Avira watch - Eckzahn may be right IMHO

Discussion in 'other anti-virus software' started by NaClmind, Apr 10, 2010.

Thread Status:
Not open for further replies.
  1. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    I want to get people to go over to the Avira forum threads started by this Eckzahn person: http://forum.avira.com/wbb/index.php?page=Board&boardID=135 They go back a few days. I'm amazed the posts are still up. They seem to be unsure how to deal with this.

    This post: >>thanx doktornotor<< http://forum.avira.com/wbb/index.php?page=Thread&threadID=110918 was actually a response to what Eckzahn was describing about his 'dummy avnotify.exe' trick. doktornotor found the 'official' moderator response, which seemed to be for Eckzahn, not karma.

    Some wilders members are starting to reconsider Avira's product based on this latest development, as are some Avira forum members. Member 'karma' has been there awhile. I've been watching my connenection closely and the google traffic generated is a reality + the Chinese server-sniffers are rampant and Avira seems to smell good to them all of a sudden. Not swell.

    Based on the above I'de like to thread this and see if we can generate some useful banter about this Avira drama and what it implies. I don't think Eckzahn is going to stay with it: http://forum.avira.com/wbb/index.php?page=Thread&threadID=110867 Probably a null-pointer situation (for an Avira member) but we can rock it for awhile.


    later ;)
     
    Last edited: Apr 10, 2010
  2. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    very interesting, kinda looks like Avira is data mining for google.
     
  3. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    The poster may be right, but then again, could be wrong.

    I'd still wait till you receive a proper response. Otherwise 'tin foil hat' syndrome might get the better of you.

    At this stage, nothing has been proven that any harm or unethical is being done by Avira.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    or wrong ! Yes i want to know too.

    eckzahn

    http://forum.avira.com/wbb/index.php?page=Thread&postID=940279#post940279

    Data profiling/collection, and payments ? I still havn't seen concrete evidence of this data of ours being transferred to wherever. Those reported outgoings by eckzahn to 221.192.199.49 have NOT been shown, or the supposed data contained within ? I'd like to see these LOGS etc, as i'm sure others would too. I have NEVER witnessed ANY outgoings to 221 etc etc, or to China.

    Just did a manual update check, and monitored my FW

    Description product updater requested permission to access the internet.
    Rating High
    Date / Time 2010/04/10 22:59:20-4:00 GMT
    Type Repeat Program
    Program C:\Program Files\Avira\AntiVir Desktop\update.exe
    Source IP
    Destination IP my ISP
    Direction Outgoing (connect)
    Action Taken Allowed (once)/Manual
    Count 1
    Source DNS
    Destination DNS my ISP

    No incomings from China etc either.

    I know i have started using the NoNotifyAvira-V3.3.1.exe popup etc killer, but i never had outgoing etc issues before.


    Re - HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

    Mele20

    http://forum.avira.com/wbb/index.php?page=Thread&postID=938181#post938181

    Michael_Mann

    http://forum.avira.com/wbb/index.php?page=Thread&threadID=110918&226e7cca

    When Mele20 deleted this key, it didn't seem to affect "functionality" whatsoever ? Admittedly she wasn't connected to the internet, but that isn't "whole functionality"
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Their silence makes them appear guilty though. One would think that if it were an honest mistake, oversight or that there was a legitimate purpose for it they would be quick to bring that to our attention and squelch any doubt (thereby saving customers and $).

    I know the saying goes: "absence of evidence is not evidence of absence"... or something like that, but when somebody pleads the 5'th over and over again, I'm sorry, but they're probably guilty.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    All it has received so far is "Don't delete this key"...that doesn't explain much. However, I'm not entirely shocked by this, Google is in every damn thing. Question, does Avira offer a Google Toolbar with its installation, or is it one of the extremely few holdouts that don't resort to such BS? If it does offer it, I wouldn't fall over with shock if Google still dug its dirty little claws into the program and installed SOMETHING if you denied the toolbar. After all, Google for sure installs folders and crap even if you don't install their embedded toolbar with other programs. I know this because I've found the little suckers after an install.

    Edit: Look, do I think Avira is up to no good? No, I don't. The thing they need to understand though is that if this key or whatever has a truly legitimate purpose and does have to do with functionality, the best thing they can do is say so, explaining exactly what it does. So far they're just giving ammunition to the complainers.
     
  7. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    Affirmative. Many sober experts are saying we need to get real critical with our security software and not take our protection or the developers intentions for granted anymore. It's fundamentally ironic that the idea of 'security' has to be sold in the first place. Most end-users don't want to get much involved.

    Sometimes it's good to turn over a cow-pie or two.

    yaneverknow. :blink:
     
  8. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    CloneRanger...

    The Avira nag-screen is a live content web page connected to media servers supplying images, hot-linked to Avira. It's an active-content page on your desktop without your permission. When you click O.K. to close it's like clicking an ad in your browser. It sends data back to ad-source which is then sold or proffered to other parties, as per usual. Based on IE code, as per usual. Default characteristics of ad-garbage. As per usual.

    The hard evidence you want is not in your firewall log, it's on your desktop. IMHO

    just sayin...
     
    Last edited: Apr 10, 2010
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just as a matter of curiosity, could you provide some links in which acknowledged security experts are explicitly and seriously questioning the intentions (and by logical extension, the integrity) of developers of serious commercial applications?

    Blue
     
  10. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    Somewhere I read, "You are most vulnerable when you trust implicitly. Faith sooths the doubt. Hope calms the stomach." Don't know where but never forgot it.

    I'll dig around my bookmarks and see if I can find some good links to articles I've read regarding security software and things to look out for. Current examples were read on the fly in various forums and blogs. You have to do some of your own research I think. FYI: Newer companies with less of a performace record to analyze are ipso facto subject to strict and skeptical examination by techs and administrators. I also base much of my opinion based on real-world advise by my computer guy, who has deep-knowlage of security systems and does a lot of payed consulting. I trust his experience and opinion. Like a good doctor he has no problem telling it like it is, even if the patient is reluctant to hear the truth. Particularly regarding the hype pumped out by most security software vendors, legitimate or otherwise, established or new.

    Anyway, common sense tells one that free security software needs to connect to the money-stream somehow. This is how: Ads.

    A good example of ironic security software: Norton uses port 445 to send and receive virus definitons, and legitimate user & system data. An inherent vulnerability, as packet spoofing hackers and data-miners who mimic legitimate packets on 445 but re-route your 'secure connection' to some smelly repository will tell you if you get them drunk enough. ;)
     
    Last edited: Apr 11, 2010
  11. ratwing

    ratwing Guest


    Yep,for now at least,that pretty much covers the whole waterfront.
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Fine, but here's the deal....

    We are not going to serve as a platform for initiating interforum sniping. If you wish to discuss a technical topic, great. But then get about that doing that job and not pulling nondescript and unsupported speculation from every corner of the universe.

    Do some genuine technical legwork of your own if you wish to make a point or raise a specific issue.

    At the start of this thread, you chose to paint with an extremely broad, and from my perspective inflammatory, brush. I'm not looking for "good links", I don't need them. What I'd like to see is where thoughtful (you said sober) experts have explicitly stated that you should be suspicious of developer intentions in this product segment. I'm not looking for generic bromides such as "You are most vulnerable when you trust implicitly. Faith only soothes the doubt.". That's reasonable general advice, but it's also meaningless in the context of the current discussion. I also asked regarding serious commercial applications, not newer (arguably shell or fraudulent) vendors. You're broad brush was indiscriminate. If you meant transient vendors with debatable morals, you should have been more specific. Of course, that really doesn't apply to Avira, which is the focus of this thread.

    Blue
     
  13. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15

    relax.
     
  14. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15

    relax. i think i fit right in. if you don't think so you can flush me. here's an opinion that may help you make a decision: Opanda is too new to trust yet.

    igottabrain
     
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'm very relaxed. Now, how about you providing some genuinely supporting information pertaining to some of your comments above.

    As for your edited suggestion that "You have to do some of your own research I think", since you're already up to date on this topic, it simply seems more appropriate for you to share the findings that you've already identified.

    Blue
     
  16. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Right on Blue.
     
  17. ratwing

    ratwing Guest

    Really what is this sudden influx of Avira bashing?

    I mean I no longer use them(I would if I used a real time AV.),but can anyone really doubt that they are among the most straight arrow,anal-retentive of security providers?

    Their Forums are Draconian.
    They have no sense of humor.

    But I would leave my billfold with my last $10.00
    on the washroom table of their office and never worry about it.

    Rigid? yep.
    Un-bending? Oh yeah!!

    Honest and eminently competent? Hell yeah!!

    Yes Avira 10 is off to a rocky start.
    Yes,it will find its feet and trash its competitors as ever Avira product in recent memory has done.

    Where is the hate coming from?
     
  18. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    It's always been this way. When your good,there's always someone tryin to take away from your success,whether it be in sports,software,business,etc.

    I'm glad I dont use an AV anymore,I can sit back and watch the pack of wolves eat away at each other.
     
  19. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    I also wonder. There are 8 threads open on this forum about Avira. It can't be that bad, and as much as it can displease its detractors, any publicity is good publicity.
     
  20. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    BlueZanetti',

    I also am very relaxed, but I get heated on this topic.

    I draw inferences from all kinds of material to form opinions and I read between the lines as much as possible. Here are a few of the most recent articles I read relating to 'cloud' computing, conflicting industry priorities, reviews and such:

    1. http://www.gnu.org/philosophy/can-you-trust.html

    2. http://www.computerworlduk.com/management/security/standards-law/news/index.cfm?newsId=19203

    3. http://www.pcpro.co.uk/news/securit...r-admits-customers-still-dont-trust-the-cloud

    4. http://www.eweekeurope.co.uk/news/dont-trust-cloud-says-government-security-adviser-6061

    5. http://www.v3.co.uk/vnunet/news/2191749/avg-kaspersky-fail-virus

    6. http://www.v3.co.uk/v3/news/2258822/rsa-2010-encryption-anti-virus

    7. http://remove-malware.com/antimalwa...ernet-security-2010-and-rogue-antivirus-fail/

    8. http://www.complaints.com/2010/february/9/Kaspersky_AntiVirus_Version_2010_reviews_227013.htm

    9. http://www.itworld.com/security/100320/security-industry-faces-attacks-it-cannot-stop

    10. http://lastwatchdog.com/antivirus-suites-fail/

    I may go with ENODE32 if my CPU can take it.

    O.K.?

    P.S.: I see some posts here that are pure opinion. Folksy truisms even. References to a general sense of what may or may not be this or that. Get real folks. Read the boring stuff by the people with the uncomfortable details and make good choices. In the mean time lets have good cross-talk without the defensive tactics. I may be new to wildewrssecurity forum, but I'm no punk.
     
    Last edited: Apr 11, 2010
  21. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    NaClmind, I admire your enthusiasm, but this thread is missing some facts. It's got heaps of 'who done it?' throughout, but not enough cold hard facts.

    Until then, just wait it out.

    With my tin foil hat on, who knows what I'll think. I think sandboxie, with its COM services running, is seeing what I'm doing. I think the portable version of Opera might have a rootkit, can I trust it? I have a feeling someone is spying on me, the creepy neighbour across the street with his light on?

    ;)

    By the way, some interesting reading there with the links. Thanks!
     
  22. ratwing

    ratwing Guest

    NaClmind:

    Off topic,folksy,corn-pone,Wilard Scott-ish,etc.

    It is hard to get upset with you when you have
    "Carvers" avatar.

    rat
    ooophs!! Had Carvers Avatar!!
     
    Last edited by a moderator: Apr 11, 2010
  23. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Gee, I wonder if eckzahn is a member here? :rolleyes:

    AVNotify connects to google-analytics which I have in my HOSTS file and is logged in HOSTSServer. The data "collected" is probably just OS, geographical IP data and frequency/length of program usage.

    Here is the log data from a manual start of AVNotify (Pro version):

    I have substituted any potentially personally identifiable numeric data with 9's. :cool:
     
  24. NaClmind

    NaClmind Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    15
    who's carver? why isn't he taken seriously? how 'bout the lawnmower boy avatar. who has that? some raver? the wilard-scott inference is WAY outta line. just you wait. if my account is here tommarrow i'll upload a real nice avatar. something that shows my own unique forumsona.

    nice.
     
    Last edited: Apr 11, 2010
  25. ratwing

    ratwing Guest

    No,carver is a really nice sort that just happened to have your first avatar.
    he is (as far as I am concerned taken very seriously.)
    For example if he says it is going to rain,I carry my raincoat.

    Nothing sinister here.
    Just trying to lighten the mood a tad.


    lawnmower boy still has carvers head. your a OK guy,NaClmind,
    I can tell that!!

    rat
     
Loading...
Thread Status:
Not open for further replies.