a-2

Discussion in 'other anti-trojan software' started by Optimist, Nov 25, 2003.

Thread Status:
Not open for further replies.
  1. Optimist

    Optimist Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    90
    Download a-2free
    http://updates.a-2.org/a2freesetup.exe
     
  2. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    http://forum.a-2.org/viewtopic.php?t=173&sid=52d2abb74817ee9a9ed3623565d50000

    wizard
     
  3. FINALLY something to play with ! :D

    I never thought Andreas would release anything this year...But glad to see he did !

    Funny you have to register an account for a free program to get updates (when installing) ? But, hey what the heck...it's only 2 minutes work.
     
  4. Andreas Haak

    Andreas Haak Guest

    You have to activate and update a² at least one time before using any parts of it. We want to be sure you get the newest version of a² before using it.

    In fact we won't collect anything about you. You can easily check this using a packet sniffer. You will just see that a² will send a simple url to the server:

    Code:
    [25/Nov/2003:20:31:46 +0100] "GET /updates.php?product=A2FR&user=testuser@test.de&code=testpassword&no=1 HTTP/1.0" 200 -

    Nothing about your hardware or software :).
     
  5. waldo

    waldo Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    14
    Seems to run smooth, slick interface, easy to use.

    Scanned my harddisk (40 gig) in less than 30 minutes.

    Found nothing, but i'm happy it didn't :D

    I just hope the complete signature-database will be added soon.

    Kind regards,

    Waldo
     
  6. Andreas Haak

    Andreas Haak Guest

    In fact memory signatures and worm signatures are still missing. but I guess they will be added tomorrow after releasing the a² personal version :).
     
  7. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Re:a²

    Those who are testing a² and commenting positive or negative, please post your OS, if you care to.

    Would also be interested in comments on resource use (qualitative & quantitative ie. runs light, uses little resources, uses ?% GDI free, Sys & User free if running Win9x)

    It might help those interested in this program as we progress to full release and beyond...

    Also if you get a chance run some leak tests on a²:

    http://www.firewallleaktester.fr.st/
     
  8. Andreas Haak

    Andreas Haak Guest

    Nice idea ... I will test the leak tests against a² personal :).
     
  9. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    To create ~19,000 (memory) signatures and some few 1,000 worm signatures in just one day (from which 8 hours are regular work) and the release of a² personal is just imprevise. You must have a pretty good time management (or actually no sleep) or ...

    wizard
     
  10. Andreas Haak

    Andreas Haak Guest

    No sleep at all ;). But well ... most file signatures are simple finger prints. Just to have basis we can build on. After memory signatures are ready there will be added normal binary signatures, too.

    Memory signatures are selected by hand and nobody said that memory signatures will be released for ALL unique nasties tomorrow :). But I will start to build them up :). Will take about 5 or 6 days :).

    And well ... 1505 binary worms and worm variants :). Won't add VBS worms - only a generic detection to catch them :).
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I've tried downloading a2freesetup.exe several times, and each time I download and run it, I get:

    "The setup files are corrupted. Please obtain a new copy of the program."

    I'm not using a download manager, and I don't generally have problems with download corruption. No idea what is going on here.

    Edit: Never mind, I finally got it. It took 4 tries, though. Must be a busy server. Or it's running IIS. :blink:
     
  12. ntl

    ntl Guest

    @Seltsam:

    Congratulations. I am happy that you finally managed to release a squared. (Btw., I am still waiting for my special version ;-)

    I am a little bit unhappy about the mandatory activation procedure though. At least the freeware version should not require activation. I have no doubt that you do not transmit any private data. But the whole activation concept contradicts almost everything I like about the internet: freedom, anonymity and so on. I guess you will understand how I feel. (Almost the same applies to mandatory autoupdate and registration procedures in connection with commercial software.)

    @All

    My first impressions are as follows:

    1.
    Found a typo in the license agreement: documentation instead of dokumentation would be right.

    2.
    Found more mistakes in the license agreemet: intellectual property instead of mental property would be right.

    3.
    Wondering about the statement re reverse engineering: this is indeed a funny one considering ... ahh Seltsam will know what I mean ;-)

    4.
    I have still not installed the software: it should read "with" instead of "width" ("the conditions of the present treaty" -> should be agreement). Well, actually I believe that the complete clause "Passing On the Software" must be revised.

    5.
    Did I mention that I hate license agreements? "OR ITS SUPPLIERS BE LIABLE" ... what's that? "Thouroughly" seems also strange to me ...

    6.
    OK...now I have accepted the license agreement although I did not understand it. *fg*

    7.
    Now the autoupdate bugs me. I am unable to edit the update and account settings.

    8.
    Bah ... Mr. Andreas Haak forces me to create an account.

    9.
    Called myself Andreas Hackevoll (hackevoll@sofort-mail.de)

    10.
    Got an activation code called: qonodeto32 . Btw. ... does the license agreement say that I must not disclose this code?

    11.
    Used a wrong username: Typed Andreas Hackevoll instead of hackevoll@sofort-mail.de . The a2 server purported not to be reachable. But that must be a fake error.

    12.
    Activiation worked fine as soon as I entered the correct username.

    13.
    The live update bugs me ... it downloads and downloads and downloads. Is there really no private data transfer taking placeo_O

    14.
    What the fu** is that?? Do you really ask me to restart my computer?? This can't be true. What is it good for?

    15.
    Damn ... this a2 icon has jumped into my quick start panel. I hate that. I do not want it to be there ...

    16.
    Ahh ... I was able to start a2 w/o rebooting my computer.

    17.
    GUI looks nice! (Was it really me who said this? ;-)

    18.
    Tried to configure the on access scanner. Doh! It's not part of the free version.

    19.
    Same applies to the so-called Analysis-Tools whatever that may be.

    20.
    Made an internet update. Funny ... a2 starts to download all the stuff again which it has already downloaded before. Will it try to reboot my computer again? ;-)

    21.
    No!

    22.
    I tried to visit the control center. Nothing happens.

    23.
    O.k. ... there is only one option left: Scan my damn system. It loads the signatures (which takes a small while) and a another nice GUI pops up.

    24.
    Now it scans my c: drive. It already found one malware sample...don't know yet what it is.

    25.
    I guess it scanned about 15000 files. And it was pretty quick!!

    26.
    Let's see what it found:

    5 nasties ... 1 x assasin2, 4 x optixlite. No false alerts. It did not find the beast trojan compressed with acprotect.

    26.
    a2 did not automatically delete the malware samples which is good.

    27.
    Now let's scan a few malware archives and another big directory.

    28.
    Hmm ... no false alerts. It finds some trojans in the malware archives. I believe it would not be fair to post any test results since the signature database is not complete yet and we are still talking about a release canditate.

    Summary: a2 seems to work pretty well. And its damn quick. Too early to say anything about the detection rates. The activation procedure is so stupid ...

    Cheers ntl
     
  13. Andreas Haak

    Andreas Haak Guest

    >But the whole activation concept contradicts almost everything I like about the internet:
    >freedom, anonymity and so on. I guess you will understand how I feel. (Almost the same
    >applies to mandatory autoupdate and registration procedures in connection with commercial
    >software.)

    But well ... it helps me alot. Regardless where you downloaded a² and how old the package is ... you will at least update it one times.

    >10.
    >Got an activation code called: qonodeto32 . Btw. ... does the license agreement say that I
    >must not disclose this code?

    Nope ... but in fact if to many pcs try to update a² personal with one and the same account data the account is closed ;).

    >Used a wrong username: Typed Andreas Hackevoll instead of hackevoll@sofort-mail.de . The
    >a2 server purported not to be reachable. But that must be a fake error.

    Not exactly. Its a bug in the url encoding. Will be fixed :).

    >The live update bugs me ... it downloads and downloads and downloads. Is there really no
    >private data transfer taking placeo_O

    Yes. But it depends when you download ;). In fact every time when I release an update I will upload a new up-to-date setup :).

    >What the fu** is that?? Do you really ask me to restart my computer?? This can't be true.
    >What is it good for?

    The updater tried to update itself. So it needs the restart for the file replace :).

    >Damn ... this a2 icon has jumped into my quick start panel. I hate that. I do not want it to be
    >there ...

    I can make a option "Create desktop/quick launch link" ... .

    >Ahh ... I was able to start a2 w/o rebooting my computer.

    Sure you are :).

    >Tried to configure the on access scanner. Doh! It's not part of the free version.

    Exactly :).

    >Same applies to the so-called Analysis-Tools whatever that may be.

    Process viewer, autostart viewer and so on :).

    >Made an internet update. Funny ... a2 starts to download all the stuff again which it has
    >already downloaded before. Will it try to reboot my computer again? ;-)

    Sure ... cause you still use the old updater and thats why it redownloads it ... until a reboot. But well ... I forgot to add a message: "Please reboot your pc" to the updater. Was added now ;).

    >I tried to visit the control center. Nothing happens.

    A browser window should be opened :).

    >O.k. ... there is only one option left: Scan my damn system. It loads the signatures (which
    >takes a small while) and a another nice GUI pops up.

    Was it really you who said this? *fg*

    >Now it scans my c: drive. It already found one malware sample...don't know yet what it is.

    Well ... I thought about printing the last found malware name to the statistics :).

    >5 nasties ... 1 x assasin2, 4 x optixlite. No false alerts. It did not find the beast trojan
    >compressed with acprotect.

    No unpacking within the free version :).

    >Hmm ... no false alerts. It finds some trojans in the malware archives. I believe it would not
    >be fair to post any test results since the signature database is not complete yet and we are
    >still talking about a release canditate.

    And cause its the "scheinsicherheit" testset many packed and crypted stuff :).
     
  14. controler

    controler Guest

    Nice job Andreas

    I am guessing those that doughted you should appologize.

    I am trying this new version and because there is no unpacking it doesn't detect my samples. They are only zipped.

    I will try unzipping them and scan again
    funny how if I have me firewall enabled and I try to post I get an error message saying invalid refering site LOL

    con
     
  15. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I have copies of the setup files for several different recent versions of AI RoboForm (specifically, 5.4.9 through 5.5.2). A2 flagged each with a diagnosis of Trojan.Win32.Gentee.b.

    The scan window does not appear correctly with a DPI setting of 120 (selection tree appears, but no button). I hit Tab and then Enter, which was a wild guess, but worked.

    When I click Next on the first dialog of the "a2 Updater", I get an error ("Access violation at address 004706DB in module 'a2upd.exe'. Read of address 00000000.") immediately, then the update hangs and does nothing.
     
  16. Andreas Haak

    Andreas Haak Guest

    Thought about adding basic unpacking ... but not sure yet :). In my opinion unpacking of archives is absolutely useless ... . But well ... maybe :).
     
  17. Andreas Haak

    Andreas Haak Guest

    @nameless:
    Can you please send in the false positives? Can you reproduce the error inside the updater?

    I will do a few optimizations for "large fonts" :). But for now I will go to bed to get a little bit of sleep ;).
     
  18. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Its not really "useless" as I find it a necessity for any Antivirus/Antitrojan needs, alot of things that are downloadable are archived, so even if it hasnt been opened yet, is it better to find the malware BEFORE its active in your system, or after?
     
  19. Andreas Haak

    Andreas Haak Guest

    a² personal does on access scanning ... so no need I guess ... . But well ... I will put a vote only if they want it :).
     
  20. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Will a2 run with trojanhunter and spywareguard active or do I need to remove them.
     
  21. hayc59

    hayc59 Guest

    I am running both and have had no problems.
    No false positives and am running windows 98se
    fast scan in my opinion ;) ;)
     
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Thank you Hayc59 I appreciate that. ;)









    - removed unnecessary attachment.
     
  23. hayc59

    hayc59 Guest

    your welcome :D
     
  24. beetlejuice

    beetlejuice Registered Member

    Joined:
    Oct 12, 2002
    Posts:
    8,523
    I am running both and have had no problems.
    No false positives and am running windows 98se
    fast scan in my opinion ;) ;)
    Same here. I even have the latest Roboform v5.50. No flags on it. No Problems except on activation. Everything is worked out now. All looks good.
    15,500 files scanned in 22:00 minutes. P3 450 Mhz.
     
  25. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I'll send in one of the false positives. I assume that even though I had four of them, only one will be needed.

    The problem with the updater was 100% reproducible (I tried about 10 times).

    The latest version of RoboForm is 5.5.2 (which is beside the point, but...). I didn't get a flag on the installed files, but rather (as I said) on the setup files for RoboForm.
     
Thread Status:
Not open for further replies.