I have installed Avast Free 4.8 a few days ago.
There are 2 issues so far running Avast as a limited user.
Program updating. I saw on this forum that a new version of the program has become available (1195). Is Avast supposed to automatically update the program? I am trying to run Windows XP Pro SP2 as a limited user and manually tried to update the program. It went through the motions and downloaded about 900K and said that it was complete showing the new version in the report. Then had a look at the Avast About page and it showed the old version. Switched to Admin user, did a manual update again and downloaded about 14Mb, asked to reboot, then the About page showed the new revision. Is this all normal behaviour?
In the limited user mode, trying to schedule a boot-time scan I get an error message “Program cannot schedule boot-time scan”. Is this normal?
The whole idea is to make the system more secure. Here the securing program (Avast) is influencing the user to go into admin mode (which is less secure) to carry out basic operations. I think it’s a mistake not to allow a limited user to carry out these tasks.
Thanks
Frank1
The program updates are released but to avoid excessive load on the servers the auto update check happens randomically every 7 days and it’s not checking every time you connect to the Internet as with the iAVS checks. Every avast installation has a unique, randomly generated GUID (“general unique identifier”) associated with it (it is generated during installation). This ID is random, but fixed. They use this value to determine when the updater pops up on YOUR machine, i.e., the program already knows that the update is there, but it won’t tell you until it’s your turn. You have to allow the update, i.e., it’s not a forced and automatic update.
If avast! is run from non-admin account, it does spawn the setup process using the service with LocalSystem rights. So it should update program without problem, at least on XP. On Vista, the admin account is protected by UAC.
Yes, limited users can’t schedule boot-time scannings due to Windows limitations.
Thank you Tech for your reply.
From what you are saying, as I understand it, the update process would update the program automatically and correctly if I would have left it alone for the process do do it instead of short circuiting it by trying to do it manually, even in a limited user mode. I will now leave it alone and see what happens.
Yes, limited users can't schedule boot-time scannings due to Windows limitations.
This is of some concern. There are some great features of Avast that made me switch to it. Namely, checking for rootkits during scans, self protection and of course boot-time scan. If boot-time scan, which is probably the most important special feature cannot be scheduled from a limited user then the feature, virtually, cannot be used when most required. Let me explain how I see this. I setup a limited user so that if a virus or rootkit gets into the machine (I know it shouldn't but unfortunately sometimes they do), it could not get into the windows directory etc. Switching to admin user to schedule a boot-time scan to remove the virus or rootkit. will allow the virus to propagate into the windows directory at that time. What is the point of setting up the limited user and operate in that restricted mode, if at the critical time one need to switch to admin mode anyway?
I don't know how the boot-time schedule is configured, but it's a shame that it cannot be done by a limited user.
Frank1
Scheduling a boot time scan basically means writing something into HKEY_LOCAL_MACHINE registry key.
We don’t really want to make it possible for the limited user to do so (somehow), as it would be breaking Windows security model.
Thank you igor for your reply.
I would normally agree. But here I am talking about a situation where the security already has been compromised by a virus or rootkit. In this case, the virus or rootkit cannot be eradicated without compromising the security even more by having to login as admin to schedule a boot-time scan.
I have used regedit.exe in limited user mode and had no trouble changing things. Maybe the location that need to be changed for the boot-time scan is not accessible, I don’t know.
Thanks
Frank1
Well, the detection may not always be a real virus - occassionally, it may be a false alarm. The restricted user will then be able to delete the file, without administrator’s knowledge (who might normally recognize that it’s a false alarm).