When I launched Ad-Aware 2007 7.0.2.6 (Free) today and chose to update the definitions file, a dialog appeared stating that a software update for the "update download manager" (?) was available, and offered the option to download and install it. I chose that option.

FYI: I run the Sunbelt (Kerio) Personal Firewall, which is a "double-sided" firewall that monitors both outgoing and incoming traffic (unlike the MS Windows XP firewall, which monitors only incoming traffic). Among other things, each and every time that a program sends a message out to the internet, the firewall will display a notification dialog asking me whether to allow the message to be sent, unless and until I tell the firewall to create a rule that allows the program to send and receive messages without the firewall telling me about it (with an option to record the traffic in the log). When it displays the dialog, the firewall displays the name of the executable file that is sending the message, and the URL of the "remote point" (destination).

So, when I chose to update the AA2007 software, the firewall displayed in succession two notification dialogs (followed by others with which I was not always comfortable). On the first, the filename field was entirely blank, and the URL given only as numbers was certainly unrecognizable to me. On the second, the filename field contained only an image at the start of the field which was like the AA2007 desktop icon, with the same destination URL as the first message.

I've been running the firewall for almost three years, and this is the first time among hundreds of times that I've ever seen the filename in the dialog either blank or containing only an icon-like image. I have read that viruses, worms and spyware will often be very difficult to detect because they have "blank" filenames or filenames that contain undocumented characters which the file system and OS will accept, but which programs like Windows Explorer or the Windows XP "My Computer" program will not display. (Back in the DOS days, I used such a character, which would not be displayed by command.com, to end the names of directories and files to prevent them from being deleted. ....)

So the question arises: do these events reflect actual AA2007 behavior, or has my computer system -- and the AA2007 installation -- been compromised??

Hi Stardance,

I can't comment on the behaviour of your Kerio Firewall as I am not familiar with it (I use the free ZoneAlarm version, which is also "double-sided").

What I can confirm is that when a Software Update includes a revision of the Update Manager (LSUpdateManager.exe), it downloads first, before giving you access to any other updated components.

For info on whatever a legit Software Update contains, please see the Software Updates topic run by LS Tobias.

The last (minor) Update did include an updated "update manager" - this had to be downloaded before the rest of the updates came through.

I consider that you should feel secure in allowing it, even though your firewall showed an unfamiliar message - your call, all the same.

Regards,

Spike

NB: As always, ensure that any other security software is up-to-date before downloading...