A vast, hole in security

[Théière]

"I'm sure we can all understand that you are angry and upset about what happened but with respect sarcasm is unhelpful and your emotions would be better directed at the actual root cause of your problem which was simply an unfortunate lack of awareness".

Nope! The misplaced belief that using the free version of Avast is actually affording some protection.

Ernie, it was posted as a warning about the UPS email and that the belief in the free version of Avast against attack is misplaced as it probably is in most free versions. However, if the company who produces the programme has lots of gold stars but not many virus definitions on their site then it's ok to take a righteous stance is it? 

"It does seem a shame when a warning against something like this turns into a slanging match.  We get enough of this sort of thing on the healthcare threads and now it's spreading to computing of all things.  Are we all bored or what?"
Quite right Coops!

Quillan I think you are on the money as usual. I am finished with free versions, £15-£20 for real protection is nothing compared with the pain of changing passwords, bank details etc

Here is an interesting review which actually states some facts, rather than PCworld's "the interface was pretty" and the rest of my report was copied from someone else's, type review!

http://antivirus.about.com/od/antivirussoftwarereviews/a/freeav.htm

"Each of the products tested has been certified (VB100%, ICSALabs, or Checkmark) to be effective at detecting 100% of in-the-wild viruses. But the list of in-the-wild (ItW) viruses is miniscule in comparison to the number of actual known viruses. The ItW list also omits certain types of threats, including adware and spyware, thus it may not be representative of the actual threats confronting users today".

Which pretty much sums up all of the free anti virus programs, if you want to win awards make sure you catch all the very common virus's the testers will be looking for. It does not matter if some of the bigger threats are not detected beause the judges aren't looking for those.

From this mornings scan, remnants of virus's were again found by Stopzilla but completely missed by Avast.

My suggestion is that you run the Stopzilla test, you don't have to pay if you don' buy but at least you will see whether you are at risk 

[AnOther]

[quote user="Théière"]Nope! The misplaced belief that using the free version of Avast is actually affording some protection.

Ernie, it was posted as a warning about the UPS email and that the belief in the free version of Avast against attack is misplaced as it probably is in most free versions. However, if the company who produces the programme has lots of gold stars but not many virus definitions on their site then it's ok to take a righteous stance is it?[/quote]

Of course it affords protection, untold thousands if not millions use both Avast and a plethora of other free AV programmes to very good effect and the fact that that Avast let you down through lack of awareness on the part of whomever opened an attachment with a malicious payload it not necessarily their fault. I don't see how the number of definitions they have listed on their site relates to the effectiveness of their protection and if you believe that free automatically infers compromised or crippled might I suggest you look at the comparison table here http://www.avast.com/eng/avast-compare-home-professional.html where you'll see that the differences are actually quite few and are ertainly not to do with the basic protection capabilities.

Remember too that this particular UPS scam seems to be a new variant and although AV programmes employ heuristics to spot virus like behaviour, be they free or paid for, they can only ever be reactive so may well miss so called 'Zero day' exploits which appear on a daily basis.

[Théière]

Sure Ernie, it affords some protection but from my post above you can clearly see that it and the others AVG etc only provide protection from a list "But the list of in-the-wild (ItW) viruses is miniscule in comparison to the number of actual known viruses". therefore what use is it really?

Why can't you see the number of virus definitions on their site correlates to the level of protection? If the virus etc is not listed on their site and the same virus etc is listed on another providers site would that not mean that one company has the resource do deal with a particular problem.

 

[Chancer]

On the subject of spam or virulent E-mails I was beginning to feel left out as I had never received one, then last summer they started coming, at first a trickle and then a flood.

Most of them were Côte D'Ivoire based and I appeared to be winning a lottery or finding a rich benefactor several times a day, then on-line banking ones started coming from Zanzibar and South Africa finally I knew that I was truly an internaut when offers of viagra started coming in.

The strange thing is they stopped  completely about a week ago, do you think that Hotmail have increased there security and weeded them out (they always appeared in my junk-mail box) or that they are co-ordinated and have decided that I no longer open anything suspicious?

I have to admit to opening a few in the early days as they were so amusing but I have never opened any attachments or clicked on links.

 

[JohnRoss]

Still getting these now, three today, mostly from Benin or Nigeria. If any were true I would be a millionaire several times over. AOL pick up most of them as spam but not all. Had several supposedly coming from building societies and banks like Abbey and HSBC. Some are quite realistic and others and laughably obvious but they are a pain. Many are from dying old spinsters who want to give me money to do God's work! I suspect changing your email address would only be effective for a short time and not to say a lot of hassle notifying everyone so let us hope they just get bored and find some other mischief to get into well away from the net!.......................JR 

[suein56]

[quote user="JohnRoss"]Still getting these now, three today, mostly from Benin or Nigeria. ...[/quote]

This really interests me as I don't really get any at all ... well perhaps 2 or 3 in the last year. I do get lots of emails but they are from friends, family and things I have signed up to. It has always been like this ... so, the question is, what am I doing right? OH and I don't have a Chambre d'Hôte nor any gites, not a business nor our own web-site ... is this why?

[AnOther]

No Théière, why can't you see the number of virus definitions on their site does not correlate to the level of protection?

If that were the case then Avast would fail miserably in side by side tests with it's competitors - which we know it doesn't, and would also fail the industry standard detection tests - which again it doesn't.

Many virii fall into groups or families or are polymorphic, that is to say that they are variations or derivatives of basic exploits or operating system vulnerabilities. According to a Symantec report as long ago as April 2008 there ware an estimated 1m different ones in the wild then so if we follow your theory any AV site which doesn't list something like that number will automatically be deficient and second rate.

[JohnRoss]

I think Sue it depends on how many sites you give your email address to. Forums, newsletters, quotes for things, buying on-line etc etc all increase the risk. Plus your friends send emails to these places and your email address is in their address book which may get looked at by someone of evil intent! That is why I hate these jokes, stories, pictures etc that you get asking you to send them on to your friends for good luck, the Lord's bounty, wealth and happiness or whatever. I don't send them on but maybe someone else here does, I will say no more! ... Oww! ..... I am also convinced some firms sell email addresses of their customers even if they say they don't!....................JR

[Chancer]

I would still like to know if anyone has any theories why all the crap that I had been receiving has stopped as suddenly as it started?

I am not complaining but suspect that I may have done something unwittingly to start it off and it seems strange to have stopped so suddenly.

[Théière]

[quote user="AnOther"]No Théière, why can't you see the number of virus definitions on their site does not correlate to the level of protection?

If that were the case then Avast would fail miserably in side by side tests with it's competitors - which we know it doesn't, and would also fail the industry standard detection tests - which again it doesn't.

Many virii fall into groups or families or are polymorphic, that is to say that they are variations or derivatives of basic exploits or operating system vulnerabilities. According to a Symantec report as long ago as April 2008 there ware an estimated 1m different ones in the wild then so if we follow your theory any AV site which doesn't list something like that number will automatically be deficient and second rate.

[/quote]

Whilst I am sure you are right and Symantic too, they only list this lot and it's no where near a million.

Likewise a reference via Spybot here  lists 287,524

Even though some of the newer versions are based on old and it is the code pattern that is examined by the AV it really doesn't change the fact that after two deep scans Avast free version only captured 1 and that is not what I want from my computer security software, it is a shame that the writers of the virus didn't use industry standard virus used in the tests but I guess they don't play fair either.

Anyway I will agree to disagree knowing at the moment at least my machine is way better protected than most and I really sort to bring this nasty UPS email and Internet security 2010 virus to peoples attention which I have done.

Matter closed

[marcardis]

Take the time to do some serious research.

Stopzilla is 'scareware' software that  will find 'problems' that do not exist in order to sell their software.

Even the free version of Avast is reliable if used sensibly. Your problem was caused by opening an attachment to a message that was not addressed to you. Possibly a clue there.

As others have said, use Mailwasher - you can then read your emails before downloading them to your pc.

Marcardis

[JohnRoss]

Don't know about you but I am getting sick and tired of this cr*p that comes in each day. Here is the latest and if it were true I would be so rich just allowing for half of the spam/scam emails that came in just this last 7 days. This was picked up by aol spam detector but I still have to read the bl**dy things to be certain they are spam, sometimes they are not and have lost one or two important emails where I just deleted without reading.............................................JR

FOREIGN DEBT PAYMENT OFFICE
IN CONJUCTION WITH
PRIME MINISTER OF AUSTRALIA
KEVIN MICHAEL RUDD
HEAD OFFICE, QUEENSLAND, AUSTRALIA.
Our Ref: LBB/IRD/AU/010

After a joint meeting of the Australian Prudential Regulation Authority (APRA), the Senate Committee on Foreign Debts reconciliation and the Presidential Payment and Implementation Panel on Contract/ Inheritance fund under Category, this was addressed and headed by the Prime Minister of Australia, KEVIN MICHAEL RUDD. It became imperative to contact you on the subject matter. This meeting was initiated of your funds worth $25M which is an overdue payment to be remitted to you by the government of the Commonwealth of Australia.

To this regards, this office has been given the SOLE authority by the Prime Minister of Australia, KEVIN MICHAEL RUDD to handle and release all contract/ inheritance fund. You are therefore advised NOT to contact ANY OTHER OFFICE to avoid further complications in your payment file. Every arrangement for the remittance of your overdue fund payment of $25M (Twenty Five Million Dollars) has been concluded and the fund will be released to you within 5 banking days of your response.

Please reconfirm the information below to enable this office proceed and finalize your fund remittance without further delays:

1) Your Full Name
2) Fax and Mobile #
3) Home/ Office Address
4) Profession and Age

You are to contact this office immediately on the receipt of this e-mail message. I apologize on behalf of the government of the Commonwealth of Australia for the delay in your payment and promise you that it will never repeat itself again as we are into our new government. 

YOURS FAITHFULLY,
MR. SMITH JACKSON
EXECUTIVE DIRECTOR (APRA).

[Bugsy]

Get your own back

on the scammers.

.

[Théière]

As this thread has just poped up again,

I have received another UPS spam/virus email (un-opened [:)]) which according to Avast has been scanned without raising an eyebrow. It does say on the Avast settings that it is Outlook/Exchange scanner so I wonder if that also means Outlook Express? if not then that maybe why it has been allowed through without a warning. I have altered the default settings to not deliver any email that has a threat attached.

I am only running Avast because some of you still think it is good so i have given it a stay of execution.

Ernie if you want me to forward this email to you you are welcome if it will further as to why it was not picked up.

http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458

[Chancer]

As you know I couldnt even be described as ignorant when it comes to computers but how can an anti-virus be expected to detect a spam e-mail when your E-mail provider has passed it?

Think about it, if you allow mail from unknown senders what is to stop me sending you one (apart from not knowing your address) and saying I thought you might find this link funny?

If you then clicked on the link which took you to a dodgy site which tries to infect your computer surely then is the time for your anti-virus to do its job?

As I said I really dont know about computers so please correct me if I am wrong but in the above example surely the failing would be on the part of the person clicking the link or opening the file attachment rather than the anti-virus?

[nounours]

I can tell you from a bitter experience similar to that of the OP that AVAST is as useful as chocolate tea pot.  I had it installed and updated on both my PCs and both got infected by a nasty series of Viruses that took 10 days to clean professionally.  Both viruses got in by clicking on different sites via google   Yes AVAST is OK, if you just use it for trusted sites but do any sort of searches using unknown sites or research and you will not be protected as it allows downloaders to get in and then when you try and clean them off they go and you have had it. On one it was loading AVG to replace AVAST that triggered the virus.  The guy who repaired my PCs had installed AVG 9 free,  Spybot and C- Cleaner. He told me 90% of the PCs he has in are virus problemms and most have AVAST or an outdated AVG.  Of course you can follow Ernie's advice and use AVAST but I wouldn't, not now!

[AnOther]

I agree that the biggest and weakest point of failure is nearly always with the recipient.

The problem with the type of email we are talking about here is that there is nothing overtly suspicious for an AV programme to spot.

It is an innocuous looking email with an attachment which is a file which contains a simple form requesting your personal details and a link to a website to send it. That could all be perfectly normal and innocent and any AV programme which routinely flagged every similar message would likely find itself quickly ditched as an annoyance. It's similar if you like to Vista's intensely irritating and intrusive UAC (User Access Control) which pops up at the slightest whif of non routine activity and is probably the single most complained about 'feature' of the OS.

To fall victim to this type or exploit you have to open the email, download and unzip the attachement, complete the form, and submit it. Thats 4 individually identifiable failures on the part of the hapless user !

[nounours]

Come on Ernie, you claim to be an expert in Computers, tell me why when I had AVAST latest version and updated daily and I did do not open any E mails I had not one but two PCs infected with the same virus as the OP?

 I'll tell you the answer, AVAST is not effective and should not be relied on, if you have not had a virus you are on borrowed time.  If you think AVAST is effective, endorse it, I'll reinstall it and then when it gets infected again I'll send you the 200€ bill for cleaning it.  For the money conscious, don't worry   AVG 9 is still free from French download sites[:P]

[AnOther]

nounours posted whilst I was composing.

[quote user="nounours"]He told me 90% of the PCs he has in are virus problems and most have AVAST or an outdated AVG[/quote]So is that 10% Avast (up to date/outdated ?) and 90% outdated AVG or what, I'm sorry but such unqualified generalisations are really meaningless.

I'm not recommending Avast any more than I recommend any particular AV programme over any other, it's a choice for the individual, all I'm saying is that a sense of balance should be maintained which I know is sometimes difficult once you have been bitten.

All AV programmes have their strengths and weaknesses but evidence shows that when tested against comparable products Avast acquits itself competently. Of course you can always find sites to support any argument but I have yet to find one professional objective review which unduly criticises Avast, let alone pans it, can you ?

[Théière]

Well by now Ernie is the proud owner of a virus [:D]

There is an attachment but it does not require a response to trigger it just opening the file attached is enough. Avast was really wonderful it warned me that the email I was sending to Ernie had a virus attached but did not warn me when it arrived yesterday!!!

I have sent a letter to Avast and hope they respond, I will report back but Avast has only days to live on my PC now.

[Bugsy]

In the years before I 'saw the light' [:P] and after several nightmares with 'Norton' taking over the machine, I always used AVG free.

Provided, like all programmes, it is kept up to date, it always performed perfectly.

[nounours]

[quote user="AnOther"]nounours posted whilst I was composing.

[quote user="nounours"]He told me 90% of the PCs he has in are virus problems and most have AVAST or an outdated AVG[/quote]So is that 10% Avast (up to date/outdated ?) and 90% outdated AVG or what, I'm sorry but such unqualified generalisations are really meaningless.

He told me that all the ones with viruses had Avast free installed, some had AVG but not the latest version, however, ALL had viruses.

My 2 had Avast updated daily with that annoying voice!!  Of course there are opinions on virus protection, my neighbour has Avast and has had no problems - to date, but the man in the PC shop, in a town not that far from you, said AVAST was not effective for full virus protection and from the rows of PCs he had I think that personal experience review from a professional is good enough for me!!

[/quote]

[JohnRoss]

I use Microsoft Security Essentials (MSE free) auto full scan daily, Ccleaner every few days gets rid of cookies and temporary files but have to log in on any forums I subscribe to afterwards, and from time to time Spybot which does not usually find anything not picked up by the other two. No problems so far. I found AVG slows things down when I used it in the past but otherwise quite effective, Ccleaner gets rid of all cookies including trackers so fewer ads and pop ups and makes extra space on the hard drive, usually between 250 and 400 MB after a few days. ...works for me.....................JR

[AnOther]

[quote user="Théière"]

Well by now Ernie is the proud owner of a virus [:D]

There is an attachment but it does not require a response to trigger it just opening the file attached is enough. Avast was really wonderful it warned me that the email I was sending to Ernie had a virus attached but did not warn me when it arrived yesterday!!!

I have sent a letter to Avast and hope they respond, I will report back but Avast has only days to live on my PC now.

[/quote]Not arrived yet, it's possible that our mail server has unilaterally blocked it although if it is an email with an attachment normally it would still arrive but be flagged.

I'm sorry but I don't understand when you say "it does not require a response to trigger it just opening the file attached is enough". Surely opening a file is a response, and how do you know this if you didn't open it ?

Presumably Avast did nothing yesterday because you did nothing with the message, when you did though it flagged it, a reasonably appropriate action I'd say.

It's the same with an infected executable, unless you have your AV set to to automatically scan all downloads it will not respond to a threat until you either manually scan the file it or try to run it.

[nounours]

With the E-mail scanners on SFR, orange and AVG 9, messages with viruses don't even get to your inbox, you get a message saying that a message was received containing a virus and it has been deleted.

Not sure how many on here are with SFR but recently they did an update to their virus database and that decided that all emails sent between midnight and 00-25 were corrupted and deleted them all.  It involved thousands of E mails!![:-))] All we got was a message saying who it was from and that it had been deleted,  SFR apologised and suggested that people contacted the senders to request a re-send as the messages could not be retrieved.[blink]