Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Lisandro on September 26, 2010, 10:22:28 PM

Title: The future of avast protection
Post by: Lisandro on September 26, 2010, 10:22:28 PM
I'm not friend of long posts  8)
But let's make an exception as I think the subject worths.

Nowadays, avast virus analysts receive more than 50.000 samples per day!
Although a lot of work is automated, signatures, behavior analysis, code virtualization... aren't being enough.

The avast policy is "default allow" (as all other legacy antivirus), i.e., what is not blacklisted, allow; what is not blocked in the signatures and rules (behavior shield) is allowed to run.

I'm asking for a double behavior or, in other words, a "default deny" policy, i.e., what is not whilelisted, block; what is not in the trusted list of avast should be denied.

This could be achieved by the sandbox technology of avast 5.
Whatever not in the whitelist of trusted sources (an executable file, an installer, a script, etc.) could generate a question to the user in order to allow or deny.

The scheme would be:

file > scanned by avast antivirus > if it is a malware, proceed to the automatic actions set (like it is today).
                                                    > if it is not in the whitelists, automatic sandbox to protect the computer.

The drawbacks (cons) of the generated popups could be reduced:
a) the whitelists could be updated frequently, new clean files added.
b) the cloud (community) technology could be used for populate these whitelists.
c) pre-scanning of avast could mark the "unknown" files (and upload for analysis).
d) it could be, of course, an optin setting of avast and any automatic sandboxed file could be "removed from sandbox" if the user wants/needs.

I understand the sandbox is part of the paid (pro) antivirus.
Maybe the automatic sandbox (only) could be available for free users (just not the on demand sandbox like it is now only for pro). The sandbox is highly configurable and the automatic one could be a simpler version of the on demand (actual) one: more or less as a "run as limited user", avoiding infecting of unknown malware.

This could be an improvement of zero-day detection and be the solution of missdetection (as no antivirus is perfect...).

avast team suggestions/critics are (also) welcome!


Edited: I've changed the name of the thread from Do you want automatic sandboxing and cloud to increase avast protection? to a more comprehensive one due to the discussion.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: disPlay on September 27, 2010, 12:19:25 AM
Yes. Make it available (on by default, i.e., for all users).

Why I chose it?
b) the cloud (community) technology could be used for populate these whitelists.

Avast have a big user database why not use this to their favor?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 12:25:10 AM
Thanks disPlay. Seems that the poll is not popular... Too many views of the thread and few posts.
But, never mind, the important is some advanced users posts and, also, avast team posts.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 27, 2010, 12:44:36 AM
 I would be tempted to talk like Bob >>> "oh no...not another Comodo" thread ;)...because that's what it is basically. You're purely and simply referring again to CIS, and to the fact that it's free.

 ;D just about the automatic sandboxing of unknown processes/apps, I already suggested it here on Avast forums almost immediately after trying Comodo 4.0, so of course that's needed, and I'm almost sure that the devs @ Avast have already planned it.
 Running apps sandboxed constantly is useless imo, unless you browse bad sites...purposely...or stupidly...and constantly. So again the automatic sandboxing of unsigned/unknown stuff remains the only interesting aspect.

 This said Tech, I'm quite happy that Avast is Avast and Comodo is Comodo, and I really don't want to see Avast work, feels, sound...like Comodo. They (Avast) will do it their own way, they're watching the competition too, so I won't bother voting here ;)As well as they probably got their own idea of the cloud, to be introduced in 5.1, and don't need to mimic Comodo.

ps: I mean "default deny" etc... this is all Comodo vocabulary, desktop bloated with popups and uneeded security software behavior >>> like you're ending up, after a new install, having to tell a hundred times that you trust the applications you've been using for a few years...or let them get sandboxed ;D The filter needs some work apparently ;D That's what Comodo Internet Security does. That makes the fans feel secure...the time wasted is not a problem because the kids are playing...so at least while they keep answering Comodo alerts, they're not bored ???

 One last thing, I doubt Avast would make anything sandbox related available in the free version, not even "just" an automatic sandbox :D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Rednose on September 27, 2010, 01:08:54 AM
Ofcource Tech is referring to the Comodo Default Deny security policy ;)

But Avast already has a huge whitelist they internally test their updates against. So the idea is very interesting. I think I have to support it :)

Greetz, Red.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: sded on September 27, 2010, 01:14:51 AM
I'll throw in my $.02 also ;).  I don't like sandboxing because it just defers the decision and seems more suitable for hobbiests than those who actually use their computer for things.  You still need a source of additional information without making it too much of a nuisance.  "Default deny" is just propaganda as a slogan.  A security system is actually a sieve or processing-it allows by default anything that can't be eliminated by the current layer of the sieve so the next layer can attack it.  It looks at signatures, be they ports&protocols, AV signatures including behaviors, whitelists, blacklists, HIPS signatures (the actions by a process that should cause an alert-see attachment for an example from OA) until it eventually gets down to a process that doesn't match anything in your library.  Prevx, for example, does additional heuristics based on Program age and Popularity at this point.  The reason all of these things are important in terms of evaluating protection is that eventually you get down to some processes that go to a user but have no information from all of the signatures and processing you have done.  A very cursory evaluation indicates that the user will make errors as a percentage of those processes that get this far.  The more residue, the more errors.  So the idea that the sieve (AV) has no value because you can always catch it in the HIPS or sandbox is nonsense.  Even the "security as a hobby" users like us have problems discriminating whether the rare events (uncharacterized alerts)  are FA or Detection.  And the "tests" (actually demonstrations) run as scenarios where all the popups are known to be malware do not really show anything about performance in the field either for the interested user or the hobbiest.  The latest thing Comodo has done with their incessant propaganda is tempt me to try NIS .  I credit Melih for finding OA, Softpedia, COU, etc.  and now possibly NIS for me by the incessant raving on his site.  Even MRG has become useful and interesting since the Comodo fiasco.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: GloobyGoob on September 27, 2010, 01:47:30 AM
Isn't that what the Secure Desktop feature that's coming out in 5.1 is? And yeah, this sounds an awful lot like Comodo ::)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Rednose on September 27, 2010, 02:14:05 AM
Isn't that what the Secure Desktop feature that's coming out in 5.1 is?

Mmm no ;)

About the Secure Desktop, from Petr :

Quote
it will allow you to execute e.g. web browsers in more secure mode than in 5.0, it’d be executed in the seperated desktop  - with no icons, under our alternative shell (i.e. own explorer.exe), own taskbar, etc. This alternative desktop will be protected from keyloggers, screen captures and keeps your browsing activity isolated from other processes running on the normal desktop. This feature might be integrated into most common web-browsers as a plugin: e.g. if you go to www.abnamro.nl or www.dnb.nl sites (online banking), avast will open this page in the secured desktop automatically and protects your surfing from other applications.

Greetz, Red.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 02:43:44 AM
just about the automatic sandboxing of unknown processes/apps, I already suggested it here on Avast forums almost immediately after trying Comodo 4.0, so of course that's needed
Ok then, thanks.

and I'm almost sure that the devs @ Avast have already planned it.
Good. I never heard about it (yet).

so I won't bother voting here
It's up to you :)

ps: I mean "default deny" etc... this is all Comodo vocabulary, desktop bloated with popups and uneeded security software behavior
If you can't understand, just admit. Don't worry :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 02:44:37 AM
So the idea is very interesting. I think I have to support it :)
Thanks Rednose for the support. This is what I meant: technology improvement.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: MasterTB on September 27, 2010, 02:47:27 AM
I think the good approach would be to allow the user to run any unidentified process in the sandbox. I mean, for any process that is allowed to run once it has passed all of Avast!'s shields the user should be given the option to run it in the sandbox and thus maximizing security.
That way users are not forced to run processes in the sandbox but if they want to -because it is a new process or some rogue process that by some clever technique bypassed Avast!'s shields- they can run it sandboxed just in case.

Martin.-
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 02:48:23 AM
So the idea that the sieve (AV) has no value because you can always catch it in the HIPS or sandbox is nonsense.
sded, I respect your opinion. But I'm not saying the AV has no value. It's not my opinion.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 02:51:09 AM
About the Secure Desktop, from Petr :

Quote
it will allow you to execute e.g. web browsers in more secure mode than in 5.0, it’d be executed in the seperated desktop  - with no icons, under our alternative shell (i.e. own explorer.exe), own taskbar, etc. This alternative desktop will be protected from keyloggers, screen captures and keeps your browsing activity isolated from other processes running on the normal desktop. This feature might be integrated into most common web-browsers as a plugin: e.g. if you go to www.abnamro.nl or www.dnb.nl sites (online banking), avast will open this page in the secured desktop automatically and protects your surfing from other applications.
Very good idea for banking security. Although it's not an automatic sandbox for all unknown applications but just for sites, am I wrong?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 02:52:25 AM
I think the good approach would be to allow the user to run any unidentified process in the sandbox. I mean, for any process that is allowed to run once it has passed all of Avast!'s shields the user should be given the option to run it in the sandbox and thus maximizing security.
Precisely, that's the idea!
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: sded on September 27, 2010, 03:38:29 AM
So the idea that the sieve (AV) has no value because you can always catch it in the HIPS or sandbox is nonsense.
sded, I respect your opinion. But I'm not saying the AV has no value. It's not my opinion.
Sorry Tech, I did not intend to make my comments specifically for your opinions-just to suggest that there is a lot of self-serving propaganda out there that needs to be carefully evaluated as to accuracy and motivation.  As in threads like  "Is the AntiVirus biggest fraud in the security world?".
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 03:59:04 AM
Sorry Tech, I did not intend to make my comments specifically for your opinions
Don't worry. My opinions, of course, are just my opinions.
Nobody is intended to take things personally.

just to suggest that there is a lot of self-serving propaganda out there that needs to be carefully evaluated as to accuracy and motivation.  As in threads like  "Is the AntiVirus biggest fraud in the security world?".
We always need to separate what is fanboyism, what is exaggeration, what are personal opinions.
Filter things, remove the bad, but keep the good.
I'm interested in technology, in increase avast protection. For me and for all users. That's my intentions.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: RejZoR on September 27, 2010, 07:49:01 AM
Well i somewhat like what Comodo is doing with the sandbox but i'm also aware of the problems. For avast! i'd just want a full fledged Behavior Shield that would work like ThreatFire. That would be enough not to need sandbox the way you are asking for.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: NON on September 27, 2010, 09:46:45 AM
Automatic sandboxing feature can be a troublemaker in some countries: we have to use IME to input Japanese, but some sandboxing software (ex. Comodo ::)) isn't compatible with IME, so we can't input Japanese while sandboxing. :-\
Even the "Protected mode" in IE7 has some trouble with IME (user-based dictionary doesn't work in this mode due to privilege), automatic mode can lead more trouble...


Although this feature is good for security, I think this option should be advanced users only.

Someone wants to run a software which has not yet whitelisted and it doesn't work due to sandboxing, he/she have to whitelist it on their own... it's painful for beginners.

avast! is not for skilled people, but for all users. :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 27, 2010, 10:40:15 AM


ps: I mean "default deny" etc... this is all Comodo vocabulary, desktop bloated with popups and uneeded security software behavior
If you can't understand, just admit. Don't worry :)

if I can't understand what Tech ??? and admit what??? what is it that you could teach me? You're purely and simply copying and pasting stuff found in hundreds of posts on Comodo forums and you mean that you did understand something that I didn't? What is it? I'm just curious. I mean look, I was a regular poster on Comodo forums during years (misc accounts...), long before you even knew their name, you only started to go there on a permanent way very recently...praising Avast there, and praising Comodo here. Avoiding advising those knowing much better than you do in a general way might be a good idea...whatever the topic is btw, chances are that I'll beat you ;)..been using their firewall and HIPS since the beginning, so excuse me if I pretend to know what I'm talking about, and I pretend that you don't...again, you're stupidly copying and pasting other posters descriptions of the software, especially Melih's and posts :D
 You're still in luck here because people post in your thread (s) when you praise Comodo on Avast forums...just because you're an old poster here...seems that you're hardly noticed when mentioning Avast on Comodo's forums...seems that you just join the herds there, and became just of of them...a bit light to come up here and play the guru, the Comodo guru isn't it? ;D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: SafeSurf on September 27, 2010, 11:04:39 AM
I have a similar setup to sded and agree with most of his Post #5 (excluding the NIS part).

However, I have a technical question: What would happen if a person was to use a SB in one software that also had it in another software?  Would this then cause a conflict?  We talk about security software and conflicts that they may cause, and this came to mind.  Does anyone know the answer? 

I therefore would want to have the option to enable/disable the SB in a software during installation and in the GUI, whether it was Free or paid because of this since many more security software are moving in this direction of SB and other features not mentioned here (I do not want to hijack the thread).  Thank you.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Vladimyr on September 27, 2010, 11:15:14 AM
Hi Tech.
I had to vote "other". For my own PC, I'd be happy to have to choose whether executables that have passed every other test were then sandboxed by default, but for nearly every other user I know, they would have no idea what I'm talking about.

If I get time I'll expand on this later, but just a quick word of personal encouragement for you my friend.
It could be just a language issue but you seem to be adopting some of the personality-cult-speak of "he who cannot be named" (by which I don't mean Voldemort).
E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.

Take care in there, and just be very careful if you're offered a brightly coloured drink.

Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 27, 2010, 11:28:00 AM
on a side note, dismissing the anti-virus software concept has been a rule for years on Comodo forums, where Melih was claiming again and again not to use any to justify the use of their HIPS...I have nothing against HIPS, even if I personally, after years, don't feel the need to use one anymore. But I have something against people who're bashing a product because they're unable to produce an equivalent >>> insert CAV here :D

edit: old but interesting, read from there:
http://forum.avast.com/index.php?topic=41708.msg359785#msg359785

second edit: on another side note, the Comodo herds have been bashing Avast webshield for ages, calling it useless etc...(they say the same about the mailshield btw). This is a very poor appreciation of what in my opinion is one of the best security feature ever, so I cannot take them very seriously. And finally, I've hardly heard Avast devs refer to Comodo software, while the contrary happens all the time...guess why, Avast doesn't need such methods to convince ;)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Asyn on September 27, 2010, 12:07:42 PM
I voted for 'other'. ;)
I first want to see the capabilities of 5.1, before I jump into this discussion...
asyn
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 01:04:44 PM
Well i somewhat like what Comodo is doing with the sandbox but i'm also aware of the problems. For avast! i'd just want a full fledged Behavior Shield that would work like ThreatFire. That would be enough not to need sandbox the way you are asking for.
Thanks RejZor. Indeed a better/deeper behavior analysis tool is welcome.
Just that the technology - signatures, rules, etc. - seems to be difficult to follow the behavior of the malwares, exploiting and bypassing the legacy technology.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 01:07:44 PM
Automatic sandboxing feature can be a troublemaker in some countries: we have to use IME to input Japanese, but some sandboxing software (ex. Comodo ::)) isn't compatible with IME, so we can't input Japanese while sandboxing. :-\
Hmmm... As we can see, technology needs improvements.

Although this feature is good for security, I think this option should be advanced users only.
I feel the same.

Someone wants to run a software which has not yet whitelisted and it doesn't work due to sandboxing, he/she have to whitelist it on their own... it's painful for beginners.
For sure it needs to be tempered and the whitelist well studied.

avast! is not for skilled people, but for all users. :)
Just let the user choose and make it not the default.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 01:13:12 PM
However, I have a technical question: What would happen if a person was to use a SB in one software that also had it in another software?  Would this then cause a conflict?  We talk about security software and conflicts that they may cause, and this came to mind.  Does anyone know the answer?
Yeah, if you have set an application to run in a sandbox (e.g., sandboxie) and then avast automatically tries to run into its own sandbox, probably we'll have a conflict. In this case, it should be in the avast exclusions or into the avast trusted applications. 

I therefore would want to have the option to enable/disable the SB in a software during installation and in the GUI
For sure. It must be there and in the context menu of the .exe files probably: run inside/outside of the sandbox.

Since many more security software are moving in this direction of SB
Do you have examples of this?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 01:18:23 PM
If I get time I'll expand on this later, but just a quick word of personal encouragement for you my friend.
For sure, technology discussion and help the users are my personal encouragement and, believe, I need them.
Hope avast team understand their users also ;)

It could be just a language issue but you seem to be adopting some of the personality-cult-speak
Well, I'm trying to discuss technology, not vocabulary.
If there is another vocabulary that we can use, let's go for it.
I'd like to see avast-vocabulary, but I won't see it if I do not start the dialog, will I?

E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Do you have a solution? I mean, how to name them?

Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.
Really, I've posted there my opinion. I think they need to improve the antivirus to improve usability of the suite.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 01:20:32 PM
I voted for 'other'. ;)
I first want to see the capabilities of 5.1, before I jump into this discussion...
Thanks for participating Asyn.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: polonus on September 27, 2010, 03:03:39 PM
Hi my good friend, Tech,

Sandboxing in general is a good policy as one the layers of layered anti-malcode protection, but as with the "Sandboxie" proggie that I have installed and work under certain and particular ominous circumstances (running jsunpack, malzilla sessions, etc.) there is also particular malware that can circumvent the sandbox technique ( http://www.sandboxie.com/index.php?ConfigurationProtection ) and it is good to trust no program. You  have to configure Sandboxie at installation to work with e.g. avast, etc. It is not for nothing that the GoogleChrome browser is so advanced in security because it has all the tabs/windows running under separate tasks (see in your taskmanager), making it all the more difficult to hack this browser.
But, alas, sandboxing is a technique after the fact, the session is fenced in and just on closing down the application it is not allowed to make any changes to the computer, the minimal chance of something getting out of the sandbox is still there (rename the sandbox executable into something else, run as admin or password protected can help), but I also like to be protected pro-actively at places where malware vectors may enter the computer and one of the main vectors is script in various forms and sorts and possible third party sites on a particular website that may have not the best of intentions or have been hacked, and particularly inside the browser, so for GoogleChrome sandbox it only for those particular cases where you expect mayhem and to be vulnerable, then have extensions like NotScripts as by default, block with FlashBlock, BetterPopUpBlocker, Noref, specific configurations for AdBlockPlus and after closing the browser run Click&Clean to remove all traces from the previous session. If you run GoogleChrome in sandboxie and then run Click&Clean mind that traces of the previous session before the sandboxed session may still be active there and Click&Clean as you haven't earlier cleansed may not have gotten any access there. So as with all security measures it mostly is a two-sided sword and one should really grasp the full understanding of the process as what happens to have a grip on complete security as it is being performed.
Now there are two types of users, the savvy users that says; "I know enough about protection myself to take all these measures into my own hands and create a form of layered protection that is not overbloated, does not halt my OS too much and will perform full security under all circumstances, does not have to cost a cent."
And then there are the n00b users that want to have full protection, do not know how to protect themselves, and wanna only use a computer for the sheer fun of it, well they'd either listen to advice of others that are in the know and organize their protection likewise or work it like others at the very "dumb digibete" end of the user spectrum that will order a sometimes costly anti-malware suite, configure it wrongly or incompletely and over time still work their computer into a machine functioning merely as a doorstopper because of all sorts of unwanted malware, adware, tracking ware, crap etc.
So it all depends from what situation you will have your discussion. Like to hear what others here in the forum think about this?

Damian aka polonus

pol
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Omid Farhang on September 27, 2010, 03:34:42 PM
Hi Tech!

beside talking about Sandbox, you said same thing that I'm screaming for years! "default allow" and "default deny".

we all use Antivirus to prevent effect of malwares on our systems. what are them? Harm data, slow down, popups, theft data, use internet bandwidth etc.
these days security softwars are doing something instead of prevent them! like bring a lot of popup and questions (Thanks avast!, it don't do that much) and slow down systems (avast don't do it too ;) ). so it's very important that security software becoming set it and forget and also being trustworthy. like when it said This Is Malware, we say if my AV says it is malware, it is! and not thinking maybe it's FP?

I said that prior to my comment to say we much think of many thing before add a new feature to our products.

Best thing you noticed is "Whitelist" AND "Blacklist", not only "Blacklist".
avast has lack of Whitelist in someway. if it had a whitelist beside their blacklist, it was much easier for them to collect 'unknown' files. I mean, when I scan a folder with a nice antimalware, in the scan result it says (For example) "We Scanned 100 files, 33 Known Clean, 33 Malware and 34 unknown files" and give me options to send these 34 unknown files to their Analysis desk with my comment. I know such thing will need many many resources. also same for Firewall or any other components. a Firewall may have an option that use predefined rules do default allow or dent per program depending on the whitelist or blacklist...

Sandboxing is a great idea, even not as a security solution, something which take care of windows very well (if being programmed in the right way!).

Think of a quality sandbox and how good it can take care of windows? e.g. if your player being installed in a sandbox, browser in it's own sandbox, messenger in it's own sandbox and how easy it will to manage. windows will live untouched and become more solid. when you give up your player and wanted try another one, just flush your player sandbox and install the new one!
when I say a well programed Sandbox I mean every sandbox being customizable like their access to hard drive, internet etc. or run windows services normally or... (Sandboxie cannot run services must of times). so with that quality of sandbox you can run your bowser in a isolated place, isolated like a Virtual Machine which even every kind of sites or plugin don't be able read even 1 bit of your hard drive.
some times Sandboxes cause more problem than having benefits like additional popup from them or fail to run programs or....

so, if avast can program a Sandbox with that quality, I say go for it, if not, don't add something which bother us more!  ;D
by having more resources and spending more time, it is possible to do, so why not? start if it is a nightmare because in last 30-40 years many files have being created and you need to list them, but after a while you will list most of them and you will just need to works for newly created files from now on...

That's all what I think! maybe it's all wrong
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 03:41:38 PM
Polonus, the on demand sandboxing of browsers is a protection measure.
But with automatic sandboxing we're trying to get protection for the zero-day attacks, unknown/undetected malware.
About n00b and advanced users: at least the user has a final possibility (an alert) to block the malware (allow/deny). Right now, the malware could pass the antivirus protection and the user get infected anyway. With the alert, at least, 50% of chance to block the malware :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 03:49:23 PM
avast has lack of Whitelist in someway. if it had a whitelist beside their blacklist, it was much easier for them to collect 'unknown' files. I mean, when I scan a folder with a nice antimalware, in the scan result it says (For example) "We Scanned 100 files, 33 Known Clean, 33 Malware and 34 unknown files" and give me options to send these 34 unknown files to their Analysis desk with my comment.
You've got the point. That is what I (we) want.

I know such thing will need many many resources. also same for Firewall or any other components. a Firewall may have an option that use predefined rules do default allow or dent per program depending on the whitelist or blacklist...
Well, the avast firewall does not ask frequently. But it is based on what? I mean, the whitelist, why an application is allowed to connect or blocked? Seems that only 'infected' files are blocked (by the antivirus) and not by the firewall. Seems that outbound protection is decided by the antivirus and not by the firewall (or user).

when I say a well programed Sandbox I mean every sandbox being customizable like their access to hard drive, internet etc. or run windows services normally or... (Sandboxie cannot run services must of times). so with that quality of sandbox you can run your bowser in a isolated place, isolated like a Virtual Machine which even every kind of sites or plugin don't be able read even 1 bit of your hard drive.
For sure we need customization and not a complete sandbox that avoid using the program. Automatic sandbox should just reduce the access rights, drop/execute some files, etc.

some times Sandboxes cause more problem than having benefits like additional popup from them or fail to run programs or....
Of course we're not talking about a bad sandbox or bad implementation/usability of the software.

but after a while you will list most of them and you will just need to works for newly created files from now on...
Yeah. The whitelist improvement using the cloud (community) can make it less intrusive and annoying.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Bellzemos on September 27, 2010, 04:07:45 PM
I didn't take time and read all the posts, so I have one question - is it possible that this sandboxing function (if it will be implemented) could cause trouble if user is using another sandboxing program with Avast! (like me for example, I use Sandboxie)? Thank you.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 04:13:15 PM
I didn't take time and read all the posts, so I have one question - is it possible that this sandboxing function (if it will be implemented) could cause trouble if user is using another sandboxing program with Avast! (like me for example, I use Sandboxie)? Thank you.
Yeah. That situation must be studied. There must be an exception in one of the programs.
But, look, the automatic sandboxing are for new (unknown) programs and not for the ones already sandboxed on demand with other sandbox programs.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: nmb on September 27, 2010, 05:14:14 PM
Hi Tech,

Good that you are trying to bring up some new ideas. Here is my take at it, I have tried to look at in all angles, might have missed some ;):

Power, Delay and Area are the main constraints in any integrated chip(IC). They are the three corners of a triangle. If you want a good IC, place your circuit design at the centroid of the triangle - you will have a balance with all the three. Same is the case with any software. Protection, Delay and Memory are the three main constraints with any anti-virus. Right now avast is almost at the centroid of the triangle(at least the free version which I use, don't know about other versions). You try to add anything new, for eg, the sandbox thing, it increases protection, I agree, but at the cost of delay and memory. You try to increase one thing, you will get one or both of the other parameters affected. So think what you want ;)

Next,

I can see an option to vote for "all users" For this to be in reality, people who design, need to extensively do research work how effectively they can do it -they may have to setup new automations to detect the "right" thing  etc. Otherwise the zbot FP which once had occurred will happen often.

I can see an option to vote for "advanced users only" - I will not assume that you mean paid users. In fact, if you think a bit more, you will observe that advanced users seldom need such a thing, unless they don't know what they are doing, for which there is the normal sandbox option.

I really dont know how many layers avast guys are using to detect the file wether it is legitimate or not. So I really cant comment on this. But I can give you setup files(thousands) and exes(infinite) which don't have a signature. So decide which you want ;)

I have all these things in my mind, the pros and cons. I may need help, if, I really want the new sandbox thing - If avast does it, I think I will need it, else I think its just fine. Finally, I haven't got an infection from the day have been using the PC with avast!.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Bellzemos on September 27, 2010, 05:26:45 PM
Yeah. That situation must be studied. There must be an exception in one of the programs.
But, look, the automatic sandboxing are for new (unknown) programs and not for the ones already sandboxed on demand with other sandbox programs.

Well, in short I'd say it's a good idea, but there must be an option in Avast! AV to turn it's sandboxing function off (for anyone who doesn't want/need it).
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: sded on September 27, 2010, 05:30:18 PM
I actually do use a couple of (sort of) sandboxes currently.
One is Google Chrome.  It generates a new process for each tab, so that individual websites do not bring down the whole system.  I haven't found any downside to that one yet.
Another is Online Armor Run Safer, that reduces the privileges of a process to local user, and will do it automatically for new processes if you choose.  Downside is that when you want to use a browser for upgrades or installations, for example, you need to up the privileges again or do it from Windows Explorer.
Do these count as automatic sandboxing?  The question covers a lot of territory, and the answer mostly depends on the trade of security vs impact on your normal operations-how you use your system, as usual. And the features and quality of the design.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 05:32:06 PM
Good that you are trying to bring up some new ideas.
Many thanks. Hope other users can think/feel the same.

Protection, Delay and Memory are the three main constraints with any anti-virus. Right now avast is almost at the centroid of the triangle(at least the free version which I use, don't know about other versions). You try to add anything new, for eg, the sandbox thing, it increases protection, I agree, but at the cost of delay and memory. You try to increase one thing, you will get one or both of the other parameters affected. So think what you want ;)
You're fully right. We all know that protection requires resources.
But I need a technical answer from avast team. Maybe Vlk or Igor, or pk (the sandbox developer).
As avast is weak on binaries detection (there are a lot of complains regarding to this and comparing avast with Avira), the automatic sandboxing could increase protection for executables. We need to know if the sandboxing could be implemented in a reasonable way to not make the system bloat...

I can see an option to vote for "all users" For this to be in reality, people who design, need to extensively do research work how effectively they can do it -they may have to setup new automations to detect the "right" thing  etc. Otherwise the zbot FP which once had occurred will happen often.
Because of this, there is the second option for advanced users :)

I can see an option to vote for "advanced users only" - I will not assume that you mean paid users.
I can't ask avast to make the sandbox present in the free version.
So I'm asking them to release a "smaller/simpler" version of the sandbox, just to increase protection of the free version. The on demand and full sandbox could be only for paid users.

In fact, if you think a bit more, you will observe that advanced users seldom need such a thing, unless they don't know what they are doing, for which there is the normal sandbox option.
After the whitelist is well adopted and spread, we can think in releasing the technology for everybody.

I really dont know how many layers avast guys are using to detect the file wether it is legitimate or not.
Digital signatures and a whitelist of trusted manufacturers.

So I really cant comment on this. But I can give you setup files(thousands) and exes(infinite) which don't have a signature. So decide which you want ;)
An initial scanning of the system could reduce this (upload and checking).
Also, the list of manufacturers isn't infinite.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 05:32:46 PM
But there must be an option in Avast! AV to turn it's sandboxing function off (for anyone who doesn't want/need it).
Sure, sure, sure.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 05:37:15 PM
Online Armor Run Safer, that reduces the privileges of a process to local user, and will do it automatically for new processes if you choose.
Wow... Maybe it is similar of what I'm looking for... Although I'll need to change avast firewall for Online Armour :-\ :-[

Downside is that when you want to use a browser for upgrades or installations, for example, you need to up the privileges again or do it from Windows Explorer.
I'm looking for protection, i.e., new/unknown files and not for on demand sandboxing. For that, there is sandboxie :)

Do these count as automatic sandboxing?
More or less. We need a whitelist... not all the "new" processes are "unknown" processes in terms of security.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: DavidR on September 27, 2010, 05:38:19 PM
But there must be an option in Avast! AV to turn it's sandboxing function off (for anyone who doesn't want/need it).

Well that function is already there for the existing module surely, through the add remove programs, change and uncheck the sand box module to completely remove it.

Or Stop it in the Real-time Shields, Process Virtualization. Of course that would probably place an exclamation mark ! on the avast icon. In which case you would have to stop monitoring it in the avast Settings, Status Bar, components monitored section.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: scythe944 on September 27, 2010, 05:59:04 PM
I haven't played around with the sandbox enough to even know what to say here, but I believe that if they automatically sandbox programs, it will likely cause problems with certain software, and beginner users won't know how to fix the problems.

However, for people that know what they're doing it would be a great addition to the program, provided that it gives full control to the user so that they can whitelist / blacklist whatever they want.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: CharleyO on September 27, 2010, 06:21:52 PM
***

After reading all the posts above, I voted for "Yes. Make it available (off by default, i.e., for advanced users only)."

In the hands of a person who does not know/understand the implications of sandbox usage, it could present problems with "on by default."


***
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: nmb on September 27, 2010, 06:26:00 PM
Hi Tech,

We speak about many things Tech. But implementing it in the "right" way is a pain in the rear - viz, but not limited to, money for research work, setup new automations etc. All of a sudden nothing can be done - I know you don't expect that to happen. But a step approach is a better way of thinking(which people at avast are already thinking- might be :-\): Better behavior shield, Avast community - which might add up to the process of setting up this new approach indirectly.

We have to only hope, may be, that this topic gives some motivation to developers.:)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: spg SCOTT on September 27, 2010, 06:30:10 PM
I have only a basic knowledge of the sandbox in general and what they are capable of...

For me, I would think that (at least) the option to default to sandbox everything new/unknown would be adding another layer of protection...

I like the idea of a sandbox and what it does, but before I think I can decide on whether it should be an option or just on by default I would have to know more about it...and also how this option would affect newer users to computers...

For instance, how does it cope with malware as it stands now?

Does the behaivior shield monitor the sandbox, and does it watch for things like it does normally on the pc.

I think that would be a great use of the sandbox, to when running unknown files to watch what they do and what they try to change.
So if you were to run a file that was undetected by scans in the sandbox, but would be caught by monitoring what is modified and changed, so if it tried to modify a system file, it would prevent/block this before it happened, as opposed to running the file and the doing a scan and seeing the Win32:patched later on after the fact.

Although I could simply be grasping at straws here and completely missing the point of the sandbox...

Scott
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Chris Thomas on September 27, 2010, 06:58:56 PM

The cloud (community) technology could be used for populate these whitelists.

Avast have a big user database why not use this to their favor?

This is what I wanted to type in here

I would vote a big YES in capslock if this was verified by lists in the cloud
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 07:08:39 PM
I believe that if they automatically sandbox programs, it will likely cause problems with certain software, and beginner users won't know how to fix the problems.
Sure, it's not a toy. But it's not complicated also if you have a good whitelist. After all, the user will have 50% of blocking the software not detected by the antivirus definitions.

However, for people that know what they're doing it would be a great addition to the program, provided that it gives full control to the user so that they can whitelist / blacklist whatever they want.
Well, I'm not advocating the full control to the user. I think security is an expert issue. The ability of building a good whitelist is a challenge for the security experts :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Marc57 on September 27, 2010, 07:09:35 PM
I vote for Yes. Make it available (on by default, i.e., for all users). as this would be the safest setting for normal users.  As I understand it, any Malware executed in the sandbox would be trapped there and a simple reboot or shut down of the sandbox would remove it.

There would need to be a way such as a "White list' in Avast so it would know if a program is legitimate. Lets say you download CCleaner, Avast would scan the download, check it against its white list and then allow it to install to disk.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 07:11:02 PM
After reading all the posts above, I voted for "Yes. Make it available (off by default, i.e., for advanced users only)."

In the hands of a person who does not know/understand the implications of sandbox usage, it could present problems with "on by default."
Thanks for coming Charley.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 07:14:03 PM
may be, that this topic gives some motivation to developers.:)
I hope so! Thanks for participating.
Indeed I hope we can be listen by the team.
Maybe we're not seeing the problems or the technical difficulties to implement. But, for sure, we need to be side by side to find the better solution and balance. Don't you think?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 27, 2010, 07:18:26 PM
I vote for Yes. Make it available (on by default, i.e., for all users). as this would be the safest setting for normal users.  As I understand it, any Malware executed in the sandbox would be trapped there and a simple reboot or shut down of the sandbox would remove it.
That's the idea.

There would need to be a way such as a "White list' in Avast so it would know if a program is legitimate. Lets say you download CCleaner, Avast would scan the download, check it against its white list and then allow it to install to disk.
Well... maybe it will be difficult to implement this way.
Maybe we're underestimating the technical issues... So, let's wait for an "insider" point of view.
pk? ???
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Mr.Agent on September 28, 2010, 12:09:13 AM
Im not a Pro or IS user but i can say that an automatic sandbox i wouldnt like that if i was one. Because i mostly plays alots games and i think im not alone and to sandbox my games would be a overkill...

On my opinion if any 1 need the sandbox he will just left click or go in the program which its can be very easy and suit to everyone.

Mr.Agent
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 12:16:44 AM
On my opinion if any 1 need the sandbox he will just left click or go in the program which its can be very easy and suit to everyone.
For operation yes, you can live with on demand sandboxing, for protection of zero-day attacks, I don't think so.
Thanks for participating.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Mr.Agent on September 28, 2010, 12:18:42 AM
No prob Tech.

I just said my opinion thank for your respect and your reply.

Mr.Agent
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 12:29:12 AM
I just said my opinion thank for your respect and your reply.
Sure. And it's a valid opinion. Not all the users are looking for "technical" stuff and increase protection. Most of them are happy and clean with avast as it is :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: GloobyGoob on September 28, 2010, 01:18:35 AM
About the Secure Desktop, from Petr :

Quote
it will allow you to execute e.g. web browsers in more secure mode than in 5.0, it’d be executed in the seperated desktop  - with no icons, under our alternative shell (i.e. own explorer.exe), own taskbar, etc. This alternative desktop will be protected from keyloggers, screen captures and keeps your browsing activity isolated from other processes running on the normal desktop. This feature might be integrated into most common web-browsers as a plugin: e.g. if you go to www.abnamro.nl or www.dnb.nl sites (online banking), avast will open this page in the secured desktop automatically and protects your surfing from other applications.

Thanks Rednose, for the informative quote. ;D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Vladimyr on September 28, 2010, 05:16:07 AM
Hi Tech. I'm back!

Re "b) the cloud (community) technology could be used for populate these whitelists."
I don't think it's a good idea to rely on a collective opinion so-called "cloud" to determine whether or not a file is sandboxed, especially in regard to identifying true "zero-day" malware.

"Whatever not in the whitelist of trusted sources (an executable file, an installer, a script, etc.) could generate a question to the user in order to allow or deny."
Say I'm the first in the world (lucky me!) to see a particular brand-new previously unseen malware flagged by avast! I'm given the option. I choose not to run it in the sandbox. It is added to the "cloud" whitelist. For the next avast! user who comes across the same file, (1) my input is of no benefit because avast! devs wisely consider a representative sample of one to be inconclusive, or (2) "benefits" from my input by having his/her PC infected, just like mine.

more thoughts soon...
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Yanto.Chiang on September 28, 2010, 08:12:40 AM
Hi Tech,

Basically i agreed with your ideas, but again we should consider for beginner or common users which is not really advanced in term of technical problem.
It would become obstacle for avast team in term of providing support to avast user, and i keep choose awareness of users to run and operate this feature with avast if the user understand and realize how to operation this features.

I don't agree with automatic sandboxing, because if some application blocked by automatic sandboxing it would be looking very strict antivirus system and for users who do not understand about this features they won't like to use avast in the future and blame avast as highly false positives antivirus like other brands.

cheers,


Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Vladimyr on September 28, 2010, 08:52:30 AM
E.g. the term "legacy antivirus" is pejorative, used in order to disparage, to belittle or put-down, the products of every competitor.
Do you have a solution? I mean, how to name them?
Yes, recognized antivirus might do the trick. A legacy is what you have after someone has died.

Talk of how "end users need to be educated about these (i.e. AV-C) tests", is an extraordinary marketing strategy for a business enterprise.
Really, I've posted there my opinion. I think they need to improve the antivirus to improve usability of the suite.
Yes they do. And their situation colours even the most well-intentioned vision, leading to development and implementation of techniques that may well enhance the usability of their own product, but will not necessarily be of similar benefit (and may indeed be detrimental) for users of another security product, especially one with 'spadeloads' of usability, like avast!

That said, if avast! were to have any sort of automatic sandboxing of unsigned/un-whitelisted files, the idea of having different options or settings for "noobs", advanced users, etc, could be addressed something like this.

Logging in as a user with Admin or Power User privileges, avast! would prompt to say,
"Unsigned/un-whitelisted files will be virtualized by default. Tick the box to switch this feature off."

Logging in as Standard User, no prompt, no default virtualization. Limited user privileges should (at least on Windows 6 & 7) be sufficient to protect the system.

Any comments?

Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: AdrianH on September 28, 2010, 10:27:40 AM
Quote
: Do you want automatic sandboxing (virtualization) to increase avast protection?

NO!.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:06:43 PM
Re "b) the cloud (community) technology could be used for populate these whitelists."
I don't think it's a good idea to rely on a collective opinion so-called "cloud" to determine whether or not a file is sandboxed, especially in regard to identifying true "zero-day" malware.
Please, Vladimir, it's NOT opinion, the cloud is the source of files to get whitelisted by avast team...

"Whatever not in the whitelist of trusted sources (an executable file, an installer, a script, etc.) could generate a question to the user in order to allow or deny."
Say I'm the first in the world (lucky me!) to see a particular brand-new previously unseen malware flagged by avast! I'm given the option. I choose not to run it in the sandbox. It is added to the "cloud" whitelist. For the next avast! user who comes across the same file, (1) my input is of no benefit because avast! devs wisely consider a representative sample of one to be inconclusive, or (2) "benefits" from my input by having his/her PC infected, just like mine.
C'mon... I advocate that security is for specialists and not polls. Cloud is source, analysis is for specialists.

more thoughts soon...
[/quote]
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:12:25 PM
Basically i agreed with your ideas, but again we should consider for beginner or common users which is not really advanced in term of technical problem.
But the common user will have, at least, the final question to allow or deny.
Without it and without avast detection, the user - advanced or not - gets infected without having a chance...

It would become obstacle for avast team in term of providing support to avast user, and i keep choose awareness of users to run and operate this feature with avast if the user understand and realize how to operation this features.
A single page of a help file will tell how it works. We manage tons of other technical problems/issues of avast to help users.

I don't agree with automatic sandboxing, because if some application blocked by automatic sandboxing it would be looking very strict antivirus system and for users who do not understand about this features they won't like to use avast in the future and blame avast as highly false positives antivirus like other brands.
It's a real point. The user could take the popups as false positives... but, indeed, they are just 'unknown' files (not yet classified as clean or infected).
But, look, which are these other brands? False positives are common in brands that do not use "deny default" policy, on contrary, false positives are huge when we have aggressive heuristic analysis.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:19:41 PM
Yes, recognized antivirus might do the trick. A legacy is what you have after someone has died.
I'll try "signature antivirus". Legacy is a depreciative word indeed (http://en.wikipedia.org/wiki/Legacy_system).

Yes they do. And their situation colours even the most well-intentioned vision, leading to development and implementation of techniques that may well enhance the usability of their own product, but will not necessarily be of similar benefit (and may indeed be detrimental) for users of another security product, especially one with 'spadeloads' of usability, like avast!
It's another technology, maybe the users need to get used to.

That said, if avast! were to have any sort of automatic sandboxing of unsigned/un-whitelisted files, the idea of having different options or settings for "noobs", advanced users, etc, could be addressed something like this.
Logging in as a user with Admin or Power User privileges, avast! would prompt to say,
"Unsigned/un-whitelisted files will be virtualized by default. Tick the box to switch this feature off."
Logging in as Standard User, no prompt, no default virtualization. Limited user privileges should (at least on Windows 6 & 7) be sufficient to protect the system.
Any comments?
I liked this idea very much. I don't think avast should aware the users, but, indeed, it (the sandboxing) could work only in admin accounts. Very good point.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:20:46 PM
NO!
Why not? Don't you want to be at least alerted when you get a zero-day infection?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: AdrianH on September 28, 2010, 01:42:42 PM
NO!
Why not? Don't you want to be at least alerted when you get a zero-day infection?

I just do not think that adding more and more features is necessarily a good thing . avast! works very well as it is, I like most people have at least one other application running to double check content and feel no need for anything else.  Make the free version too complicated , have too many features to set/check/understand and you loose users. If I wanted a suite of tools I would go for a security suite but having used several of these previously and seen the problems they can can cause I want a good reliable but simple AV which at present avast! is.

Keep it simple, do one thing well not many things poorly.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:44:55 PM
Ok Adrian. But... are we talking about being simple and get infected? Does it worth?

By the way, RejZor's comment about automatic sandboxing in Comodo forum:
https://forums.comodo.com/news-announcements-feedback-cis/cis-does-well-against-nis-t62591.0.html;msg442385#msg442385
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 01:54:25 PM
As per the semi-annual security report of a German security vendor G Data, the amount of new malware applications made a record for H1-2010 with more than a million registered in just six months alone.

The report reveals that during H1-2010, G Data detected 1,017,208 new malware, an increase of 51% over the H1-2009. Strong growth should result in the emergence of more than 2 Million new malicious codes in the complete 2010.

http://www.gdatasoftware.co.uk/uploads/media/GData_MalwareReport_2010_1_6_EN.pdf
http://spamnews.com/The-News/Latest/First-Half-of-2010-Records-More-Than-Million-New-Viruses-2010092213782/
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: AdrianH on September 28, 2010, 02:18:28 PM
Ok Adrian. But... are we talking about being simple and get infected? Does it worth?

By the way, RejZor's comment about automatic sandboxing in Comodo forum:
https://forums.comodo.com/news-announcements-feedback-cis/cis-does-well-against-nis-t62591.0.html;msg442385#msg442385

No, simple but effective. I have 3 machines running 24/7/365 here and in the last 27 months have seen no malware of any description make it on to a drive.

Common sense also has to be a big part of internet use. Thinking that if you have an AV system means you can go anywhere,open anything is the reason for the majority of problems.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 28, 2010, 02:40:15 PM
NO!
Why not? Don't you want to be at least alerted when you get a zero-day infection?

I don't get zero day things ;D but I still wouldn't mind the auto-sandboxing as an option, more a geek like feature than a necessity to be honest. Average Joe would never use that...and in  automatic mode, average Joe would be lost if the sandboxing messes with programs...which can happen at startup, bringing new problems that only an advanced user can solve.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 02:55:11 PM
No, simple but effective. I have 3 machines running 24/7/365 here and in the last 27 months have seen no malware of any description make it on to a drive.
Sure. You're personal experience is infection-free. That does not change avast detection rate and protection level though...

Common sense also has to be a big part of internet use. Thinking that if you have an AV system means you can go anywhere,open anything is the reason for the majority of problems.
Sure again. Other of us live a little bit more dangerously :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 02:56:26 PM
Average Joe would never use that...and in  automatic mode, average Joe would be lost if the sandboxing messes with programs...which can happen at startup, bringing new problems that only an advanced user can solve.
Average Joe gets infected :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 28, 2010, 03:12:24 PM
Average Joe would never use that...and in  automatic mode, average Joe would be lost if the sandboxing messes with programs...which can happen at startup, bringing new problems that only an advanced user can solve.
Average Joe gets infected :)

very probably yeah, I won't deny that...and you won't get him/her use a sandbox, not mentioning that a sandbox must be managed... those who can't run NoScript (just an example) won't run  an Avast sandbox either...for management reasons mainly, they won't be aware of and don't want to be bothered with either. Now I don't dismiss the benefits of sandboxing, at geek level exclusively as third party apps (Comodo or Avast) offering it can fail, and do fail very often. The only acceptable and viable sandboxing future (for everyone) will go through the full inetgration of virtualization in Windows by Windows, i.e. most likely introduced by Microsoft themselves in Windows 8, or whatever it will be called.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 28, 2010, 03:19:29 PM
and you won't get him/her use a sandbox, not mentioning that a sandbox must be managed...
That's the "automatic" part of the solution :)
See here http://forum.avast.com/index.php?topic=64445.msg544785#msg544785 a recent failure of avast.
Even the samples were submitted to them and nothing. I heard a lot of reports of avast failure here in Brazil.

Now I don't dismiss the benefits of sandboxing, at geek level exclusively as third party apps (Comodo or Avast) offering it can fail, and do fail very often.
Where is it failing?

The only acceptable and viable sandboxing future (for everyone) will go through the full inetgration of virtualization in Windows by Windows, i.e. most likely introduced by Microsoft themselves in Windows 8, or whatever it will be called.
A way to use Windows to get rid from Windows ;D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Hermite15 on September 28, 2010, 03:30:34 PM
The only acceptable and viable sandboxing future (for everyone) will go through the full inetgration of virtualization in Windows by Windows, i.e. most likely introduced by Microsoft themselves in Windows 8, or whatever it will be called.
A way to use Windows to get rid from Windows ;D

I would be tempted to return the compliment, if you can't understand... ;D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Vladimyr on September 28, 2010, 06:06:36 PM
That said, if avast! were to have any sort of automatic sandboxing of unsigned/un-whitelisted files, the idea of having different options or settings for "noobs", advanced users, etc, could be addressed something like this.
Logging in as a user with Admin or Power User privileges, avast! would prompt to say,
"Unsigned/un-whitelisted files will be virtualized by default. Tick the box to switch this feature off."
Logging in as Standard User, no prompt, no default virtualization. Limited user privileges should (at least on Windows 6 & 7) be sufficient to protect the system.
Any comments?
I liked this idea very much. I don't think avast should aware the users, but, indeed, it (the sandboxing) could work only in admin accounts. Very good point.
Glad you liked it. ;)

For many people who just want to, or have to, use a PC, effective AV protection is proportional to their threshold of annoyance/patience. If they think the AV is making their PC slow down, or boxes with questions they don't understand keep popping up, they'll just click anything to get rid of the message or turn the protection off.
 
Like everything devised by human beings, AV protection is a compromise. User friendliness and the quest for usability will generally result in a level of allowable risk being tolerated. Sandboxing by default aims to reduce this risk by taking more responsibility away from the user and putting it in the hands of a what is essentially a glorified IF, THEN, ELSE engine, albeit a highly developed and multifaceted one. Such an idea might seem attractive at first, especially if your product has a reputation for annoying popups (insert CIS experience here ;D) but in the end it may turn out to be just as frustrating for the user as the cryptic warning popups it was supposed to diminish.
As for avast! users who are not accustomed to their PC seesions being interrupted by questions from their AV, the implementation of such a measure would need to be faultless.
A false sandboxing is an FP, a legit program that may not work properly sandboxed.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: MAG on September 28, 2010, 07:00:49 PM
I'm not paticularly geeky - but I always sandbox Firefox. It gives me a warm and secure feeling after reading forums like this, and installing Secunia PSI, which tells me that programs I have always thought safe (like Firefox and Flash player) are actually incurably vulnerable!

Virtualisation of Firefox gives me some problems (Flash player doesn't always work, program/add-on updates fail unless I exit sandbox, and sometimes it doesn't sandbox even though I tell it to. Even though I'm a bit of a noob I find the trouble worthwhile - and it is diminishing - at one time the sandbox used to BSOD the machine every time I closed Chrome or tried to run Flash in Firefox.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: RejZoR on September 28, 2010, 07:15:40 PM
The automatic sandboxing approach like done in Comodo would require a massive overhaul of the entire avast! product which i don't see happening in the near future. However it would be imo possible to upgrade avast! Sandbox in a way that avast! would be monitoring behavior inside Sandbox and give that feedback to user in a more understandable manner. So basically a behavior analyzer inside Sandbox. So users can run it like an on-demand scan and get some basic figure if the file executed is malicious or not. Because to be honest, even if you run it in the sandbox, it may look like it hasn't affected the system, yet it has installed something nasty in it. Pretty much like Comodo's CIMA, Norman Sandbox or ANUBIS online systems which tell you what the file is doing. I don't know, this seems like a more possible thing to happen as it would be built on top of existing tech and not something completely new.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Jahn on September 28, 2010, 07:39:56 PM
Hello Tech, I voted Yes. Make it available (off by default, i.e., for advanced users only).

While I've never used the Avast Sandbox, I would agree in principle that automatic sandboxing could be another useful layer of defense against malware for some users. Personally, I find sandboxes annoying because of the additional step(s) required to deem "wanted" files as safe so they will actualize on my hard disks. I already use Comodo HIPS on most systems (5 of 6), so sandboxing may be redundant, which is primarily why I don't use the Comodo Sandbox, either. Also, as mentioned elsewhere I use a Chromium based browser (Comodo Dragon), in which all TABS are virtualized, anyway. :)

Jahn
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Dch48 on September 28, 2010, 09:44:29 PM
I would be totally against any form of automatic sandboxing. The only way it would work is if there was an extensive whitelist that worked in every case so that essential files of things like games would not be prevented from doing what they need to do. Most games run in full screen so any alerts would not be seen if saved games were being sandboxed and then lost when the game was exited. The game mode would have to be revamped to shut off the sandboxing when in full screen . The problem there is that many people do not play the games in full screen mode but rather in a window. They do this to allow easier minimizing of the game to look things up on the net or to check for messages or mail that may have come in while they were playing. Making people have to manually turn off parts of your security app to do what they want to do on their machines is not the way to go.

To me the second most important thing any security application can do is stay out of your face and not interfere with or limit in any way what you can do with your computer. I spent a year dealing with and suffering through using Comodo as a gamer. The biggest thing that made me stop using CIS was the introduction of the automatic sandboxing that turned what had been a hassle for gamers into an absolute nightmare. I also had grown very tired of the HIPS alerts for totally safe things. I have had it with the default deny approach and never want to go back to using it.

If you could guarantee that there would be a large enough whitelist and a gaming mode that worked in every case then automatic sandboxing might be okay. I don't have much confidence that either of those things would be possible.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: essexboy on September 28, 2010, 09:45:04 PM
I feel the biggest problem is that when novice users try to save files to disk and then lose them when the sandbox closes, may very well tempt them to disable it
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: pk on September 28, 2010, 09:59:39 PM
I feel the biggest problem is that when novice users try to save files to disk and then lose them when the sandbox closes, may very well tempt them to disable it

@essexboy: Are you sure? Since avast sandbox detects what the user saves in the sandboxed apps and exclude them from virtualization automatically (see "Automatically detect..." checkbox in Expert Settings). This works quite nicely - I like it. Also, most web browsers are supported and their download locations are detected & excluded.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Gargamel360 on September 28, 2010, 11:18:30 PM
So, I read up a little on this idea.  I answer no. 

It seems a very secure idea.  But it also seems like actually placing my security system ahead of my OS in priority, is that even a good idea?  I mean, noob I may be, but that seems like screwed up priorities there, taking security a single step too far. 

If some full-on Cyber War broke out I might be happy to have a system idea like CIS's, like hiding in a bunker when bombs are falling.  But unless Avast! could develop the greatest whitelist ever known (and keep it that way, indefinitely), I will continue to take my AV as-is.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: essexboy on September 28, 2010, 11:44:15 PM
I feel the biggest problem is that when novice users try to save files to disk and then lose them when the sandbox closes, may very well tempt them to disable it

@essexboy: Are you sure? Since avast sandbox detects what the user saves in the sandboxed apps and exclude them from virtualization automatically (see "Automatically detect..." checkbox in Expert Settings). This works quite nicely - I like it. Also, most web browsers are supported and their download locations are detected & excluded.
Err no to be honest I have not used a sandbox function for years as it annoyed the hell out of me..  But I will play with it now  ;D
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Rednose on September 28, 2010, 11:48:43 PM
The automatic sandboxing approach like done in Comodo would require a massive overhaul of the entire avast! product which i don't see happening in the near future. However it would be imo possible to upgrade avast! Sandbox in a way that avast! would be monitoring behavior inside Sandbox and give that feedback to user in a more understandable manner. So basically a behavior analyzer inside Sandbox. So users can run it like an on-demand scan and get some basic figure if the file executed is malicious or not. Because to be honest, even if you run it in the sandbox, it may look like it hasn't affected the system, yet it has installed something nasty in it. Pretty much like Comodo's CIMA, Norman Sandbox or ANUBIS online systems which tell you what the file is doing. I don't know, this seems like a more possible thing to happen as it would be built on top of existing tech and not something completely new.

Although RejZoR describes it in more details, we have the same idea :)

http://forum.avast.com/index.php?topic=52933.msg448936#msg448936

Greetz, Red.

Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Rednose on September 29, 2010, 12:57:15 AM
About the Secure Desktop, from Petr :

Quote
it will allow you to execute e.g. web browsers in more secure mode than in 5.0, it’d be executed in the seperated desktop  - with no icons, under our alternative shell (i.e. own explorer.exe), own taskbar, etc. This alternative desktop will be protected from keyloggers, screen captures and keeps your browsing activity isolated from other processes running on the normal desktop. This feature might be integrated into most common web-browsers as a plugin: e.g. if you go to www.abnamro.nl or www.dnb.nl sites (online banking), avast will open this page in the secured desktop automatically and protects your surfing from other applications.

Thanks Rednose, for the informative quote. ;D

It is always difficult to decide what you can share and what not. As it answers your question, and we are close to a 5.1 ( BETA ) release, I hope Petr doesn't mind ;)

Greetz, Red.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 01:02:39 AM
Like everything devised by human beings, AV protection is a compromise. User friendliness and the quest for usability will generally result in a level of allowable risk being tolerated.
Sure. I think it is a balance. But, right now, I think we need to shift the balance a little toward protection and new technologies.

Sandboxing by default aims to reduce this risk by taking more responsibility away from the user and putting it in the hands of a what is essentially a glorified IF, THEN, ELSE engine, albeit a highly developed and multifaceted one.
I'm not removing the protection of an antivirus. In the very first post of this thread I say about a way to achieve that "after" the antivirus has done its part.

Such an idea might seem attractive at first, especially if your product has a reputation for annoying popups - nsert CIS experience here ;D), but in the end it may turn out to be just as frustrating for the user as the cryptic warning popups it was supposed to diminish.
The popups shouldn't be cryptic.
By the way, we're thinking in automatic sandboxing, not manual one.

As for avast! users who are not accustomed to their PC seesions being interrupted by questions from their AV, the implementation of such a measure would need to be faultless.
A false sandboxing is an FP, a legit program that may not work properly sandboxed.
Sure. The implementation is crucial.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 01:13:39 AM
The automatic sandboxing approach like done in Comodo would require a massive overhaul of the entire avast! product which i don't see happening in the near future
A whitelist approach as a massive overhaul? Why?

However it would be imo possible to upgrade avast! Sandbox in a way that avast! would be monitoring behavior inside Sandbox and give that feedback to user in a more understandable manner.
In an on demand sandbox, why would you want to be alerted of sandboxed items/processes?

So basically a behavior analyzer inside Sandbox.
Again, in an on demand sandbox, what the behavior analyzer will add to protection?

So users can run it like an on-demand scan and get some basic figure if the file executed is malicious or not.
But the user will need to run it on demand...

Because to be honest, even if you run it in the sandbox, it may look like it hasn't affected the system, yet it has installed something nasty in it. Pretty much like Comodo's CIMA, Norman Sandbox or ANUBIS online systems which tell you what the file is doing. I don't know, this seems like a more possible thing to happen as it would be built on top of existing tech and not something completely new.
Ok... The user will know that he should have sandboxed that nasty thing... Thanks God he did it on demand...
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 01:16:20 AM
Hello Tech, I voted Yes. Make it available (off by default, i.e., for advanced users only).
Thanks for your participation, regardless the vote itself.

While I've never used the Avast Sandbox, I would agree in principle that automatic sandboxing could be another useful layer of defense against malware for some users.
Precisely.

Personally, I find sandboxes annoying because of the additional step(s) required to deem "wanted" files as safe so they will actualize on my hard disks. I already use Comodo HIPS on most systems (5 of 6), so sandboxing may be redundant, which is primarily why I don't use the Comodo Sandbox, either.
Redundant? Why? If the malware was not detected at first, which will be redundant?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 02:49:34 AM
It seems a very secure idea.
Thanks.

But unless Avast! could develop the greatest whitelist ever known (and keep it that way, indefinitely), I will continue to take my AV as-is.
Ok, it could be for advanced users :)
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 02:52:27 AM
Although RejZoR describes it in more details, we have the same idea :)
http://forum.avast.com/index.php?topic=52933.msg448936#msg448936

What you forget is that virtualization can be used for malware detection as well. Say Avast! finds a suspicious file, it can execute it in the virtualization module and safely analyses it's behaviour. I am no expert ( and I don't know if/when this will be implemented ) but a combination of virtualization and behaviour analyses could be very powerful to detect malware.
Ok, but to work like this, to "find a suspicious file", avast should have a sandbox on access and not on demand... Do you agree?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 02:53:59 AM
pk, as being the developer, what do you think of all about this after all?
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Rednose on September 29, 2010, 04:28:46 AM
Yeah Petr, I am curious too :)

Or what about RejZoR's sugestion ( and mine) ???

Cheers m8, Red.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Vladimyr on September 29, 2010, 07:17:22 AM
As far as I recall, first use of the term "sandbox" in regard to PC security, was indeed to do with the idea of providing a defined safe but apparently real "playground" in which to allow unverified or otherwise suspicious files to "play" so that their behaviour could be observed, analysed and halted if deemed necessary.
It's still a great idea but there remain at least a couple of drawbacks, admittedly more-so, the closer the sandbox is to being the first line of defence.

1. Such a real-looking "playground" requires real CPU cycles. (Which is why offloading this task to some sort of "cloud" is seen as an attractive option.)

2. Let's say a previously unseen file is run in the sandbox, its behaviour analysed, its found to be re-writing registry values. Is it malware or is it carrying out a procedure the PC user has initiated? He/she will have to asked.
Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: superhacker on September 29, 2010, 11:49:19 AM
I choose "Yes. Make it available (off by default, i.e., for advanced users only)."Why?
Because not all malwares could be detected by avast so answer three is not logic,and if we make it for all users may some good programs will not work 100% so the newbie will make problems to us to help him.
Sandboxing is so good for new programs that come from the web,flash memories,.....
And i wish if we can customize what to sandbox like the unsigned programs,suspicious programs...

Title: Re: Do you want automatic sandboxing (virtualization) to increase avast protection?
Post by: Lisandro on September 29, 2010, 01:51:10 PM
and if we make it for all users may some good programs will not work 100%
Yeah. A real point for beginners.

Sandboxing is so good for new programs that come from the web, flash memories,.....
Can you imagine how good could it be for USB drivers infections? It's powerful :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 29, 2010, 03:28:50 PM
file > scanned by avast antivirus > if it is a malware, proceed to the automatic actions set (like it is today).
                                                    > if it is not in the whitelists, automatic sandbox to protect the computer.

Continuing to develop protection, what about avast cloud scanning (or paranoid or installation mode started on demand)?

1. A file starts to be executing.
2. It is scanned by the antivirus (signatures, heuristics and behavior). If it's clean, it's passed on; if infected you'll get a warning.
3. It's checked against local whitelist/trustedlist (digital signing, trusted manufacturers). If it's good, it's passed on; if it's not on local list it will get sent to the cloud.
   Special settings could protect the bandwidth and throttle it: check and analyze files while idle.
4. If it's found good in cloud, it will be allowed to run and cloud "updates" the local whitelists; if not found it's automatic sandboxed and alert the user.

pk? Vlk? Any thoughts?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 29, 2010, 09:10:18 PM
Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:


All these ideas come from here (https://forums.comodo.com/moderators-only/introduction-to-the-5x-sandbox-under-construction-t61169.0.html;msg430237#msg430237).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 29, 2010, 09:18:51 PM
Very recent posts in the forum...
http://forum.avast.com/index.php?topic=64493
http://forum.avast.com/index.php?topic=64494

I really think avast users need better protection.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on September 29, 2010, 10:26:49 PM
A security application, being something that people install because they need to rather than want to, should be as minimalist as possible. It should stay out of your face and not be a drain on not only your personal machine's resources, but also the resources of the entire internet structure. I am a fan of neither virtualization nor cloud based scanning for those very reasons. I have never willingly chosen to use either one.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 29, 2010, 10:40:53 PM
It should stay out of your face and not be a drain on not only your personal machine's resources, but also the resources of the entire internet structure.
I'm absolutely sure that the resources taken to scan a file with the possibility of being wrong (missdetection) are higher than to block them by HIPS and, in this case, by automatic sandboxing.

I am a fan of neither virtualization nor cloud based scanning for those very reasons.
Cloud is a second stage, done when the computer is not stressed.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on September 29, 2010, 10:52:48 PM
It should stay out of your face and not be a drain on not only your personal machine's resources, but also the resources of the entire internet structure.
I'm absolutely sure that the resources taken to scan a file with the possibility of being wrong (missdetection) are higher than to block them by HIPS and, in this case, by automatic sandboxing.

I am a fan of neither virtualization nor cloud based scanning for those very reasons.
Cloud is a second stage, done when the computer is not stressed.
HIPS and sandboxing require a form of scanning just the same as a traditional AV. They all check the files against some sort of a list.

Whenever cloud scanning is done, it still consumes bandwidth and resources of the entire internet structure to do it's job.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on September 29, 2010, 10:59:50 PM
HIPS and sandboxing require a form of scanning just the same as a traditional AV. They all check the files against some sort of a list.

Whenever cloud scanning is done, it still consumes bandwidth and resources of the entire internet structure to do it's job.


??? a sort of list yeah...right 8) I wouldn't want to deprive my neighbors of a few MB/s, so I'll refrain from using cloud AVs and HIPs from now on. Acting so thoughtlessly could make the whole Internet structure collapse, and I will not risk this. Thanks for the tips ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 29, 2010, 11:00:46 PM
HIPS and sandboxing require a form of scanning just the same as a traditional AV. They all check the files against some sort of a list.
But with less resources than the signatures/behavior scanning of antivirus.

Whenever cloud scanning is done, it still consumes bandwidth and resources of the entire internet structure to do it's job.
Sure. It could be optional, i.e., the user joins of not the cloud. Don't you think?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dalewyn on September 30, 2010, 12:35:27 AM
When I downloaded and installed Avast, I came looking for a minimalist, light, non-intrusive, effective piece of anti-virus software and nothing more, nothing less. I did not come looking for anti-virus+sandboxing, the latter (sandboxing) of which has really nothing to do with virus protection at its core. I'll be blunt, but if I require sandboxing I will go and find a piece of software that focuses on that area just as Avast focuses on virus protection.

Thus, I vote for: No, I think the "default allow" policy (signatures, rules, etc.) is enough.
Keep Avast unbloated and true-to-the-point like it currently is, please. :x
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: ImWarm on September 30, 2010, 01:14:39 AM
Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:

  • Drop (download) files in protected folders.
  • Get admin privileges (elevation).
  • Get Internet without asking permission.
  • Inject code into non-sandboxed applications in memory.
  • Other UAC restrictions.
  • Protect the system (avoid exploiting of Windows, COM interfaces, etc.).
  • Work like a keylogger or screen capture.
  • Write to existing clean files or protected areas of Windows Registry.

You just copy and pasted from the Comodo moderator's post on their forum ::)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on September 30, 2010, 01:17:13 AM
Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:

  • Drop (download) files in protected folders.
  • Get admin privileges (elevation).
  • Get Internet without asking permission.
  • Inject code into non-sandboxed applications in memory.
  • Other UAC restrictions.
  • Protect the system (avoid exploiting of Windows, COM interfaces, etc.).
  • Work like a keylogger or screen capture.
  • Write to existing clean files or protected areas of Windows Registry.

You just copy and pasted from the Comodo moderator's post on their forum ::)

nice ;) ...this doesn't even need to be verified when one knows Comodo forum well ;D (like I do  ;) )
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: GloobyGoob on September 30, 2010, 02:36:16 AM
Automatic sandboxing is 'good enough' security with a minimum of alerts, suitable for the majority of users.
It's not thought to provide the highest even possible level of security (full sandboxing).

Unknown software could have access rights limited, i.e., this software couldn't:

  • Drop (download) files in protected folders.
  • Get admin privileges (elevation).
  • Get Internet without asking permission.
  • Inject code into non-sandboxed applications in memory.
  • Other UAC restrictions.
  • Protect the system (avoid exploiting of Windows, COM interfaces, etc.).
  • Work like a keylogger or screen capture.
  • Write to existing clean files or protected areas of Windows Registry.

You just copy and pasted from the Comodo moderator's post on their forum ::)

True. Just worded a bit differently. link (https://forums.comodo.com/moderators-only/introduction-to-the-5x-sandbox-under-construction-t61169.0.html;msg430237#msg430237)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 02:43:10 AM
When I downloaded and installed Avast, I came looking for a minimalist, light, non-intrusive, effective piece of anti-virus software and nothing more, nothing less. I did not come looking for anti-virus+sandboxing, the latter (sandboxing) of which has really nothing to do with virus protection at its core.
Do you really think so? It does not have anything related to detection but everything related to protection.

I'll be blunt, but if I require sandboxing I will go and find a piece of software that focuses on that area just as Avast focuses on virus protection.
Any suggestion of an automatic sandbox program besides CIS? (not on demand sandboxing...).

Thus, I vote for: No, I think the "default allow" policy (signatures, rules, etc.) is enough.
Keep Avast unbloated and true-to-the-point like it currently is, please. :x
Bloated? Why?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 02:44:22 AM
You just copy and pasted from the Comodo moderator's post on their forum ::)
And so? What's wrong with the text itself?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: GloobyGoob on September 30, 2010, 02:47:21 AM
Well... shouldn't you quote it? ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 03:16:05 AM
Well... shouldn't you quote it? ;)
Maybe... I've read, agree with the ideas, rewrite and post...
We're supposing to be discussing the technology itself, not the vocabulary. I don't want the copywrite of them for sure.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dalewyn on September 30, 2010, 08:48:49 AM
Quote
Do you really think so? It does not have anything related to detection but everything related to protection.
Sandboxing, more accurately virtualization, is the act of creating an environment (the "guest") inside and separated from the "host" environment for a variety of purposes. These include running/emulating legacy OS and/or software on a modern OS and computer hardware, emulation of legacy or non-PC hardware and software, restriction of software rights, protection against network-based malware when sandboxing internet-borne programs, insurance in case of a runaway program, separation of processes to increase stability, and so forth. The cost of creating a guest environment can be expensive in the way of CPU processing, RAM usage, and in some cases hard disk space.

Sandboxing/virtualizing thus protects against far more than just viruses at a heightened cost when used to protect a computer. Whether a user wants that in an anti-virus program is the question here. I personally only want a traditional anti-virus program and nothing more.

Quote
Any suggestion of an automatic sandbox program besides CIS? (not on demand sandboxing...).
I've never had a requirement to utilize sandboxing/virtualization for means of protection, so I must admit I'm not knowledgable as to what choices are available.

Quote
Bloated? Why?
I like to think of sandboxing as a different form of protection from anti-virus protection. I feel that Avast (which at its core is an anti-virus program) has no business in increasing system stabilty at increased hardware cost, restricting the rights of software that aren't viruses, or protecting against things other than viruses*.

*AIS is a slightly different story given its security suite nature. A full-blown sandboxing feature wouldn't be so outlandish here akin to the firewall and antispam.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 02:39:05 PM
Sandboxing, more accurately virtualization, is the act of creating an environment (the "guest") inside and separated from the "host" environment for a variety of purposes. These include running/emulating legacy OS and/or software on a modern OS and computer hardware, emulation of legacy or non-PC hardware and software, restriction of software rights, protection against network-based malware when sandboxing internet-borne programs, insurance in case of a runaway program, separation of processes to increase stability, and so forth. The cost of creating a guest environment can be expensive in the way of CPU processing, RAM usage, and in some cases hard disk space.

Sandboxing/virtualizing thus protects against far more than just viruses at a heightened cost when used to protect a computer. Whether a user wants that in an anti-virus program is the question here. I personally only want a traditional anti-virus program and nothing more.
Well, you've risen up the horizon of my suggestion... I mean, I'm thinking in a very narrow concept of sandboxing and you're speaking of the global technology and what sandboxing could achieve at all. The environments are different. Maybe the vocabulary should be a new one. Won't it good if we can speak with "avast vocabulary" here?

I've never had a requirement to utilize sandboxing/virtualization for means of protection, so I must admit I'm not knowledgable as to what choices are available.
There are some similar alternatives. As far I know...
Behaviour blocker: ThreatFire.
Strong HIPS: Comodo Defense+, Spyware Terminator and System Safety Monitor.
Firewalls with HIPS: Online Armour.
Light HIPS: Winpatrol (and the old Arovax).
On demand sandboxing: Sandboxie.
Full virtualization: VMWare, Virtualbox.
System freezing: Wondershare Time Freeze, Deep Freeze, Returnil, Shadow Defender.
 
None of them are what I was bringing up with this thread: automatic sandboxing.
Indeed, besides Comodo Internet Security 5, we don't have any other option for automatic sandboxing. Oh, free ones :)

I like to think of sandboxing as a different form of protection from anti-virus protection.
Sure... but they can run side by side, it's becoming a necessity is we think in 2 million malware per year, and, better, avast already has the technology: a firewall and an on demand sandbox.

In fact, I'm only asking of making an on-access partial sandbox (other calls it 'limit access tool' or whatever you want to find in Comodo forums).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on September 30, 2010, 02:46:17 PM
Well... shouldn't you quote it? ;)

+1 of course he should ;) >>> but hey, you feel like you sound more knowledgeable when you don't...quote ;D ...and let's just leave aside moral considerations, we're talking high tech stuff :D
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 02:59:04 PM
+1 of course he should
I've edited my post before yours :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on September 30, 2010, 03:52:18 PM
Automatic sandboxing of every process or in other words run every single thing possible inside a SB ? No thanks, i'm a gamer, my machine needs to be fast and responsive. And don't tell me that what you are suggesting wouldn't slow down everything cause it would. Avast with it's light resources usage and minimal user input required is exactly what the doctor ordered for me. Do i think it's necessary to sandbox every process ? Nope, i only feel the apps that are a bigger security risk like web broswers will benefit from running inside the SB(in terms of security). Why the hell would i want my media player, my cd/dvd burner, my games, my text editor etc. etc. to be run inside a sandbox(and they would be run inside a sandbox if automatic sandboxing was enabled right ?) ? Sorry but i disagree with this idea completely. Sandbox is a fine security tool(and i use avast! SB myself) but i certainly don't want to run every single app inside a SB cause it doesn't make sense.

A better behavior blocker(like ThreatFire) is what i feel is most needed for avast! to improve. And i believe they are allready working on that, so we will see better detection rates with avast! 5.1 i am sure. The FW needs some work aswell but those are all things that they are working on allready so i think we are good.

@Tech: In case you haven't figured out Comodo has a different philosophy on ways of achieving security than avast!. Their idea is to block everything by default and let the user decide whether to allow or not to allow. That way they can always claim that their product has perfect protection(well of course it does if it blocks everything, don't you think) and it's the users fault that they got infected. Get it ? I prefer avast!'s philosophy to that of Comodo. And by reading your posts lately i feel you are more into Comodo's philosophy which is why i will suggest to you to get rid of avast! and start using CIS exclusively.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 04:02:41 PM
Do i think it's necessary to sandbox every process ?
Of course not. You're extrapolating my words. I'm talking about "unknown" processes.
Take it easy, all, all, all your games are known clean processes, aren't they?

Why the hell would i want my media player, my cd/dvd burner, my games, my text editor etc. etc. to be run inside a sandbox
They don't need to run in a sandbox...

(and they would be run inside a sandbox if automatic sandboxing was enabled right ?)
Wrong.

i certainly don't want to run every single app inside a SB cause it doesn't make sense.
Nobody wants that.

A better behavior blocker(like ThreatFire) is what i feel is most needed for avast! to improve. And i believe they are allready working on that, so we will see better detection rates with avast! 5.1 i am sure.
A behavior blocker is based on rules, again, we're talking about unknown files, zero-day problems...

@Tech: In case you haven't figured out Comodo has a different philosophy on ways of achieving security than avast!. Their idea is to block everything by default
Sorry, not block everything, but block the infected (malware) and the unknown. Not everything.

And by reading your posts lately i feel you are more into Comodo's philosophy which is why i will suggest to you to get rid of avast! and start using CIS exclusively.
You're putting CIS technology against avast's one. Indeed, CIS does what avast does and give a step forward. They're not incompatible technologies.
About the temptation, yes, it does really occur. Specially because of the avast turn around in last years... More here (for Evangelists only): http://forum.avast.com/index.php?topic=62785.0
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on September 30, 2010, 04:03:47 PM
I voted 'Yes. Make it available (on by default, i.e., for all users)'

However I prefer not to discuss about this it a bit to advance for me to have my say about automatic sandboxing and cloud to increase avast protection, it would nice to have some kind of level protection like Comodo and I know Avast would agree and disagree about using a similar idea security platform like Comodo.

I know most people don't want to complain about Avast having a similar Avast Internet Security like Comodo, because I know most people in here would not give Comodo Free Firewall v5.0 a second chance so most people can get an idea how we can help Avast on automatic sandboxing and cloud to increase avast protection because their been to many agree and disagree on Comodo ideas.

I have nothing against Avast as I'm still using their free version along with Comodo Free Firewall I haven't update to v5.0 yet prefer to wait a bit longer, Comodo v5.0 is still to early and it does have sandboxing and cloud with D+ (HIPS).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 04:09:05 PM
Thanks for participating Speed :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on September 30, 2010, 04:19:35 PM
Thanks for participating Speed :)

Your welcome Tech ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on September 30, 2010, 04:52:03 PM
Quote
Of course not. You're extrapolating my words. I'm talking about "unknown" processes.
Take it easy, all, all, all your games are known clean processes, aren't they?

First of all don't tell me to take it easy, i am alergic to that. And that was not my point, my point was if it runs them in SB they won't work properly. Let me ask you something, does Comodo know of every single game you run and have it on that whitelist ? Nope it's impossible to make a perfect whitelist. Impossible with the amount of software out there. The blacklist approach is better for me as it doesn't require an input from me which is why i am running avast!. Are you getting my point ?

Quote
A behavior blocker is based on rules, again, we're talking about unknown files, zero-day problems...

What exactly are you trying to say here and how does it relate to what you quoted from me ? What i meant was that a good behavior blocker is what i want to see in avast!. And no it doesn't relate to SB, i was just stating what IMO is needed for avast! to get better detection rates.

Quote
Sorry, not block everything, but block the infected (malware) and the unknown. Not everything.

I do NOT want it to block the unknown, that is my point Tech. Because under the "unknown" category could be perfectly legit programs that the whitelist just doesn't know about.

And again i am against the philosophy of BLOCK EVERYTHING UNKNOWN. The traditional approach of AV's(you could say blacklist approach) coupled with some good heuristics is what i want.

What you want Tech is a good HIPS program that blocks everything and i want a good av that blocks ONLY the baddies. I've over simplified of course but you get my point. And yes i am speaking in general not about the SB in particular. Do we understand each other now ?


EDIT: This is a partial quote from your first post here...

Quote
I'm asking for a double behavior or, in other words, a "default deny" policy, i.e., what is not whilelisted, block; what is not in the trusted list of avast should be denied.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on September 30, 2010, 05:21:20 PM
okay the automatic sandboxing in CIS isn't that bad... it doesn't of course sandbox everything, but just a few minor apps that don't have recognized digital signatures, and further unknown processes...doesn't mean that I agree with Tech, he's just telling you what anyone who gave a shot to CIS auto-sandbox could observe. This said I don't want either to see Avast mimic Comodo. Each software company has its identity and should stick to it, and tech's attempts won't change anything to that ;)

 Now to go back to topic I will repeat that the auto-sandboxing is in theory a nice feature, but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS). That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time. Last and more important thing is that third party sandboxing utilities are still far from running perfectly, and if automated, can break a complete Windows session, even force you to go back to safe mode to get rid of the annoying culprit. I've been through that ;)

 Guys you know what, I suggest we wait for Avast 5.1...the beta should be there soon. Then we'll see what's in it. But it is utterly ridiculous to post stuff suggesting to Avast (more or less implicitly) to mimic Comodo...I mean Tech seriously ::)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on September 30, 2010, 05:35:55 PM
Listen i don't have a problem if someone wants to use that feature(i personally don't like it but that is just my personal opinion) but i don't want it forced upon me. Simple as that. avast! should stay avast! and Comodo can do whatever they want, i don't care about them. To make Tech happy, yes i have no problem if they put the feature in avast! but i would want it disabled by default for sure.  ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 05:41:54 PM
First of all don't tell me to take it easy, i am alergic to that.
Sorry, we don't know each other personally or that much, enough to know these details.

Let me ask you something, does Comodo know of every single game you run and have it on that whitelist ?
1. We're not discussing Comodo. I'm discussing an avast possible feature that I like and seems useful.
2. No. Comodo can't know any single game out there... This is the handicap, this is the problem... Can the programmers drop some light on how to solve this?

The blacklist approach is better for me as it doesn't require an input from me which is why i am running avast!. Are you getting my point ?
Sure. The blacklist is a very good approach. But should it be the only one? Can't we get a balanced solution?


What exactly are you trying to say here and how does it relate to what you quoted from me ?
That behavior blocker is blacklist approach. It's good. It allows better detection rates. We agree with all this.
The "problem" is that the other approach, the whitelist. Is it possible? Yes. Can it be well implemented? That's the point.

I do NOT want it to block the unknown, that is my point Tech.
No problem. You've voted "no" :)
I'm perfectly aware the point is controversial. So I've started a poll.

Because under the "unknown" category could be perfectly legit programs that the whitelist just doesn't know about.
Agree. This is the main drawback.
How to solve it?
A "flexible" sandbox, with not full virtualization. Maybe? ???

And again i am against the philosophy of BLOCK EVERYTHING UNKNOWN. The traditional approach of AV's(you could say blacklist approach) coupled with some good heuristics is what i want.
I use this approach as I have AIS :)

What you want Tech is a good HIPS program that blocks everything and i want a good av that blocks ONLY the baddies.
Hmmm... Not exactly. A HIPS is always complicated when isolated. I need something flexible. I want to test software and other users want to play with fire. Automatic sandboxing could avoid something deeply mess the computer as it will be something like a limitation to user access.

Do we understand each other now ?
Completely :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 05:44:23 PM
Listen i don't have a problem if someone wants to use that feature(i personally don't like it but that is just my personal opinion) but i don't want it forced upon me.
Well, there is an option in the poll: optin, for advanced users only.

Simple as that. avast! should stay avast! and Comodo can do whatever they want, i don't care about them.
This is not a Comodo x avast thread. As simple as that. Who does not understand this... well, does not understand my intentions. 

To make Tech happy, yes i have no problem if they put the feature in avast! but i would want it disabled by default for sure.  ;)
Wow... Thanks! I've get your vote ;D
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 05:53:51 PM
okay the automatic sandboxing in CIS isn't that bad... it doesn't of course sandbox everything, but just a few minor apps that don't have recognized digital signatures, and further unknown processes.
That's why I was attracted to that technology... and the fact we have 2.000.000 malwares released on 2010... and because we're always listening: "Oh, my antivirus does not detect that... Why?"...

doesn't mean that I agree with Tech
;D

I don't want either to see Avast mimic Comodo.
Why not? Everything on Comodo is bad? Can't we learn anything from the others? Nothing?

Each software company has its identity and should stick to it
We're not talking about companies policies and culture. Although it would be very good to discuss this elsewhere: the freemium policy of avast x paid products, market share, etc.

And tech's attempts won't change anything to that ;)
Really?
I'm not arrogant to think I'll change avast.
But I think avast listen to their users :)
They could change because they learn and improve some point.
I'll be glad if I can help on improvement of avast :)
This is why I'm here.

Now to go back to topic I will repeat that the auto-sandboxing is in theory a nice feature
Another converse :)

but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS).
First run, identify the installed software, implementation. That's the point of the success.

That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time.
Fully agree. This was annoying all the time I install CIS...

Last and more important thing is that third party sandboxing utilities are still far from running perfectly, and if automated, can break a complete Windows session, even force you to go back to safe mode to get rid of the annoying culprit. I've been through that ;)
I don't have experience on this.

But it is utterly ridiculous to post stuff suggesting to Avast (more or less implicitly) to mimic Comodo...I mean Tech seriously ::)
Mimic?
No, please. Do it better :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on September 30, 2010, 05:54:18 PM
Tech how do you know i voted for NO ??! Cause i didn't and if i did it was a mistake. But i am pretty sure i selected Yes. Make it available (off by default, i.e., for advanced users only) just to make you geeks happy.  ;D


EDIT: You DO know me, different nick now... I'll send you a pm. ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 05:58:31 PM
Tech how do you know i voted for NO ??! Cause i didn't and if i did it was a mistake. But i am pretty sure i selected Yes. Make it available (off by default, i.e., for advanced users only) just to make you geeks happy.  ;D
You can change your vote as I made this available in the poll :)
Geeks? No, please. I'm a normal guy. I run 10 to 15 km two or three times a week :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on September 30, 2010, 06:10:21 PM
Please read my PM buddy ! :)

What, i really did vote NO, seriously ??! Weird... Okay i'll change it.


EDIT: You were right i did vote NO !  ::) Fixed now. The options are close together so that would explain my mistake. :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on September 30, 2010, 07:22:01 PM
It's ok.
Wow... Seems people really participate in this poll.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on September 30, 2010, 11:19:44 PM
I will repeat that the auto-sandboxing is in theory a nice feature, but can be pretty annoying when running it for the first time on a system, unless it's set to ask by default (which I think is the case now in CIS). That's a geek's feature, a new toy to play with, and certainly not something that a majority wants to have and be bothered with. People want to run their computer in the first place and not tens of anoying popups, especially when prompted to allow well known utilities to run "un-sandboxed" at startup, that's a waste of time.

This is exactly what has scared me off of auto-sandboxing. Comodo may have gotten better since the original implementation. I haven't been brave enough to try it since the new version came out. What happened to me was that files needed by some of my games got sandboxed and even after I told CIS not to do it any more, they continued to be sandboxed but without any notice given that they were. the only way to see what was happening was to read the log files.  Some of my drivers also got sandboxed like the special HP keyboard drivers, the driver for the quicklaunch buttons, and a file from ATI. There were some other things that I can't recall at the moment but you get the picture. I'm with the people who have said they only want things being blocked that are bad or found suspect by heuristics, not simply "unknown". My first experience with auto-sandboxing has left a very bad aftertaste.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 01, 2010, 01:19:10 AM
What happened to me was that files needed by some of my games got sandboxed and even after I told CIS not to do it any more, they continued to be sandboxed but without any notice given that they were.
Bad implementation of one software does not invalidate the technology.
Again and again, we're NOT discussing Comodo but automatic sandboxing.
The (eventual) errors of Comodo in CIS does not mean we'll have the same problems with avast.

Some of my drivers also got sandboxed like the special HP keyboard drivers, the driver for the quicklaunch buttons, and a file from ATI. There were some other things that I can't recall at the moment but you get the picture. I'm with the people who have said they only want things being blocked that are bad or found suspect by heuristics, not simply "unknown". My first experience with auto-sandboxing has left a very bad aftertaste.
Sorry, indeed your experience with Comodo wasn't pleasant.
Will you give up?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on October 01, 2010, 04:03:18 PM
Okay I've finally done a clean install with the latest Comodo Firewall Free v5.0.162636.1135, I'm a bit concern about that cloud feature from Comodo give me a chance to help out about the automatic sandboxing and cloud feature so I could try and give you my side of the story for Avast.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 01, 2010, 04:52:44 PM
Ok Speedy, if you need help with CIS, better trying their forum :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dalewyn on October 01, 2010, 10:33:17 PM
Quote
Well, you've risen up the horizon of my suggestion... I mean, I'm thinking in a very narrow concept of sandboxing and you're speaking of the global technology and what sandboxing could achieve at all. The environments are different. Maybe the vocabulary should be a new one. Won't it good if we can speak with "avast vocabulary" here?
I admit that perhaps I got a bit offtopic there. I was merely trying to point out that sandboxing goes beyond simple virus/malware protection. One could say virus/malware protection is even a side-effect of what sandboxing does.

Quote
Sure... but they can run side by side, it's becoming a necessity is we think in 2 million malware per year, and, better, avast already has the technology: a firewall and an on demand sandbox.

In fact, I'm only asking of making an on-access partial sandbox (other calls it 'limit access tool' or whatever you want to find in Comodo forums).
Which brings me back to my first point: A sandbox does many things besides protecting against viruses by its very nature, and an anti-virus program has no business in doing anything besides protecting against viruses.

This isn't really a rejection on the idea itself (sandboxing to counter unknown threats is viable, albeit shaky with false positives), but rather the idea that the feature be integrated into anti-virus software. I prefer software to be light and stick to what they were truely meant to accomplish; bloat is absolutely horrible no matter the intent.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on October 01, 2010, 11:39:05 PM
Ok Speedy, if you need help with CIS, better trying their forum :)

 ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 03:08:19 AM
I was merely trying to point out that sandboxing goes beyond simple virus/malware protection.
Sure. Why does the interest of this topic dropped then? Don't you think it is a technology for avast?

it's becoming a necessity is we think in 2 million malware per year, and, better, avast already has the technology: a firewall and an on demand sandbox.
It's all the time ::)
http://forum.avast.com/index.php?topic=64122.msg545778#msg545778

This isn't really a rejection on the idea itself (sandboxing to counter unknown threats is viable, albeit shaky with false positives), but rather the idea that the feature be integrated into anti-virus software. I prefer software to be light and stick to what they were truely meant to accomplish; bloat is absolutely horrible no matter the intent.
Really? I can't imagine how could it become bloat if there is similar programs already available and they're suites not bloatwares...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 02:44:45 PM
avast users, please, consider the weakness of zero-day protection and fake-AV we're achieving...

http://www.virustotal.com/file-scan/report.html?id=8ad3165eba03c2bd92dedbc89a5c13700cc289e2d636e7a4f2adb4cb90cce948-1286022745
http://www.virustotal.com/file-scan/report.html?id=b61fd3beea501c83ae6f0b1a2a5fd00366dbb2744ab480c814dbe4e3578cdfd0-1286017983
http://www.virustotal.com/file-scan/report.html?id=18b1ac1ce2bbc3214004a9edcd64a1383ffdc5ea364b6e64d82802ff54e84566-1286017643
http://www.virustotal.com/file-scan/report.html?id=12e5efddd690c52fcc751a93aa16c2216d2107cc2b164eaa9984b312a3ab0f43-1286017451

More here: http://forum.avast.com/index.php?topic=64122.0
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on October 02, 2010, 03:16:14 PM
avast users, please, consider the weakness of zero-day protection and fake-AV we're achieving...

:'( :'( :'( :'( :'(
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 03:24:14 PM
avast users, please, consider the weakness of zero-day protection and fake-AV we're achieving...

If you only rely on avast, this indeed could be a problem...! ;)
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 03:27:29 PM
If you only rely on avast, this indeed could be a problem...! ;)
Are you saying that we can't achieve protection with avast as it is right now?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 03:30:09 PM
If you only rely on avast, this indeed could be a problem...! ;)
Are you saying that we can't achieve protection with avast as it is right now?

Yes.
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 03:35:22 PM
Yes
And so? What do you do about that? How do you think avast users should react?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 03:43:10 PM
Yes
1. And so? What do you do about that?
2. How do you think avast users should react?

1. See my sig... ;)
2. Right now they should wait for 5.1 (keeping their fingers crossed)...
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 03:46:28 PM
Ah, haven't noticed that you're using HIPS... But why the old version 3 of CIS?
By the way, it does not have automatic sandboxing, so it's not related to this thread.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 03:50:15 PM
1. Ah, haven't noticed that you're using HIPS... But why the old version 3 of CIS?
2. By the way, it does not have automatic sandboxing, so it's not related to this thread.

1. There are many good reasons, but doesn't fit here, does it?
2. True, I never said so... ;)
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 03:56:52 PM
There are many good reasons, but doesn't fit here, does it?
Do you have any reason for avast to use automatic sandboxing? If so, please, post.
If you have other reasons for avast to improve protection, please, start a new thread. I'll be very happy to participate and help improving avast.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 04:02:23 PM
There are many good reasons, but doesn't fit here, does it?
Do you have any reason for avast to use automatic sandboxing? If so, please, post.
If you have other reasons for avast to improve protection, please, start a new thread. I'll be very happy to participate and help improving avast.

I'll wait for 5.1 (as posted before), until then I am patient, as my level of protection is quite good... ;)
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 04:03:54 PM
I'll wait for 5.1 (as posted before), until then I am patient, as my level of protection is quite good... ;)
What are you waiting for 5.1?
What about the other users? What about the ones who think avast protection is enough? Don't you worry about them?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 04:14:20 PM
I'll wait for 5.1 (as posted before), until then I am patient, as my level of protection is quite good... ;)
What are you waiting for 5.1?
What about the other users? What about the ones who think avast protection is enough? Don't you worry about them?

so you're clearly suggesting to use another software or what? like Comodo Internet Security ?  :) ...thought you were talking about improving Avast ??? I misunderstood? ...no I didn't...you said it several times in this thread, and now you're saying "why wait for 5.1?" and what's 5.1 about if I may ask, but bringing improvements...we don't know yet if it will bring auto-sandboxing or not (unless you have other sources ???...) And even if it doesn't, so what??? 99% of users have never heard of virtualization, and they'll keep ignoring it... trying to make people believe that their system isn't secure when running Avast5 because it doesn't have auto-sandboxing is completely over the top

 Again, we're on Avast forums here Tech, not Comodo's.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 04:20:31 PM
so you're clearly suggesting to use another software or what?
I'm clearly suggesting that avast take into consideration the adding of new features.

like Comodo Internet Security ?
Why do you insist in talk (only) about Comodo?

:) ...thought you were talking about improving Avast ???
I am.

I misunderstood? ...no I didn't...
Yes, you did.

you said it several times in this thread, and now you're saying "why wait for 5.1?"
Why wait for 5.1 if we can discuss it now, why wait if we can ask for new features now...
Logos, give up. You don't have a cristal ball to see my mind. At least, don't force my words.

we don't know yet if it will bring auto-sandboxing or not (unless you have other sources ???...)
avast team never gave me the honor to participate in this thread.
That makes me mad... They seems to ignore the discussion. Why?

99% of users have never heard of virtualization, and they'll keep ignoring it...
Auto sandboxing is not properly virtualization but, anyway, someone needs to open the discussion.

trying to make people believe that their system isn't secure when running Avast5 because it doesn't have auto-sandboxing is completely over the top
Asyn was talking about that. I'm just trying to discuss this. This is the reason of this thread.

Again, we're on Avast forums here Tech, not Comodo's.
Please, stop trolling about this issue.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Asyn on October 02, 2010, 04:24:16 PM
1. What are you waiting for 5.1?
2. What about the other users? What about the ones who think avast protection is enough? Don't you worry about them?

1. I guess you mean 'why'..? Because I want to see the new features.
2. Sure, I'm worried a bit, but avast isn't that bad and if there are questions they're free to ask them here, we will always share our knowledge with them..!!! But as this thread is about improvements in avast...
Btw, I don't think they (avast) will consider our comments, before the release of the new (afaik, it's a major update) 5.1 version.
asyn
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 04:30:49 PM
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 04:32:48 PM

Btw, I don't think they (avast) will consider our comments, before the release of the new (afaik, it's a major update) 5.1 version.
asyn


 Avast is certainly not interested into derailing its roadmap to please a Comodo lover that's right ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 04:36:23 PM
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.
No, you're trying to bash me against all the community. You're trying to do as you've done with other avast users.
I won't tolerate that you twist my words and make (again) a thread about security in a playground for you.
Hope the other users choose a side.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: DavidR on October 02, 2010, 04:42:50 PM
How have we all managed to survive without the panacea of sandboxing or virtualisation for so many years.

Sandboxing or Virtualisation in any form is for sure going to add an overhead on system performance and I would suggest is why many haven't taken it up. It is still a very small niche market in the years that sandboxing or virtualisation has been available.

So personally I don't see it as a must have function and if included certainly not one that should be default always on feature.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 04:53:24 PM
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.
No, you're trying to bash me against all the community. You're trying to do as you've done with other avast users.
I won't tolerate that you twist my words and make (again) a thread about security in a playground for you.
Hope the other users choose a side.

oh you won't tolerate :'( ;D :D >>> what is it that I twisted? this thread is useless and just meant to bash Avast and promote Comodo, period. You're already calling for help >>>
Quote
Hope the other users choose a side.

...because you cannot prove me wrong ;)This will be my last post in this...hmm...thread.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 04:56:23 PM
How have we all managed to survive without the panacea of sandboxing or virtualisation for so many years.
David, really, it's not the panacea, it's another layer of defense.
You've survived all these years because you're an honest guy, visiting clean websites, helping other users...
I have friends that do not follow this way of life. I've recommended avast to them. And what happened when they get infected? It's my word against their infection...

Sandboxing or Virtualisation in any form is for sure going to add an overhead on system performance and I would suggest is why many haven't taken it up. It is still a very small niche market in the years that sandboxing or virtualisation has been available.
I would be very happy if the avast team recognize this technically, I mean, the overhead.

So personally I don't see it as a must have function and if included certainly not one that should be default always on feature.
We have an option in the poll for "advanced users" :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: sded on October 02, 2010, 04:57:37 PM
I agree with David R in terms of the utility and priority of automatic sandboxing.  For those who like to do "security as a hobby" and play with malware, run tests, it is probably interesting and gives them things to analyze.  For those who use their computer as a tool and just want to be protected, it appears to be more of a nuisance than a value.  I would rather Avast! spent their effort improving the behavior blocker, for instance, and let users with a sandboxing desire get Avast! Pro or use some other tool.  "Default allow" does not mean that Avast! signatures are your last chance to detect/remove malware, just that it is passed on to other processes more suitable to recognize it.  Too much prejudicial sloganeering-there are many ways to attack the problem, and my usage simply doesn't consider automatic sandboxing as a desirable approach.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 05:06:46 PM
I agree with David R in terms of the utility and priority of automatic sandboxing.  For those who like to do "security as a hobby" and play with malware, run tests, it is probably interesting and gives them things to analyze.
Ok, I agree that I'm not a common user. But "common users" also do "bad" things and get infected...

For those who use their computer as a tool and just want to be protected, it appears to be more of a nuisance than a value.
My vote was for "advanced users" only feature. I fully agree with you.

I would rather Avast! spent their effort improving the behavior blocker, for instance, and let users with a sandboxing desire get Avast! Pro or use some other tool.
I believe I do not need to go elsewhere to get this protection. I believe avast could give it to us.

"Default allow" does not mean that Avast! signatures are your last chance to detect/remove malware, just that it is passed on to other processes more suitable to recognize it.  Too much prejudicial sloganeering-there are many ways to attack the problem, and my usage simply doesn't consider automatic sandboxing as a desirable approach.
What do you think about zero-day attack?
http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats (link kindly sent by Pondus).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: sded on October 02, 2010, 05:26:46 PM
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.  Simple and understandable, even to the casual user.  I knowingly use a lot of limited programs for things like Radio and Sailing, so it is very simple to tell Prevx that I know about it even if I am the only user who does.  I don't want them sandboxed every time they are changed or I use a new one.  I don't even use the sandbox in AIS, though.  So automatic sandboxing in Avast! would just be something for me (most users?) to turn off and the hobbiests to debate the merits and performance of in the forums.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 05:31:38 PM
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.
I need to take a look on it. You've encouraged me to do so. Thanks.
Although, again, we'll be based on rules.

I don't even use the sandbox in AIS, though.  So automatic sandboxing in Avast! would just be something for me (most users?) to turn off and the hobbiests to debate the merits and performance of in the forums.
At least this is (was) an open forum to discuss, isn't it? :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Vlk on October 02, 2010, 06:48:17 PM
This thread is becoming quite bloated but that only demonstrates that topics like this are popular here. Which is a good thing.

While we appreciate the suggestions, we still somewhat believe that we're reasonably competent to design the protection features on our own. That is, while we value your feedback, we see that lot of the stuff discussed here isn't really applicable because internally, things work little bit differently - or we just doubt that the outcome of implementing these changes would be good.


Anyway, maybe it's a good time now to share some of the upcoming avast product plans with you (at least those changes relevant to this thread).

Avast 5.1, due next month, will not really have any meaningful differences besides improved malware removal/cleaning (I mean, it will have quite a few new features - such the 64-bit boot time scan and new stuff in the Behavior Shield - but none of these features are that related to the topic of this thread). V5.1's main feature is the central administration (i.e. a feature not really interesting to end users) - and it will also be marketed this way (as a corporate product, essentially).

Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info) but this is, at a glance, how it's going to work. What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).

Thanks
Vlk
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 06:56:46 PM
thanks for all these precisions Vlk, I think this was really useful.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: RejZoR on October 02, 2010, 06:59:36 PM
So, basically it will work in a similar way as firewall auto allow/deny behavior. Just for binaries and not network connections with end result, files being run inside sandbox. Makes sense. I think Kaspersky 2011 is working in a similar way, though i haven't tested it yet. Or shall i say, inverted Comodo Sandbox. It restricts applications but not all by default but those that are suspicious.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Vlk on October 02, 2010, 07:03:15 PM
So, basically it will work in a similar way as firewall auto allow/deny behavior. Just for binaries and not network connections with end result, files being run inside sandbox. Makes sense. I think Kaspersky 2011 is working in a similar way, though i haven't tested it yet. Or shall i say, inverted Comodo Sandbox. It restricts applications but not all by default but those that are suspicious.

Correct. But of course, the success of all this depends on the heuristics engine and its efficiency.

BTW I don't think Kaspersky 2011 is doing this, at least I haven't heard about it doing this.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hermite15 on October 02, 2010, 07:21:10 PM
wanted to ask something but reading the last paragraph of your post that I stupidly skipped first, I see that this is already answered. Yeah I couldn't imagine the heuristic engine behave differently in the "free" version that doesn't have a sandbox, and you're saying that the core functionality of the sandbox will be moved to the "free version" so I got my answer. Off topic here: I suppose that this also means that "on demand sandboxing" will remain a "pro-feature". Doesn't bother me...just saying.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Vlk on October 02, 2010, 07:35:32 PM
wanted to ask something but reading the last paragraph of your post that I stupidly skipped first, I see that this is already answered. Yeah I couldn't imagine the heuristic engine behave differently in the "free" version that doesn't have a sandbox, and you're saying that the core functionality of the sandbox will be moved to the "free version" so I got my answer. Off topic here: I suppose that this also means that "on demand sandboxing" will remain a "pro-feature".

Yes, correct.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 07:44:38 PM
Thanks for coming Vlk.
My hope was almost at the end... Seems we can still hope... Really, it was almost at the end.

This thread is becoming quite bloated but that only demonstrates that topics like this are popular here. Which is a good thing.
I didn't intend that.

We just doubt that the outcome of implementing these changes would be good.
Any technical reasons? I mean, the implementation of an automatic sandbox will bring technical issues - besides the well known false positives and user interaction - that will make it unworthy in terms of security?

Anyway, maybe it's a good time now to share some of the upcoming avast product plans with you (at least those changes relevant to this thread).
Thanks for sharing.

New stuff in the Behavior Shield - but none of these features are that related to the topic of this thread).
Can you open a new one regarding to this? I mean, the behavior shield?

V5.1's main feature is the central administration (i.e. a feature not really interesting to end users) - and it will also be marketed this way (as a corporate product, essentially).
Good.

Now, with Avast 6.0 (which is coming sooner than you may think)
:)

Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not.
Wow... It's not bad. So, regarding to the behavior, the program will run sandboxed automatically? ???

Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox.
Perfect! That's a very good thing.
Probably better than what I was proposing from the beginning.
If the rules for that (i.e., for the behavior shield to take this decision) are good enough, this will increase the protection against zero-day attacks.
Thanks!

If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.
Great!

What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).
Wow! Another dream is coming true!
Thanks again! Fantastic movement...!
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 07:46:49 PM
But of course, the success of all this depends on the heuristics engine and its efficiency.
Sure, that's the point.
I suppose that proactive tests will test this technology. Am I wrong?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 07:48:04 PM
I suppose that this also means that "on demand sandboxing" will remain a "pro-feature".
Yes, correct.
Fantastic movement. Really appreciate.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: RejZoR on October 02, 2010, 07:57:13 PM
Vlk, i think Kaspersky is doing more like Comodo, than full sandboxing. It just restricts the access rights of the suspicious files. I'm sure i've seen that somewhere hm...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 08:02:25 PM
Vlk, i think Kaspersky is doing more like Comodo, than full sandboxing.
On access or just on demand?

It just restricts the access rights of the suspicious files.
Basically what CIS automatic sandbox does: restricts access rights.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hard_ROCKER on October 02, 2010, 08:14:00 PM
Thanks for the info Vlk, yet again i am impressed with your approach(avast!'s). This all sounds very interesting, cannot wait to test avast! 5.1 but especially 6.0. :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Vlk on October 02, 2010, 08:40:54 PM
Thanks for coming Vlk.
My hope was almost at the end... Seems we can still hope... Really, it was almost at the end.

I'm actually on holidays in Greece, hence my slow reaction times.
Additionally, Igor, Pavel and kubecj (among others) are in Vancouver at the VB conference...
So much for the apology for our recent absence here.

We just doubt that the outcome of implementing these changes would be good.
Any technical reasons? I mean, the implementation of an automatic sandbox will bring technical issues - besides the well known false positives and user interaction - that will make it unworthy in terms of security?

Yes, very good reasons for that.

I believe that one of the key drivers of avast's success is its relative autonomy and unobtrusiveness. You have to realize that with the 100M+ userbase, your users are no geeks. In fact, they are people who assume avast would do its job (= keep the machine clean from malware) but also that it wouldn't mess with anything the user does. Introducing quite radical measures such as running all unsigned/unknown binaries in a sandbox would admittedly generate a lot of confusion and is generally not compatible with our vision of transparent security.

At least that's what my intuition tells me.

Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not.
Wow... It's not bad. So, regarding to the behavior, the program will run sandboxed automatically? ???

Either automatically or (more likely) give a recommendation to run sandboxed, with the user being able to override this decision.

Perfect! That's a very good thing.
Probably better than what I was proposing from the beginning.
If the rules for that (i.e., for the behavior shield to take this decision) are good enough, this will increase the protection against zero-day attacks.

Yes, that's the point.
The new heuristics for this is actually quite powerful, as it's taking into account a lot of things happening on the PC. I would call it "full context heuristics" (sorry can't disclose too much details without helping the competitors ;)).

What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).
Wow! Another dream is coming true!
Thanks again! Fantastic movement...!

This goes hand in hand with our "promise" of keeping all the core protection features even in the free product. If the sandbox technology is needed to tackle the zero-day malware problem, then it needs to be also in the Free AV.


Thanks
Vlk
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 09:06:44 PM
Introducing quite radical measures such as running all unsigned/unknown binaries in a sandbox would admittedly generate a lot of confusion and is generally not compatible with our vision of transparent security.
So, basically, the biggest argument as usual, i.e., the usability of the software.
My hope was the option was there "for advanced users" (or optin) ;D

Either automatically or (more likely) give a recommendation to run sandboxed, with the user being able to override this decision.
This is perfect (with the limitations of full automatic sandboxing).
Will it have a sensitivity level? I mean, will be the user set how "sensitive" should be the behavior block to suggest a sandboxing?

The new heuristics for this is actually quite powerful, as it's taking into account a lot of things happening on the PC. I would call it "full context heuristics" (sorry can't disclose too much details without helping the competitors ;)).
I can't wait for avast 6 :)

This goes hand in hand with our "promise" of keeping all the core protection features even in the free product.
I was thinking precisely on that when the concept of "same protection" come in my mind about automatic sandboxing.

If the sandbox technology is needed to tackle the zero-day malware problem, then it needs to be also the Free AV.
I'm proud of not having lose the hope!
Thanks Vlk. Well done. I'm really proud of the future plans, your policy and behavior.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 09:35:39 PM
Vlk, what I can say is that the reaction to your post was immediate.
I've received a lot of IMs congratulating your attitude and policy, thanking avast to move forward.
I'm happy to be participate in this and will try to keep my policy also: learning and improving, moving forward.
A very happy avast day for all of us and waiting for next versions :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Jack 1000 on October 02, 2010, 10:09:00 PM
I'm not sure.  My doubts are how much would this slow down system RAM and speed?

Jack
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 10:13:00 PM
I'm not sure.  My doubts are how much would this slow down system RAM and speed?

Jack
There will be always a compromise: higher protection, more resources are necessary.
But I think they are aware of this and won't compromise the performance.
In fact, there will be only some others "verifications" and a popup from time to time when a weird behavior occur.

Now, for me, is time to go to Prevx (thanks sded for the suggestion) and learn something about heuristics on the age and popularity of the sample :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 10:42:31 PM
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.
Hmmm, I've thought it was a full trial for 30 days and then become free with limited features.
Is it a shareware? What happens at the end of the trial period?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: sded on October 02, 2010, 11:00:48 PM
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.
Hmmm, I've thought it was a full trial for 30 days and then become free with limited features.
Is it a shareware? What happens at the end of the trial period?
I think Prevx still gives a free copy that does everything except remove the malware it finds.  For that you need to buy it.  You can also PM Prevx Support for a trial key as you describe.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 11:03:46 PM
I think Prevx still gives a free copy that does everything except remove the malware it finds.
Are you using Prevx free (beyond the 30 days trial period)?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: sded on October 02, 2010, 11:19:45 PM
I think Prevx still gives a free copy that does everything except remove the malware it finds.
Are you using Prevx free (beyond the 30 days trial period)?
I like it well enough that I actually paid for it after my beta tester license expired.  ;)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 02, 2010, 11:28:05 PM
Hmmm... Seems it's a shareware...
I rarely test sharewares. Do you know the developers? How is the support?
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: sded on October 02, 2010, 11:46:57 PM
Prevx has a forum on Wilders at http://www.wilderssecurity.com/forumdisplay.php?f=104 that is very active and I have gotten good support there.  I have traded messages with the developers and support staff in the past and received good information.  No issues lately, though.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on October 03, 2010, 04:45:49 AM
I'm very impressed and pleased with the direction Vlk has said that Avast! is moving. I totally agree with the philosophy of "transparent security" and I'm extremely pleased to see that Avast! is committed to maintaining this approach. The upcoming features are much better than any form of automatic sandboxing that was discussed in this thread and version 6.0 sounds like it will be revolutionary in the AV field and really set the bar high for the competitors to attempt to keep up with.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: ImWarm on October 03, 2010, 04:53:10 AM
Dch, could you quote what Vlk said or is that not allowed? (like if it's in the evangelists-only forum?)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on October 03, 2010, 04:53:59 AM
It's in this thread if you look back on page 11.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: ImWarm on October 03, 2010, 04:56:28 AM
Oh, thanks :)
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on October 03, 2010, 02:07:08 PM
Vlk, what I can say is that the reaction to your post was immediate.
I've received a lot of IMs congratulating your attitude and policy, thanking avast to move forward.
I'm happy to be participate in this and will try to keep my policy also: learning and improving, moving forward.
A very happy avast day for all of us and waiting for next versions :)


Amen! I feel 100% safe with Avast ;) but no yet I still like to see more improvement on the firewall.........check me is Avast planning to move into D+ (HIPS) ??? ??? ??? ??? before I decided to scrap the Comodo Free Firewall.

I'm also very impressed and pleased with the direction Vlk has said that Avast! is moving to keep us all safe.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 03, 2010, 07:53:17 PM
SpeedyPC, avast is NOT moving toward the HIPS, as it is not a transparent security tool.
I'm glad of the direction that avast took, but, of course, everything depends on the implementation and how deep the behavior shield could analyze the files. Otherwise, zero-day protection will require further improvements imho.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 03, 2010, 08:20:41 PM
The eternal "not 100% detection" problem... ::)
We need something more aggressive for sure...
http://forum.avast.com/index.php?topic=64659.msg546320#msg546320
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 03, 2010, 09:45:55 PM
This is the position of Comodo for the antivirus: https://forums.comodo.com/news-announcements-feedback-cis/is-the-antivirus-even-necessary-t63087.0.html;msg445242#msg445242
Well, I don't think like that for sure: "The decision is taken by experts (and not by the user)."
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: ibell63 on October 03, 2010, 10:09:41 PM
I like this idea, but I think if it is implemented, it should be off by default at first, for a few different reasons.

1.  It will allow the initial problems to be worked out more easily by more experienced users, rather than normal users not understanding why their applications arn't working properly.

2.  It will allow you to build a good database of trusted apps, so that new users wouldn't be nagged by alerts.  I for example, would not be annoyed by these alerts (and would turn on the automatic sandboxing), but I know a lot of inexperienced users that would find it very annoying.

3.  Some people might see it as making the product more bloated and getting in the way more.  I see avast as a very quiet antivirus and this is effective and user friendly.  I wouldn't want to see it turn into a Norton 360.

4.  Inexperienced users won't bother to figure out how to turn it off and will get in the habit of unsandboxing everything, polluting the community based database with bad data.

My suggestion is to include this feature, but leave it off by default, at least for now.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 03, 2010, 11:04:33 PM
I like this idea, but I think if it is implemented, it should be off by default at first, for a few different reasons.
Thanks ibell63. Although the avast team has already make a statement that they will NOT implement it (the automatic sandboxing). Look some pages before.

1.  It will allow the initial problems to be worked out more easily by more experienced users, rather than normal users not understanding why their applications arn't working properly.
Sure.

2.  It will allow you to build a good database of trusted apps, so that new users wouldn't be nagged by alerts.  I for example, would not be annoyed by these alerts (and would turn on the automatic sandboxing), but I know a lot of inexperienced users that would find it very annoying.
Yeah, the quality of the whitelist is essential in that model.

3.  Some people might see it as making the product more bloated and getting in the way more.  I see avast as a very quiet antivirus and this is effective and user friendly.  I wouldn't want to see it turn into a Norton 360.
Bloat is different from not-transparent. This feature, even it is blamed here, won't make avast a bloatware. It's completely security-toward.

4.  Inexperienced users won't bother to figure out how to turn it off and will get in the habit of unsandboxing everything, polluting the community based database with bad data.
Cloud opinion will come very late in the process... If we transform an antivirus in a poll (like WOT) will ruin it completely. It's death.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 03, 2010, 11:49:59 PM
Today I've read the following page:
http://antivirus.comodo.com/innovation/
Quote
That's where Comodo's patent pending Auto Sandbox Technology comes into equation.

As I've said, I've taken contact with it some seconds ago...
I want to public apologize for bringing up to avast users and team a patent pending technology.
Sorry for the inconvenience. Since from beginning, my intention was to make avast better and increase protection.
Let's struggle with other arms.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Omid Farhang on October 03, 2010, 11:56:21 PM
Yes, very good reasons for that.

I believe that one of the key drivers of avast's success is its relative autonomy and unobtrusiveness. You have to realize that with the 100M+ userbase, your users are no geeks. In fact, they are people who assume avast would do its job (= keep the machine clean from malware) but also that it wouldn't mess with anything the user does. Introducing quite radical measures such as running all unsigned/unknown binaries in a sandbox would admittedly generate a lot of confusion and is generally not compatible with our vision of transparent security.

At least that's what my intuition tells me.

And this is the reason I recommend avast! to those users who wants free security software and also wants something set it and forget. It don't hurt performance, don't pop-up too much, don't ask technical question, ideal free software for everyone who is not computer savvy!. even that I'm an avira user, I don't recommend free version of avira but I tell them go for avast, I've installed avast for at least 20 friend and family.

Vlk shared very nice ideas, but there are something, how long it will take those dreams come true? I afraid when avast reveal new software too late and we see new generation of malwares which those features that Vlk said don't be able catch them anymore  ???
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: SpeedyPC on October 04, 2010, 06:54:17 AM
SpeedyPC, avast is NOT moving toward the HIPS, as it is not a transparent security tool.
I'm glad of the direction that avast took, but, of course, everything depends on the implementation and how deep the behavior shield could analyze the files. Otherwise, zero-day protection will require further improvements imho.

Mmmmm if that the case avast is NOT moving toward the HIPS, then its gunna need a real mean weapon to keep up with all kinds of Avast behaviour shields, virus detection rate and sandbox for zero-day protection otherwise Comodo will end up in highest lead proactive security protection against Avast that's worries me :-\
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Vlk on October 04, 2010, 08:02:56 AM
Tech, with all respect, I don't really care about Comodo AV (and/or whether any part of it is patented or not).

That is, besides the occasional giggle at some of the posts of their fanboys/CEO (found on both Comodo's own as well as other forums), I don't think there's much there. ;)

Thanks
Vlk
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Dch48 on October 04, 2010, 08:17:20 AM
Another point is that the CEO of Comodo himself has stated that the AV is not there for enhanced security but rather for enhanced usability of the suite as a whole by reducing the amount of alerts and popups users have to deal with in a default deny approach.

He has gone as far as to say that the AV is not even necessary for complete security. 

I have grown completely disenamored of Comodo's approach and am firmly on the side of transparent security as described by Vlk.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 04, 2010, 01:05:03 PM
Tech, with all respect, I don't really care about Comodo AV (and/or whether any part of it is patented or not).
Maybe you don't, but other users (and other avast members) said/thought I was hyping Comodo here.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 04, 2010, 05:51:25 PM
Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. (...) It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not.

(...)

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info)
Vlk, can we say that the concepts of HIPS and Behavior block of this article (http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm) will be the ones used by avast?
I mean specifically:

Quote
Though they sound similar, HIPS is application-level control (i.e. this program is allowed to do X but not Y), whereas behavior blocking is more cut and dry - the entire application is either good (allowed) or it is not.

Thanks for your support.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: clocks on October 06, 2010, 12:39:54 AM
Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info) but this is, at a glance, how it's going to work. What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).


Nice!  This sounds fantastic, and a better implementation of sandboxing than some other companies have used.  I look forward to testing it out.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: scythe944 on October 06, 2010, 09:00:55 PM
Quote
Avast 5.1, due next month, will not really have any meaningful differences besides improved malware removal/cleaning (I mean, it will have quite a few new features - such the 64-bit boot time scan and new stuff in the Behavior Shield - but none of these features are that related to the topic of this thread). V5.1's main feature is the central administration (i.e. a feature not really interesting to end users) - and it will also be marketed this way (as a corporate product, essentially).

Sorry to be a bit off topic... but Finally! A real answer from someone from Avast!


Quote
V5.1's main feature is the central administration (i.e. a feature not really interesting to end users)

But interesting as heck to me!  ;D
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Rednose on October 06, 2010, 11:07:09 PM
Very interesting what Vlk told here :)

Greetz, Red.

Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: bob3160 on October 10, 2010, 01:02:26 AM
Better late than never.
Auto Sandboxing - no thanks, bot for me. It's too much of a drag on the system and overall performance.
(I have it available now but don't think I've ever needed to use it.)
In the Cloud protection - yes, great idea and hopefully soon. :)
(Even though avast! already floats above all the rest. :) )

Avast! 6 soon OK I'm ready to start beta testing Oh wait, 5.1 isn't out yet.  ???  ;D
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 02:19:55 AM
It's too much of a drag on the system and overall performance.
Sorry, Bob, but seems you don't understand the technology.
You don't have, of course, to be in favor of it.
But calling him a "system and overall performance" drag... is, sorry, a non sense.
 
I have it available now but don't think I've ever needed to use it.
Where? On demand sandboxing? It's not the point here. It's an on access sandboxing.

In the Cloud protection - yes, great idea and hopefully soon. :)
I'm in favor also. But it will take bandwidth and, of course, system resources that you're trying to save...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: bob3160 on October 10, 2010, 02:28:34 AM
Quote
But calling him a "system and overall performance" drag... is, sorry, a non sense.
If it's not a system and performance hindering application than why does it slow down your system ???
Maybe you haven't used it lately ???
On access sandboxing  meaning when you use the application to run it sandboxed. It still requires the intervention of
additional system resources therefore slowing down your system.
Unless you've found a way to do this without using resources??? Maybe it's another Comodo trick we don't know about ???   ;D
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 02:35:22 AM
If it's not a system and performance hindering application than why does it slow down your system ???
What does slow your system?
Do you use auto sandboxing? Of which program?

On access sandboxing  meaning when you use the application to run it sandboxed. It still requires the intervention of additional system resources therefore slowing down your system.
It's only for unknown executable files (not whitelisted).

Unless you've found a way to do this without using resources??? Maybe it's another Comodo trick we don't know about ???   ;D
Of course it uses resources. Everything uses resources.
But it is NOT a resource drag or hog. In fact, it uses very little resources (less than simple scanning for instance).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: bob3160 on October 10, 2010, 02:54:21 AM
This is something I'll have to see to believe. Sorry Tech.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: DavidR on October 10, 2010, 02:58:03 AM
Quote
But calling him a "system and overall performance" drag... is, sorry, a non sense.
If it's not a system and performance hindering application than why does it slow down your system ???
Maybe you haven't used it lately ???
On access sandboxing  meaning when you use the application to run it sandboxed. It still requires the intervention of additional system resources therefore slowing down your system.
Unless you've found a way to do this without using resources??? Maybe it's another Comodo trick we don't know about ???   ;D

Sorry but I agree with Bob - You simply can't add another function without having a system resources overhead. To sandbox an application requires additional processing power and RAM that otherwise wouldn't be being used.

How much of a drag that is going to be is dependant on a) the sandboxing software/function, b) how many applications are sandboxed and c) the users system spec.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 03:04:31 AM
You simply can't add another function without having a system resources overhead.
And who is saying that? You guys.
I'm just saying it is not a resource hog.
It takes less resources than deep scanning.
An on demand scanning of avast takes much much resources than a HIPS tool.
That it is what I'm saying.
Of course it takes resources... All feature or application takes.
It is NOT a resource drag or hog. It's a light, very light, feature.
To sandbox an application requires additional processing power and RAM that otherwise wouldn't be being used.
Of course. We're not saying that. Of course...
Just that on access (auto) sandboxing uses very little resources compared to scanning.
Or, it won't take more resources than just running the program outside of the sandbox... A little, perhaps, but not a resource drag.

How much of a drag that is going to be is dependant on a) the sandboxing software/function, b) how many applications are sandboxed and c) the users system spec.
Sure... How much resources does running a program inside and outside the sandbox will be the difference.
Here I'm saying that the protection achieved by auto sandoxing is NOT a resource hog.
On contrary, a lot of on access scanning could take more resources than that.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: DavidR on October 10, 2010, 03:47:31 AM
It is common sense, you can't run a program or function with zero overhead, it is a physical impossibility.

So us guys who are saying it will use more resources have just as much of an idea of how it will work as you do, so our comments are just as valid as yours. How you can say it will be light and not a resource hog is not based on any specification as you/we don't know how it is to be implemented (guesswork), but there really is no way round it you don't get something for nothing, there has to be an overhead.

To isolate the application from the system requires additional disk space, processing effort to run and manage that application within the virtual space/sandbox that wouldn't be required if you aren't using a sandbox it really is as simple as that.

Protection has nothing to do with the equation when we are talking about the resources used, do you really thing there will be no avast on-access scanning within the sandbox. I feel you are in for a surprise.

Sandboxing isn't the be all and end all to security, we have got by without it for many, many years and I don't see that changing in a hurry, it is still very much a niche market.

If avast were to force default always on sandboxing, it would be a very sad day as some people simply couldn't handle it on their systems not to mention acting autonomously, puts peoples noses out of joint. The one thing that many people like about avast is its configurability.

So I'm done trying to put it to you that sandboxing has a resource overhead as you clearly don't get it, so I shan't waste any more time on it.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 03:57:59 AM
It is common sense, you can't run a program or function with zero overhead, it is a physical impossibility.
Of course!
Who is saying against that? ???

How you can say it will be light and not a resource hog is not based on any specification as you/we don't know how it is to be implemented (guesswork)
You can compare with other HIPS applications... Or other sandbox applications...
Although, it's common sense that HIPS takes less resources than scanning to achieve the protection.

To isolate the application from the system requires additional disk space, processing effort to run and manage that application within the virtual space/sandbox that wouldn't be required if you aren't using a sandbox it really is as simple as that.
And so? Who is saying anything against that?
To get infected and have a feature that takes resources (less than the ones avast is already taking... by the way), I'd rather see avast protection increased...

Protection has nothing to do with the equation when we are talking about the resources used, do you really thing there will be no avast on-access scanning within the sandbox. I feel you are in for a surprise.
Protection has everything related to this thread.
This thread is not about detection, but protection.
You need to read the first post...

Sandboxing isn't the be all and end all to security, we have got by without it for many, many years and I don't see that changing in a hurry, it is still very much a niche market.
Because 50.000+ samples of malware per day.
Because avast isn't protecting a lot of users (for instance: http://forum.avast.com/index.php?topic=64122.msg547768#msg547768)


If avast were to force default always on sandboxing, it would be a very sad day as some people simply couldn't handle it on their systems not to mention acting autonomously, puts peoples noses out of joint. The one thing that many people like about avast is its configurability.
There is an option, in the poll, to release it only for advanced users...


So I'm done trying to put it to you that sandboxing has a resource overhead as you clearly don't get it, so I shan't waste any more time on it.
Don't lose time to convince what both of us are already convinced...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: firzen771 on October 10, 2010, 04:09:27 AM
i hope avast NEVER goes down the path of auto sandbox...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 04:25:45 AM
i hope avast NEVER goes down the path of auto sandbox...
It won't... as Vlk has already stated...
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Hrad 472 on October 10, 2010, 08:44:56 AM
I have to agree with most of your Post, Omid.

My only concern with sandboxing is when a program say Firefox or IE8, does automatic security/program updates how will the program update whilst it is within a Sandbox?

If I am away for a time and forget to take a program out of the sandbox, will the Program still update? Will I remember to check later?

Now if you could just run certain "trusted" web sites, say your bank, in a sand box and delete the sandbox after leaving that Site, leaving behind no traces of your activities, that would be great! As long as it is not used to cover any illegal activities of course!
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: bob3160 on October 10, 2010, 02:58:14 PM
Quote
Now if you could just run certain "trusted" web sites
The problem arises when the "trusted" website of today becomes the infected site of tomorrow.
Unfortunately this happens all the time.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 05:44:17 PM
My only concern with sandboxing is when a program say Firefox or IE8, does automatic security/program updates how will the program update whilst it is within a Sandbox?
Generally, they won't work. You need to run the program outside of the sandbox in order to upgrade it.

If I am away for a time and forget to take a program out of the sandbox, will the Program still update? Will I remember to check later?
Probably they will check for updates. But the updates won't be applied...

Now if you could just run certain "trusted" web sites, say your bank, in a sand box and delete the sandbox after leaving that Site, leaving behind no traces of your activities, that would be great! As long as it is not used to cover any illegal activities of course!
Generally the browsers allow that (InPrivate browsing).
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 07:58:39 PM
I'm cross-posting a very good and logical explanation of Lukor about whitelisting:

You would probably like to see some features in the firewall that would supplement the antivirus and provide 100% zero-day protection against such threat, but as I said in my reply, that there are no such features that would check for malware in the sample and if the antivirus had no objections - as it was turned off - was must assume that the application in question was clean from any infection and the firewall should decide accordingly. Also there is currently no such superhuge whitelist on which every allowed application must be found. Some other firewall suites use this approach but we thought that having indexed all available applications on the Internet is beyond our reach and that the number of unknown app popups would simply be to large. The whitelist is there, there are metadata and rules that can be retrieved from the list for many apps but the firewall allows connections for apps not on the whitelist as well.
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: Lisandro on October 10, 2010, 08:12:45 PM
Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. (...) It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

Vlk, I was reading about SONAR:

Quote
SONAR is the abbreviation for Symantec Online Network for Advanced Response. Unlike virus signatures, SONAR examines the behavior of applications to decide whether they are malicious.

An algorithm is used to evaluate hundreds of attributes relating to software running on a computer.

The main use of SONAR is to enhance detection of zero day threats. Symantec claims SONAR can also prevent attackers from leveraging unpatched software vulnerabilities.
http://en.wikipedia.org/wiki/SONAR_%28Symantec%29

Can you compare both technologies? I mean, will be avast behavior shield on avast 6 similar to SONAR?
Title: Re: The future of avast protection
Post by: Lisandro on October 12, 2010, 08:13:40 PM
http://www.infoworld.com/t/malware/microsoft-ban-sick-pcs-the-internet-945

Quote
Many security experts have talked about quarantining infected computers.
...
However, such policies rely on the Internet service provider to be the enforcer and cut off customers from the Internet. The problem is customers then require support, which raises the ISP's costs tremendously.
...
In Japan, more than 70 ISPs have partnered with the government to create the Cyber Clean Center, which covers 90 percent of Internet users in that country.

What avast, as a security corporation, could participate on quarantining infected computers and help the full Internet security and safety?

Microsoft suggests a four step policy:

Quote
Microsoft is calling for a four-step plan to implement a health policy for the Internet.
First, we must develop a way to define and demonstrate "good health," perhaps a combination of active client-side defenses and a lack of malicious data from a system.
Second, a trusted system of health certificates must be created to avoid spoofing a health system.
Third, Internet service providers need a way to request and accept health certificates and take action.
And fourth, a legal and regulatory framework that supports the model must be created.
Can't avast participate or help on steps 1 and 2?
Title: Re: The future of avast protection
Post by: Gargamel360 on October 12, 2010, 08:48:27 PM

It seems a good idea for the internet's health.......but a bad idea for my wallet.

I would be shouldering part of the cost from all my ISP's users problems, I imagine?

Small loss to the internet, but......I will sincerely just abandon owning an internet accessible pc if this comes to pass, I refuse to shoulder any more financial burden for the irresponsible actions of others, taxes and my ISP bill are enough "fun" as it is.

Maybe I am reading this wrong, but it seems MS is trying to pass the Hot Potato that they themselves cooked to begin with?   If that is the case, I for one will not put my hands out to catch it,  it will be left to fall to the floor.

 

 
Title: Re: The future of avast protection
Post by: Lisandro on October 12, 2010, 09:33:22 PM
Ok, MS is involved... but it's not the Internet owner.
Others should participate...
Title: Re: The future of avast protection
Post by: Gargamel360 on October 12, 2010, 10:08:05 PM
Ok, MS is involved... but it's not the Internet owner.
Others should participate...

Yeah, no doubt.  Multiple groups (AV companies included) really need to put their heads together for any progress to be made. 

Therein lies my anxiety, since the only thing that brings separate, profit-driven companies together......is furthering profit.  And I only see that money coming from one source, the end-user.  If MS wanted to charge me more for Windows to make it safer, ($100 price increase or more even) I would go for that.  But kicking the cost to others (whom I know will simply pass the cost on to me, while skimming the middle) is not acceptable to me.  Too much potential for abuse, with no guaranteed positive outcome.

Forgive the (possibly) paranoid rant, but it seems a flawed idea with noble intentions.



Title: Re: The future of avast protection
Post by: Lisandro on October 12, 2010, 10:22:21 PM
Gargamel, I think more or less like you. It's poor to see that companies just look to profit to bring more profit, or the prices being passed from one to the final user... all the time.
This is why I've asked if avast as a corporation could do something to make all the Internet safer (of course they're doing a very good job releasing a free antivirus). Something says me that I can't expect this actitude from Symantec or McAfee (or Intel), can I?
Title: Re: The future of avast protection
Post by: Gargamel360 on October 12, 2010, 10:56:25 PM
Something says me that I can't expect this actitude from Symantec or McAfee (or Intel), can I?

No, I would expect not.  ;)

Title: Re: The future of avast protection
Post by: Lisandro on October 12, 2010, 11:15:17 PM
Two questions are pending for avast team (Vlk?):
1. About SONAR (Symantec).
2. About quarantining infected computers (Microsoft).
Title: Re: The future of avast protection
Post by: Dch48 on October 13, 2010, 02:04:49 AM
I don't like the prospect of ISP's "partnering" with the Government. That just sounds like the old slippery slope deal to me.
Title: Re: The future of avast protection
Post by: Omid Farhang on October 14, 2010, 07:31:53 PM
Sorry to bring old topic to top, but I think something here confirm the idea in the topic:


Norman SandBox Anti-Malware Security Technology Recognized As Most Innovative Idea in Past Decade at VB2010 Conference
http://www.norman.com/about_norman/press_center/news_archive/2010/127159/en (http://www.norman.com/about_norman/press_center/news_archive/2010/127159/en)
Title: Re: The future of avast protection
Post by: Lisandro on October 14, 2010, 09:50:37 PM
Sorry to bring old topic to top
Old? ???

Quote
The Norman SandBox is a fully emulated Windows environment clone for simulating code execution, built to fight cyber threats. The operating system, software, system hardware, and network are all simulated, unlike any other tool on the market. Focused on analyzing malicious threats, Norman enables quick adaptation to the changing threat landscape.
What is it exactly for the final user?
A virtual machine?
Is it on demand or on access?
There is quite such "hype" in the article in my opinion.
But I think some of the avast programmers where there in the conference. Why don't tell us something about?
Title: Re: The future of avast protection
Post by: Omid Farhang on October 14, 2010, 10:19:19 PM
What is it exactly for the final user?

It works totally invisible as what I've seen.
Quote
Norman SandBox® is a revolutionary way to detect new and unknown malware in a proactive way. It is a virtual environment where programs may perform in safe surroundings without interferring with the real processes, program files and network environment. If a program performs actions that the SandBox regards as suspicious, the program is "tagged" as a malicious program.

When you install Norman, you see no menu or settings about Sandbox, I don't know how it works!

A virtual machine?
Is it on demand or on access?

Well, it seems to works on-access without have impact on user interface and environment.

There is quite such "hype" in the article in my opinion.
As well as I do!

But I think some of the avast programmers where there in the conference. Why don't tell us something about?
+1!
Title: Re: The future of avast protection
Post by: Pondus on October 14, 2010, 10:24:07 PM
It is in the virus engine  http://en.wikipedia.org/wiki/Norman_(company)

Quote
Norman SandBox Technology

Norman Sandbox is a virtualized environment(emulator) where executable files can be examined to see what kind of changes a specific file would do to a system. The emulator contains a BIOS, ROM, simulated hardware and networking capabilities. Based on the actions done by a file Norman Sandbox will automatically try to tell you if the file is behaving malicious or not.

Norman Sandbox is implemented in all Norman's products, but on a different operating-level. Emulating CPU cycles can be a time-consuming task so for performance reasons this is not enabled on by default in the on-access scanner.

Norman Sandbox is also sold as a separate product, giving other security companies the ability to analyze what a file does.[2]
Title: Re: The future of avast protection
Post by: Omid Farhang on October 14, 2010, 10:47:06 PM
Wow, I did not know that about what I am using!

So, why when I've been using Norman, I could download and install Fake AV from Web easily? some very well know
Title: Re: The future of avast protection
Post by: firzen771 on October 14, 2010, 11:35:40 PM
Wow, I did not know that about what I am using!

So, why when I've been using Norman, I could download and install Fake AV from Web easily? some very well know

because fake AV's dont typically perform any suspicious behavior of their own, theyre usually just useless programs that trick u into giving them money
Title: Re: The future of avast protection
Post by: Omid Farhang on October 15, 2010, 12:30:26 AM
A follow up to Norman Sandbox:

Symantec analyzer use Norman Online Sandbox for analysis
http://www.symantec.com/connect/articles/using-nepenthes-honeypots-detect-common-malware (http://www.symantec.com/connect/articles/using-nepenthes-honeypots-detect-common-malware)
 
Quote
This will send each submission to Norman's excellent on-line sandbox, which will perform a run-time analysis and send you a copy of the results in email. This can give you very useful information on what the binary does without having to execute and trace it in your own virtual machine, or having to reverse engineering it.
Title: Re: The future of avast protection
Post by: Lisandro on October 15, 2010, 03:16:35 AM
Thanks Pondus.
Still a mystery if all files get submitted on access to the sandbox. The performance impact will be tremendous, won't it?
avast has also code emulation (on demand for sure)...
Title: Re: The future of avast protection
Post by: Pondus on October 15, 2010, 08:27:04 AM
I do not notice any slow down on daily use but on-demand scan is slow
Title: Re: The future of avast protection
Post by: Omid Farhang on October 15, 2010, 11:34:40 AM
I do not notice any slow down on daily use but on-demand scan is slow

Same here. also as pondus said, something is not enabled by default for performance reason for on-access, but on-demand scanner is slow and this can be reason:
Quote
Norman Sandbox is implemented in all Norman's products, but on a different operating-level. Emulating CPU cycles can be a time-consuming task so for performance reasons this is not enabled on by default in the on-access scanner.
Title: Re: The future of avast protection
Post by: Pondus on October 15, 2010, 11:53:57 AM
The default settings in the scan engine is

Automatic scanner: Sandbox = Normal ( there is also deactivated and expanded )
On-demand scan: Use Sandbox = ON
Internett protection: Use sandbox = ON
Title: Re: The future of avast protection
Post by: Lisandro on October 15, 2010, 01:32:16 PM
So, the idea of an automatic (on access) sandbox is not a Comodo-only suggestion?
Are you guys running Norman in virtual machines?
Is there an on demand scanner to test my computer and check the sandbox?
Title: Re: The future of avast protection
Post by: Pondus on October 15, 2010, 02:12:15 PM
Quote
So, the idea of an automatic (on access) sandbox is not a Comodo-only suggestion?
Norman was first with sandbox, think it came around 1985

Omid is running it in VM see the signatur, i/we use it at work + one pc at home

Quote
Is there an on demand scanner to test my computer and check the sandbox?
Norman does not have online scanner, only the Sandbox where you can send samples
http://norman.com/security_center/security_tools/submit_file/
http://www.norman.com/security_center/security_tools/71562/71563/en

But there is the Norman Malware Cleaner http://norman.com/support/support_tools/58732/ 
or trails software http://norman.com/downloads/
Title: Re: The future of avast protection
Post by: Lisandro on October 15, 2010, 02:35:32 PM
Norman does not have online scanner, only the Sandbox where you can send samples
I see... It's not a batch submission process and you need to test sample by sample.
Is there any difference for virustotal? Code emulation only?
Comodo will do the same, i.e., upload the sample and test it virtualized/sandboxed, then return the answer to the user (15 minutes if it is a malware). It's a way to use the cloud and improve detection. Maybe avast could consider this.

What it's good its Normal zero-day protection then. Do you have further information about it?
Title: Re: The future of avast protection
Post by: Pondus on October 15, 2010, 03:35:12 PM
Quote
What it's good its Normal zero-day protection then. Do you have further information about it?
in the middel of the road....
Title: Re: The future of avast protection
Post by: Lisandro on October 15, 2010, 07:24:19 PM
in the middel of the road....
??? What do you mean?
Title: Re: The future of avast protection
Post by: Dch48 on October 15, 2010, 08:21:18 PM
Why does Norman always get such abysmal ratings from the testing organizations then?
Title: Re: The future of avast protection
Post by: GloobyGoob on October 15, 2010, 09:36:32 PM
Why does Norman always get such abysmal ratings from the testing organizations then?

Because they test the antivirus, not the sandbox.
Title: Re: The future of avast protection
Post by: Lisandro on October 15, 2010, 09:47:11 PM
Because they test the antivirus, not the sandbox.
Hmmm... So Normal model is the same of Comodo one? A poor antivirus with a good HIPS/Sandbox?
Title: Re: The future of avast protection
Post by: Omid Farhang on October 15, 2010, 11:44:43 PM
Because they test the antivirus, not the sandbox.
Hmmm... So Normal model is the same of Comodo one? A poor antivirus with a good HIPS/Sandbox?

I'm not an expert Norman user, but I doubt, because it has let many malware to run up to now, like a Zbot today...  ??? , so, is Zbot something which can bypass Norman Sanbox (after on-demand and online scan)? I don't know
Title: Re: The future of avast protection
Post by: Pondus on October 15, 2010, 11:53:39 PM
No AV vendor have found the holy grail to malware detection that will detect 100% ......and it will never happen, as this is an endless arms race
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 04:13:08 AM
I'm not an expert Norman user, but I doubt, because it has let many malware to run up to now, like a Zbot today...  ??? , so, is Zbot something which can bypass Norman Sanbox (after on-demand and online scan)? I don't know
Worse? A poor antivirus and a poor HIPS? I can't believe it is a great technology to receive an award...
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 04:14:10 AM
No AV vendor have found the holy grail to malware detection that will detect 100% ......and it will never happen, as this is an endless arms race
Well, the sandbox could be a way... I know, usability and user friendly could be a problem...
I'm just not convinced to drop arms down...
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 09:33:41 PM
Does avast have signatures for all variants of Zeus? Really?
Trend Micro says it's not enough...

Quote
Trend’s experts, and all the other antivirus companies, have been working on a detection process.
Julius Dizon, research engineer at Trend Micro, concluded: “To properly guard against this threat, conventional antivirus is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users.”

What can we users expect of the protection for this dangerous trojan?
Only signatures?

http://www.itpro.co.uk/627748/son-of-zeus-can-sneak-past-antivirus-controls
Title: Re: The future of avast protection
Post by: spg SCOTT on October 16, 2010, 09:52:33 PM
Does avast have signatures for all variants of Zeus? Really?
...

Does anyone?

I think not...we will always be playing catch up...
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 10:08:14 PM
Does anyone?
I think not...we will always be playing catch up...
Precisely. We need something more to protect us nowadays... We can't only rely on reactive policy of signatures (even they're generic ones).
Title: Re: The future of avast protection
Post by: bob3160 on October 16, 2010, 10:23:54 PM
Quote
We can't only rely on reactive policy of signatures (even they're generic ones).
There is still one problem that's being overlooked.
The disease (virus, trojan worm etc) always comes first and it's discovery is always delayed.
The cure is even further behind and there's no way around that simple, nasty fact.
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 11:19:09 PM
There is still one problem that's being overlooked.
The disease (virus, trojan worm etc) always comes first and it's discovery is always delayed.
The cure is even further behind and there's no way around that simple, nasty fact.
We don't need the disease (virus, infection) to have the cure (protection, cleaning).
For that we can think on behavior blockers, HIPS and sandboxing.
Title: Re: The future of avast protection
Post by: DavidR on October 16, 2010, 11:22:54 PM
Does anyone?
I think not...we will always be playing catch up...
Precisely. We need something more to protect us nowadays... We can't only rely on reactive policy of signatures (even they're generic ones).

Do you really think that a sandbox will protect us any better, I don't. Why, because on its own a sandbox doesn't improve detections and if something isn't detected within the sandbox, what is to say if nothing is detected and it is run outside the sandbox. Most of you want a sandbox, but then you want it to be able to have your cake and eat it too.

By allowing various things to be able to have access to the system and not remain inside the sandbox and save files, add-on updates, etc. etc. all of which weakens any point in having a sandbox in the first place.

We already have emulation which in a way is trying to emulate what the file would do and if that behaviour would be considered suspect. These areas are what I would consider to be of far more importance than sandboxing.

I just don't see sandboxing as the be all and end all in security.
Title: Re: The future of avast protection
Post by: Lisandro on October 16, 2010, 11:31:33 PM
Do you really think that a sandbox will protect us any better, I don't. Why, because on its own a sandbox doesn't improve detections and if something isn't detected within the sandbox, what is to say if nothing is detected and it is run outside the sandbox. Most of you want a sandbox, but then you want it to be able to have your cake and eat it too.
On demand sandbox, ok, it will depend the user and the detection.
On access sandboxing no.

By allowing various things to be able to have access to the system and not remain inside the sandbox and save files, add-on updates, etc. etc. all of which weakens any point in having a sandbox in the first place.
Better than nothing. You can think in a balance between protection and usability of the browser in this case.

We already have emulation which in a way is trying to emulate what the file would do and if that behaviour would be considered suspect. These areas are what I would consider to be of far more importance than sandboxing.
On demand emulation. No on access.
Title: Re: The future of avast protection
Post by: Lisandro on October 21, 2010, 01:50:39 AM
Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox.
Vlk, will it be on the free version also, I mean, the cloud features of avast?
Title: Re: The future of avast protection
Post by: GloobyGoob on October 21, 2010, 02:53:33 AM
We already have emulation which in a way is trying to emulate what the file would do and if that behaviour would be considered suspect. These areas are what I would consider to be of far more importance than sandboxing.
On demand emulation. No on access.

Tech, I think DavidR meant code emulation. (Not virtualization)
Title: Re: The future of avast protection
Post by: RejZoR on October 21, 2010, 11:34:25 AM
I think avast! will be able to make good cloud tech since the userbase is so big. You can get good results back if you have large user base, meaning you also get access to loads of data regarding file age and prevalence and other stats...
Title: Re: The future of avast protection
Post by: Lisandro on October 21, 2010, 12:11:23 PM
since the userbase is so big.
Another reason to build the cloud with the free version.
Title: Re: The future of avast protection
Post by: Lisandro on October 21, 2010, 08:16:36 PM
Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data
Worth a reading about false positives & age/prevalence of files/samples.
http://www.pcmag.com/article2/0,2817,2371197,00.asp

By the way, avast is an AMTSO member (Anti-Malware Testing Standards Organization).
http://www.amtso.org/members.html
Title: Re: The future of avast protection
Post by: robinb on October 21, 2010, 11:08:32 PM
all i know is AVAST take your time with version 6 and constantly test it prior to coming out to the general public.  and i am so glad you listen to those here in the forum and your beta testers.  After having so many problems with AVG 2011 on my computers and so many of my clients computers I am a true AVAST converter and hope to stay!

robin
Title: Re: The future of avast protection
Post by: clocks on October 22, 2010, 12:50:24 AM
all i know is AVAST take your time with version 6 and constantly test it prior to coming out to the general public.  and i am so glad you listen to those here in the forum and your beta testers.  After having so many problems with AVG 2011 on my computers and so many of my clients computers I am a true AVAST converter and hope to stay!

robin

I think the Avast 5 beta program was very well done, and I suspect they will follow a similar path with v6.
Title: Re: The future of avast protection
Post by: Lisandro on October 22, 2010, 01:34:23 AM
I think the Avast 5 beta program was very well done, and I suspect they will follow a similar path with v6.
avast beta programs are very well conducted in my opinion: speed and stability, moving forward all the time.
Title: Re: The future of avast protection
Post by: Diddy on October 22, 2010, 07:59:38 AM
HI can someone please explain to me what vik is talking about when he is talking about sandboxing and how the sandboxing feature will be in the free avast version is this like a safe place to put files is it just like using virus chest in avast?  please explain in detail please.

I am only an intermediate computer user and I do not understand what vik is talking about when he is talking about sandboxing in avast free.

thanks a lot have a great day

Title: Re: The future of avast protection
Post by: medway01 on October 22, 2010, 10:35:54 AM
HI can someone please explain to me what vik is talking about when he is talking about sandboxing and how the sandboxing feature will be in the free avast version is this like a safe place to put files is it just like using virus chest in avast?  please explain in detail please.

I am only an intermediate computer user and I do not understand what vik is talking about when he is talking about sandboxing in avast free.

thanks a lot have a great day



I'm not quite sure about sandboxing myself, there are many ways to implement it:

http://en.wikipedia.org/wiki/Sandbox_%28computer_security%29

The idea is to isolate things like browsers from your main system so anything nasty coming in through a browser does not have any way to gain access to your computer and alter files and infect. Everything inside the sand box is in theory isolated from the Operating system and the files on your computer.

I beleive it works by running browsers and other programs you choose in 'virtual enviroment' I think !

This is about the best I can do, hopefully someone with more experiance will be along :-)
Title: Re: The future of avast protection
Post by: Lisandro on October 22, 2010, 01:03:20 PM
The idea is to isolate things like browsers from your main system so anything nasty coming in through a browser does not have any way to gain access to your computer and alter files and infect. Everything inside the sand box is in theory isolated from the Operating system and the files on your computer.
Vlk is saying that according to the executable behavior, it could be isolated in the sandbox automatically, preventing it to do any harm to your computer.
Title: Re: The future of avast protection
Post by: medway01 on October 22, 2010, 06:58:26 PM
The idea is to isolate things like browsers from your main system so anything nasty coming in through a browser does not have any way to gain access to your computer and alter files and infect. Everything inside the sand box is in theory isolated from the Operating system and the files on your computer.
Vlk is saying that according to the executable behavior, it could be isolated in the sandbox automatically, preventing it to do any harm to your computer.

That makes things more clear to me, thanks. I was thinking along the lines of a normal manual sandbox, one where you chose what program you wanted to run inside a sandbox. I need to read up more on the idea :-)
Title: Re: The future of avast protection
Post by: Lisandro on October 22, 2010, 07:42:54 PM
The first post of this thread asked for automatic sandboxing of every "unknonw" (not whitelisted) executable.
avast is proposing the automatic sandboxing only of the suspicious files analyzed by the behavior shield on version 6.
Title: Re: The future of avast protection
Post by: ArminPasalic! on October 22, 2010, 08:02:41 PM
The first post of this thread asked for automatic sandboxing of every "unknonw" (not whitelisted) executable.
avast is proposing the automatic sandboxing only of the suspicious files analyzed by the behavior shield on version 6.

So that means:

-I download a antivirus.exe
-ITS NOT WHITELISTED(Unknown) by Alwil
-When I try to run it/when it gets downloaded to my PC it gets AUTOMATICALLY SANDBOXED
-Then Behavior Shield will analyze the behavior

Is it according to this??? or..?
Title: Re: The future of avast protection
Post by: Lisandro on October 22, 2010, 08:26:59 PM
-When I try to run it/when it gets downloaded to my PC it gets AUTOMATICALLY SANDBOXED
Not your PC but the antivirus.exe file is run sandboxed.
Title: Re: The future of avast protection
Post by: ArminPasalic! on October 22, 2010, 08:30:57 PM
Okay, now I understand better. :)
Title: Re: The future of avast protection
Post by: cinchez on October 24, 2010, 10:46:07 AM
@Topic

Of course yes..

The more security, the more protection avast! gives to all users..^^
At the very least, it protects those users who dont often mess with their AV's settings..

-AnimeLover^^
Title: Re: Do you want automatic sandboxing and cloud to increase avast protection?
Post by: T-RHex on October 31, 2010, 10:47:14 PM
Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded)
Please forgive me if I've missed the obvious (I've read back through many pages) but can someone explain what "in-the-cloud heuristics" means in this context?  Is it used to download a whitelist, or to check a file signature, or is the entire file actually uploaded and scanned "in the cloud"?
Title: Re: The future of avast protection
Post by: .: L' arc :. on November 01, 2010, 12:07:17 PM
 Maybe, Autorun Immunization Feature would also be good for v6. <to eliminate the need to detect autoruns again and again>
Title: Re: The future of avast protection
Post by: gentle4ug on November 01, 2010, 10:29:08 PM
The big question I have regarding anything "in the cloud" revolves around bandwidth useage.  The affect on dialup users and those of us forced into wirelss limited data plans could be adversely affected.  I would hate to see the bandwidth used exceed what is currently needed for the daily updates.
Title: Re: The future of avast protection
Post by: Lisandro on November 02, 2010, 01:23:57 AM
The big question I have regarding anything "in the cloud" revolves around bandwidth useage.  The affect on dialup users and those of us forced into wirelss limited data plans could be adversely affected.  I would hate to see the bandwidth used exceed what is currently needed for the daily updates.
Cloud should be always optional, not forced. Don't worry.
Title: Re: The future of avast protection
Post by: Lisandro on November 27, 2010, 09:53:52 PM
A lot of information about the version 5.1 of next days.
http://www.zdnet.com/photos/image-gallery-introduction-to-avast-antivirus-version-51/450981?tag=content;get-photo-roto
Title: Re: The future of avast protection
Post by: Asyn on November 28, 2010, 10:40:31 AM
A lot of information about the version 5.1 of next days.
http://www.zdnet.com/photos/image-gallery-introduction-to-avast-antivirus-version-51/450981?tag=content;get-photo-roto

Thanks for the very interesting link, Tech..!! :)
asyn
Title: Re: The future of avast protection
Post by: Onix on November 28, 2010, 10:52:14 AM
Thanks for the link. Have a look at the last screenshot: "...with the beta to be released in September, 2010." ;D
Title: Re: The future of avast protection
Post by: SafeSurf on November 28, 2010, 10:57:08 AM
It's better for the Avast Lab to work out the bugs prior to releasing the product to the public/companies/corporations, so it looks like the date is delayed.
Title: Re: The future of avast protection
Post by: Dch48 on November 28, 2010, 05:29:57 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?
Title: Re: The future of avast protection
Post by: CraigB on November 28, 2010, 05:43:31 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?
I think it was for the server edition.
Title: Re: The future of avast protection
Post by: DavidR on November 28, 2010, 06:16:17 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?

Your not the only one, I thing .net sucks, especially the so**ing updates, the worst windows update without doubt.

Why silverlight when the current avast uses flash (and that technically isn't required if you don't care about stats), I have been avoiding silverlight like the plague so far.
Title: Re: The future of avast protection
Post by: DavidR on November 28, 2010, 06:20:43 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?
I think it was for the server edition.

Even if it is for the server version - I'm always concerned about why .net is used, I haven't the slightest idea what it brings to the party.

MailWasher Pro has added .net 3.5 as a requirement for its latest version and for me it just slows the loading and closure of the application and I don't see any benefit with it running .net at all. It doesn't seem to do anything that it didn't before other than bells and whistles graphics, which I don't believe is the purpose of .net.
Title: Re: The future of avast protection
Post by: spg SCOTT on November 28, 2010, 09:12:19 PM
...

Why silverlight when the current avast uses flash (and that technically isn't required if you don't care about stats), I have been avoiding silverlight like the plague so far.

I think MS is pushing silverlight for it's sites, one example being xbox.com, plus it is shipped with new installs of Win 7...

I think they are trying to overthrow flash, but so far I haven't really seen anything that makes it better...
Title: Re: The future of avast protection
Post by: Lisandro on November 28, 2010, 09:16:51 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?
I think it was for the server edition.
It's for the Business Client version (network installations managed by the browser).
Title: Re: The future of avast protection
Post by: bob3160 on November 28, 2010, 09:19:22 PM
Quote
I think they are trying to overthrow flash, but so far I haven't really seen anything that makes it better...
Considering how unsafe fkash is, provided silverlight is more secure , it migh be a good idea.
Title: Re: The future of avast protection
Post by: scythe944 on November 29, 2010, 04:03:26 PM
I'm not happy that it says it uses .NET 4 and Silverlight. Is that for all versions or just the business one?
I think it was for the server edition.
It's for the Business Client version (network installations managed by the browser).

I think it's actually just for the Small Business Console.  The installations of Avast on the client computers won't be any different than a standard free edition.  The framework and silverlight is needed just to render the Small Business Console in a browser.  The .NET framework is probably for controls in the application (like right-mouse click, drag & drop, etc.).  Since it's run from a web browser and not an actual program, they need the framework for the extra controls.  Silverlight, I imagine, is probably just for animations and graphics such as reports, graphs, etc.
Title: Re: The future of avast protection
Post by: clubhouse on November 29, 2010, 04:14:31 PM
It would be nice to have a reset to default (out of the box) setting for those of us who aren't so techy but tried to make changes and lost our way :-\
Title: Re: The future of avast protection
Post by: DavidR on November 29, 2010, 05:06:37 PM
This has been asked for so many times we can't keep count and would be extremely handy for fault resolution as knowing that the user hasn't tweaked avast to within an inch of its life and gone an inch too far.

Another favourite question is can the current users settings be saved.
Title: Re: The future of avast protection
Post by: clubhouse on November 29, 2010, 06:38:13 PM
Ok, I'll try a different tact, despite many requests before a restore to default option isn't available...is this a huge technical conundrum or not considered worthy of attention?
Title: Re: The future of avast protection
Post by: DavidR on November 29, 2010, 06:54:00 PM
We as avast users can't answer why it hasn't been includes if if it might be in avast 5.1, as there are no clear details of exactly what it consists of. All I can suggest is that as far a priorities go, I guess there are other things that are of a higher priority.
Title: Re: The future of avast protection
Post by: .: L' arc :. on December 10, 2010, 02:11:30 PM
Not really part of the protection but, a smaller GUI would be of great help in netbooks with small screen. avast! here covers the whole screen when brought up. Context menu scan screen covers almost two-thirds.
Title: Re: The future of avast protection
Post by: CraigB on December 10, 2010, 03:04:39 PM
Not really part of the protection but, a smaller GUI would be of great help in netbooks with small screen. avast! here covers the whole screen when brought up. Context menu scan screen covers almost two-thirds.
So drag it in from top and side and now you have a small a GUI :)
Title: Re: The future of avast protection
Post by: DavidR on December 10, 2010, 03:13:12 PM
You can resize the avastUI by dragging the edges in, in the same way as other windows. However it does only go so small and no more, that size is remembered when you next open it. Mine goes down to 795 X 570 which may help on a netbook.

Unfortunately that trick doesn't work with the context scan window, it only allows you to reduce the height and worse news, it doesn't remember the setting.
Title: Re: The future of avast protection
Post by: Lisandro on December 10, 2010, 03:14:08 PM
Just to mention: this is a tread about the future of avast protection, not GUI :)
Title: Problema al actualizar versión de AVAST Internet Security
Post by: vbaltazar on January 05, 2011, 01:18:06 AM
Actualicé la versión de AVAST Internet Security y mi computadora se queda "pasmada"!!!!!!!!!!!!!1
Title: Re: The future of avast protection
Post by: Lisandro on January 05, 2011, 01:20:39 AM
Actualicé la versión de AVAST Internet Security y mi computadora se queda "pasmada"!!!!!!!!!!!!!1
Do not post twice the same... Follow your other thread.
Title: Re: The future of avast protection
Post by: Dch48 on January 15, 2011, 07:00:23 PM
I absolutely would be against automatic sandboxing and I'm not enthused about cloud scanning either. I used to use the full package of Comodo Internet Security but grew increasingly disenchanted with it's default deny approach to things. I was constantly getting popup alerts from the HIPS component about not only safe actions of known safe applications but actions that were necessary for those applications to function properly. It just got more and more annoying seeing that nothing actually malicious was ever found during the year I used Comodo. It made setting up and playing full screen games harder and then I also had to jump through the same hoops over again when my favorite game,World of Warcraft, would receive a new content or bug fix patch. I lived through that but when they added the automatic sandbox, that was the last straw. It kept sandboxing things that were , once again, perfectly safe and would not remember not to do it when told to. If I told it not to sandbox something again, it would continue to do it but just wouldn't alert me that it had. It was a nightmare. Now they have added cloud scanning to the package and while I haven't personally used it (I switched to using only the basic firewall of Comodo in combination with the free Avast! back in May 2010.), I have read on their forums that it causes very noticeable slowdowns in scanning and overall performance of the computer.

What I want from my security software is a reasonable level of protection while still maintaining as much performance and ease of use of my machine as is possible. I feel that my current setup is perfect in those regards. I will gladly sacrifice increased "zero day" protection to retain free and unfettered usage of my computer. The odds of being hit by a zero day attack are infinitesimal and even if I did become infected, I back up the Documents folder regularly on to a DvD and it contains all the files and application installers I would need to get things back to normal if I had to do a wipe and reinstall of everything. I could be back to normal in 5-6 hours at the most with no loss of any important data. I will take that chance willingly to be able to use my machine as I like to with no interference or performance degradation caused by security software. I don't think Avast! needs any of the things that are being proposed here.
Title: Re: The future of avast protection
Post by: Lisandro on January 15, 2011, 10:26:23 PM
I was constantly getting popup alerts from the HIPS component about not only safe actions of known safe applications but actions that were necessary for those applications to function properly.
Dch48, the HIPS component is not the automatic sandboxing, it's Defense+.

It kept sandboxing things that were , once again, perfectly safe
That's the major drawback. They must kept the safe list (white) very updated to reduce this warning to the minimum. They need to improve their antivirus/cloud detection also. This is the usability drawback of HIPS and automatic sandboxing.

and would not remember not to do it when told to. If I told it not to sandbox something again, it would continue to do it but just wouldn't alert me that it had.
Bug in a specific version?

Now they have added cloud scanning to the package and while I haven't personally used it (I switched to using only the basic firewall of Comodo in combination with the free Avast! back in May 2010.), I have read on their forums that it causes very noticeable slowdowns in scanning and overall performance of the computer.
I've tested their cloud scanning without such problems in VMware environments.

What I want from my security software is a reasonable level of protection while still maintaining as much performance and ease of use of my machine as is possible.
So you've chosen (one of) the best combo for it.

The odds of being hit by a zero day attack are infinitesimal
Safe browsing.

I don't think Avast! needs any of the things that are being proposed here.
Thanks for posting.
Title: Re: The future of avast protection
Post by: Para-Noid on January 16, 2011, 02:29:19 AM
Just a thought...How much trouble would it be to add a "sandbox" to the free version?
Also, how does "pro" and "ais" work? Don't they use the cloud? If they do, why not put the sandbox in with the free version? By using the cloud those of us who use the free version would help populate the cloud. It seems logical to me.
Title: Re: The future of avast protection
Post by: DavidR on January 16, 2011, 02:49:39 AM
The simple fact is that there have to be differences or the free version becomes the Pro and AIS versions chief/biggest competitor.

Your questions are simple but the answers aren't, as in how does "pro" and "ais" work.

There is no cloud element in avast 5.1

The avast Community option already contribute to helping avast.
Title: Re: The future of avast protection
Post by: Para-Noid on January 16, 2011, 04:17:52 AM
The simple fact is that there have to be differences or the free version becomes the Pro and AIS versions chief/biggest competitor.

Your questions are simple but the answers aren't, as in how does "pro" and "ais" work.

There is no cloud element in avast 5.1

The avast Community option already contribute to helping avast.
Thanks DavidR...as I stated I was just wondering. I still think adding the sandbox feature would be a good idea. And will not compete with Pro and Ais since they have even more features that free does not have.
Title: Re: The future of avast protection
Post by: Dch48 on January 16, 2011, 10:01:14 PM
The Comodo developers themselves have admitted that the cloud scanning slows down scanning performance. When you think about it, there is no way that it couldn't, especially if you encounter a high latency problem between you and them.

I also am well aware of the difference between D+ and the sandboxing that was added in CIS V4. I was just explaining how I was already growing disenamored of their approach and how the addition of the automatic sandboxing made it much worse. The sandbox in Avast! should remain as an on demand option.
Title: Re: The future of avast protection
Post by: Lisandro on January 16, 2011, 10:07:48 PM
Cloud version will come on version 6.
A basic free sandbox will be released also.
http://forum.avast.com/index.php?topic=64382.msg546016#msg546016

The Comodo developers themselves have admitted that the cloud scanning slows down scanning performance. When you think about it, there is no way that it couldn't, especially if you encounter a high latency problem between you and them.
Sure. The answer does not come in 15 minutes as promised at the first releases also.

The sandbox in Avast! should remain as an on demand option.
It will work side-by-side with Behavior Shield. Read link above.
Title: Re: The future of avast protection
Post by: Dch48 on January 16, 2011, 10:16:20 PM
I reread VLK's post. I had read it when it first came out but had not retained much of what he had said. The implementation of sandboxing he speaks of sounds very good to me and if it works as intended should not wind up being a hindrance to usability like Comodo is.  The cloud stuff I'm still undecided about but I do have more faith in Avast! making it work right than I now do in Comodo.
Title: Re: The future of avast protection
Post by: Lisandro on January 17, 2011, 10:14:48 PM
avast released a beta site rating feature... I know, off topic, but also future of avast...
Title: Re: The future of avast protection
Post by: yetanotheruser on January 18, 2011, 02:16:33 AM
Whitelist will soon be the only way to go. Blacklisting approaches are rapidly beginning to fail, as we are seeing. And no it is not "copying Comodo" the entire industry has been discussing this for years and years now... problem is no one wants to stop a good thing... (read: the cash cow that is blacklist apps).

Cloud scanning? No. That is totally absurd and useless. On my own lan perhaps, but to some remote server controlled by someone else while I try to protect OUR proprietary resources? No effing way. Sorry, that will never happen, I'll just cut the connection forever when the day comes that is the only option.

Sandbox? No. That never goes well. Write your own OS if that is what you think is the solution. If it is on the whitelist it runs, if it is not it does not. That said, the USER needs full control of the whitlelist. Bur first you must qualify the user... can they handle it?

And can we please stop calling it a cloud? It is goddamn remote server (or load distributed cluster), not some airy fairy cloud... Can I puke now?

Ultimately the solution will be government regulation and licensing as was required for motor vehicles. People need training and testing before they can be allowed to use powerful technology. No pass? No internet for you - you too dumb.

Sometimes I think I just should not read forums... look what it does to me.

edit: taking the rant a few steps further... all AV products for windows do not have much of a future at all. Because windows has no future: it appears to me that kernel development stopped with Win2K. Vista and 7 are convoluted task schedulers written around an aging and frail kernel. Take a look at the default scheduled tasks in Vista and 7 and you will see what I mean. It is pretty clear that they have lost the talent that was capable... all they have now are java and .net grads who couldn't manage memory if their life depended on it. Whitelisting on such a platform will also become unmanageable because of its design and lack of kernel development. Apple is no solution either, prohibitive costs and monopolisitc tactics that microsoft can only dream of. I opend an apple case in the early nineties - not a single recognisable component inside. Useless, I thought, and they are still for all but the very rich and very limited application needs. Linux is no answer either, it would have been if Matrox had won out over ATI, but no, everyone has to be able to play the latest version of nude beach volleyball from Activision complete with the latest trumped-up video card requirements... ATI killed Linux. Matrox was so superior from the get go - I have no idea how ATI won... they were incapable of drawing straight lines on screen in the Rage/98 era... yet somehow... they win, and destroy Linux's future on the desktop in the process. Sigh... i think I'm done ranting now...  ;)
Title: Re: The future of avast protection
Post by: Hermite15 on January 18, 2011, 12:45:22 PM
Quote
all AV products for windows do not have much of a future at all. Because windows has no future: it appears to me that kernel development stopped with Win2K.

yeah and Linux has a future right ;D ::)

ps: if you reply to that, keep in mind that you're talking to an ex-Linux user, I can get into details and this might hurt. Not mentioning that this is not exactly the right thread for it.
Title: Re: The future of avast protection
Post by: bob3160 on January 18, 2011, 02:09:28 PM
yetanotheruser,
I'm curious and would like to know what operating system you are using ???
Title: Re: The future of avast protection
Post by: Rednose on January 18, 2011, 02:18:59 PM
yetanotheruser,
I'm curious and would like to know what operating system you are using ???


Maybe a BSD distro. But I realy doubt that ;D

Greetz, Red.
Title: Re: The future of avast protection
Post by: Hard_ROCKER on January 18, 2011, 02:25:38 PM
<snip>
Sometimes I think I just should not read forums... look what it does to me.
<snip>

I agree with you there for sure, probably would be best to stop using computers all together since they have no future right ?   ::)
Title: Re: The future of avast protection
Post by: Lisandro on January 18, 2011, 02:37:58 PM
Not mentioning that this is not exactly the right thread for it.
No, not really ;)
Everyone could open a fight thread between Windows, Linux, Mac or whatever ;D
Title: Re: The future of avast protection
Post by: YoKenny on January 18, 2011, 03:00:55 PM
<snip>
Sometimes I think I just should not read forums... look what it does to me.
<snip>

I agree with you there for sure, probably would be best to stop using computers all together since they have no future right ?   ::)
;D ;D

I hear that an abacus is all the rage ;)

I doubt it can use dial-up though.
Title: Re: The future of avast protection
Post by: yetanotheruser on January 18, 2011, 06:51:22 PM
Quote
all AV products for windows do not have much of a future at all. Because windows has no future: it appears to me that kernel development stopped with Win2K.

yeah and Linux has a future right ;D ::)

ps: if you reply to that, keep in mind that you're talking to an ex-Linux user, I can get into details and this might hurt. Not mentioning that this is not exactly the right thread for it.

I guess you did not read (or comprehend) my entire post. Try reading the part about Matrox. The ones who provided rock solid *nix video drivers with source for many years before ATI dragged the market down.

It will not hurt at all my son. I've been there, done that. sold the effing t-shirts.

Don't tell grandma how to suck eggs whippersnapper! ;)

So I guess you didn't really have anything to say about the lack of development in the windows kernel after all did you? Why even quote it? Nor do you look any wiser. Fail, and fail on both counts.

You fail to impress even yourself. I can tell.


<snip>
Sometimes I think I just should not read forums... look what it does to me.
<snip>

I agree with you there for sure, probably would be best to stop using computers all together since they have no future right ?   ::)

If you think the fact that windows has no future means that computers have no future you are sorely mistaken.

Is that supposed to sound funny? Is it supposed to sound smart? It is neither.

To be honest, I expected more from Avast users. You guys come across like a bunch of slashdotters. Blech.


<snip>
Sometimes I think I just should not read forums... look what it does to me.
<snip>

I agree with you there for sure, probably would be best to stop using computers all together since they have no future right ?   ::)
;D ;D

I hear that an abacus is all the rage ;)

I doubt it can use dial-up though.

Hahahahaha ah ah ha.. o right. Yawn, see above assessment of the mentality here. I expected better - particularly of a Canadian user.

I shall move on. Later slashlosers.
Title: Re: The future of avast protection
Post by: igor on January 18, 2011, 07:07:45 PM
OK, that's enough. Strong words, facts none. I seriously doubt you have any idea about Windows kernel development yourself. So yeah, please move on.

Regarding Matrox... yes, they were nice, I liked them. I guess their problem was they they got stuck in the 2D world, their 3D performance was kinda pathetic.