Poll

Do you want automatic sandboxing (virtualization) to increase avast protection?

Yes. Make it available (on by default, i.e., for all users).
Yes. Make it available (off by default, i.e., for advanced users only).
No, I think the "default allow" policy (signatures, rules, etc.) is enough.
I don't understand the difference (please, post your doubts).
Other (please, post your opinion and why).

Author Topic: The future of avast protection  (Read 184276 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #150 on: October 02, 2010, 04:20:31 PM »
so you're clearly suggesting to use another software or what?
I'm clearly suggesting that avast take into consideration the adding of new features.

like Comodo Internet Security ?
Why do you insist in talk (only) about Comodo?

:) ...thought you were talking about improving Avast ???
I am.

I misunderstood? ...no I didn't...
Yes, you did.

you said it several times in this thread, and now you're saying "why wait for 5.1?"
Why wait for 5.1 if we can discuss it now, why wait if we can ask for new features now...
Logos, give up. You don't have a cristal ball to see my mind. At least, don't force my words.

we don't know yet if it will bring auto-sandboxing or not (unless you have other sources ???...)
avast team never gave me the honor to participate in this thread.
That makes me mad... They seems to ignore the discussion. Why?

99% of users have never heard of virtualization, and they'll keep ignoring it...
Auto sandboxing is not properly virtualization but, anyway, someone needs to open the discussion.

trying to make people believe that their system isn't secure when running Avast5 because it doesn't have auto-sandboxing is completely over the top
Asyn was talking about that. I'm just trying to discuss this. This is the reason of this thread.

Again, we're on Avast forums here Tech, not Comodo's.
Please, stop trolling about this issue.
The best things in life are free.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #151 on: October 02, 2010, 04:24:16 PM »
1. What are you waiting for 5.1?
2. What about the other users? What about the ones who think avast protection is enough? Don't you worry about them?

1. I guess you mean 'why'..? Because I want to see the new features.
2. Sure, I'm worried a bit, but avast isn't that bad and if there are questions they're free to ask them here, we will always share our knowledge with them..!!! But as this thread is about improvements in avast...
Btw, I don't think they (avast) will consider our comments, before the release of the new (afaik, it's a major update) 5.1 version.
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #152 on: October 02, 2010, 04:30:49 PM »
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.

Hermite15

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #153 on: October 02, 2010, 04:32:48 PM »

Btw, I don't think they (avast) will consider our comments, before the release of the new (afaik, it's a major update) 5.1 version.
asyn


 Avast is certainly not interested into derailing its roadmap to please a Comodo lover that's right ;)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #154 on: October 02, 2010, 04:36:23 PM »
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.
No, you're trying to bash me against all the community. You're trying to do as you've done with other avast users.
I won't tolerate that you twist my words and make (again) a thread about security in a playground for you.
Hope the other users choose a side.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88851
  • No support PMs thanks
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #155 on: October 02, 2010, 04:42:50 PM »
How have we all managed to survive without the panacea of sandboxing or virtualisation for so many years.

Sandboxing or Virtualisation in any form is for sure going to add an overhead on system performance and I would suggest is why many haven't taken it up. It is still a very small niche market in the years that sandboxing or virtualisation has been available.

So personally I don't see it as a must have function and if included certainly not one that should be default always on feature.
« Last Edit: October 02, 2010, 04:44:50 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Hermite15

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #156 on: October 02, 2010, 04:53:24 PM »
I'm the troll here? excuse me, the whole topic is a troll thread here, with trolling intentions, and I insist, promoting Comodo over Avast, and you know it. No crystal ball needed, that's clear enough...and this is not new. You've been doing that for several months now here ::) I'm done I'm done ;D go ahead, this is all so interesting... you would have been stopped anywhere else.
No, you're trying to bash me against all the community. You're trying to do as you've done with other avast users.
I won't tolerate that you twist my words and make (again) a thread about security in a playground for you.
Hope the other users choose a side.

oh you won't tolerate :'( ;D :D >>> what is it that I twisted? this thread is useless and just meant to bash Avast and promote Comodo, period. You're already calling for help >>>
Quote
Hope the other users choose a side.

...because you cannot prove me wrong ;)This will be my last post in this...hmm...thread.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #157 on: October 02, 2010, 04:56:23 PM »
How have we all managed to survive without the panacea of sandboxing or virtualisation for so many years.
David, really, it's not the panacea, it's another layer of defense.
You've survived all these years because you're an honest guy, visiting clean websites, helping other users...
I have friends that do not follow this way of life. I've recommended avast to them. And what happened when they get infected? It's my word against their infection...

Sandboxing or Virtualisation in any form is for sure going to add an overhead on system performance and I would suggest is why many haven't taken it up. It is still a very small niche market in the years that sandboxing or virtualisation has been available.
I would be very happy if the avast team recognize this technically, I mean, the overhead.

So personally I don't see it as a must have function and if included certainly not one that should be default always on feature.
We have an option in the poll for "advanced users" :)
The best things in life are free.

sded

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #158 on: October 02, 2010, 04:57:37 PM »
I agree with David R in terms of the utility and priority of automatic sandboxing.  For those who like to do "security as a hobby" and play with malware, run tests, it is probably interesting and gives them things to analyze.  For those who use their computer as a tool and just want to be protected, it appears to be more of a nuisance than a value.  I would rather Avast! spent their effort improving the behavior blocker, for instance, and let users with a sandboxing desire get Avast! Pro or use some other tool.  "Default allow" does not mean that Avast! signatures are your last chance to detect/remove malware, just that it is passed on to other processes more suitable to recognize it.  Too much prejudicial sloganeering-there are many ways to attack the problem, and my usage simply doesn't consider automatic sandboxing as a desirable approach.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #159 on: October 02, 2010, 05:06:46 PM »
I agree with David R in terms of the utility and priority of automatic sandboxing.  For those who like to do "security as a hobby" and play with malware, run tests, it is probably interesting and gives them things to analyze.
Ok, I agree that I'm not a common user. But "common users" also do "bad" things and get infected...

For those who use their computer as a tool and just want to be protected, it appears to be more of a nuisance than a value.
My vote was for "advanced users" only feature. I fully agree with you.

I would rather Avast! spent their effort improving the behavior blocker, for instance, and let users with a sandboxing desire get Avast! Pro or use some other tool.
I believe I do not need to go elsewhere to get this protection. I believe avast could give it to us.

"Default allow" does not mean that Avast! signatures are your last chance to detect/remove malware, just that it is passed on to other processes more suitable to recognize it.  Too much prejudicial sloganeering-there are many ways to attack the problem, and my usage simply doesn't consider automatic sandboxing as a desirable approach.
What do you think about zero-day attack?
http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats (link kindly sent by Pondus).
The best things in life are free.

sded

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #160 on: October 02, 2010, 05:26:46 PM »
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.  Simple and understandable, even to the casual user.  I knowingly use a lot of limited programs for things like Radio and Sailing, so it is very simple to tell Prevx that I know about it even if I am the only user who does.  I don't want them sandboxed every time they are changed or I use a new one.  I don't even use the sandbox in AIS, though.  So automatic sandboxing in Avast! would just be something for me (most users?) to turn off and the hobbiests to debate the merits and performance of in the forums.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #161 on: October 02, 2010, 05:31:38 PM »
As far as zero day attack, I like the way Prevx handles it with heuristics on the age and popularity of the sample.
I need to take a look on it. You've encouraged me to do so. Thanks.
Although, again, we'll be based on rules.

I don't even use the sandbox in AIS, though.  So automatic sandboxing in Avast! would just be something for me (most users?) to turn off and the hobbiests to debate the merits and performance of in the forums.
At least this is (was) an open forum to discuss, isn't it? :)
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #162 on: October 02, 2010, 06:48:17 PM »
This thread is becoming quite bloated but that only demonstrates that topics like this are popular here. Which is a good thing.

While we appreciate the suggestions, we still somewhat believe that we're reasonably competent to design the protection features on our own. That is, while we value your feedback, we see that lot of the stuff discussed here isn't really applicable because internally, things work little bit differently - or we just doubt that the outcome of implementing these changes would be good.


Anyway, maybe it's a good time now to share some of the upcoming avast product plans with you (at least those changes relevant to this thread).

Avast 5.1, due next month, will not really have any meaningful differences besides improved malware removal/cleaning (I mean, it will have quite a few new features - such the 64-bit boot time scan and new stuff in the Behavior Shield - but none of these features are that related to the topic of this thread). V5.1's main feature is the central administration (i.e. a feature not really interesting to end users) - and it will also be marketed this way (as a corporate product, essentially).

Now, with Avast 6.0 (which is coming sooner than you may think), it's a different story. Avast 6.0 will feature the in-the-cloud heuristics based on the age/prevalence data (as suggested above by sded) as well as new stuff related to the use of our sandbox. But, instead of using the "default deny" paradigm that Comodo is trying to advertise so much, avast will work differently. It will rely on its heuristics engine to make decisions whether an executable file should run sandboxed or not. Let me explain this in a bit more detail. Currently, the outcome of the scan is pretty much binary - either the file is called "clean" (and is allowed to run), or it is flagged as "infected" (and appropriate actions are applied - and the file isn't allowed to run). This also applies to heuristics detections. Now in avast 6.0, the outcome could also be "potentially infected, use extreme caution" and this case, when talking about an on-exec scan, will (by default) be handled by sending the file into the sandbox. If the program is legitimate, it has a good chance of running OK inside the sandbox (and of course you, as a user, can always override the decision and run it normally). And if it's really malware, avast has just saved your butt.

There are many other minor things that make up these changes (such as further emphasis on the Behavior Shield when making these heuristics decisions, i.e. taking into account full context info) but this is, at a glance, how it's going to work. What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV).

Thanks
Vlk
« Last Edit: October 02, 2010, 07:01:13 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Hermite15

  • Guest
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #163 on: October 02, 2010, 06:56:46 PM »
thanks for all these precisions Vlk, I think this was really useful.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Do you want automatic sandboxing and cloud to increase avast protection?
« Reply #164 on: October 02, 2010, 06:59:36 PM »
So, basically it will work in a similar way as firewall auto allow/deny behavior. Just for binaries and not network connections with end result, files being run inside sandbox. Makes sense. I think Kaspersky 2011 is working in a similar way, though i haven't tested it yet. Or shall i say, inverted Comodo Sandbox. It restricts applications but not all by default but those that are suspicious.
Visit my webpage Angry Sheep Blog