Avira watch - Eckzahn may be right IMHO

I want to get people to go over to the Avira forum threads started by this Eckzahn person: http://forum.avira.com/wbb/index.php?page=Board&boardID=135 They go back a few days. I'm amazed the posts are still up. They seem to be unsure how to deal with this.

This post: >>thanx doktornotor<< http://forum.avira.com/wbb/index.php?page=Thread&threadID=110918 was actually a response to what Eckzahn was describing about his 'dummy avnotify.exe' trick. doktornotor found the 'official' moderator response, which seemed to be for Eckzahn, not karma.

Some wilders members are starting to reconsider Avira's product based on this latest development, as are some Avira forum members. Member 'karma' has been there awhile. I've been watching my connenection closely and the google traffic generated is a reality + the Chinese server-sniffers are rampant and Avira seems to smell good to them all of a sudden. Not swell.

Based on the above I'de like to thread this and see if we can generate some useful banter about this Avira drama and what it implies. I don't think Eckzahn is going to stay with it: http://forum.avira.com/wbb/index.php?page=Thread&threadID=110867 Probably a null-pointer situation (for an Avira member) but we can rock it for awhile.


later

 

very interesting, kinda looks like Avira is data mining for google.

 

The poster may be right, but then again, could be wrong.

I'd still wait till you receive a proper response. Otherwise 'tin foil hat' syndrome might get the better of you.

At this stage, nothing has been proven that any harm or unethical is being done by Avira.

 

or wrong ! Yes i want to know too.

eckzahn

http://forum.avira.com/wbb/index.php?page=Thread&postID=940279#post940279

Data profiling/collection, and payments ? I still havn't seen concrete evidence of this data of ours being transferred to wherever. Those reported outgoings by eckzahn to 221.192.199.49 have NOT been shown, or the supposed data contained within ? I'd like to see these LOGS etc, as i'm sure others would too. I have NEVER witnessed ANY outgoings to 221 etc etc, or to China.

Just did a manual update check, and monitored my FW

Description product updater requested permission to access the internet.
Rating High
Date / Time 2010/04/10 22:59:20-4:00 GMT
Type Repeat Program
Program C:\Program Files\Avira\AntiVir Desktop\update.exe
Source IP
Destination IP my ISP
Direction Outgoing (connect)
Action Taken Allowed (once)/Manual
Count 1
Source DNS
Destination DNS my ISP

No incomings from China etc either.

I know i have started using the NoNotifyAvira-V3.3.1.exe popup etc killer, but i never had outgoing etc issues before.


Re - HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

Mele20

http://forum.avira.com/wbb/index.php?page=Thread&postID=938181#post938181

Michael_Mann

http://forum.avira.com/wbb/index.php?page=Thread&threadID=110918&226e7cca

When Mele20 deleted this key, it didn't seem to affect "functionality" whatsoever ? Admittedly she wasn't connected to the internet, but that isn't "whole functionality"

 

Their silence makes them appear guilty though. One would think that if it were an honest mistake, oversight or that there was a legitimate purpose for it they would be quick to bring that to our attention and squelch any doubt (thereby saving customers and $).

I know the saying goes: "absence of evidence is not evidence of absence"... or something like that, but when somebody pleads the 5'th over and over again, I'm sorry, but they're probably guilty.

 

All it has received so far is "Don't delete this key"...that doesn't explain much. However, I'm not entirely shocked by this, Google is in every damn thing. Question, does Avira offer a Google Toolbar with its installation, or is it one of the extremely few holdouts that don't resort to such BS? If it does offer it, I wouldn't fall over with shock if Google still dug its dirty little claws into the program and installed SOMETHING if you denied the toolbar. After all, Google for sure installs folders and crap even if you don't install their embedded toolbar with other programs. I know this because I've found the little suckers after an install.

Edit: Look, do I think Avira is up to no good? No, I don't. The thing they need to understand though is that if this key or whatever has a truly legitimate purpose and does have to do with functionality, the best thing they can do is say so, explaining exactly what it does. So far they're just giving ammunition to the complainers.

 

Affirmative. Many sober experts are saying we need to get real critical with our security software and not take our protection or the developers intentions for granted anymore. It's fundamentally ironic that the idea of 'security' has to be sold in the first place. Most end-users don't want to get much involved.

Sometimes it's good to turn over a cow-pie or two.

yaneverknow.

 

CloneRanger...

The Avira nag-screen is a live content web page connected to media servers supplying images, hot-linked to Avira. It's an active-content page on your desktop without your permission. When you click O.K. to close it's like clicking an ad in your browser. It sends data back to ad-source which is then sold or proffered to other parties, as per usual. Based on IE code, as per usual. Default characteristics of ad-garbage. As per usual.

The hard evidence you want is not in your firewall log, it's on your desktop. IMHO

just sayin...

 

Just as a matter of curiosity, could you provide some links in which acknowledged security experts are explicitly and seriously questioning the intentions (and by logical extension, the integrity) of developers of serious commercial applications?

Blue

 

Somewhere I read, "You are most vulnerable when you trust implicitly. Faith sooths the doubt. Hope calms the stomach." Don't know where but never forgot it.

I'll dig around my bookmarks and see if I can find some good links to articles I've read regarding security software and things to look out for. Current examples were read on the fly in various forums and blogs. You have to do some of your own research I think. FYI: Newer companies with less of a performace record to analyze are ipso facto subject to strict and skeptical examination by techs and administrators. I also base much of my opinion based on real-world advise by my computer guy, who has deep-knowlage of security systems and does a lot of payed consulting. I trust his experience and opinion. Like a good doctor he has no problem telling it like it is, even if the patient is reluctant to hear the truth. Particularly regarding the hype pumped out by most security software vendors, legitimate or otherwise, established or new.

Anyway, common sense tells one that free security software needs to connect to the money-stream somehow. This is how: Ads.

A good example of ironic security software: Norton uses port 445 to send and receive virus definitons, and legitimate user & system data. An inherent vulnerability, as packet spoofing hackers and data-miners who mimic legitimate packets on 445 but re-route your 'secure connection' to some smelly repository will tell you if you get them drunk enough.

 

Yep,for now at least,that pretty much covers the whole waterfront.

 

Fine, but here's the deal....

We are not going to serve as a platform for initiating interforum sniping. If you wish to discuss a technical topic, great. But then get about that doing that job and not pulling nondescript and unsupported speculation from every corner of the universe.

Do some genuine technical legwork of your own if you wish to make a point or raise a specific issue.

At the start of this thread, you chose to paint with an extremely broad, and from my perspective inflammatory, brush. I'm not looking for "good links", I don't need them. What I'd like to see is where thoughtful (you said sober) experts have explicitly stated that you should be suspicious of developer intentions in this product segment. I'm not looking for generic bromides such as "You are most vulnerable when you trust implicitly. Faith only soothes the doubt.". That's reasonable general advice, but it's also meaningless in the context of the current discussion. I also asked regarding serious commercial applications, not newer (arguably shell or fraudulent) vendors. You're broad brush was indiscriminate. If you meant transient vendors with debatable morals, you should have been more specific. Of course, that really doesn't apply to Avira, which is the focus of this thread.

Blue

 

relax.

 

relax. i think i fit right in. if you don't think so you can flush me. here's an opinion that may help you make a decision: Opanda is too new to trust yet.

igottabrain

 

I'm very relaxed. Now, how about you providing some genuinely supporting information pertaining to some of your comments above.

As for your edited suggestion that "You have to do some of your own research I think", since you're already up to date on this topic, it simply seems more appropriate for you to share the findings that you've already identified.

Blue

 

Right on Blue.

 

Really what is this sudden influx of Avira bashing?

I mean I no longer use them(I would if I used a real time AV.),but can anyone really doubt that they are among the most straight arrow,anal-retentive of security providers?

Their Forums are Draconian.
They have no sense of humor.

But I would leave my billfold with my last $10.00
on the washroom table of their office and never worry about it.

Rigid? yep.
Un-bending? Oh yeah!!

Honest and eminently competent? Hell yeah!!

Yes Avira 10 is off to a rocky start.
Yes,it will find its feet and trash its competitors as ever Avira product in recent memory has done.

Where is the hate coming from?

 

It's always been this way. When your good,there's always someone tryin to take away from your success,whether it be in sports,software,business,etc.

I'm glad I dont use an AV anymore,I can sit back and watch the pack of wolves eat away at each other.

 

I also wonder. There are 8 threads open on this forum about Avira. It can't be that bad, and as much as it can displease its detractors, any publicity is good publicity.

 

BlueZanetti',

I also am very relaxed, but I get heated on this topic.

I draw inferences from all kinds of material to form opinions and I read between the lines as much as possible. Here are a few of the most recent articles I read relating to 'cloud' computing, conflicting industry priorities, reviews and such:

1. http://www.gnu.org/philosophy/can-you-trust.html

2. http://www.computerworlduk.com/management/security/standards-law/news/index.cfm?newsId=19203

3. http://www.pcpro.co.uk/news/securit...r-admits-customers-still-dont-trust-the-cloud

4. http://www.eweekeurope.co.uk/news/dont-trust-cloud-says-government-security-adviser-6061

5. http://www.v3.co.uk/vnunet/news/2191749/avg-kaspersky-fail-virus

6. http://www.v3.co.uk/v3/news/2258822/rsa-2010-encryption-anti-virus

7. http://remove-malware.com/antimalwa...ernet-security-2010-and-rogue-antivirus-fail/

8. http://www.complaints.com/2010/february/9/Kaspersky_AntiVirus_Version_2010_reviews_227013.htm

9. http://www.itworld.com/security/100320/security-industry-faces-attacks-it-cannot-stop

10. http://lastwatchdog.com/antivirus-suites-fail/

I may go with ENODE32 if my CPU can take it.

O.K.?

P.S.: I see some posts here that are pure opinion. Folksy truisms even. References to a general sense of what may or may not be this or that. Get real folks. Read the boring stuff by the people with the uncomfortable details and make good choices. In the mean time lets have good cross-talk without the defensive tactics. I may be new to wildewrssecurity forum, but I'm no punk.

 

NaClmind, I admire your enthusiasm, but this thread is missing some facts. It's got heaps of 'who done it?' throughout, but not enough cold hard facts.

Until then, just wait it out.

With my tin foil hat on, who knows what I'll think. I think sandboxie, with its COM services running, is seeing what I'm doing. I think the portable version of Opera might have a rootkit, can I trust it? I have a feeling someone is spying on me, the creepy neighbour across the street with his light on?



By the way, some interesting reading there with the links. Thanks!

 

NaClmind:

Off topic,folksy,corn-pone,Wilard Scott-ish,etc.

It is hard to get upset with you when you have
"Carvers" avatar.

rat
ooophs!! Had Carvers Avatar!!

 

Gee, I wonder if eckzahn is a member here?

AVNotify connects to google-analytics which I have in my HOSTS file and is logged in HOSTSServer. The data "collected" is probably just OS, geographical IP data and frequency/length of program usage.

Here is the log data from a manual start of AVNotify (Pro version):

I have substituted any potentially personally identifiable numeric data with 9's.

 

who's carver? why isn't he taken seriously? how 'bout the lawnmower boy avatar. who has that? some raver? the wilard-scott inference is WAY outta line. just you wait. if my account is here tommarrow i'll upload a real nice avatar. something that shows my own unique forumsona.

nice.

 

No,carver is a really nice sort that just happened to have your first avatar.
he is (as far as I am concerned taken very seriously.)
For example if he says it is going to rain,I carry my raincoat.

Nothing sinister here.
Just trying to lighten the mood a tad.


lawnmower boy still has carvers head. your a OK guy,NaClmind,
I can tell that!!

rat