dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
136975
lacroix
join:2009-12-04

lacroix to onDvine

Member

to onDvine

Re: False positive in Avast! or is it real?

So long Avast, it's bin a gud ride (almost 5 years), but when yu trashed my comp I came a gunnin'; have now put yu out to pasture and have bought me a new hos' named Avira, a bit touchy with fake snakes and other vermin, but seems a winner, within the five best at least.
Adieu
Le Boule
join:2001-09-20
Selma, AL

Le Boule

Member

»blog.avast.com/2009/12/0 ··· more-720

Ender3rd
join:2001-07-15
Connecticut
·Frontier FiberOp..

Ender3rd to onDvine

Member

to onDvine
I've been following the thread with great interest and concern for those who have been adversely affected. I am also perplexed. I have two machines here that run Avast that are set to automatically update. Both machines have been turned on in the morning, and off in the evenings. Both have been automatically updated right up through vps 091204 as of today.

Neither of my machines has given any false positives or exhibited any issues. Three of my friends and neighbors that I set up with Avast have also not experienced any difficulties. All of us are running XP/SP2 and Avast program version 4.8.1356 (which appears to NOT be the latest version).

Has anyone figured out why some of us have emerged completely unaffected?

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

La Luna

Premium Member

Your machines may have been turned off when the funky update was pushed. If you turned them back on and you got the corrected update instead, you wouldn't have seen the issue. That's how I understood it from reading the thread.

Ender3rd
join:2001-07-15
Connecticut

Ender3rd

Member

Your thought is the only one I could think of as well. Since my machines and those of my friends/neighbors don't run 24/7, we may have missed the issue (thankfully).

Regards,

Ender

chris231989
join:2006-02-12
Joplin, MO

chris231989 to onDvine

Member

to onDvine
i too had avast report several files infected with Win32:Delf-MZG. Aready formated and reinstalled os though. Thought it was wierd that i was unable to find any external storage infected after reinstall.

prancer
@rr.com

prancer to onDvine

Anon

to onDvine
I use avast among other things, including spybot and I've used adaware and microsoft security essentials in conjuction with avast and havent ever had a false positive. I think one of the things we're not looking into is that adware and malware can attach itself to files and make the whole file look like a virus or some other malware.
I personally had a piece of adware attached to an MP3 that wasnt infected when I copied it from the original album. CDs dont come with viruses on them generally.
Another thing: Are you paying for avast? Or are you using the free home edition? Be thankful that they're gracious enough to offer you a free version that works as well as it does. You get what you pay for is basically what I'm saying. If you want better service, pay for it. Don't expect them to keep fixing things all the time if their not getting paid. Put yourself in their shoes.

ltsnow
Premium Member
join:2006-04-08
Valdosta, GA

1 recommendation

ltsnow to Le Boule

Premium Member

to Le Boule
I think it's pretty amazing that they were so honest in their apology. They admitted a human error. Nobody seems to do that anymore.

jabarnut
Light Years Away
Premium Member
join:2005-01-22
Galaxy M31

1 edit

jabarnut

Premium Member

said by ltsnow:I think it's pretty amazing that they were so honest in their apology. They admitted a human error. Nobody seems to do that anymore.
I have to agree with you there.
quote:
I apologize to each and every one of you—I realize that security is fundamentally about trust and you have to trust your security provider. We made a mistake here and it won’t happen again.
Pretty refreshing to see, actually.
From some of the follow-up comments (as well as a some comments in this thread), there are those who aren't willing to forgive and forget. (And depending on how badly they were effected, I suppose you can't really blame them).

Still, I do commend Avast for not giving everyone a bunch of BS as far as an explanation, which we tend to see far too often these days.

AB57
Premium Member
join:2006-04-04
equatorial

1 recommendation

AB57

Premium Member

said by jabarnut:

said by ltsnow:I think it's pretty amazing that they were so honest in their apology. They admitted a human error. Nobody seems to do that anymore.
I have to agree with you there.
quote:
I apologize to each and every one of you—I realize that security is fundamentally about trust and you have to trust your security provider. We made a mistake here and it won’t happen again.
Pretty refreshing to see, actually.
Yep.
Except probably he should have left off the "and it won't happen again" because . . . . well, you know . . . in case it happens again.

Florida Dan
Premium Member
join:2001-07-06
Boynton Beach, FL

1 edit

Florida Dan

Premium Member

Oops...my bad.

Edit: Deleted post entirely.

onDvine
Grown up Flower Child
Premium Member
join:2005-01-29
So. CA, USA

onDvine to AB57

Premium Member

to AB57
He knew better than to use the word, "never."

jadinolf
I love you Fred
Premium Member
join:2005-07-09
Ojai, CA

jadinolf to onDvine

Premium Member

to onDvine
We should demand our money back............oh, wait.......

mers2
Premium Member
join:2004-03-20
USA

1 recommendation

mers2 to onDvine

Premium Member

to onDvine
A link to an even more detailed explanation of the event and what is being done to ensure a mistake of this proportion (not simply any mistake - a major mistake) doesn't happen again: »forum.avast.com/index.ph ··· ic=51783

I have more respect for Avast with not only the apology, but the details of how it happened. They fixed it quickly, but are putting measures in place so serious mistakes in the future get the attention of a human immediately.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

And there the word "never" is used. LOL

Plus, this link is provided in the CEO's blog which is linked to above. No need to provide it again.

The only thing that will really fix this is for Avast to restore the Ignore button in ver 5. If they don't do that then that indicates they don't even understand anything about their own AV and how folks use it and expect it to be. Nothing bad would have happened with an ignore button exactly like what Avira has. Avast doesn't even seem to understand the difference between "block" and "ignore" and thinks everything should go to the Chest. NOTHING should go there unless the user is POSITIVE it is not an FP. The first choice should always be IGNORE and then the user submits to VT/Jotti.

fatness
subtle

join:2000-11-17
fishing

1 recommendation

fatness to mers2

to mers2
said by mers2:

A link to an even more detailed explanation of the event and what is being done to ensure a mistake of this proportion (not simply any mistake - a major mistake) doesn't happen again: »forum.avast.com/index.ph ··· ic=51783
said by explanation :
The problem was that the FP test was not performed at all before the definitions were pushed out.

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

Keizer to Mele20

MVM

to Mele20
said by Mele20:

The only thing that will really fix this is for Avast to restore the Ignore button in ver 5. If they don't do that then that indicates they don't even understand anything about their own AV and how folks use it and expect it to be. Nothing bad would have happened with an ignore button exactly like what Avira has. Avast doesn't even seem to understand the difference between "block" and "ignore" and thinks everything should go to the Chest. NOTHING should go there unless the user is POSITIVE it is not an FP. The first choice should always be IGNORE and then the user submits to VT/Jotti.
On the alerts that I got from Avast, I just clicked the X in the upper right hand corner. I'm not sure what action is taken in this case, and really didn't research it after the fact. I had no intention of letting Avast fix the situation afterward anyway, because I had planned on just restoring a recent image after the fix was rolled out.

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

1 edit

2 recommendations

MarkAW to Mele20

Premium Member

to Mele20
said by Mele20:

The only thing that will really fix this is for Avast to restore the Ignore button in ver 5. If they don't do that then that indicates they don't even understand anything about their own AV and how folks use it and expect it to be. Nothing bad would have happened with an ignore button exactly like what Avira has. Avast doesn't even seem to understand the difference between "block" and "ignore" and thinks everything should go to the Chest. NOTHING should go there unless the user is POSITIVE it is not an FP. The first choice should always be IGNORE and then the user submits to VT/Jotti.
This makes the third time i've seen you put this in a post of yours and for the life of me i don't know what you are talking about when you say the "ignore button". There has never been an "ignore button" in the 8 years i have been using this program when avast pops up a warning of a virus, i've seen a "no action" button as shown below but have never seen an "ignore button"?


Florida Dan
Premium Member
join:2001-07-06
Boynton Beach, FL

Florida Dan to onDvine

Premium Member

to onDvine
said by Avast Global Moderator :
So, if you believe in second chances, please stay with avast. We screwed and we know it but we have to look forward and keep fighting. The virus writers don't sleep.
Have to give the guy credit for his candor. I believe in second chances, especially because more than a few of them have been given to me over the years.
PrntRhd
Premium Member
join:2004-11-03
Fairfield, CA

PrntRhd

Premium Member

I agree.

Alwil (Avast) had procedures and processes to stop this but humans went around the safety steps and those same humans are now quite aware of why the procedures were there.


Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear to Florida Dan

Premium Member

to Florida Dan
said by Florida Dan:
said by Avast Global Moderator :
So, if you believe in second chances, please stay with avast. We screwed and we know it but we have to look forward and keep fighting. The virus writers don't sleep.
Have to give the guy credit for his candor. I believe in second chances, especially because more than a few of them have been given to me over the years.
Agreed. Other vendors can learn from the way how Avast handled the issue: fast and sincere statement, complete openness, no crappy talk. That's the way how vendors should treat their customers: thumbs up Avast!

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

1 edit

La Luna to onDvine

Premium Member

to onDvine
I'd also like to add that at some point when I was getting all those warnings and was choosing "ignore", Avast popped up with a "Trojan in memory, recommend to run a boot scan...." ) or however it was worded. THAT'S where things were being deleted, automatically, without my input. A few things I got a choice, but most were deleted by Avast during the boot scan without asking me.

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

Keizer

MVM

said by La Luna:

I'd also like to add that at some point when I was getting all those warnings and was choosing "ignore", Avast popped up with a "Trojan in memory, recommend to run a boot scan...." ) or however it was worded. THAT'S where things were being deleted, automatically, without my input. A few things I got a choice, but most were deleted by Avast during the boot scan without asking me.
That's strange. I did a boot scan on my mom in laws PC a few weeks back. It caught some baddies, but the scan stopped and allowed me to delete them as it went. It never did it automatically. It gave me choices.
computerman2
Premium Member
join:2002-04-20
Trenton, MI

computerman2

Premium Member

While the night of this incident i removed Avast from my Mom's PC, and this one, and put in Microsoft Security Essentials, but after a various issues with it, i'm more than ready to come back and stay with Avast for a very long time

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

La Luna to Keizer

Premium Member

to Keizer
said by Keizer:
said by La Luna:

I'd also like to add that at some point when I was getting all those warnings and was choosing "ignore", Avast popped up with a "Trojan in memory, recommend to run a boot scan...." ) or however it was worded. THAT'S where things were being deleted, automatically, without my input. A few things I got a choice, but most were deleted by Avast during the boot scan without asking me.
That's strange. I did a boot scan on my mom in laws PC a few weeks back. It caught some baddies, but the scan stopped and allowed me to delete them as it went. It never did it automatically. It gave me choices.
I know it was weird. There didn't seem to be any rhyme or reason to what it was choosing to delete as opposed to giving me a choice. Maybe it was all part of the faux pas.

seadog75
Premium Member
join:2008-01-25
Hooksett, NH

seadog75 to onDvine

Premium Member

to onDvine
Filed a Tech ticket with Alwil, and got a reponse back in 6 hours. As their bolg Mod stated, they found the wrench in the machine and fixed it. Had me update again, and false positives gone. I've used Avast for 4 years now, still find it better than most other mainstreamers out there. I have machines with Norton's and I've had more issues with their s/w. I'm givin' Alwil a mulligan on this one

mers2
Premium Member
join:2004-03-20
USA

mers2

Premium Member

The "No Action" button is the equivalent of Mele20 See Profile's "Ignore Button". I used that button and it didn't delete or quarantine anything - it didn't do anything except make the obnoxious warning box go away.

Avastlover
@anonymouse.org

Avastlover

Anon

@mers2

Not completely correct. 'No Action' does more than 'ignore'.

'No action' does stop any further contact with the file, eg it can't be executed or opened.

'Ignore' is meant to ignore, that is 'do absolutely nothing'.

Just to clarify.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to mers2

Premium Member

to mers2
said by mers2:

The "No Action" button is the equivalent of Mele20 See Profile's "Ignore Button". I used that button and it didn't delete or quarantine anything - it didn't do anything except make the obnoxious warning box go away.
I did NOT have a "No Action" button. There is none in version 5 beta 3. I had TWO choices ONLY: Delete or Move to Chest. So, that is why I used the X in the upper right corner of the popup.

Besides, "No Action" button available, as Avastlover has pointed out, is NOT the same as "Ignore". I need "Ignore" and, sadly, even though many Evangelists at Avast forum have asked for this also, it will not be in Version 5 final.

mers2
Premium Member
join:2004-03-20
USA

1 recommendation

mers2

Premium Member

Avast 5.3 is beta software. In other words, not complete and use at your own risk.