19 Apr

One month with Avast

I've written about my troubles with Bitdefender AV solution before.. XXXX So, when my Bitdefender license expired, I was happy to switch to a different solution. I picked AVAST. In this post I'll try to summarize my my impressions after using it for one month.

Setup

Bitdefender 2016 insisted on me creating user account for their cloud management crapshoot before I was actually able to get installer and install the software.

On the contrary, Avast's setup was a snap. One, two, pick components, done.
01-setup
One minor issue I noticed - I'm quite sure Avast setup did not respect my choices and installed more components than I selected in the setup dialog. Or maybe I mis-clicked one checkbox. I'll give them a benefit of doubt.

Avast - 1 : Bitdefender - 0.

User Interface

After all-dark-and-depressing Bitdefender UI, Avast feels much more brighter, colourful and cheerful. It feels much snappier and faster as well. Everything seems to be intuitive and easy to find.

Avast - 1 : Bitdefender - 0.

Configuration

Avast has all its settings in one place. Bitdefender requires you to open each component separately to access its settings. Avast would be a clear winner here, but..

But good luck trying to find which apps are allowed or blocked by Avast firewall!

Firewall configuration is under "Settings", just like you would expect. From there you can configure "System rules" and "Packet rules". However, you won't find allowed/blocked applications there. Instead, you need to go to Tools->Firewall and locate teeny tiny "Application rules" hidden between "Firewall logs" and "Settings". WTF?
02-firewall-apps

Taking that into account: Avast - 1/2 : Bitdefender - 1/2

Updates

Both antiviruses handle normal updates very well. No ads, no popups, no annoyances of any kind. Avast seems to have sort of ad hoc streaming updates 24/7 - or at least, that's what the Statistics tabs shows:
03-stats

However... Today my Avast received a different kind of update that required restart. From what I can tell, this update replaced most of EXE/DLL files in the %PROGRAMFILES%\AVAST Software\Avast\ folder. After restart, my PC got stuck in semi-working state, services.exe and svchost.exe eating most of the CPU resources and Avast showing "try our new-and-cool-whatever-thing-I-don't-give-a-crap-about" advertisement. In addition to that, Avast claimed that it's firewall module cannot be started.

Few "repair installation" and Windows restarts later the problem disappeared. As a side effect - all my carefully set privacy settings were reset to defaults, "show offers for other Avast products" was enabled again and all File System Shield exceptions are gone.

Even though I really enjoy invisible 24/7 updates of Avast, I have to reduce Avast's score due to this major f*ckup.

Avast - 0 : Bitdefender - 1

Bugs and issues

As I described earlier, Bitdefender was far from being perfect. On the contrary, my first impressions of Avast were extremely positive. Great setup, aesthetically pleasing UI, plenty of user-configurable settings. Everything I could ask for!

However, first few weeks of using Avast has been nothing but a source of frustration.

Issue #1 - I've configured File System Shield to scan files only on execute. All scans on write or access are disabled for executable files using Avast's UI.
04-avast-no-write-scan
05-avast-no-access-scan
However, any time I copy-paste suspicious executable files from one PC to another using Remote Desktop Client, Avast File System shield pops up and blocks the copy operation. WTF?!

06-detect-on-copy-paste

Issue #2 - There is no "Beggar off, I know what I'm doing" option in the detection dialog, even for heuristic detections. The previous issue wouldn't be a big one, if I had a possibility to dismiss detections dialog and continue copying files. But I can't.
07-no-ignore
So, the only option for me is to disable File System Shield completely. That kinda defeats the purpose of having the antivirus, doesn't it?

Issue #3 - Myriad of "Win32:Malware-gen" and "Win32:Evo-gen [susp]" detections.
In effort to reduce number of false positives, I've set the heuristics and HIPS sensitivity to "Low". But even then Avast keeps producing plenty of detections on clean files like Goliath obfuscator, ScyllaHide and other reversing tools.

Issue #4 - Leaving statistics tab open for a long time will cause the CPU usage to go high. No idea what causes it, probably the braindead decision to use embedded Chromium and Flash to show the pretty graphs and stuff.

Taking all that into account: Avast - 1/2 : Bitdefender - 1/2

Summary

Avast is a great product - for your grandma's or neighbour's PC. But if you ever work with malware, cracked files or anything remotely suspicious, Avast's super-sensitive File System Shield will drive you mad.

I'll give it one more shot and try to tweak configuration files manually. But if I can't make it play nice, I'll be looking for a different solution for my PC.

11 thoughts on “One month with Avast

  1. Yeay, that's similar to my experience. Especially finding the viruscontainer always takes at least 3 minutes. after the last update, avast decided to go for the unexperienced pc users and doesnt seem to care about anyone more skilled than the average Office user. however it is still the best one, i have tried so far.

    • Right-click Avast's tray icon ->Virus Chest? :) Maybe not the most obvious place for it but I won't complain.

  2. As someone who works with many malware samples and analyst tools on a daily basis at work Im surprised you dont have your AV set to not bother you. In my AV I have a folder exclusion for folder where I analyze/work with samples (folder has execution rights removed etc) and I set my AV not to scan files without extension (since most sample names I work with are just MD5 hashes - and if not I automatically rename them). I highly recommend setup like that.

    • Hey, thank you for nice and constructive comment. :) "AV set to not bother you" is exactly what I'm trying to achieve.

      1) One folder for malware samples works well for work PC. But on a personal PC, it doesn't. I have folders Projects\Unpacker X\Samples, Projects\Unpacker Y\Samples, Projects\Software Z\Install - this way I can copy-paste entire folder to another machine and have all my sources together with my research and sample files.

      Manually setting each folder containing malicious samples as an exclusion would be... painful.

      2) I prefer my samples to have certain extension (.ex) to be able to associate them with certain tools (CFF/HIEW/etc.). I had to resort to adding *.ex as a global exclusion.

      3) If only Avast respected "do not scan files on read/write" setting, I'd be happy as a clam. But it doesn't. So, any time I'm intentionally downloading (not executing!) malicious files, Avast keeps nagging me. I haven't found a solution for that yet.

      Anyways, I found some interesting Avast config tweaks by RejZoR: https://rejzor.wordpress.com/avast-protection-tweaks/ - hopefully those will give me more ideas on how to improve my experience.

  3. I have been using Avast for years, and was a little hesitant to read your review based on your high standards. But after reading it, I can completely agree with your assessment. Especially when I am purposefully copying or executing I knowingly full well want to execute for learning purposes or what not. I end up disabling the anti-virus for ten minutes, restoring the file from the virus chest and then executing it anyways. I also find it annoying that the initial install added a chrome/firefox plugin without prompting me.

    Some of the protection settings are nice, and the auto-updates/gaming mode have been alright for me. But I have been keeping my ears open for an alternative due to the frustrations you mentioned. I haven't delved too much into the UI since they changed to this new format, but I guess the good news is that it "works".

    • Me and high standards? :) Come on, I'm just trying to be honest and straighforward, even if that annoys someone.

      Unfortunately, due to requirements of certain fucked-in-the-head AV testing organizations, users are now denied of option "I know what I'm doing, let me open the file". Don't ask...

      Chrome extension was never forced on me. Maybe because I installed Internet Security trial first. Or maybe due to my out-of-date Chrome..

  4. I have tested many AVs (including Bitdefender and Avast) but the best I've found is kaspersky because of the possibility to Exit (irony xD)

  5. I tried AVAST for what was suppose to be for 60 days. Right after installation it would not let me do any of the commands or choices I was trying to perform. It created its own password instead of the one I put in. I can not hardly use that computer. EVERY MOVE I make it tells me I am not authorized. wrong password, I can not even uninstall the damn thing. It wants to clean out all my folders. I have been emailing them regarding this issue since August of this year. I basically just needed an option to recover my password since apparently the program has a different password then what I had given it. No option and no help from them at all. I cant put another virus protector and security because it says they are all viruses and will not them down load. I cant get rid of it. Any advice would be greatly appreciated. Thanks

Leave a Reply

Your email address will not be published.