Review - Earth's Custom Avast! Free approach

[Plexx]

Review is by no means targeted at the general users. Such custom settings were tweaked for the advanced user who knows what he/she is doing. Please bear this in mind.

For the purpose of this review (since it is a comparison with another custom approach), MBAM and EEK were updated on the same day, then Avast was updated to latest version and signatures. Once updates were done, Cloud and automatic updates were disabled for a fair comparison.

Custom settings: Refer to attachment screenshot and scan settings below:

Quick scan

Scan | Greyed out
Sensitivity | Low heuristics, Scan for PUP, Follow links during scan
Packers | DOS, Win32, Droppers
Performance | Normal scan priority, Check "speed up scanning using persistent cache"
No Report files or Exclusions

Full system scan

Scan | Unable to modify
Sensitivity | High heuristics, Use code emulation, Scan for PUP, Follow links during scan
Packers | All packers
Performance | High scan priority, Check "store data about scanned files in the persistent cache"
No Report files or Exclusions

Select folder to scan - (since this is what I use for malware packs that are posted here).

Scan | Scan all files
Sensitivity | High heuristics, Use Code Emulation, Scan for PUP, Follow links during scan
Packers | All packers
Performance | High scan priority, Uncheck the below options in Persistent cache
No Report files or Exclusions

Links (refer to attachment): Out of 19 links, 9 bypassed Web shield: plugnrex and jackpotcity. Note that jackpotcity is actually an online casino powered by Microgaming and is considered by most AV vendors as a PUP/PUA.

Malware packs:
collection of 66, 39 and 49 packs from MT. Unpacked and placed together: Total of 154 files
Detection:
123/154 - 79.87%

Note that the above scan used was Folder Scan.

From the leftovers, executed 20 of them in which 2 of them were Security Shield and Live Security Platinum fake AVs.
By the first infection, Avast was dead, despite its own protection being enabled. Unforunately, was unable to run anymore files, so had to rkill it to continue the infection process. Last infection happened to be Live Security Platinum which basically rended the pc useless along with the rest. Once again ran rkill and then did a full scan with Avast. Result was 9 files detected, but only 5 could be removed (including the PUP jackpotcity). Restarted in safemode and ran MBAM. Finally started windows as normal and did a final scan with EEK.

[attachment=1597][attachment=1598]

The file that bypassed the webshield from plugnrex was actually detected by Avast in full scan.

Machine is now completely clean, apart from the need to manually uninstall all leftovers from Jackpotcity since Avast only deleted the main EXE.

Final verdict:

Indeed a nice and simple approach to maximize Avast's potential prior to version 6. Unfortunately the cleaning capabilities are somewhat to be desired and there should be an improvement. Furthermore, the self protection was a total failure against 2 fake antivirus.

If a normal user happens to be infected by chance and such infection is suppose to terminate the active protection, Avast self defense module will not protect the user.

Based on all the above, my rating is 3 stars.

It is to note that the upcoming review of the other custom settings will also be graded as 3 unless it surpasses the results of this review.

Note that this is only my opinion. Other users might have other opinions and I will respect that.

 

[malwarekiller]

Unless PUP is turned on in web shield and file system shield it wont scan and block PUP's and did u turn on the scan for PUP and put all packers in on demand testing against 154 malwares as that will allow avast to find more malware...and more ever your custom approch of just NOT installing the other shields will cause avast to be weaker...this is NOT good testing...

Con number 1 of this testing: no behaviour shield and file guard...this will iteself cause avast to not trigger auosandbox function...as the autosandbox is dependent on file shield

Con number 2: due to the lack of shields...the prevention ability goes down...and u didnt install file shield and how u expect it to do removal with out that installed

On the whole,I like to see how the whole product fairs rather these type of custom testing with 2 shields is total garbage and it isnt showing any significance and i can also make these type of reviews but actually this isnt showing anything to the users...Its like cutting the leg of the hoarse...and most of the fakeAV's will block antiviruses...your cleaning testing isnt drawing any conclusions...on the whole this testing is poor and u expect it do cleaning with just 2 shields and some self protection components depend on other shields of avast!...

Final decision: You are beating a dead hoarse.:s

Why not try other AV's with these rogues and i guess there will be only a few which will get through and most will fail....If u think avast gets blocked off rogues then go and try others av''s against these same rogues...

This custom approach doesnt show anything significant and your approach will significantly decrease the power and prevention and detection abilities of a product..

and what self protection?? self protection against a fakeAV blocking??
Oh! please the self protection in avast and other AV's is against its own file deletion and file patching.so u have misunderstood the term "self protection"....go ahead and do a review of the full avast free and i bet there will be a far far better result...and whats the use of just using 2 shields and the no file shield...with no file shield u almost crippled avast 0-day protection as with no file shield and behaviour shield there will be no autosandbox and filerep as they are all connected to each other!!!


Avast! doesnt block casino and game type thingy..[statement directly from avast! HQ]

 

[Ink]

Thank you for the review, I will read more (and the comments) when I get back later today. :biggrin:

PS: malwarekiller, this was never meant for the wider audience, more of a personal test to use Avast as a web shield (bad site blocker). Thanks.

 

[malwarekiller]

Thank you for the review, I will read more (and the comments) when I get back later today. :biggrin:

PS: malwarekiller, this was never meant for the wider audience, more of a personal test to use Avast as a web shield (bad site blocker). Thanks.

Even if its a custom approach,this doesnt signify anything...most of the users will install everything...these custom reviews are a waste of sodding time...sorry! but this is the truth...I am against these types of unfair testing. :dodgy:

AnD if its a custom approach,u shouldnt rate it...as u almost crippled avast! by not installing other shields especially the file and behaviour one as these are the main ones responsible for autosandbox function and without it autosandbox wont run at all and u should keep these results private rather than giving the new users of this a forum and normal users a bad impression of this product and having avast lose some users

 

[Plexx]

Hi malwarekiller.

Thank you for your feedback. Please note however that PUP has been turned on by default when Earth approached this configuration.

If you look at the actual screenshots, Earth wanted autosandobx function disabled so behaviour shield and file shield was irrelevant for him.

Furthermore, unless I don't know how to read, the description of Self-Protection is: Prevents malware from terminating avast! processes and damaging avast! files.

Finally, I have rated 3 based on the actual results. Like I said, this is only my opinion.

My Avast approach is slightly different from Earth's but also takes a similar approach in mind: Simplicity and no use of sandbox. If I wanted sandbox I would use Sandboxie or even Comodo's sandbox.

Again, this configuration is for an advanced user that knows what he/she is doing. Please read before posting and also see screenshots accordingly.

Not everyone likes to install everything stock and that is it, so I believe showing/reviewing certain approaches will answer some user's questions since I highly doubt only Earth and me and in mind approaches that don't use all the technology of an AV product that has to offer.

We however respect your opinion.

Thanks,
Biozfear

 

[Deleted member 178]

PS: malwarekiller, this was never meant for the wider audience, more of a personal test to use Avast as a web shield (bad site blocker).

i took it like that.

Even if its a custom approach,this doesnt signify anything...most of the users will install everything...these custom reviews are a waste of sodding time...sorry! but this is the truth...I am against these types of unfair testing. :dodgy:

Nothing is unfair there since it is a request for a personal setting. All in the title of the thread.

AnD if its a custom approach, u shouldnt rate it ...as u almost crippled avast! by not installing other shields especially the file and behaviour one as these are the main ones responsible for autosandbox function and without it autosandbox wont run at all and u should keep these results private rather than giving the new users of this a forum and normal users a bad impression of this product and having avast lose some users

Why not rate it? The installer allow to remove any components, so by doing this they allow the use of a lighten version of Avast.

Why private? it is interesting to many of us, in the past i already thought to only using just the web/network shields of Avast.

You are on the path of fanboyism...you shout loud when Avast has good results but deny any uses that may show it less "efficient" to other.

Sorry to say it straight like that, but it is how i feel about your late posts about Avast.

 

[malwarekiller]

Fanboy?? oh please...this is just my opinion..custom approach reviews dont show correct results for a product..i just wrote my eset custom approach review...but though even i guess these type of reviews are just not needed as most will install everything...

 

[Deleted member 178]

I think you don't understand their purpose, they do it for advanced users that knows how to avoid malwares with their knowledge ( or "common sense", i hate this word ^^), they need just need an Web Shield in case of...
They don't claims to common people "use it that way it is best" ; like my experiments , it is for me and (paranoid) people that knows how a AV/FW/BB/HIPS functions, not the basic "mr everybody" that doesn't have any clue of what security is.

For example some people like Comodo FW but not its HIPS so they disable it, i will not point them as useless users because "D+ is backbone of CFW, you are a failure of not using it" , if they just need a part of a product, so be it ! and if it works, it will shows that the product is highly customizable ! all to gain !

Thanks.

 

[loveboy_lion]

I Personally Think It was a fair review for advanced users Since i have one friend of mine who only uses The web shield of avast and does a manual scan once a week only with avast and has never been infected in almost a year now

But what i would also like to know is how the full site would do against the files that got the sysem infected it would be better if you tested with steps mentioned below

1) Install Avast Full suite with only PUPS on and rest default (dont update the virus signatures)
2) try to infect with the same files which were used in the above test
3) post screenshots if avast reacts to them with all its shields
4) once infected check if they are again able to kill avast ( Restart pc)
5) Update Avast Virus Database and Do a full scan
6) after full scan restart pc and check with malware bytes , hitman pro , emsisoft , CCE to check if infection still exists
7) If avast is no able to recover pc to clean state on its own without the help of above mentioned scanners than it has passed the test
8) If i cannot restore the pc to clean state than it failed the test

In this way we would know how it reacts wo unknown stuff with all its shields and since we will run a full scan after infection we would also know how good it is in cleaning

In this way no one can critisize the tests and would be a fair review

 

[Plexx]

Got a problem with doing a full avast test, unless if I repair to install it's shields will not trigger the updates nor will reset the current signatures (i got both images still available, so I can easily do that if it works). If it does I shall do that and then once infected, ill update and do it without MBAM/EEK just to see if it would recover to a clean state. nevertheless, this approach in the beginning was based on specific areas only.

Or if its better: just install fresh with everything default and simply have PUP on and see exactly how it reacts to the exact same samples etc.

Both Earth's and my custom settings scans are basically the same. Only difference was mainly I had file system shield on but sanbox was disabled.

 

[Deleted member 178]

I never liked Avast SB, before it was a pain to retrieve some files in it, must use an unofficial apps...

 

[NSG001]

Mister Biozfear, my thanks for taking the time again to do this review
Much appreciated!

 

[Plexx]

Mister Biozfear, my thanks for taking the time again to do this review
Much appreciated!

You should also thank Earth who had such thoughts and asked for the tests.

 

[NSG001]

Thanks also Mr Earth

 

[Plexx]

But yeah, Earth's approach got me interested as well lets now wait for his opinions.

 

[HeffeD]

Final decision: You are beating a dead hoarse.:s

Final decision: You are completely missing the point of this review...

I thought it was obvious from reading the review that this was targeted for a specific purpose, not for general consumption.

Why is a review of a very specific configuration any less applicable than a full-suite review? :huh:

I personally applaud the effort. I know many of us around here run tweaked configurations of various products for various reasons, and I find it interesting to see some detail about their performance.

I don't care why someone chooses to configure their software a certain way, but I generally always find it a learning experience to see how the software performs when configured in ways I wouldn't have even considered. :exclamation:

With all due respect, maybe if you took a bit of time to analyze how others are running things instead of just criticizing their efforts off-hand, you might learn something.

Please note: I am not calling you stupid or saying you need to learn anything. I'm simply saying that you may receive some insight from observing a tweaked setup that you wouldn't have received from running a product the way you always do.

Nice job, Biozfear.

 

[loveboy_lion]

Got a problem with doing a full avast test, unless if I repair to install it's shields will not trigger the updates nor will reset the current signatures (i got both images still available, so I can easily do that if it works). If it does I shall do that and then once infected, ill update and do it without MBAM/EEK just to see if it would recover to a clean state. nevertheless, this approach in the beginning was based on specific areas only.

Or if its better: just install fresh with everything default and simply have PUP on and see exactly how it reacts to the exact same samples etc.

Both Earth's and my custom settings scans are basically the same. Only difference was mainly I had file system shield on but sanbox was disabled.

it would be better if you installed fresh on a clean system for the test so that it would be a fair test and no one has any doubts about the test

 

[Plexx]

Got a problem with doing a full avast test, unless if I repair to install it's shields will not trigger the updates nor will reset the current signatures (i got both images still available, so I can easily do that if it works). If it does I shall do that and then once infected, ill update and do it without MBAM/EEK just to see if it would recover to a clean state. nevertheless, this approach in the beginning was based on specific areas only.

Or if its better: just install fresh with everything default and simply have PUP on and see exactly how it reacts to the exact same samples etc.

Both Earth's and my custom settings scans are basically the same. Only difference was mainly I had file system shield on but sanbox was disabled.

it would be better if you installed fresh on a clean system for the test so that it would be a fair test and no one has any doubts about the test

@lovelyboy: if I use the same malware pack on a fully updated full stock avast, it would defeat the purpose of the custom config. Plus by then there should be detections for the files that weren't detected yesterday.

in essence, all Earth and I wanted to know was how good would avast hold on its own without most of the shields.

One thing we suspected and it has been proven and every user who has seen avast full footprint would have noticed that the footprint of both mine and Earth's approach have less memory usage, although mine is slightly higher and different to Earth's due to the File System Shield.

Experimenting was made this review possible and thinking out of the box.
Earth has removed it from his main config before I could post the results due to slow down. I myself would not really take on this approach due to the reasons posted on both custom reviews.

That is not to say I will stick to ESET. By no means I simply look at detection rate. I do take other things into consideration: Cleaning capabilities, system impact, additional features that I as a user would find useful, prevention etc.

ESET is currently on my Host but that is temporary since I have moved to the online game AION and it does use some memory. And if I am to run 2 clients, I have to go via VM.

Anyways, I would like to take this opportunity to thank everyone who has posted and any constructive feedback is welcome. A special thanks to Earth to make this review possible, since when I first saw it I was rather sceptical and he can vouch that I have been study the approach for a few days.

Thanks,
Biozfear

PS: also a thank you to MrXidus for the custom wallpaper which was used already on a few reviews!

 

[Ink]

Much appreciated for basically testing to the death of Avast. Strange thing about the PUP that got through, though detected on your other avast review.

I was well aware that avast had no chance against "zero-day" since the Auto-Sandbox depended on Shields that I chose not to install in the first place. (*I as in this review).

Running avast with minimal protection and browsing with my current habits, I don't think I would be a victim of a malware infection. Though in the case I do, I would use Windows 8 refresh (I think it's called).

My other choice of running avast in this review would have been with either a Standard account (not likely) or Sandboxie (browsing only), but probably wouldn't since I prefer not to -if that made sense-, excellent review for the time and effort and I'd agree that's a fair rating (2.5-3.0 out of 5.0).

Edit: Yes, I uninstalled Avast from my system due to slow booting/waking/sleep times.

 

[malwarekiller]

Edit: Yes, I uninstalled Avast from my system due to slow booting/waking/sleep times.

I know the latest program update is causing some lag...there is another program update next week thats gonna try fix these issues and memory leaks...but yet i recommend to install full avast rather holding of a partial protection and decreasing the the product's power