Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: psikofunkster on May 05, 2010, 12:04:38 AM
-
It doesn't pass a leak test, period. comodo firewall does.
http://www.grc.com/lt/leaktest.htm
-
It doesn't pass a leak test, period. comodo firewall does.
http://www.grc.com/lt/leaktest.htm
No offense meant, but apparently you don't know what you are talking about (http://www.wilderssecurity.com/showthread.php?t=216892). Also, HIPS != firewall. Tired by this GRC + Matousec nonsense. We need a proper firewall testing somewhere, not similar crap.
-
It doesn't pass a leak test, period. comodo firewall does.
http://www.grc.com/lt/leaktest.htm
No offense meant, but apparently you don't know what you are talking about (http://www.wilderssecurity.com/showthread.php?t=216892). Also, HIPS != firewall. Tired by this GRC + Matousec nonsense. We need a proper firewall testing somewhere, not similar crap.
All right then, could you please explain me with simple words? i think you want to tell me that the leaktest app is not to trust right?
what do you mean with this?:
HIPS != firewall
why comodo firewall pass the leak test and avast doesn't?
what about all this tests? they are all wrong?
http://www.pcflank.com/leaktests_info.htm
-
no, HIPS = Host Intrusion Prevention System and Comodo HIPS, aka Defense+, helps the firewall in leak tests ;)
-
no, HIPS = Host Intrusion Prevention System and Comodo HIPS, aka Defense+, helps the firewall in leak tests ;)
Thanks for your answer.
However i still don't get it, all these app tests are wrong? i don't think so.
http://www.pcflank.com/leaktests_info.htm
-
Avast IS has got a firewall, but it doesn't have any HIPS, this should answer your question.
-
Avast IS has got a firewall, but it doesn't have any HIPS, this should answer your question.
so can i conclude that avast firewall is not enough protection?, should i use comodo instead? well im using it right now. Altough im using avast as an antivirus too.
-
Avast IS has got a firewall, but it doesn't have any HIPS, this should answer your question.
so can i conclude that avast firewall is not enough protection, so i should use comodo right?
I think you should learn what a HIPS is and does first, and also compare what is comparable.
-
Avast IS has got a firewall, but it doesn't have any HIPS, this should answer your question.
so can i conclude that avast firewall is not enough protection, so i should use comodo right?
I think you should learn what a HIPS is and does first, and also compare what is comparable.
and where i can learn that in simple words? I don't understand the link posted by doktornotor
As far as i know Avast firewall is not considered a good firewal out there. Comodo does. Please explain me if i am wrong.
-
A huge oversimplification: firewall = packet filtering. HIPS = a fuzzy term used for various junk that floods users with mostly unclear pop-up warnings about applications trying to do this or that or whatever else and asks them for permission and users always answer allow to get rid of the popup. If you answer deny to every message, you get Matousec rating of 100% in their tests. ::)
-
basically, those tests ARE NOT FIREWALL tests, they are HIPS tests with misleading titles.
-
All right i understand. one thing is a firewall and another different is a HIPS. Avast has a firewall but no HIPS.
I've read somewhere that once the malware is IN the damage is done, however HIPS can't be helpful in those situations? (no personal info leaking altough the malware is in?)
-
HIPS can't be helpful in those situations?
HIPS can be helpful in those situations IF the user selects the correct answer to the prompt. That IF is the main point of failure here. If you answer allow to all, it won't help you. If you answer deny to all, you'll kill your operating system sooner or later. And if you can choose a correct answer, you presumably don't need any HIPS at all. ;D
So, IMNSHO better than HIPS are methods like using a limited user account with software restriction policies where you only allow users to execute stuff in %WINDIR% and %ProgramFiles% directories to which they lack write permissions, so they cannot save any files there, and hence cannot execute any malware they've downloaded, sandboxing browsers etc. etc. Those require almost no user intervention so this reduces the main point of failure (the user factor) to a great extent.
-
About the leak tests limitations: http://forum.avast.com/index.php?topic=29259.msg247460#msg247460
-
HIPS can't be helpful in those situations?
HIPS can be helpful in those situations IF the user selects the correct answer to the prompt. That IF is the main point of failure here. If you answer allow to all, it won't help you. If you answer deny to all, you'll kill your operating system sooner or later. And if you can choose a correct answer, you presumably don't need any HIPS at all. ;D
Agree. ;D
and they are very annoying too all those pop ups.
All right then uninstalling comodo and going back to avast firewall.
-
HIPS can't be helpful in those situations?
HIPS can be helpful in those situations IF the user selects the correct answer to the prompt. That IF is the main point of failure here. If you answer allow to all, it won't help you. If you answer deny to all, you'll kill your operating system sooner or later. And if you can choose a correct answer, you presumably don't need any HIPS at all. ;D
Agree. ;D
and they are very annoying too all those pop ups.
thanks everybody uninstalling comodo and reinstalling avast firewall now.
-
Enjoy... And - if you later on decide to reinstall Comodo or any other firewall/HIPS to get more pop-ups, make sure to uninstall AIS first and replace it with Avast Free or Pro. Never run two AVs or FWs at the same time. ;)
-
Enjoy... And - if you later on decide to reinstall Comodo or any other firewall/HIPS to get more pop-ups, make sure to uninstall AIS first and replace it with Avast Free or Pro. Never run two AVs or FWs at the same time. ;)
yes i know two firewalls at the same time is not good, however i paid for 1 year of AIS that doesn't include avast pro.
But when using avast firewall, the windows 7 firewall is still active...
-
But when using avast firewall, the windows 7 firewall is still active...
Is it? Sounds like an install bug if it wasn't automatically disabled on install. You should disable it manually meanwhile.
-
@ the OP: ;D if you got AIS you got the pro functions ;) (i.e. virtualization and script shield)
adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.
-
if you got AIS you got the pro functions (i.e. virtualization and script shield)
Well, yes... but, there may be situations when people decide to "downgrade" to AV Pro. Would be useful if the AIS license worked for that situation. I know for fact that ESET's licenses work like this. You can use ESS license for NOD32.
-
if you got AIS you got the pro functions (i.e. virtualization and script shield)
Well, yes... but, there may be situations when people decide to "downgrade" to AV Pro. Would be useful if the AIS license worked for that situation. I know for fact that ESET's licenses work like this. You can use ESS license for NOD32.
and does it work?
Ok im gonna try to disable the windows 7 firewall..
-
adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.
Well... I guess we've agreed upon that it's not advisable to run two firewalls at the same time. So - how's the above not a bug?
and does it work?
The AIS license for Avast Pro? Well, as said, no....
-
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.
-
adding Avast firewall doesn't deactivate Windows firewall automatically at setup time, that's not a bug. You must do that manually.
Well... I guess we've agreed upon that it's not advisable to run two firewalls at the same time. So - how's the above not a bug?
because Avast doesn't want it to be done automatically. There has been a few threads, with partially wrong statements...Someone from Avast stated that Windows firewall should be left running because it does extra-firewall things (IPSec)...almost no problem so far (except that I wouldn't leave two firewalls on anyway, whatever the reason is)...and the argument was that if you disable Windows firewall you disable IPsec at the same time. Unfortunately true on XP and Vista, but not on Seven where IPsec keeps running when the native firewall is off.
edit:
Coexistence with third-party firewalls
Windows Firewall with Advanced Security consists of a set of services that provide much more than the traditional firewall. IPsec connection security rules, network service hardening, boot time filters, firewall filters, and stealth filters are all services provided by Windows Firewall with Advanced Security in Windows 7 and Windows Server 2008 R2. Because multiple firewall programs can be problematic due to conflicts, if you install a third-party firewall program, you need to turn off the Windows Firewall. In previous versions of Windows, turning off the firewall meant also disabling all of the related services. If the third-party program does not provide all of the same functionality, then you might be unintentionally exposing your computer to threats for which you no longer have protection. In Windows Server 2008 R2 and Windows 7, Windows Firewall with Advanced Security enables more specific disabling of its features through published application program interface (API) calls. When a third-party firewall program is installed, the installer can disable only those portions of Windows Firewall with Advanced Security that conflict with the services that are provided by the third-party program. Other Windows Firewall with Advanced Security services are left enabled, and continue to help protect your computer.
http://technet.microsoft.com/en-us/library/cc755158%28WS.10%29.aspx
-
A firewall is concerned with ports and protocols to prevent connections that might cause something undesireable to get into (or out of) your machine or even take over your machine. This really has nothing to do with the HIPS cases that are part of a leak test. Very simply, a HIPS looks for behavior by something inside your computer that could indicate it is malware. Generally there is a whitelist of trusted programs to cut down on the effort. When a HIPS sees a process try to do something indicated in the attachment (typical list), it generates a popup to ask you for permission to do it. If you have a good understanding of Windows processing (and are willing to wade through a lot of popups) it can be a very effective tool. Do you feel comfortable judging that a process that does one or more of these is malware or not? The problem is that most of the processes you will see trying to do these things are not malware, just programs that perform sophisticated enough processing to need to do them. So it is your decision whether the process doing these things is malware or not. This is the issue many have with the leak tests. The test cases used are such that to do well on a leak test you must do two things:
1) Generate enough popups that every test case will produce at least one-this is what doktornotor was referring too as the flood of popup warnings
2) Be aware that "block" is always the right answer, since everything there is malware-sort of like the monkey knowing which button gives him food
But in the real world, most of what you see that gives popups will not be malware, and it is up to you to decide which one you are seeing. This is not to say that the leak tests are worthless-they do often indicate things that malware could do that users should watch out for.
Avast! (and some other firewalls) instead take the approach that the system must protect the user. Avast! includes an advanced Behavior Blocker and heuristics in the AV portion (which is not even tested by the leak testers, but is a kind of limited automated HIPS) so that the user does not need to make all the decisions-the rules are updated several times a day as part of the database updates. Limited user rights and other techniques can also help. BTW, Comodo also alludes to adding a Behavior Blocker sometime next year to cut down on the popups and do whatever they can.
So with a HIPS in the hands of a sophisticated user (or the monkey, if this is a leak test) you get the popups necessary for you to decide whether the process is or is not doing things you expect it to, and can block it if necessary. And varying degrees of sometimes helpful information in the popups. The downside is that the popups are a PITA and in the real world the HIPS often trains you instead, since most all of the popups you see are NOT malware and you need to keep hitting allow to make your system function properly. But a Behavior Blocker is not perfect either; just eliminates some of the dumber things a user might do. So a trade and a lot of arguments that may go on forever.
-
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.
ok deactivated.
yes i remember reading that statement that you can have both firewalls running (windows 7 and avast) so i've been running two firewalls all this time.... :-\
thanks sded too for your comment im reading it now.
-
because Avast doesn't want it to be done automatically. There has been a few threads, with partially wrong statements...Someone from Avast stated that Windows firewall should be left running because it does extra-firewall things (IPSec)...
Erm... what's the % of AIS users who use IPSec? Close to zero is a safe bet I'd say.
edit:
Coexistence with third-party firewalls
network service hardening, boot time filters, firewall filters, and stealth filters
Without further explanation of the above features, I'd write that off as pure marketing blurb.
-
before the question arises: don't listen to people that will tell you to keep Windows firewall on, especially in Seven, just turn it off.
ok deactivated.
yes i remember reading that statement that you can have both firewalls running (windows 7 and avast) so i've been running two firewalls all this time.... :-\
thanks sded too for your comment too im reading it now.
2) Be aware that "block" is always the right answer, since everything there is malware-sort of like the monkey knowing which button gives him food
I think that resumes all..... ;D
thanks everybody.
-
what's the % of AIS users who use IPSec?
Ipsec can secure VPNs, so that's very few users indeed. Otherwise, I'm not a hundred percent sure, just guessing that IPsec also secures encrypted LAN connections on Seven, but I can't find any confirmation of that. I also don't see any IPsec policy applied by default, so again, just guessing and this could not be the case at all, unless clearly confirmed. All I can say is that the IPsec service is set to run manually by default, and it's started. So something started it...
If (again, if...) IPsec is behind LAN connection encryption (at least on Seven), that would make quite a few users using it...
Without further explanation of the above features, I'd write that off as pure marketing blurb.
I'd try to be a bit more documented before stating something like that...
edit: just asked the question about IPsec on technet, I'll post back the answer(s) here if any...
-
Ipsec can secure VPNs, so that's very few users indeed.
Well, I tried to get IPSec-based VPN working across firewall and ended up w/ OpenVPN because IPSec was something like mission impossible. (Linux iptables FW on one side and BSD ipfw on the other). ::)
Otherwise, thanks for investigating this stuff.
-
BTW, perhaps some would be interested in Ed's Own Version of Firewall (HIPS) Leak Testing?
First you embed the 150 or so Matousec cases into perhaps 15000 cases that are not malware, but trigger at least one of the HIPS checkpoints. Then you wire Matousec's testicles to the computer and start the test. He now knows that the a priori probability that any sequence of popups is malware is only .01. But wait, when I studied decision theory in school you needed to worry about the relative cost of misses and false alarms. So let's be generous, and say that a false alarm zaps him with 100v, and a miss costs 600v to start. Then run him through the test for a score. Then re-randomize the order of the cases and try again with another HIPS. When finished, on to subject #2. I think this gives the tester some vested interest, like a real user would have, might allow adjustment of the voltage to give the best overall score depending on your decision metric, and could eventually lead to a confidence factor to help the user decide. And provides a more valid comparison and guidelines than the current procedure-scientific method, afterall. :)
-
About using both firewalls windows 7 and Avast.
I've been read different opinions about this topic in this forum but what is the official statement from Avast?
When Avast internet security is installed it doesn't deactivate the windows 7 firewall, so? should i leave it that way or should i deactivated manually?
-
Are matousec in their tests use avast firewall(only firewall, without any other protection modules), or Avast Internet Secutiy???? ??? ??? ??? ???
Vendors of Avg and Bit Defender says that their antivirus with firewall are better solution, and their firewalls are not designed to be used in a stand-alone environment? Am i right????? ??? ??? ??? ??? ???
-
They used the AIS but then disabled the other elements, which really invalidates the test as there is no stand alone firewall. Si t the avast firewall works in conjunction with the other elements in AIS. There is a topic somewhere about this if you wish to do a forum search.
-
About using both firewalls windows 7 and Avast.
I've been read different opinions about this topic in this forum but what is the official statement from Avast?
When Avast internet security is installed it doesn't deactivate the windows 7 firewall, so? should i leave it that way or should i deactivated manually?
Welll i got an official response from avast:
Thank you for contacting our support center with your concerns.
avast! and Windows firewalls can rut together without any problem.
-
avast firewall got a great rating on pcmag :)
http://www.pcmag.com/article2/0,2817,2358469,00.asp (scroll down to firewall review)
http://www.pcmag.com/article2/0,2817,2358471,00.asp (scroll down to see sub-ratings)
-
About using both firewalls windows 7 and Avast.
I've been read different opinions about this topic in this forum but what is the official statement from Avast?
When Avast internet security is installed it doesn't deactivate the windows 7 firewall, so? should i leave it that way or should i deactivated manually?
Welll i got an official response from avast:
Thank you for contacting our support center with your concerns.
avast! and Windows firewalls can rut together without any problem.
Hi, I would also like to confirm that running avast! firewall together with Windows Firewall has no compatibility issues we know about. Just the obvious fact, that what one of the firewall allows may be blocked by the other one.
Lukas.
-
avast firewall got a great rating on pcmag :)
http://www.pcmag.com/article2/0,2817,2358469,00.asp (scroll down to firewall review)
http://www.pcmag.com/article2/0,2817,2358471,00.asp (scroll down to see sub-ratings)
wow, first review ever (that I know of). Interesting link thanks ;)
edit: review's not so good for the AV part...
-
avast firewall got a great rating on pcmag :)
http://www.pcmag.com/article2/0,2817,2358469,00.asp (scroll down to firewall review)
http://www.pcmag.com/article2/0,2817,2358471,00.asp (scroll down to see sub-ratings)
wow, first review ever (that I know of). Interesting link thanks ;)
edit: review's not so good for the AV part...
Yeah, the firewall and anti spam got a higher rating than the actual anti-virus but nevertheless, AIS got featured in the The Best Security Suites for 2010 list.