Avira 10 launched

Discussion in 'other anti-virus software' started by Ibrad, Mar 22, 2010.

Thread Status:
Not open for further replies.
  1. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    You mean that 'famous' registry key no one at Avira wants to talk about?
    It's there in the paid premium version also. Must be a huge company secret of life and death ...
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    If this is that registry key ?

    reg.gif

    It doesn't appear to be doing anything on my v9 on XP SP2 ?

    Even if it's not the correct one, if Avira really is allowing our comps to surreptitiously contact Google in some way/s, that's BAD

    I don't see what the purpose would be for them doing this ? We don't get Ads served to us do we !

    Hope someone can use Wireshark etc to confirm/deny this :thumb:
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, it doesn't appear to be doing anything anywhere, so why's it there in the first place and what's that mysterious "internal usage" that Avira staff is not allowed to comment on?

    Someone already did and it looks even more fishy than just Google o_O
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    You beat me to it. I was just about to post a link to that thread here.

    That's the final straw. I absolutely will not use their products again... don't trust 'em. I'd heard rumors for awhile about Avira turning rogue. Not sure I'd "quite" go that far, but seeing this certainly adds merit to it. I would say it's pretty counter-productive when your security software is doing things you have it there to prevent in the first place.

    So... I'm in the market for a light AV that has great detection rates, and good proactive protection without a bunch of extra features that might cause overlap and bloat... as my D+, FF w/addons and common sense can handle 99% of what the net might throw at me. In short, I'd like something like Avira 9, only without the pop-up's and phoning to Google/China. Doubt that such a thing exists. I'm willing to pay.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @doktornotor

    Thanks for the info etc.

    Re-

    http://forum.avira.com/wbb/index.php?page=Thread&postID=939438#post939438

    OUTGOING to China o_O I just can't possibly imagine why Avira would be doing this, or with the other China connections ?

    I get plenty of inbound attempts every few minutes nearly every day from Chinese IP's like this one just now

    Description Packet sent from 221.192.199.49 (TCP Port 12200) to (TCP me Port 8000) was blocked
    Rating Medium
    Date / Time 2010/04/09 16:06:14-4:00 GMT
    Type Firewall
    Protocol TCP (flags:S)
    Program
    Source IP 221.192.199.49:12200
    Destination IP me:8000
    Direction Incoming
    Action Taken Blocked
    Count 3
    Source DNS
    Destination DNS O

    But i never see ANY outbounds in my FW logs to IP's i don't know.

    This is all very strange, to say the least, so i hope someone can get to the bottom of it asap.
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, I'm testing Avast 5.0 Free ATM and am quite happy with it. Even w/ all shields in place, it feels more light than Avira, the webshield amazingly does not appear to slow down web traffic in a noticeable way etc.

    Since you seem to be after a lightweight stuff, I'd suggest to continue the debate in this Avast tuning thread so that we don't get OT here. ;)
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    there are plenty guilty of this. They tell you about it in the back rooms.:cautious: But never have the guts to come out and say it. But with you on Avast. One last hope.:thumb:
     
  8. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    :mad: I just paid four weeks ago for another year. Well, I like Chinese food but Chinese unsolicited connections, no but no thanks. That's one customer less and 20 bucks thrown into the water. Avast you say? I'll have a look at it later.
     
  9. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening ! Ran a scan this morning and 22 warnings were issued, I checked them out on the accompanying scan report and was perplexed as to the Oriental Symbols! Begin scan in 'B_CPL_HEADEऎⰓB耀kKGROUND$255,255,255!$#RॷⰓ_耀rL_HEADER_LINE$102,102,1ॼⰓ.耀yGUARDSYSTRAY_CONFIGURAT॥ⰓN耀€onfigure AntiVir$#DEF_ॢⰓ_耀‡INETDLL$avinet.dll$#FN५ⰓL耀ŽMAINRC$ccmainrc.dll$#FॐⰓP耀•_GUARDRC$ccgrdrc.dll$#ख़ⰓB耀œP_BORDER_UP$192,192,192ॆⰓ#耀£_PLG_QUA$ccquarc.dll 1$ॏⰓX耀ªSHELLEXT$Scan selected ঴Ⱃl耀± with Anti&Vir $#FN_PLঽⰓC耀¸ICRC$cclicrc.dll$#FN_P঺Ⱃ_耀¿MGRDRC$ccmgrdrc.dll$#FণⰓP耀Æ_CCREPORC$ccreporc.dllনⰓF耀ÍPLG_CCSCANRC$ccscanrc.d঑Ⱃ耀ÔFN_PLG_CCSCHERC$ccscherঞⰓd耀Û$#FN_PLG_CCUPDRC$ccupdইⰓ.耀âl?$#DEF_FN_PRODUCTFILE_ঌⰓI耀éDE$/idx/wks_avira10-win৵Ⱃ-耀ð-pepr.idxP$#DEF_URL_NOT৲ⰓY耀÷ST$http://dl.antivir.de৻Ⱃa耀�
    Search path B_CPL_HEADEऎⰓB耀kKGROUND$255,255,255!$#RॷⰓ_耀rL_HEADER_LINE$102,102,1ॼⰓ.耀yGUARDSYSTRAY_CONFIGURAT॥ⰓN耀€onfigure AntiVir$#DEF_ॢⰓ_耀‡INETDLL$avinet.dll$#FN५ⰓL耀ŽMAINRC$ccmainrc.dll$#FॐⰓP耀•_GUARDRC$ccgrdrc.dll$#ख़ⰓB耀œP_BORDER_UP$192,192,192ॆⰓ#耀£_PLG_QUA$ccquarc.dll 1$ॏⰓX耀ªSHELLEXT$Scan selected ঴Ⱃl耀± with Anti&Vir $#FN_PLঽⰓC耀¸ICRC$cclicrc.dll$#FN_P঺Ⱃ_耀¿MGRDRC$ccmgrdrc.dll$#FণⰓP耀Æ_CCREPORC$ccreporc.dllনⰓF耀ÍPLG_CCSCANRC$ccscanrc.d঑Ⱃ耀ÔFN_PLG_CCSCHERC$ccscherঞⰓd耀Û$#FN_PLG_CCUPDRC$ccupdইⰓ.耀âl?$#DEF_FN_PRODUCTFILE_ঌⰓI耀éDE$/idx/wks_avira10-win৵Ⱃ-耀ð-pepr.idxP$#DEF_URL_NOT৲ⰓY耀÷ST$http://dl.antivir.de৻Ⱃa耀�
    System error [123]: The filename, directory name, or volume label syntax is incorrect.
    Begin scan in 'C:\Windows'
    C:\Windows\IME\IMESC5\HELP\PINTLGNE.CHM
    [0] Archive type: CHM
    --> /images/Reconv2_2.bmp
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\IME\IMESC5\HELP\PINTLGNT.CHM
    [0] Archive type: CHM
    --> /images/InnerCode1.bmp
    [WARNING] The temporary file could not be opened!
    C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\ONGUIDE.ONEPKG_1033
    [0] Archive type: CAB (Microsoft)
    --> OneNote Table Of Contents.onetoc2
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\Logs\CBS\CbsPersist_20100314000359.cab
    [WARNING] The temporary file could not be opened!
    C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab
    [0] Archive type: CAB (Microsoft)
    --> csc_exe_x86.config
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\SoftwareDistribution\Download\c9b686071d31e565224d2a730c7b8d1ac79c99d4
    [0] Archive type: CAB (Microsoft)
    --> UCI32M40.dll
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\System32\spool\drivers\w32x86\PCC\ntprint.inf_fceaf475.cab
    [0] Archive type: CAB (Microsoft)
    --> I386\PCL4RES.DLL
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\System32\spool\drivers\w32x86\PCC\ntprint.inf_x86_neutral_c4c11fe1f3d01835.cab
    [0] Archive type: CAB (Microsoft)
    --> I386\PCL4RES.DLL
    [WARNING] The temporary file could not be opened!
    [WARNING] The temporary file could not be opened!
    C:\Windows\System32\spool\drivers\w32x86\PCC\prnca001.inf_92fbd03f.cab
    [WARNING] The temporary file could not be opened!
    C:\Windows\System32\spool\drivers\w32x86\PCC\prnca001.inf_x86_neutral_66bdc6fcf465eae1.cab
    [0] Archive type: CAB (Microsoft)
    --> I386\CNBJ.INI
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    And what all that means xD
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    What about promotional licences ?
    Has anyone checked if those phone out too ?
    I don't know to verify this myself, I use the Avira suite, including the firewall.

    I have noticed that on occasion Avira wants to phone out by means of Windows explorer (Windows XP SP2 Home Edition).
     
    Last edited: Apr 10, 2010
  12. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Morning! Just completed a Full System Scan, and this is after removing Goggle Chrome, now I don't know if this is just coincidence but the 22 Warnings I encountered yesterday didn't appear during the scan. Has anyone experienced a similar occurence ? And is this in fact related to Avira and Google ? Sincerely...Securon
     
  13. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    thanks doktornotor,,great information.
     
  14. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    A sequel to the avnotify phone-home utility: Install AntiVir with dummy avnotify.exe - makes me wonder what else they've bundled into this nag tool. There's definitely more in avnotify.dll, since killing that as well was required for nag-free experience w/ Avira Free v10.
     
  15. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    from the link
    even if they fix it,,would you trust them?
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    keep in mind there are 2 sides to every story. You trusted them up till now and did it harm you.
     
  17. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Just to be absolutely clear here: The posts linked on Avira forums are not mine; I don't even have an account there since (as I've already noted here somewhere earlier) it's impossible to communicate there in an effective way due to their "antispam" measures.

    Me personally - well, not really - we have yet to hear a word from Avira wrt that phone-home misfeatures of avnotify.* stuff, so far they are totally silent, occasionally hitting a delete button. :mad:
     
  18. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    well till now did you here word from them about "google and china"
    also..i subscribe to their forums las year..free-avira..i posted once regarding the update issue at that time...guess what after that i couldn't even reply,nor create another thread.
    i email avira,and they respond there must be a problem with your browser [IE8]..
    well i tried fireox,opera,chrome,sware-iron...nada,nothing same error message,,can't post in that forum.
    and now this...actually using avast.
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    so for us less astute, just what dies it mean or just what is it they are doing.
     
  20. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, to put it mildly, their popup nag utility (avnotify.exe) seems to generate unsolicited traffic (phone home to Google and possible elsewhere as well) - confirmed by several people. There's not a single mention of such behaviour in EULA and that's something that's absolutely not required to display their ads, whatever you think about such way of promoting paid variants of their products.

    Also, they are completely non-communicative wrt this hidden "functionality" of their free product, and that "functionality" clearly got "extended" with avnotify.dll in their latest version.

    For a security vendor, seems quite bad, definitely bad enough for me to stop using their products.

    Still waiting for a comment from them, but I suspect that won't happen. (Reminds me of the "secret" thread about avast.eu redirect on their forums, which is visible to "trusted" community members only).
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @doktornotor

    Well that eckzahn person has definately started something, and good for him ! I'm amazed that the threads/posts/info have been allowed to stay, so at least that's a positive stance by Avira.

    The dummy avnotify.exe is an interesting exercise, but the not so secret NoNotifyAvira-V3.3.1.exe is even better.

    Not sure what the ad-click-stats sent to VeriSign during installation are ?

    I have google analytics blocked, along with lots of others, with Ghostery in FF Addons :D :thumb:

    g1.gif

    g2.gif

    so that could be why they don't piggy-back my updates ?

    @trjam

    True, but we're only getting 1 :(

    Not as far as i know :D
     
  22. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    cloneranger that ghostery is only for firefox right?.
    and avnotify is for the whole system
    oh...btw,that i remember they're off saturday.
     
  23. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @acuariano

    Hi, thanks for your post.

    Correct, but for the record, there are web bug blockers for IE

    You're right :thumb: my bad :(

    Before all this kicked off, i was fine with the buy me pop up as i felt it wasn't too much to ask a few times a day for a great AV. Since i became aware of these strange occurrences i have installed the NoNotifyAvira-V3.3.1.exe popup etc killer. Until i hear a solid plausable explanation for these events from Avira, or someone, i'll keep it installed.

    The devil needs to rest too :D
     
  24. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    but this will only remove the notify,,,wonder if the updater call
     
  25. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    well cloneranger the latest version is 3.41
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.