast team, and in that case I duly apologise. Though, where they originated from is still uncertain.
With specific regard to what is included in avast’s protection, I ages ago unticked the “little or no user history” (or however it’s worded) filtering option from the sandbox simply because it was complaining too often about some of my antique apps that hardly anyone uses (e.g., dBase [with which I was considered an expert] and Graphics Workshop) and also quite a few new games I’ve purchased. That was a handy way to get around that unknown-app warning.
One would hope that whatever app turns out to be triggering those warnings you’re seeing, it includes some kind of similar option for disabling the warning in the case of relatively unknown apps. In such a situation behavioral/heuristics monitoring would be much more practical.
That is what one gets when scanning of whatever nature gets too “verbose” or heuristically generic and in detailed results we come accross these “annoyments”.
Yes detection has false positives and alas also false negatives. All a sad natural byproduct of scanning for alleged malcode.
There are more ways of getting a more clear-cut “verdict” through weighing a lot of specific factors that either add to the clean bill or the reverse.
Specific characteristics, positive backlinks, popularity, negative webrep, even some DNS data and SEO results and other denominators that will make false positives and false negatives less likely. In short it needs to be evaluated by personal research and the human eye!
That’s why we should be glad you reported this, hopefully avast was not involved in the flagging. Hope you will book good results with further whitelisting the code at hand. Welcome to our forums,