Author Topic: IS Avast sandbox effective ? watch that video ..  (Read 25541 times)

Offline ace11

  • Jr. Member
  • **
  • Posts: 78
    • Personal Message (Offline)
IS Avast sandbox effective ? watch that video ..
« on: January 20, 2010, 05:47:45 AM »
http://www.youtube.com/watch?v=Sr8bIii1G7U

can any avast team member comment on that ?

Offline irj

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #1 on: January 20, 2010, 06:21:15 AM »
http://www.youtube.com/watch?v=Sr8bIii1G7U

can any avast team member comment on that ?

As I understand to the technology of sandbox, it is similar to a box with a small box inside. Meaning it still possible to be infected but it will not spread to your whole system because all malware treats will be in that small box.

As I watched the video he turned off some components of the Real-Time Shield. As the result, he got malwares in his guest OS but nothing to worry because all malwares are in small box called the sandbox. Cheers...  :)


Offline ace11

  • Jr. Member
  • **
  • Posts: 78
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #2 on: January 20, 2010, 06:43:53 AM »
irj ,

you don't really understand  too much about computers & malware , do you :)
« Last Edit: January 20, 2010, 07:41:04 AM by ace11 »

Offline FUZ20

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #3 on: January 20, 2010, 07:07:03 AM »
Hi everybody

I have exactly the same problem
I installed yesterday evening Avast 5.0 and after a short time => Blue Screen (My OS is Vista Home Premium)
I tried to uninstall Avast 5.0 and reinstall it and reboot my computer a lot of times
But the program doesn't want to start
Then I returned to AVAST 4.8
But if someone has a solution ....

Thnks in advance

JM

Offline irj

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #4 on: January 20, 2010, 07:14:05 AM »
irj ,

you don't really understand  to much about computers & malware , do you :)

With regards to computers and software, technically I don't really have any problem. I love software so much. But with regards to malware, yeh your right, what I know is the description about it, but its structure I really have no idea, I leave it to the experts. :)  But as I know, it works as I said in my first post. Sandbox uses an isolated space to make your browsing or using unknown software safe.

Actually, it is better if any of the team Avast could explain the benefits of sandbox and how it works.  ;D

Offline watchthisspace

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 632
  • Gender: Male
  • Avast! What the pros use
    • http://img132.exs.cx/img132/3936/Banana.gif
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #5 on: January 20, 2010, 07:38:00 AM »
@ irj, I think the point he's trying to make is that the sandbox isn't working because the Malware is actually able to infect the system where as it should be contained within it's "sandbox" and once you close the app or whatever, the sandbox, and what's in it, is automaticly deleted, never touching the Operating System.

Intel C2Q 6600 @ 3.2Ghz | 6gig DDR2-1600 | Gigabye GTX560ti | Intel X25-M 160Gb G2 | Windows 7 Ultimate

Offline ace11

  • Jr. Member
  • **
  • Posts: 78
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #6 on: January 20, 2010, 07:40:05 AM »
we dont need explanations about how sandbox is working.
we do need some comments from the developers about how infected files and reg records have penetrated the sandbox and exist in system folders  8)

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #7 on: January 20, 2010, 10:52:45 AM »
ace11, I don't know if you're the author of the video but in any case, thanks for posting a link to it.

It's indeed interesting.

We have been testing the sandbox with many malware samples and it usually did a good job at stopping them (i.e. isolated them). On the other hand, there are still weaker spots which we are, and will be, trying address to continuously (remember that the product has been released just yesterday).

But frankly, I don't believe the product will ever get to a state where it will be "perfect". I mean, I don't believe in silver bullets, and especially when it comes to security.

The sandbox is an extra layer of protection which makes great sense as it works differently than the other layers, and therefore has different strengths and weaknesses. It does a good job at stopping (or shall we say shielding) many samples that could be missed by the other layers. But no, it does not provide a 100% security (and whoever tells you their product provides a 100% security, don't believe him; all these systems work on a "best effort" basis, i.e. they're all penetrable).

Now, again, I'm not trying to discount the findings of the video, it's definitely worth looking into and that's exactly what we will do.

On a side note, don't you find it interesting how all those self-made tests on youtube etc. use Malwarebytes as a reference (e.g. to find out if the system got infected or not)? I mean, MBAM is certainly a nice product, but c'mon, we have literally hundreds of thousands of samples they don't detect.. which is not to say they're bad, just that it's somewhat strange to use their product as THE absolute reference in tests like this...


Thanks
Vlk

« Last Edit: January 20, 2010, 11:20:26 AM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Starting Graphoman
  • *****
  • Posts: 7811
  • Gender: Male
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #8 on: January 20, 2010, 11:56:07 AM »
Only true method of inspecting system infection is by using a real-time tracker (monitor) or a system snapshot tool where you take snapshot before and after suspected infection and compare snapshots against each other and then manually inspecting each entry.

Though this is interesting. I know sandbox basics but i never really thought about how sandbox treats differences between host and client part where browser is executed inside sandbox client, but downloaded files can later be saved to host desktop past the sandbox barrier (or those files get lost when you close the program running inside client sandbox). I'm only familiar with full virtualization (VMWare, VirtualPC) where the client is fully isolated and runs in it's very own memory space and it's own virtual hardware subsystem.
I guess i'll have to check out IS package and learn sandbox with methods in the above paragraph (realtime tracking and snapshots) to see how it really affects the host.

Offline news

  • Full Member
  • ***
  • Posts: 174
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #9 on: January 20, 2010, 12:19:31 PM »
Quote from: VLK
But frankly, I don't believe the product will ever get to a state where it will be "perfect". I mean, I don't believe in silver bullets, and especially when it comes to security.

On target..absolutely~Thanks so much for the explanation VLK. ;)


Offline Vladimyr

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1513
  • Gender: Male
  • Super(massive black hole) Poster
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #10 on: January 20, 2010, 01:04:14 PM »
On a side note, don't you find it interesting how all those self-made tests on youtube etc. use Malwarebytes as a reference (e.g. to find out if the system got infected or not)? I mean, MBAM is certainly a nice product, but c'mon, we have literally hundreds of thousands of samples they don't detect.. which is not to say they're bad, just that it's somewhat strange to use their product as THE absolute reference in tests like this...

Thanks
Vlk

MBAM is GOD

MBAM is GOOD
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Offline Chris Thomas

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1925
  • Gender: Male
  • Christian Geek - aka 'born again' Geek
    • The Early Today
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #11 on: January 20, 2010, 01:10:46 PM »
@ ace

As you are from Israel, think about asking Avast for a Hebrew translation in its future editions   8)

Offline Warwagon19792

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #12 on: January 20, 2010, 03:26:37 PM »
Hi, I'm the original creator of this video. Before I started the test I did a full scan with Malwarebytes just to make sure the system was clean. It came up with 0 infections.

Didn't realize my VM was still open so I rescanned with superantispyware.



I would like some clarification from the developers of avast on something.

When I  disabled the "File system shield, Web Shield, and Behavior shield" should the Process Visualization still have continued to function?
« Last Edit: January 20, 2010, 05:58:06 PM by Warwagon19792 »

Offline mwa1234

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #13 on: January 21, 2010, 06:17:39 AM »
Warwagon,  I noticed on your video that there were a couple of files that were successfully blocked by the sandbox when you had everything enabled.  Have you tried those same files with the behavior,real time protection, etc., disabled?  I would think that would answer whether disabling those features would have a negative impact on the sandbox performance.

Offline ratchetclan4

  • Jr. Member
  • **
  • Posts: 47
  • Gender: Male
  • Scared Of Clicking About In The System Folder :P
    • Personal Message (Offline)
Re: IS Avast sandbox effective ? watch that video ..
« Reply #14 on: January 31, 2010, 09:00:45 PM »
@ irj, I think the point he's trying to make is that the sandbox isn't working because the Malware is actually able to infect the system where as it should be contained within it's "sandbox" and once you close the app or whatever, the sandbox, and what's in it, is automaticly deleted, never touching the Operating System.


So That guy on the videos malware was detected because he still had sandbox running?
so if he ends it then the malware will be deleted?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now