One month with Avast

kao

I've written about my troubles with Bitdefender AV solution before.. XXXX So, when my Bitdefender license expired, I was happy to switch to a different solution. I picked AVAST. In this post I'll try to summarize my my impressions after using it for one month.

Setup

Bitdefender 2016 insisted on me creating user account for their cloud management crapshoot before I was actually able to get installer and install the software.

On the contrary, Avast's setup was a snap. One, two, pick components, done.
01-setup
One minor issue I noticed - I'm quite sure Avast setup did not respect my choices and installed more components than I selected in the setup dialog. Or maybe I mis-clicked one checkbox. I'll give them a benefit of doubt.

Avast - 1 : Bitdefender - 0.

User Interface

After all-dark-and-depressing Bitdefender UI, Avast feels much more brighter, colourful and cheerful. It feels much snappier and faster as well. Everything seems to be intuitive and easy to find.

Avast - 1 : Bitdefender - 0.

Configuration

Avast has all its settings in one place. Bitdefender requires you to open each component separately to access its settings. Avast would be a clear winner here, but..

But good luck trying to find which apps are allowed or blocked by Avast firewall!

Firewall configuration is under "Settings", just like you would expect. From there you can configure "System rules" and "Packet rules". However, you won't find allowed/blocked applications there. Instead, you need to go to Tools->Firewall and locate teeny tiny "Application rules" hidden between "Firewall logs" and "Settings". WTF?
02-firewall-apps

Taking that into account: Avast - 1/2 : Bitdefender - 1/2

Updates

Both antiviruses handle normal updates very well. No ads, no popups, no annoyances of any kind. Avast seems to have sort of ad hoc streaming updates 24/7 - or at least, that's what the Statistics tabs shows:
03-stats

However... Today my Avast received a different kind of update that required restart. From what I can tell, this update replaced most of EXE/DLL files in the %PROGRAMFILES%\AVAST Software\Avast\ folder. After restart, my PC got stuck in semi-working state, services.exe and svchost.exe eating most of the CPU resources and Avast showing "try our new-and-cool-whatever-thing-I-don't-give-a-crap-about" advertisement. In addition to that, Avast claimed that it's firewall module cannot be started.

Few "repair installation" and Windows restarts later the problem disappeared. As a side effect - all my carefully set privacy settings were reset to defaults, "show offers for other Avast products" was enabled again and all File System Shield exceptions are gone.

Even though I really enjoy invisible 24/7 updates of Avast, I have to reduce Avast's score due to this major f*ckup.

Avast - 0 : Bitdefender - 1

Bugs and issues

As I described earlier, Bitdefender was far from being perfect. On the contrary, my first impressions of Avast were extremely positive. Great setup, aesthetically pleasing UI, plenty of user-configurable settings. Everything I could ask for!

However, first few weeks of using Avast has been nothing but a source of frustration.

Issue #1 - I've configured File System Shield to scan files only on execute. All scans on write or access are disabled for executable files using Avast's UI.
04-avast-no-write-scan
05-avast-no-access-scan
However, any time I copy-paste suspicious executable files from one PC to another using Remote Desktop Client, Avast File System shield pops up and blocks the copy operation. WTF?!

06-detect-on-copy-paste

Issue #2 - There is no "Beggar off, I know what I'm doing" option in the detection dialog, even for heuristic detections. The previous issue wouldn't be a big one, if I had a possibility to dismiss detections dialog and continue copying files. But I can't.
07-no-ignore
So, the only option for me is to disable File System Shield completely. That kinda defeats the purpose of having the antivirus, doesn't it?

Issue #3 - Myriad of "Win32:Malware-gen" and "Win32:Evo-gen [susp]" detections.
In effort to reduce number of false positives, I've set the heuristics and HIPS sensitivity to "Low". But even then Avast keeps producing plenty of detections on clean files like Goliath obfuscator, ScyllaHide and other reversing tools.

Issue #4 - Leaving statistics tab open for a long time will cause the CPU usage to go high. No idea what causes it, probably the braindead decision to use embedded Chromium and Flash to show the pretty graphs and stuff.

Taking all that into account: Avast - 1/2 : Bitdefender - 1/2

Summary

Avast is a great product - for your grandma's or neighbour's PC. But if you ever work with malware, cracked files or anything remotely suspicious, Avast's super-sensitive File System Shield will drive you mad.

I'll give it one more shot and try to tweak configuration files manually. But if I can't make it play nice, I'll be looking for a different solution for my PC.

Why do antiviruses suck, part 2

kao

In part 1, I tried to explain reasons behind some of the decisions anti-malware companies make when designing their products. In this part I'll touch some other side-effects of those decisions and what they mean for power-users.

This site has been blocked

In general, I need a very basic antivirus protection - when I make a mistake during my reversing session or web browsing, it should stop malware from:

  • becoming persistent on my computer;
  • sending any data to its C&C server

I'm not retarded and can read and think for myself - therefore I don't want "anti-phishing protection", "parental control", "safe banking", "vulnerability scan" or any other features aimed for persons who shouldn't be using Internet in the first place.

So, I always configure my antivirus to have just very basic on-access scan and firewall enabled, and all other components switched off. You can imagine my surprise when in last 2 days I have been greeted with these messages on 2 separate sites:
page blocked
WTF guys, I have switched off every component I could - why are you still active?! And why are you bugging me with this nonsense?

Make it more user-friendly

I'm very sure that the answer is very simple: somebody in the UI/UX department decided that Bitdefender UI needs to be simplified. So, they took the UI that actually made sense, and fucked it up.

Here's how settings looked like in year 2013 (image (c) Softpedia):
bitdefender 2013 settings

And here's how it looks in the Bitdefender 2016:
bitdefender 2016 settings
Antispam and Firewall have been moved to their corresponding module, but "Antimalware Filter" has disappeared altogether. After all, who would ever want to disable it, right?

To make matters worse, here's how the alert looked in Bitdefender 2015 (image (c) PCRisk):
bitdefender2015-website-blocked
See, there was "Settings" button right at the top of alert page and you could disable "Antimalware filter" from there. Well, they "simplified" that option away as well. Geniuses!

But I really want to disable it!

Luckily, you still can. 🙂 All Bitdefender settings are stored in C:\Program Files\Bitdefender\Bitdefender 2016\settings\. However, to be able to modify files, you will need to start your computer in safe mode.

The file you're looking for is cloud.http.xml. Find your user name in it, and you'll see a section like this:

<user name="Administrator">
	<active>true</active>
	<timeout>400</timeout>
	<status value="default">false</status>
	<status value="malware">true</status>
	<status value="phishing">true</status>
	<status value="fraud">true</status>
	<status value="untrusted">true</status>
	<status value="bank">true</status>
	<bank>
		<add>
			<domain value="" option="ask"></domain>
		</add>
	</bank>
</user>

Apparently, there are more few settings which are hidden in the UI. I can only guess the exact meaning of them but - to be honest - I don't care. I just want this bugger to be gone from my machine. So, I changed "active" to "false" and for the good measure disabled each and every component as well. After a reboot, it all works the way I want, and I can access all the sites I want.

Great success! 🙂