Avira 10 launched

You mean that 'famous' registry key no one at Avira wants to talk about?
It's there in the paid premium version also. Must be a huge company secret of life and death ...

 

If this is that registry key ?



It doesn't appear to be doing anything on my v9 on XP SP2 ?

Even if it's not the correct one, if Avira really is allowing our comps to surreptitiously contact Google in some way/s, that's BAD

I don't see what the purpose would be for them doing this ? We don't get Ads served to us do we !

Hope someone can use Wireshark etc to confirm/deny this

 

Yeah, it doesn't appear to be doing anything anywhere, so why's it there in the first place and what's that mysterious "internal usage" that Avira staff is not allowed to comment on?

Someone already did and it looks even more fishy than just Google

 

You beat me to it. I was just about to post a link to that thread here.

That's the final straw. I absolutely will not use their products again... don't trust 'em. I'd heard rumors for awhile about Avira turning rogue. Not sure I'd "quite" go that far, but seeing this certainly adds merit to it. I would say it's pretty counter-productive when your security software is doing things you have it there to prevent in the first place.

So... I'm in the market for a light AV that has great detection rates, and good proactive protection without a bunch of extra features that might cause overlap and bloat... as my D+, FF w/addons and common sense can handle 99% of what the net might throw at me. In short, I'd like something like Avira 9, only without the pop-up's and phoning to Google/China. Doubt that such a thing exists. I'm willing to pay.

 

@doktornotor

Thanks for the info etc.

Re-

http://forum.avira.com/wbb/index.php?page=Thread&postID=939438#post939438

OUTGOING to China I just can't possibly imagine why Avira would be doing this, or with the other China connections ?

I get plenty of inbound attempts every few minutes nearly every day from Chinese IP's like this one just now

Description Packet sent from 221.192.199.49 (TCP Port 12200) to (TCP me Port 8000) was blocked
Rating Medium
Date / Time 2010/04/09 16:06:14-4:00 GMT
Type Firewall
Protocol TCP (flags:S)
Program
Source IP 221.192.199.49:12200
Destination IP me:8000
Direction Incoming
Action Taken Blocked
Count 3
Source DNS
Destination DNS O

But i never see ANY outbounds in my FW logs to IP's i don't know.

This is all very strange, to say the least, so i hope someone can get to the bottom of it asap.

 

Well, I'm testing Avast 5.0 Free ATM and am quite happy with it. Even w/ all shields in place, it feels more light than Avira, the webshield amazingly does not appear to slow down web traffic in a noticeable way etc.

Since you seem to be after a lightweight stuff, I'd suggest to continue the debate in this Avast tuning thread so that we don't get OT here.

 

there are plenty guilty of this. They tell you about it in the back rooms. But never have the guts to come out and say it. But with you on Avast. One last hope.

 

I just paid four weeks ago for another year. Well, I like Chinese food but Chinese unsolicited connections, no but no thanks. That's one customer less and 20 bucks thrown into the water. Avast you say? I'll have a look at it later.

 

Good Evening ! Ran a scan this morning and 22 warnings were issued, I checked them out on the accompanying scan report and was perplexed as to the Oriental Symbols! Begin scan in 'B_CPL_HEADEऎⰓB耀kKGROUND$255,255,255!$#RॷⰓ_耀rL_HEADER_LINE$102,102,1ॼⰓ.耀yGUARDSYSTRAY_CONFIGURAT॥ⰓN耀€onfigure AntiVir$#DEF_ॢⰓ_耀‡INETDLL$avinet.dll$#FN५ⰓL耀ŽMAINRC$ccmainrc.dll$#FॐⰓP耀•_GUARDRC$ccgrdrc.dll$#ख़ⰓB耀œP_BORDER_UP$192,192,192ॆⰓ#耀£_PLG_QUA$ccquarc.dll 1$ॏⰓX耀ªSHELLEXT$Scan selected ঴Ⱃl耀± with Anti&Vir $#FN_PLঽⰓC耀¸ICRC$cclicrc.dll$#FN_P঺Ⱃ_耀¿MGRDRC$ccmgrdrc.dll$#FণⰓP耀Æ_CCREPORC$ccreporc.dllনⰓF耀ÍPLG_CCSCANRC$ccscanrc.d঑Ⱃ耀ÔFN_PLG_CCSCHERC$ccscherঞⰓd耀Û$#FN_PLG_CCUPDRC$ccupdইⰓ.耀âl?$#DEF_FN_PRODUCTFILE_ঌⰓI耀éDE$/idx/wks_avira10-win৵Ⱃ-耀ð-pepr.idxP$#DEF_URL_NOT৲ⰓY耀÷ST$http://dl.antivir.de৻Ⱃa耀�
Search path B_CPL_HEADEऎⰓB耀kKGROUND$255,255,255!$#RॷⰓ_耀rL_HEADER_LINE$102,102,1ॼⰓ.耀yGUARDSYSTRAY_CONFIGURAT॥ⰓN耀€onfigure AntiVir$#DEF_ॢⰓ_耀‡INETDLL$avinet.dll$#FN५ⰓL耀ŽMAINRC$ccmainrc.dll$#FॐⰓP耀•_GUARDRC$ccgrdrc.dll$#ख़ⰓB耀œP_BORDER_UP$192,192,192ॆⰓ#耀£_PLG_QUA$ccquarc.dll 1$ॏⰓX耀ªSHELLEXT$Scan selected ঴Ⱃl耀± with Anti&Vir $#FN_PLঽⰓC耀¸ICRC$cclicrc.dll$#FN_P঺Ⱃ_耀¿MGRDRC$ccmgrdrc.dll$#FণⰓP耀Æ_CCREPORC$ccreporc.dllনⰓF耀ÍPLG_CCSCANRC$ccscanrc.d঑Ⱃ耀ÔFN_PLG_CCSCHERC$ccscherঞⰓd耀Û$#FN_PLG_CCUPDRC$ccupdইⰓ.耀âl?$#DEF_FN_PRODUCTFILE_ঌⰓI耀éDE$/idx/wks_avira10-win৵Ⱃ-耀ð-pepr.idxP$#DEF_URL_NOT৲ⰓY耀÷ST$http://dl.antivir.de৻Ⱃa耀�
System error [123]: The filename, directory name, or volume label syntax is incorrect.
Begin scan in 'C:\Windows'
C:\Windows\IME\IMESC5\HELP\PINTLGNE.CHM
[0] Archive type: CHM
--> /images/Reconv2_2.bmp
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\IME\IMESC5\HELP\PINTLGNT.CHM
[0] Archive type: CHM
--> /images/InnerCode1.bmp
[WARNING] The temporary file could not be opened!
C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\ONGUIDE.ONEPKG_1033
[0] Archive type: CAB (Microsoft)
--> OneNote Table Of Contents.onetoc2
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\Logs\CBS\CbsPersist_20100314000359.cab
[WARNING] The temporary file could not be opened!
C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab
[0] Archive type: CAB (Microsoft)
--> csc_exe_x86.config
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\SoftwareDistribution\Download\c9b686071d31e565224d2a730c7b8d1ac79c99d4
[0] Archive type: CAB (Microsoft)
--> UCI32M40.dll
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\System32\spool\drivers\w32x86\PCC\ntprint.inf_fceaf475.cab
[0] Archive type: CAB (Microsoft)
--> I386\PCL4RES.DLL
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\System32\spool\drivers\w32x86\PCC\ntprint.inf_x86_neutral_c4c11fe1f3d01835.cab
[0] Archive type: CAB (Microsoft)
--> I386\PCL4RES.DLL
[WARNING] The temporary file could not be opened!
[WARNING] The temporary file could not be opened!
C:\Windows\System32\spool\drivers\w32x86\PCC\prnca001.inf_92fbd03f.cab
[WARNING] The temporary file could not be opened!
C:\Windows\System32\spool\drivers\w32x86\PCC\prnca001.inf_x86_neutral_66bdc6fcf465eae1.cab
[0] Archive type: CAB (Microsoft)
--> I386\CNBJ.INI

 

And what all that means xD

 

What about promotional licences ?
Has anyone checked if those phone out too ?
I don't know to verify this myself, I use the Avira suite, including the firewall.

I have noticed that on occasion Avira wants to phone out by means of Windows explorer (Windows XP SP2 Home Edition).

 

Good Morning! Just completed a Full System Scan, and this is after removing Goggle Chrome, now I don't know if this is just coincidence but the 22 Warnings I encountered yesterday didn't appear during the scan. Has anyone experienced a similar occurence ? And is this in fact related to Avira and Google ? Sincerely...Securon

 

thanks doktornotor,,great information.

 

A sequel to the avnotify phone-home utility: Install AntiVir with dummy avnotify.exe - makes me wonder what else they've bundled into this nag tool. There's definitely more in avnotify.dll, since killing that as well was required for nag-free experience w/ Avira Free v10.

 

from the link

even if they fix it,,would you trust them?

 

keep in mind there are 2 sides to every story. You trusted them up till now and did it harm you.

 

Just to be absolutely clear here: The posts linked on Avira forums are not mine; I don't even have an account there since (as I've already noted here somewhere earlier) it's impossible to communicate there in an effective way due to their "antispam" measures.

Me personally - well, not really - we have yet to hear a word from Avira wrt that phone-home misfeatures of avnotify.* stuff, so far they are totally silent, occasionally hitting a delete button.

 

well till now did you here word from them about "google and china"
also..i subscribe to their forums las year..free-avira..i posted once regarding the update issue at that time...guess what after that i couldn't even reply,nor create another thread.
i email avira,and they respond there must be a problem with your browser [IE8]..
well i tried fireox,opera,chrome,sware-iron...nada,nothing same error message,,can't post in that forum.
and now this...actually using avast.

 

so for us less astute, just what dies it mean or just what is it they are doing.

 

Well, to put it mildly, their popup nag utility (avnotify.exe) seems to generate unsolicited traffic (phone home to Google and possible elsewhere as well) - confirmed by several people. There's not a single mention of such behaviour in EULA and that's something that's absolutely not required to display their ads, whatever you think about such way of promoting paid variants of their products.

Also, they are completely non-communicative wrt this hidden "functionality" of their free product, and that "functionality" clearly got "extended" with avnotify.dll in their latest version.

For a security vendor, seems quite bad, definitely bad enough for me to stop using their products.

Still waiting for a comment from them, but I suspect that won't happen. (Reminds me of the "secret" thread about avast.eu redirect on their forums, which is visible to "trusted" community members only).

 

@doktornotor

Well that eckzahn person has definately started something, and good for him ! I'm amazed that the threads/posts/info have been allowed to stay, so at least that's a positive stance by Avira.

The dummy avnotify.exe is an interesting exercise, but the not so secret NoNotifyAvira-V3.3.1.exe is even better.

Not sure what the ad-click-stats sent to VeriSign during installation are ?

I have google analytics blocked, along with lots of others, with Ghostery in FF Addons





so that could be why they don't piggy-back my updates ?

@trjam

True, but we're only getting 1

Not as far as i know

 

cloneranger that ghostery is only for firefox right?.
and avnotify is for the whole system
oh...btw,that i remember they're off saturday.

 

@acuariano

Hi, thanks for your post.

Correct, but for the record, there are web bug blockers for IE

You're right my bad

Before all this kicked off, i was fine with the buy me pop up as i felt it wasn't too much to ask a few times a day for a great AV. Since i became aware of these strange occurrences i have installed the NoNotifyAvira-V3.3.1.exe popup etc killer. Until i hear a solid plausable explanation for these events from Avira, or someone, i'll keep it installed.

The devil needs to rest too

 

but this will only remove the notify,,,wonder if the updater call

 

well cloneranger the latest version is 3.41