Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ace11 on January 20, 2010, 07:47:45 AM
-
http://www.youtube.com/watch?v=Sr8bIii1G7U
can any avast team member comment on that ?
-
http://www.youtube.com/watch?v=Sr8bIii1G7U
can any avast team member comment on that ?
As I understand to the technology of sandbox, it is similar to a box with a small box inside. Meaning it still possible to be infected but it will not spread to your whole system because all malware treats will be in that small box.
As I watched the video he turned off some components of the Real-Time Shield. As the result, he got malwares in his guest OS but nothing to worry because all malwares are in small box called the sandbox. Cheers... :)
-
irj ,
you don't really understand too much about computers & malware , do you :)
-
Hi everybody
I have exactly the same problem
I installed yesterday evening Avast 5.0 and after a short time => Blue Screen (My OS is Vista Home Premium)
I tried to uninstall Avast 5.0 and reinstall it and reboot my computer a lot of times
But the program doesn't want to start
Then I returned to AVAST 4.8
But if someone has a solution ....
Thnks in advance
JM
-
irj ,
you don't really understand to much about computers & malware , do you :)
With regards to computers and software, technically I don't really have any problem. I love software so much. But with regards to malware, yeh your right, what I know is the description about it, but its structure I really have no idea, I leave it to the experts. :) But as I know, it works as I said in my first post. Sandbox uses an isolated space to make your browsing or using unknown software safe.
Actually, it is better if any of the team Avast could explain the benefits of sandbox and how it works. ;D
-
@ irj, I think the point he's trying to make is that the sandbox isn't working because the Malware is actually able to infect the system where as it should be contained within it's "sandbox" and once you close the app or whatever, the sandbox, and what's in it, is automaticly deleted, never touching the Operating System.
-
we dont need explanations about how sandbox is working.
we do need some comments from the developers about how infected files and reg records have penetrated the sandbox and exist in system folders 8)
-
ace11, I don't know if you're the author of the video but in any case, thanks for posting a link to it.
It's indeed interesting.
We have been testing the sandbox with many malware samples and it usually did a good job at stopping them (i.e. isolated them). On the other hand, there are still weaker spots which we are, and will be, trying address to continuously (remember that the product has been released just yesterday).
But frankly, I don't believe the product will ever get to a state where it will be "perfect". I mean, I don't believe in silver bullets, and especially when it comes to security.
The sandbox is an extra layer of protection which makes great sense as it works differently than the other layers, and therefore has different strengths and weaknesses. It does a good job at stopping (or shall we say shielding) many samples that could be missed by the other layers. But no, it does not provide a 100% security (and whoever tells you their product provides a 100% security, don't believe him; all these systems work on a "best effort" basis, i.e. they're all penetrable).
Now, again, I'm not trying to discount the findings of the video, it's definitely worth looking into and that's exactly what we will do.
On a side note, don't you find it interesting how all those self-made tests on youtube etc. use Malwarebytes as a reference (e.g. to find out if the system got infected or not)? I mean, MBAM is certainly a nice product, but c'mon, we have literally hundreds of thousands of samples they don't detect.. which is not to say they're bad, just that it's somewhat strange to use their product as THE absolute reference in tests like this...
Thanks
Vlk
-
Only true method of inspecting system infection is by using a real-time tracker (monitor) or a system snapshot tool where you take snapshot before and after suspected infection and compare snapshots against each other and then manually inspecting each entry.
Though this is interesting. I know sandbox basics but i never really thought about how sandbox treats differences between host and client part where browser is executed inside sandbox client, but downloaded files can later be saved to host desktop past the sandbox barrier (or those files get lost when you close the program running inside client sandbox). I'm only familiar with full virtualization (VMWare, VirtualPC) where the client is fully isolated and runs in it's very own memory space and it's own virtual hardware subsystem.
I guess i'll have to check out IS package and learn sandbox with methods in the above paragraph (realtime tracking and snapshots) to see how it really affects the host.
-
But frankly, I don't believe the product will ever get to a state where it will be "perfect". I mean, I don't believe in silver bullets, and especially when it comes to security.
On target..absolutely~Thanks so much for the explanation VLK. ;)
-
On a side note, don't you find it interesting how all those self-made tests on youtube etc. use Malwarebytes as a reference (e.g. to find out if the system got infected or not)? I mean, MBAM is certainly a nice product, but c'mon, we have literally hundreds of thousands of samples they don't detect.. which is not to say they're bad, just that it's somewhat strange to use their product as THE absolute reference in tests like this...
Thanks
Vlk
MBAM is GOD
MBAM is GOOD
-
@ ace
As you are from Israel, think about asking Avast for a Hebrew translation in its future editions 8)
-
Hi, I'm the original creator of this video. Before I started the test I did a full scan with Malwarebytes just to make sure the system was clean. It came up with 0 infections.
Didn't realize my VM was still open so I rescanned with superantispyware.
(http://img37.imageshack.us/img37/6442/capturexgq.jpg)
I would like some clarification from the developers of avast on something.
When I disabled the "File system shield, Web Shield, and Behavior shield" should the Process Visualization still have continued to function?
-
Warwagon, I noticed on your video that there were a couple of files that were successfully blocked by the sandbox when you had everything enabled. Have you tried those same files with the behavior,real time protection, etc., disabled? I would think that would answer whether disabling those features would have a negative impact on the sandbox performance.
-
@ irj, I think the point he's trying to make is that the sandbox isn't working because the Malware is actually able to infect the system where as it should be contained within it's "sandbox" and once you close the app or whatever, the sandbox, and what's in it, is automaticly deleted, never touching the Operating System.
So That guy on the videos malware was detected because he still had sandbox running?
so if he ends it then the malware will be deleted?
-
worrying results anyway, for the time being... can't spend our time taking into accounts future improvements, which I do believe will or might happen btw, but in the meantime we've just seen how a computer got infected using Avast pro sandbox and there's not much to add. Product is not finish, period. Same goes probably for the firewall that hasn't been tested properly so far. I'm saying here again what I said when asked about the readiness of the product, in the end of the beta testing: "free" yes, definitely, but "pro" and "IS", no.
Now the problem is that people there get for free a product that is, imo, more than satisfactory, while others pay for the extra features that aren't satisfactory at all. I haven't tested the sandbox, saw just that it crashed with IE/32 (or more precisely that IE/32 would crash when sandboxed), but I've played a bit with the firewall, many bugs (posted tens of times now with hardly any feedback), didn't test it professionally but I've seen enough of it to be sure that it would allow a trojan to connect...failing like the sandbox allowing malware to spread all over the place. Good job guys, you can afford making a few mistakes on a free product, but hardly on a commercial one.
-
Some funny stuff on this forum and the vid is basically worthless, no offense.
This test basically shows that deliberately executing a malicious file with your AV and firewall disabled will cause MBAM to show those positive results. Hardly earth shattering. IE was sandboxed here, downloaded executables were not.
-
@justphil:
please learn more about sandbox features before writing such funny comments 8)
-
please read about a firewall before being such a d-bag
-
just read the comments on the youtube vid, they posted exact same thing I thought.
"i don't think that avast sandbox was supposed to protect you from downloads i think it only protects from browser exploits
if you wanted to run a program you needed to run it virtualized separately(6:01 no red border)"
"You setup the sandbox to run INternet Explorer, not the exe's you downloaded... You should right click on the virus or trojan you are testing and select run in sandbox if you want to run an external exe."
Again, because the sandbox isn't being used correctly, AV disabled, and appears firewall disabled, this test basically shows that deliberately executing a malicious file with your AV and firewall disabled will cause MBAM to show those positive results. Not earth shattering.
Peace bleotch
-
@justphil
If you dont know anything about sandboxing , plz dont learn about it from random (non educated) comments @ youtube :P
try to be more pro ?
nice day 8)
-
Sandboxing is nothing new, and it isn't something I'm learning. I don't think your grasping the concept that IE is sandboxed but downloaded .exe's are not sandboxed here, the malware must also kept within the sandbox. I can't make it any more clear to you. Also, his firewall was turned off but you don't seem to pay any attention to that or that this test was ran in a shoddy fashion at best.
Your telling others they don't know much about security is hilarious, go back to your amateur youtube security vids please.
-
Avast sandbox is good add-on that prevented us from bad trojan, malware or what so ever while we surfing, I've used sandboxies since last year that keep me safe from what ever attacked on my system.
http://www.sandboxie.com/
I'm now ran with Avast 5.0.396 sandbox on Firefox 3.6 without any problem.
Looking forward with better improvement on Avast sandbox, keep good works.
-
When I disabled the "File system shield, Web Shield, and Behavior shield" should the Process Visualization still have continued to function?
yes, of course yes, as as explained above, the sandbox is another layer of protection in case the others fail. And I can't see anyway how the sandbox should depend at all on other security shields in avast. You should be able to turn them all off, run the sandbox, and be safe for whatever happens inside the sandbox. One issue seems to be an option in the sandbox expert settings related to "safe locations" where it's not clear what safe locations are (could be the desktop, predefined download folder etc...I'm not sure at all). So when this option remains checked (the default), things can happen outside the sandbox, and that's a wanted behavior. Would be interesting if that was controlled, ie if we knew what locations are considered safe, and what we send there...
-
" ..Would be interesting if that was controlled, ie if we knew what locations are considered safe, and what we send there... "
exactly , this information is critical to the user and its not detailed @ the help file of AIS
-
avast sandbox is a little unstable in firefox 3.6. If ouver many tabs it gets unstable, the sound sometimes does not work in videos, it seems that avast sandbox also virtualizes the sound insulation of windows 7 which was not to be isolated.
-
avast sandbox is a little unstable in firefox 3.6. If ouver many tabs it gets unstable, the sound sometimes does not work in videos, it seems that avast sandbox also virtualizes the sound insulation of windows 7 which was not to be isolated.
hi,
you should have started a new thread for two reasons:
1 the thread here is too old
2 the thread here is about sandbox security, not functionality.