I've now had the change to spend additional time with the latest version of AVG Free 8.
Overall I am pretty impressed.
The other day I made an initial foray into AVG Free 8 and walked away pleased, but with a bit of sour taste in my mouth: AVG Free Version 8.0 Released...First Thoughts and Complaints.
My biggest complaints initially, inclusion of the "AVG Security Toolbar" in all my system's web browsers, location of the "AVG Safe Search" feature embedded into the browsers, and a permanent "error-state" icon for AVG down in the system notification area if this feature was disabled. Otherwise, I was very impressed, both with the overall performance and GUI design, as well as the installation process.
In my previous post, I pleaded with someone to provide the following guidance:
I am also bummed that I had no global way in AVG to disable the AVG Security Toolbar (and AVG Safe Search) from all my system browsers. I was forced to manually set the toolbar to not be viewed in each web browser installed on my system...even when it was otherwise "disabled". Major points off for this. If anyone finds a global setting IN AVG Free to disable/hide them all at once, please leave a tip in the comments. Otherwise, you are left to do the "light" method like I first proposed, or the "heavy" method as AVG outlines in the FAQ.
Fortunately, a brilliant anonymous commenter dropped an almost perfect solution for ridding your AVG Free 8 installation of these (to me) unwanted security features; and as a bonus, the method results in a non-error state AVG system tray icon!
The solution? It was buried in the AVG Free FAQ's #1338
You must run the AVG Free 8 installer from the command-line using a set of specialized switches/arguments/parameters.
If you wish to install AVG 8.0 Free Edition without the LinkScanner component, or uninstall this component from your program, please proceed as follows:
- Download the AVG 8.0 Free Edition installation package from our website.
- Run the installation with the parameters /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch. One way to achieve this is to:
- save the AVG Free installation file directly to disk C:\
- open menu Start -> Run
c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
- The installation will be started, and AVG will be installed without the LinkScanner component.
If you have already installed AVG Free 8 like I did, here is what I did:
I opened a command-line session and browsed to the location where I had downloaded the installation file.
Then I ran the following command on my Vista system (all on one line):
c:\Users\Claus\downloads\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch
If running on XP, your default download location might be different than above.
It might be best to follow the FAQ suggestion and just copy the download file to the root of your C: drive (or the root of another partition if you are so equipped) and run the command from there.
Note, there is a space between the ...exe and the /REMOVE_FEATURE... parts, as well as a space between the ...SafeSurf and the second /REMOVE_FEATURE... part.
Once the command is run, a new installation wizard will be seen and you can see that the "Remove/modify" components option is checked by default. Just keep hitting "next" and the AVG program will reinstall. No reboot is required and when you go back in to the AVG Console view, the AVG Link Scanner component is now removed.
Additionally, I found that all your settings and logs were preserved and exploration of the browsers shows that neither the Link Scan or Safe Search components are in IE 7 or Firefox Add-on lists any longer.
And the AVG System Tray icon is back to it's normal state.
Unfortunately, unless someone does some good search-engine work before installation, or reads the correct AVG Free FAQ page prior to installation, there is no other documentation or options pre-installation to tell users of this "advanced" technique.
And I suspect many user's of AVG Free 8 might not be comfortable to correctly locate and perform the simple command-line kung-fu to clobber these features out of the AVG Free 8 product. No matter for most, I suppose. They might actually need these features and find them valuable.
Other Post AVG Free 8 Installation Observations
Installation on my XP systems went smoothly. I didn't know about the above tip when I did my XP installations either so I had to go back and re-do that.
On my XP system, it took about 5 hours and 30 minutes to perform a full-scan on my 500GB drive. I actually have about 100 GB of files spread across the four partitions I configured on it. I generally just configure my system to do a scan on the primary system drive and then I manually scan the other partitions every few weeks. That cuts down on the scan time.
While scanning the system did seem very responsive with the scan priority in AVG set to the default "medium" setting.
I kept all the scan settings on the defaults. It netted about 50 or so "tracking" cookies, about 23 "potentially unwanted applications" which turned out to be made up of my trusted and faithful system logging and key-finder utilities, and three copies of a WinPE Builder included application called Mark Editor. Virus Total and Jotti were mixed on if it was really a virus or not. I strongly suspect it will turn out to be a false-positive based on PXE packing methods, rather than a real threat. I must confess that the scan was very thorough, and was able to get into the other user profiles when looking for browser tracking cookies.
I was able to restore the PUP's quickly and set them to be ignored at next scan (more on this in a moment). I was able to delete the tracking cookies directly, and the others were left in the "Virus Vault" as AVG refers to the quarantine zone. I'll go back to sort and research these later.
I've noticed that when I downloaded emails in Thunderbird with attachments, they are still scanned automatically. I've also noticed that files downloaded off the web in Firefox or IE are also scanned automatically. These are welcome carryovers from AVG Free 7.5.
Advanced AVG Settings
All of the components can be reached from the menu bar under "Components" for quick action, though these don't differ any from just clicking on the corresponding element Overview icon.
To run a quick scan I found it easier to use the "Tools" menu bar and just select "Scan Computer" or "Scan selected folder..." or "Scan file..." to kick of a particular scan type. Hunting these down in the GUI view was a bit tedious.
Management of AVG Free 8 options proper seems to me best accomplished from the "Advanced AVG Settings" window. This can be reached from the menu-bar by going to "Tools" then "Advanced Settings...". The main icons are useful for quickly checking status, but I find using them to configure AVG itself were not nearly as useful as I would have preferred.
There is a lot of stuff you can do in here, so program tweakers will be quite pleased with the options, for the most part.
Appearance: Here you can set the language as well as a number of system-tray notification options.
Maintenance > Virus Vault: Here you may set the Virus Vault (quarantine) size and enable "automatic file deletion" after a number of days or files in the vault are reached. I disabled that option in case I need to go back and recover something mis-identified or research is needed on.
PUP Exceptions: Here you can edit which PUPs (Potentially Unwanted Programs) that you wish to exclude from identification and alert by AVG. The Good? This lets me keep a number of my sysadmin utilities safe (key finders, loggers, etc.) from alerts and removal. The Bad? they are maintained on an individual file-level basis. You cannot set an exclude rule for a folder. The Compromise? You may enable an option to exclude the file from any location, not just a specific patch. The Save? Monitoring is based on a checksum value for the file, so any malicious files that attempt to mask an allowed file name are likely not to sneak by and be excluded! Nice!
LinkScanner: Curiously, even though I had "uninstalled" this component as outlined, this section remains and is still "Enabled" by default. Were a user to keep that component, you may manage the AVG Search-Shield, Active Surf-Shield, and reporting of exploited websites to AVG for study. I have all these disabled.
Scans: Three sub-groups here. Settings for whole computer scans, shell extension scans, and scans for specific files or folders. I've left all the default settings for whole computer scans in place which involves automatic healing/removal of infections, searches for PUPs and spyware threats, cookies, archives, use of Heuristics, system environments (processes, registry keys, memory, etc.), and infectable files. Rootkit scanning is not enabled in the Free version of AVG 8. You may set the scan process priority using a slider bar. The Shell extension scan mimics the same options as does the specific file/folder scan. However under each one you can customize the tick-box options.
Schedules: Three more sub-groups. Scheduled Scan, Virus database updates, and program updates. I've set my scans to run daily at a specific time, but you may also base your scans to run on an hourly frequency or at a certain action (like startup). You can run scans if previous tasks were missed (due to the system being off) or in low power mode. Not immediately obvious is the fact that this window view is tabbed and you can also access the "How to scan" previously covered as well as "what to scan" where you can select the entire system, or specific drives, folders or special locations. I am really pleased with this element design but wish the tabs would have been more visible as some users might miss their presence. The update schedule window mimics the one for scans, but without the tabs as does the program update. I tweaked these a bit to ensure that program and DAT file updates occur every four hours as Grisoft frequently issues micro-updates throughout most days.
Email Scanner: Here you can set up how AVG interacts with your email application. I use Thunderbird and AVG Free 8 integrated perfectly with it. I have the settings configured here to check both incoming and outgoing emails, but to not "certify" the mail. (That means it adds extra text to your emails indicating the message/contents have been pre-scanned.) Some recipients might like seeing that, but I don't trust such messages and would res-can anyway. You can go with the default message for viruses found in emails, or change to a custom one. You can set the scanning properties here to use heuristics, for PUPs and spyware, and look inside emailed archive files. (I've enabled all these.) Finally you can optionally have AVG Free 8 report to you if passworded attachments are found, files with macros are found, files with hidden extensions are found (I've enabled this) and move any reported attachments to the Virus Vault. Under the Certification window, you can modify the message attached to your emails if this option is enabled. Finally, under Mail Filtering, you can set AVG to strip out email attachments, or do so for just executable files and/or documents. Finally you can filter out files with specific extensions.
Resident Shield: This feature provides "real-time" protection against malware and virus/trojan threats. Event though I primarily use ThreatFire from PCTools for my HIPS protection, I have left this enabled so it will also scan and monitor for PUPS/spyware threats, scans boot-sectors of removable media, and uses Heuristic properties for scanning. I have disabled cookie scanning, auto-healing, and scanning of files at close. The Advanced Settings sub-window allows you to either scan all files or those for specific files and document extensions. I've kept the defaults which are very extensive. Lastly, you can set Exclude Rules for monitoring. You can set multiple excludes based on paths, files, or a list of items. Handy!
Update: Under the main window here, you can control AVG's behavior for setting of update application on computer restart, update immediately (with some options for confirmation), and require AVG to confirm with you if a particular application must be closed before update can be applied. Wow, it has manners! Finally you can set proxy locations for updates, dial-up settings, and finally add or change URL(s) used for retrieving the updates.
Lots under the hood that isn't obvious at first glance.
Welcome to the Virus Vault!
Once a scan has been completed, you are presented with a tabbed list of groups of items; Results overview, Infections, Spyware, and Warnings (mostly tracking cookies). These items may be clicked on for a bit of detail, however it isn't much of of minimal use for security minded folks seeing details on the items found.
If a scan is running and you wish to view the progress, you can select the AV scanning component, then on the side-bar click on the scan-task under the "Computer scanner" bar on the left-side of the window view. Curiously, I decided to run a manual full-scan when I started this blog and when the scheduled auto-scan time kicked off, it also began, thus I had two concurrent AVG Free 8 scans going at the same time! Seems to me the program should give an alert and allow the user to proceed, cascade the scans to run after each other, or cancel one of them. I just manually canceled the auto-scan myself.
Once the scan was completed I saw the results were displayed under the "scheduled scan" line item, and not the manual scan list item, even though I canceled the auto-scan and kept the manual scan running. Not a big deal but confusing.
Now it gets interesting. Either while the scan is running, or after it has completed, you can click on the menu-bar and select "History" to view the scan results and details.
Furthermore, you can also use that location to go to the Virus Vault to inspect any items found and moved here for quarantine.
The Virus Vault allows you to view the Event History of scan results for the system as well as items in the Virus Vault proper.
Here is where the product shines for AVG Free 8 users who are security proactive.
Items in here can be managed in a number of ways; you may restore the item (and add it to your excludes if desired (for PUPs, items identified by AVG as a virus/trojan may be restored but cannot be excluded automatically). If you do restore a file so identified, it will be put back, but if Resident Shield is enabled, you still cannot access it for transmission to a third-party security source (Jotti or Virus Total). I understand this, but it is frustrating to have to disable components of AVG to accomplish this easily. You can also delete the file entirely, rescan the file (to sf new DAT updates pass the file now), and--this is the best part--directly transmit the file to AVG for analysis from within the program. This is useful for reporting potential false-positives. I'm thrilled to see this feature added.
If desired, you can also provide an email address to get results of your submission. However, that is not required to complete the transmission.
Finally you can empty the vault entirely.
To delete the cookies, you must go back to the scan results, click the "warnings" tab, and select the cookies to remove (individually or multiple items).
Regarding Alerts and Restorations
I did notice two interesting behaviors of AVG Free 8 here.
First, if you decide to manage the items added to the Virus Vault in the middle of an ongoing scan, you can do so. However the changes are not reflected in the scan-results listing. Example, a PUP is found, you decide to restore it from the Vault. When the scan is completed, it is still listed there in your logs.
Secondly, when you decide to restore an item, you don't have any options to "exclude" it immediately from future scans. What happens is that the item is restored, then the Resident Shield will (eventually) re-alert the finding of the restored file, and now you are able to either move it back to the Vault, add it to the exceptions list, or ignore it. Finally, you do have the option to remove any threats caught by Resident Shield as a "Power User."
Note, when I selected multiple PUPs to restore at once, I was not given the option button to add the item to the excludes list. So keep that in mind that if you want to add PUPs to the exclude list during restoration, don't select multiple items but restore them one at a time.
This alert window forces itself to remain visible above all other windows on the desktop so it cannot be ignored or minimized. You see it and must deal with it. Not a bad decision by Grisoft.
There is a section at the bottom of the alert where you can select "more details." This provides the Process Name responsible for triggering the file alert as well as the Process ID. Curiously, many of these "restoration alerts" were triggered when ThreatFire was caught scanning the file as it was being restored by AVG!
There is a link to find more info about the threat identified, but it is a bit clunky. The link takes you to an AVG Virus Encyclopedia link, but instead of providing you direct details of the threat found, you are required to manually look up the threat by name yourself. Not so useful. Details of the threat once found are fairly useful. This may be bound to cause some user confusion. For example, it identified the NirSoft application ProuKey (used to look up Microsoft product keys on a system) as a PUP. When I enter AVG virus encyclopedia, no results were found. However when I tried using the AVG Threat Name as displayed in the alert box (HackTool.DHQ), it also was not located.
Final Odd Performance Thoughts
Lastly, I've been composing this post in Windows Live Writer back on our Gateway laptop while running a manual AVG full system scan. The system processor is pretty strong and set to run at full-on power with no laptop power-saving configurations. It has the full 2GB RAM allowed. It is running Vista SP1. I'm not running any other applications except WLR, Firefox 3.0 (Minefield) and AVG Free 8. I've noticed that the system continues to seem to "pause" from time to time. Opening Microsoft Sysinternal's Process Explorer found that the AVG scanning process (avgscanx.exe) frequently jumps to over 50% of the CPU process capacity. These are when the system "pauses."
Strangely, I didn't notice that behavior at all last night on my Shuttle desktop system that has XP Home SP2 with only 1 GB of RAM and multiple more applications open at the same time of a full system scan. I don't know if this is because AVG Free 8 behaves differently under Vista or there is just something about my particular Vista system that leads to that behavior. Memory usage of that process while scanning is around 80,000 K. I do wonder if AVG Free 8 is fully "Vista optimized".
Once the scan completed, things returned back to normal.
Claus Remains Impressed
Overall, I am growing more amazed at the fullness of features and options offered by Grisoft in AVG Free version 8. I really liked and was quite satisfied with AVG 7.5 but version 8 really knocks my socks off.
Sure there are a few items here and there that are frustrating, starting with the AVG Security Toolbar and the SafeSurf and SafeSeach features needing a special command-line install technique, and lack of ability to directly add items to the exclude list from the Virus Vault, high CPU utilization under my Vista system (at least) but not under XP, inability to add multiple PUP restorations at once to the exclude lists for scanning, and finally the lack direct alert matches to the AVG Virus Encyclopedia.
Those quibbles aside, Grisoft has delivered an outstanding consumer security product in AVG Free 8.
Very nicely done, Grisoft!