?

Log in

An open letter to Avast! Antivirus. - Almost certainly not Johnny Depp.

> Recent Entries
> Archive
> Friends
> Profile

March 1st, 2013


Previous Entry Share Next Entry
04:40 pm - An open letter to Avast! Antivirus.
Dear Avast Antivirus:

Scanning things that come into my computer is cool. I'm okay with that.
This includes my email. Scanning my email, I'm okay with.
And I know you can't scan my email before delivering it to the mail client if I use SSL. I understand that. I'm also okay with that. That's why I told you to stop asking me about the IMAPS connections and just ignore them.

And after an update, suddenly, without asking, man-in-the-middle-ing my SSL connections, causing Thunderbird to start screaming about how all the mail servers have lying SSL certificates?

That's not cool. I'm not okay with that. You need to present that kind of thing as an OPTION. You can default it to "on". You can even put "(highly recommended)" next to it if you like - but that damn well needs to be something that I know about BEFORE Thunderbird reports that someone is impersonating my mail servers, because that shit is a sign of something Seriously Wrong With The Internet and I should NOT have to dig up the lying certificate to realise that you did it.

And now I've just turned the mail scanner off completely, because seriously, fuck that.

Not cool, Avast. Not cool.

Love: Me.

(8 comments | Leave a comment)

Comments:


[User Picture]
From:andrewducker
Date:March 1st, 2013 11:31 pm (UTC)
(Link)
I hate SSL MITM systems. Our work proxy does that, but they only set up IE to automatically have the right certificates, which means that I intermittently have to import them into Firefox so it doesn't complain about impersonation attacks.
[User Picture]
From:endotoxin
Date:March 1st, 2013 11:57 pm (UTC)
(Link)
I've got one MS system that I use for a media center, and I run MS Security Essentials. It's the least angry of the AV solutions.
[User Picture]
From:theweaselking
Date:March 2nd, 2013 12:02 am (UTC)
(Link)
Yeah, but I've been using Avast for years, and I like most of it's quirks. This was just a new and NOT-liked one.
[User Picture]
From:lafinjack
Date:March 2nd, 2013 08:24 pm (UTC)
(Link)
...and I like most of it's quirks.

Also, pirates!
[User Picture]
From:maelorin
Date:March 2nd, 2013 12:29 am (UTC)
(Link)
not cool.

i had to put up with this kind of chicanery at work for a while. our sysadmins (a) couldn't understand what i was complaining about, (b) see why i had a problem once they did, and (c) told me to stop doing what i was doing so it would go away ... a winning solution, for sure. just don't read emails. even those from tech support regarding this problem. sure, why not.
[User Picture]
From:pappy_legba
Date:March 4th, 2013 06:17 pm (UTC)
(Link)
What is the reason for leaving the mail scanner on in the first place? Does it do something else that isn't blocked, or do you have some nonsecure email transfers going as well? (It's your business, but for my money unsecured transfers are a risk than anything Avast could prevent).

I use avast as well, but the portions of it I leave activated are carefully picked-- two or three scanners out of the dozenfuck or whatever it offers. The email scanner isn't one of them, for the reason above. My experience is that the filesystem shield will catch anything the minute that the mail client tries to write to the disk.
[User Picture]
From:theweaselking
Date:March 4th, 2013 06:27 pm (UTC)
(Link)
What is the reason for leaving the mail scanner on in the first place?

Laziness. Basically. Turning it off sets alarms, figuring out how to turn off the alarms is annoying, and it doesn't do anything and so doesn't cost any more resources than the existing client does.

My experience is that the filesystem shield will catch anything the minute that the mail client tries to write to the disk.

True, but that's too late if the email compromised your mail client. This *was* a major concern, back like 15 years ago. Now, not so much - and in theory, you turn off SSL in your mail client, and Avast does all the SSL stuff, scans your mail, then hands it off to your mail client locally.

In practice, no. SSL.
[User Picture]
From:pappy_legba
Date:March 4th, 2013 07:05 pm (UTC)
(Link)
Ah. I think I sidestepped the alarms by customizing the install and never installing the mail scanner to begin with-- which might help if you ever have to re-install on a scale small enough to manipulate individual installations.

> Go to Top
LiveJournal.com